VIRY.CZ

Zdravím vás,
Máme spoločný net so susedom a u neho na PC beží upload na 100%.
Po spustení v Safe mode je to to isté.
RSIT som nesťahoval, bol som rád, že po 15 minútach som sa pripojil sem na stránku, tak prikladám výpis z MBAMu.
Prosím o kontrolu:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4770

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

7.10.2010 19:01:44
mbam-log-2010-10-07 (19-01-44).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 127370
Uplynulý čas: 6 min, 43 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 1
Infikované registračné hodnoty: 3
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 5

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SOFTWARE\yingsoft (Malware.Trace) -> No action taken.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> No action taken.
c:\documents and settings\localservice\wuaucldt.exe (Worm.KoobFace) -> No action taken.
C:\Documents and Settings\Branislav\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> No action taken.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.

Nemažte cdrom.sys, ten je legitmní. Ostatní smažte.

Díky za odpoveď.
Vymazal som čo ste povedali, ale sieť full a takisto procesor-svchost.exe
Podarilo sa mi urobiť log s RSITu:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Branislav at 2010-10-07 20:02:41
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (32%) free of 40 GB
Total RAM: 991 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:03:10, on 7.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Branislav\Desktop\RSIT.exe
C:\Program Files\trend micro\Branislav.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azet.sk/
R3 - URLSearchHook: LegendsOfZork Toolbar - {0fc0ec69-5eca-413a-a7cb-765fff3f9768} - C:\Program Files\LegendsOfZork\tbLeg0.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LegendsOfZork Toolbar - {0fc0ec69-5eca-413a-a7cb-765fff3f9768} - C:\Program Files\LegendsOfZork\tbLeg0.dll
O3 - Toolbar: LegendsOfZork Toolbar - {0fc0ec69-5eca-413a-a7cb-765fff3f9768} - C:\Program Files\LegendsOfZork\tbLeg0.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Live! Central] "C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" /mode2
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\branislav\wuaucldt.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [VF0415Inst] RunDll32.exe C:\WINDOWS\system32\V0415Pin.dll,RunDLL32EP 515 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [VF0415Inst] RunDll32.exe C:\WINDOWS\system32\V0415Pin.dll,RunDLL32EP 515 (User 'Default user')
O4 - Startup: algkir32.exe
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6752 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fc0ec69-5eca-413a-a7cb-765fff3f9768}]
LegendsOfZork Toolbar - C:\Program Files\LegendsOfZork\tbLeg0.dll [2010-09-13 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0fc0ec69-5eca-413a-a7cb-765fff3f9768} - LegendsOfZork Toolbar - C:\Program Files\LegendsOfZork\tbLeg0.dll [2010-09-13 2735200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Live! Central"=C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe [2008-08-22 438399]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2006-12-15 176128]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-01-14 37888]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-14 77824]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2009-08-27 614400]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-07-31 139264]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"wuaucldt"=c:\documents and settings\branislav\wuaucldt.exe []

C:\Documents and Settings\Branislav\Start Menu\Programs\Startup
algkir32.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mhlrgcot.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0xFF000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\GameShadow\GameShadow.exe"="C:\Program Files\GameShadow\GameShadow.exe:*:Enabled:Client"
"C:\Program Files\GameShadow\GSDownload.exe"="C:\Program Files\GameShadow\GSDownload.exe:*:Enabled:Downloader"
"D:\Program Files\CS1.6\Counter-Strike 1.6\cstrike.exe"="D:\Program Files\CS1.6\Counter-Strike 1.6\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-10-07 20:02:41 ----D---- C:\rsit
2010-10-07 19:59:46 ----A---- C:\mbam-log-2010-10-07 (19-59-14).txt
2010-10-07 19:01:55 ----A---- C:\mbam-log-2010-10-07 (19-01-44).txt
2010-10-07 18:51:44 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-01 16:07:52 ----A---- C:\WINDOWS\system32\drivers\pyhvfy.sys
2010-10-01 16:07:25 ----A---- C:\WINDOWS\system32\tmp.tmp
2010-10-01 16:07:25 ----A---- C:\WINDOWS\system32\mhlrgcot.dll
2010-09-29 09:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-27 16:21:52 ----D---- C:\DCIM
2010-09-22 07:27:42 ----D---- C:\Program Files\MSXML 4.0
2010-09-20 19:37:11 ----D---- C:\Documents and Settings\Branislav\Application Data\SmarThru4
2010-09-20 19:36:59 ----A---- C:\WINDOWS\system32\drivers\DgivEcp.sys
2010-09-20 19:36:49 ----N---- C:\WINDOWS\system32\SecSNMP.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\LTRPR13n.DLL
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\LTRIO13N.DLL
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\LTR13N.DLL
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\lfpsd13s.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\LFPNM13s.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\lfitg13s.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\lfitg13n.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\lfimg13s.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\lfimg13n.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\lfiff13s.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\lfiff13n.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\lffax13s.dll
2010-09-20 19:36:48 ----A---- C:\WINDOWS\system32\lffax13n.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\PCDLIB32.DLL
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lttwn13n.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\LTCLR13n.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lftif13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\Lfpng13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfpcx13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfpcx13n.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfpcd13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfpcd13n.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfmsp13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfjbg13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\LFJ2K13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfeps13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfeps13n.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\LFCMP13s.DLL
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfclp13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfclp13n.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfbmp13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfavi13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfani13s.dll
2010-09-20 19:36:47 ----A---- C:\WINDOWS\system32\lfani13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\lttmb13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\LTTLB13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\Ltpnt13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\ltpdg13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\LTOCR13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\LTDIS13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\ltbar13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\lftif13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\lfpsd13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\LFPNM13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\Lfpng13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\lfmsp13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\lfjbg13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\LFJ2K13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\LFCMP13n.DLL
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2010-09-20 19:36:46 ----A---- C:\WINDOWS\system32\lfavi13n.dll
2010-09-20 19:36:45 ----A---- C:\WINDOWS\system32\Mfcoleui.dll
2010-09-20 19:36:45 ----A---- C:\WINDOWS\system32\Ltwvc13n.dll
2010-09-20 19:36:45 ----A---- C:\WINDOWS\system32\ltlst13n.dll
2010-09-20 19:36:45 ----A---- C:\WINDOWS\system32\ltfil13n.DLL
2010-09-20 19:36:45 ----A---- C:\WINDOWS\system32\ltdlg13n.dll
2010-09-20 19:36:44 ----D---- C:\Program Files\Common Files\SRC Shared
2010-09-20 19:36:39 ----A---- C:\WINDOWS\Readiris.ini
2010-09-20 19:36:36 ----A---- C:\WINDOWS\system32\irisco32.dll
2010-09-20 19:35:48 ----D---- C:\Program Files\Readiris10
2010-09-20 19:35:38 ----D---- C:\Program Files\SmarThru 4
2010-09-20 19:35:26 ----A---- C:\WINDOWS\ssndii.exe
2010-09-20 19:35:25 ----D---- C:\Program Files\SamsungPrinterLiveUpdate
2010-09-20 19:35:25 ----A---- C:\WINDOWS\system32\msxml2a.dll
2010-09-20 19:35:24 ----A---- C:\WINDOWS\system32\msxml4r.dll
2010-09-20 19:35:24 ----A---- C:\WINDOWS\system32\msxml4a.dll
2010-09-20 19:35:23 ----D---- C:\WINDOWS\Samsung
2010-09-20 19:34:24 ----D---- C:\Program Files\Samsung
2010-09-20 19:32:50 ----D---- C:\WINDOWS\system32\drivers\Samsung
2010-09-15 19:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 19:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 19:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 19:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 19:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 19:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 19:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$

======List of files/folders modified in the last 1 months======

2010-10-07 20:03:10 ----D---- C:\Program Files\Trend Micro
2010-10-07 20:02:47 ----D---- C:\WINDOWS\Prefetch
2010-10-07 20:01:27 ----D---- C:\Documents and Settings\Branislav\Application Data\Skype
2010-10-07 20:01:04 ----D---- C:\WINDOWS\Temp
2010-10-07 20:00:52 ----D---- C:\WINDOWS
2010-10-07 20:00:21 ----D---- C:\WINDOWS\system32\drivers
2010-10-07 19:59:14 ----D---- C:\WINDOWS\system32
2010-10-07 19:46:44 ----D---- C:\Program Files\Mozilla Firefox
2010-10-07 19:44:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-07 16:01:51 ----D---- C:\Documents and Settings\Branislav\Application Data\skypePM
2010-10-01 17:26:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-01 16:10:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-01 16:10:12 ----D---- C:\Program Files\Internet Explorer
2010-09-29 09:28:10 ----HD---- C:\WINDOWS\inf
2010-09-24 15:48:37 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-09-22 07:27:49 ----SHD---- C:\WINDOWS\Installer
2010-09-22 07:27:49 ----D---- C:\WINDOWS\WinSxS
2010-09-20 19:36:44 ----D---- C:\Program Files\Common Files
2010-09-20 19:35:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-20 19:35:48 ----RD---- C:\Program Files
2010-09-20 19:30:11 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
2010-09-20 19:29:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-15 19:05:38 ----A---- C:\WINDOWS\imsins.BAK
2010-09-15 19:05:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-13 14:25:42 ----D---- C:\Program Files\LegendsOfZork

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-09-30 721904]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys [2008-08-12 135616]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual; C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 V0415Afx;Creative Camera VF0415 Audio Effects Driver; C:\WINDOWS\system32\DRIVERS\V0415Afx.sys [2008-04-30 160768]
R3 V0415Vid;Creative Live! Cam Video IM Ultra Driver; C:\WINDOWS\system32\DRIVERS\V0415Vid.sys [2008-08-14 282464]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2007-02-15 281728]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2004-03-17 117248]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-05-24 11392]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 a5wro4vw;a5wro4vw; C:\WINDOWS\system32\drivers\a5wro4vw.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
S3 b57w2k;BCM5701 Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-08-17 96640]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2006-07-31 720896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Můžete dát log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Tvrdíte ale, že máte společné připojení se sousedem a jemu jede upload na 100%.

Combofix musím stiahnúť v Safemode, teraz to ide 1kb/s ((((
Nie som na svojom PC, ale u suseda...môj beží (zatial) bez problémov, ale budem ho riešiť potom.
Ešte som zabudol, na tomto PC bol Avast!, ale nefunkčný-možno aj preto ten vír-doma mám tiež Avast!, ale funkčný. Potom si ho dám preveriť u vás...
Po stiahnutí pošlem log.
Zatiaľ veľmi pekne ďakujem

Tu je log s Combofixu:

ComboFix 10-10-07.01 - Branislav 07.10.2010 21:07:38.1.1 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.991.711 [GMT 2:00]
Running from: c:\documents and settings\Branislav\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Branislav\Application Data\Desktopicon
c:\documents and settings\Branislav\Application Data\Desktopicon\config.ini
c:\documents and settings\Branislav\Start Menu\Programs\Startup\algkir32.exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\windows\system32\driVERs\pyhvfy.sys
c:\windows\system32\mhlrgcot.dll
c:\windows\system32\YingInstall
c:\windows\system32\YingInstall\409.ini
c:\windows\Ying-UnInstall.exe

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_pyhvfy
-------\Service_pyhvfy


((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-10-07 18:02 . 2010-10-07 18:03 -------- d-----w- C:\rsit
2010-09-27 14:21 . 2010-09-27 14:21 -------- d-----w- C:\DCIM
2010-09-22 05:27 . 2010-09-22 05:27 -------- d-----w- c:\program files\MSXML 4.0
2010-09-20 17:37 . 2010-09-20 17:37 -------- d-----w- c:\documents and settings\Branislav\Application Data\SmarThru4
2010-09-20 17:35 . 2010-09-20 17:37 -------- d-----w- c:\program files\SmarThru 4
2010-09-20 17:35 . 2009-09-07 11:48 482408 ----a-w- c:\windows\ssndii.exe
2010-09-20 17:35 . 2010-09-27 07:14 -------- d-----w- c:\program files\SamsungPrinterLiveUpdate
2010-09-20 17:35 . 2009-07-30 12:00 21776 ----a-w- c:\windows\system32\msxml2a.dll
2010-09-20 17:35 . 2009-07-30 12:00 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-09-20 17:35 . 2009-07-30 12:00 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-09-20 17:35 . 2010-09-20 17:35 -------- d-----w- c:\windows\Samsung
2010-09-20 17:34 . 2010-09-20 17:34 -------- d-----w- c:\program files\Samsung
2010-09-20 17:32 . 2010-09-20 17:32 -------- d-----w- c:\windows\system32\drivers\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 19:03 . 2010-10-01 14:07 0 ----a-w- c:\windows\system32\tmp.tmp
2010-10-07 19:02 . 2010-06-11 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-07 18:03 . 2009-05-14 15:36 -------- d-----w- c:\documents and settings\Branislav\Application Data\Skype
2010-10-07 18:03 . 2010-02-26 11:50 -------- d-----w- c:\program files\Trend Micro
2010-10-07 14:01 . 2009-05-14 15:44 -------- d-----w- c:\documents and settings\Branislav\Application Data\skypePM
2010-10-01 14:07 . 2010-10-01 14:07 16 ----a-w- c:\documents and settings\NetworkService\Application Data\yopgrf.dat
2010-09-20 17:36 . 2010-09-20 17:36 -------- d-----w- c:\program files\Common Files\SRC Shared
2010-09-20 17:36 . 2010-09-20 17:35 -------- d-----w- c:\program files\Readiris10
2010-09-20 17:35 . 2009-03-29 09:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-20 17:30 . 2009-12-25 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-09-13 12:25 . 2010-05-30 07:09 -------- d-----w- c:\program files\LegendsOfZork
2010-08-23 12:07 . 2010-08-23 12:06 -------- d-----w- c:\program files\ShineMarbles
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 15:07 . 2010-08-14 15:06 -------- d-----w- c:\program files\QuickTime
2010-08-14 15:06 . 2010-08-14 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-08-14 15:06 . 2010-08-14 15:06 -------- d-----w- c:\program files\LEGO Software
2010-08-12 07:38 . 2010-08-12 07:38 -------- d-----w- c:\program files\BrainsPool
2010-08-11 10:54 . 2010-08-11 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-08-11 10:53 . 2010-08-01 16:25 -------- d-----w- c:\program files\GUSTO
2010-07-22 15:49 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 18:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0fc0ec69-5eca-413a-a7cb-765fff3f9768}"= "c:\program files\LegendsOfZork\tbLeg0.dll" [2010-09-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{0fc0ec69-5eca-413a-a7cb-765fff3f9768}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0fc0ec69-5eca-413a-a7cb-765fff3f9768}]
2010-09-13 12:26 2735200 ----a-w- c:\program files\LegendsOfZork\tbLeg0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0fc0ec69-5eca-413a-a7cb-765fff3f9768}"= "c:\program files\LegendsOfZork\tbLeg0.dll" [2010-09-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{0fc0ec69-5eca-413a-a7cb-765fff3f9768}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0FC0EC69-5ECA-413A-A7CB-765FFF3F9768}"= "c:\program files\LegendsOfZork\tbLeg0.dll" [2010-09-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{0fc0ec69-5eca-413a-a7cb-765fff3f9768}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Live! Central"="c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-08-22 438399]
"VTTrayp"="VTtrayp.exe" [2006-12-15 176128]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-14 77824]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-27 614400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0415Inst"="c:\windows\system32\V0415Pin.dll" [2008-07-07 40960]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mhlrgcot.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Q3Ademo\\quake3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GameShadow\\GameShadow.exe"=
"c:\\Program Files\\GameShadow\\GSDownload.exe"=
"d:\\Program Files\\CS1.6\\Counter-Strike 1.6\\cstrike.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [17.5.2009 11:46 135616]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [17.5.2009 11:47 31616]
S3 V0415Afx;Creative Camera VF0415 Audio Effects Driver;c:\windows\system32\drivers\V0415Afx.sys [17.5.2009 11:48 160768]
S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [17.5.2009 11:47 282464]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2009 16:38 721904]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.azet.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\Branislav\Application Data\Mozilla\Firefox\Profiles\khydxoaw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic_English Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{584AAC83-CDBD-4016-9518-96B5016BB0D3} - (no file)
HKCU-Run-wuaucldt - c:\documents and settings\branislav\wuaucldt.exe
AddRemove-ShineMarbles 1.0 - c:\windows\Ying-UnInstall.exe


.
Completion time: 2010-10-07 21:16:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-07 19:16

Pre-Run: 13 531 144 192 bytes free
Post-Run: 13 515 763 712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""

- - End Of File - - 582222F64E125203CC0D4CE5C8606D4E

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Registry::
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkazy ze skriptu.

Takže dočistené a tu je log:

ComboFix 10-10-07.01 - Branislav 08.10.2010 9:00.2.1 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.991.793 [GMT 2:00]
Running from: c:\documents and settings\Branislav\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Branislav\Desktop\CFScript.txt.txt
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 06:57 . 2010-10-08 06:58 -------- d-----w- c:\documents and settings\Administrator
2010-10-07 19:31 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-10-07 19:31 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-10-07 19:31 . 2010-10-07 19:31 -------- d-----w- c:\program files\Sunbelt Software
2010-10-07 18:02 . 2010-10-07 18:03 -------- d-----w- C:\rsit
2010-09-27 14:21 . 2010-09-27 14:21 -------- d-----w- C:\DCIM
2010-09-22 05:27 . 2010-09-22 05:27 -------- d-----w- c:\program files\MSXML 4.0
2010-09-20 17:37 . 2010-09-20 17:37 -------- d-----w- c:\documents and settings\Branislav\Application Data\SmarThru4
2010-09-20 17:35 . 2010-09-20 17:37 -------- d-----w- c:\program files\SmarThru 4
2010-09-20 17:35 . 2009-09-07 11:48 482408 ----a-w- c:\windows\ssndii.exe
2010-09-20 17:35 . 2010-09-27 07:14 -------- d-----w- c:\program files\SamsungPrinterLiveUpdate
2010-09-20 17:35 . 2009-07-30 12:00 21776 ----a-w- c:\windows\system32\msxml2a.dll
2010-09-20 17:35 . 2009-07-30 12:00 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-09-20 17:35 . 2009-07-30 12:00 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-09-20 17:35 . 2010-09-20 17:35 -------- d-----w- c:\windows\Samsung
2010-09-20 17:34 . 2010-09-20 17:34 -------- d-----w- c:\program files\Samsung
2010-09-20 17:32 . 2010-09-20 17:32 -------- d-----w- c:\windows\system32\drivers\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 19:36 . 2009-05-14 15:36 -------- d-----w- c:\documents and settings\Branislav\Application Data\Skype
2010-10-07 19:03 . 2010-10-01 14:07 0 ----a-w- c:\windows\system32\tmp.tmp
2010-10-07 19:02 . 2010-06-11 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-07 18:03 . 2010-02-26 11:50 -------- d-----w- c:\program files\Trend Micro
2010-10-07 14:01 . 2009-05-14 15:44 -------- d-----w- c:\documents and settings\Branislav\Application Data\skypePM
2010-10-01 14:07 . 2010-10-01 14:07 16 ----a-w- c:\documents and settings\NetworkService\Application Data\yopgrf.dat
2010-09-20 17:36 . 2010-09-20 17:36 -------- d-----w- c:\program files\Common Files\SRC Shared
2010-09-20 17:36 . 2010-09-20 17:35 -------- d-----w- c:\program files\Readiris10
2010-09-20 17:35 . 2009-03-29 09:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-20 17:30 . 2009-12-25 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-09-13 12:25 . 2010-05-30 07:09 -------- d-----w- c:\program files\LegendsOfZork
2010-08-23 12:07 . 2010-08-23 12:06 -------- d-----w- c:\program files\ShineMarbles
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 15:07 . 2010-08-14 15:06 -------- d-----w- c:\program files\QuickTime
2010-08-14 15:06 . 2010-08-14 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-08-14 15:06 . 2010-08-14 15:06 -------- d-----w- c:\program files\LEGO Software
2010-08-12 07:38 . 2010-08-12 07:38 -------- d-----w- c:\program files\BrainsPool
2010-08-11 10:54 . 2010-08-11 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-08-11 10:53 . 2010-08-01 16:25 -------- d-----w- c:\program files\GUSTO
2010-07-22 15:49 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 18:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0fc0ec69-5eca-413a-a7cb-765fff3f9768}"= "c:\program files\LegendsOfZork\tbLeg0.dll" [2010-09-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{0fc0ec69-5eca-413a-a7cb-765fff3f9768}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0fc0ec69-5eca-413a-a7cb-765fff3f9768}]
2010-09-13 12:26 2735200 ----a-w- c:\program files\LegendsOfZork\tbLeg0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0fc0ec69-5eca-413a-a7cb-765fff3f9768}"= "c:\program files\LegendsOfZork\tbLeg0.dll" [2010-09-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{0fc0ec69-5eca-413a-a7cb-765fff3f9768}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0FC0EC69-5ECA-413A-A7CB-765FFF3F9768}"= "c:\program files\LegendsOfZork\tbLeg0.dll" [2010-09-13 2735200]

[HKEY_CLASSES_ROOT\clsid\{0fc0ec69-5eca-413a-a7cb-765fff3f9768}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Live! Central"="c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-08-22 438399]
"VTTrayp"="VTtrayp.exe" [2006-12-15 176128]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-14 77824]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-27 614400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0415Inst"="c:\windows\system32\V0415Pin.dll" [2008-07-07 40960]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Q3Ademo\\quake3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GameShadow\\GameShadow.exe"=
"c:\\Program Files\\GameShadow\\GSDownload.exe"=
"d:\\Program Files\\CS1.6\\Counter-Strike 1.6\\cstrike.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [7.10.2010 21:31 270888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [7.10.2010 21:31 65576]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [17.5.2009 11:46 135616]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [17.5.2009 11:47 31616]
S3 V0415Afx;Creative Camera VF0415 Audio Effects Driver;c:\windows\system32\drivers\V0415Afx.sys [17.5.2009 11:48 160768]
S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [17.5.2009 11:47 282464]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2009 16:38 721904]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.azet.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\Branislav\Application Data\Mozilla\Firefox\Profiles\khydxoaw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic_English Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
.
Completion time: 2010-10-08 09:06:19
ComboFix-quarantined-files.txt 2010-10-08 07:06
ComboFix2.txt 2010-10-07 19:16

Pre-Run: 13 439 885 312 bytes free
Post-Run: 13 434 064 896 bytes free

- - End Of File - - 8768DF827ED646810999B9CA5426CA87

Ešte by som vás chcel poprosiť o vyčistenie môjho PC.
U suseda som PC vypol, zapol som svoje a dal som ho skontrolovať....Hrôza:((((
Inak PC beží v pohode.
Tu sú logy s MBAMu a s RSITu:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verzia databázy: 4773

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8.10.2010 8:27:16
mbam-log-2010-10-08 (08-27-16).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 136486
Uplynulý čas: 6 min, 7 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 27
Infikované registračné hodnoty: 2
Infikované položky registračných dát: 0
Infikované priečinky: 9
Infikované súbory: 6

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> No action taken.

Infikované registračné hodnoty:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
C:\Documents and Settings\mirusko\Application Data\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> No action taken.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.ShopperReports) -> No action taken.

Infikované súbory:
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\mirusko\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> No action taken.

RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by mirusko at 2010-10-08 09:33:22
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 995 MB (10%) free of 10 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:36, on 8.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\PROGRAM FILES\FRAPS\FRAPS.EXE
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\mirusko\Desktop\RSIT.exe
C:\Program Files\trend micro\mirusko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Launch Ai Booster] "H:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fraps] D:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - D:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - D:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - D:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mahjong Escape - Ancient China\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mahjong Escape - Ancient China\Images\armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9410 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
ShoppingReport

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"Launch Ai Booster"=H:\Program Files\ASUS\AI Booster\OverClk.exe []
"NWEReboot"= []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"avast!"=D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-03-24 1073152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-07-31 139264]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Fraps"=D:\PROGRAM FILES\FRAPS\FRAPS.EXE [2009-11-21 2377648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe [2007-07-11 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2007-05-10 835584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2007-04-21 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE [2005-06-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk]
C:\PROGRA~1\Hama\HAMAWE~1\MAGIC-~1\MAGIC-~1.EXE [2007-09-28 330240]

C:\Documents and Settings\mirusko\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - D:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\GameFace Messenger\GameFace.exe"="C:\Program Files\GameFace Messenger\GameFace.exe:*:Enabled:IM"
"D:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE"="D:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE:*:Enabled:XENUS"
"D:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe"="D:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe:*:Enabled:graw"
"D:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe"="D:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9"
"D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQLite\ICQLite.exe"="D:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"D:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="D:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="D:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="D:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"D:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="D:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe"="D:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Beta"
"D:\Program Files\4Game\PointBlank\pointblank.exe"="D:\Program Files\4Game\PointBlank\pointblank.exe:*:Enabled:PointBlank"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Gore Special Edition\Gore.exe"="D:\Program Files\Gore Special Edition\Gore.exe:*:Enabled:Gore"
"D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:UT3"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-10-08 09:33:27 ----D---- C:\Program Files\trend micro
2010-10-08 09:33:22 ----D---- C:\rsit
2010-10-08 08:17:02 ----D---- C:\Documents and Settings\mirusko\Application Data\Malwarebytes
2010-10-08 08:16:51 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-08 08:16:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-10-08 08:16:50 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-06 10:05:17 ----A---- C:\WINDOWS\system32\pbsvc_heroes.exe
2010-09-28 21:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-20 08:27:54 ----D---- C:\WINDOWS\Sun
2010-09-15 15:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 15:19:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 15:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 15:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 15:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 15:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 15:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$

======List of files/folders modified in the last 1 months======

2010-10-08 09:33:29 ----D---- C:\WINDOWS\Prefetch
2010-10-08 09:33:27 ----RD---- C:\Program Files
2010-10-08 08:38:05 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-08 08:38:00 ----RSD---- C:\WINDOWS\assembly
2010-10-08 08:16:51 ----D---- C:\WINDOWS\system32\drivers
2010-10-08 08:09:46 ----D---- C:\WINDOWS\Temp
2010-10-08 08:09:28 ----SHD---- C:\WINDOWS\Installer
2010-10-08 08:09:28 ----HD---- C:\Config.Msi
2010-10-07 21:19:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-07 21:19:21 ----D---- C:\WINDOWS\system32
2010-10-07 21:19:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-07 21:18:54 ----D---- C:\WINDOWS\WinSxS
2010-10-07 21:17:13 ----D---- C:\WINDOWS
2010-10-06 19:32:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-06 10:05:26 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-10-05 21:23:47 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-10-04 00:39:14 ----D---- C:\Documents and Settings\mirusko\Application Data\Skype
2010-10-04 00:08:51 ----D---- C:\Documents and Settings\mirusko\Application Data\skypePM
2010-09-29 19:48:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-28 21:52:54 ----HD---- C:\WINDOWS\inf
2010-09-26 09:29:10 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-09-26 09:03:36 ----D---- C:\Program Files\Google
2010-09-23 00:12:06 ----D---- C:\JA
2010-09-21 16:01:49 ----D---- C:\WINDOWS\Debug
2010-09-15 15:19:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 15:19:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 15:16:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2006-12-23 77120]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2005-12-21 7136]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-05-04 717296]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2006-12-23 80768]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 io.sys;IO.DLL Driver; \??\C:\WINDOWS\system32\drivers\io.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 13184]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-02-10 47488]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2005-09-27 16000]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416]
S3 amb6z5ue;amb6z5ue; C:\WINDOWS\system32\drivers\amb6z5ue.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-10-16 10376576]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-02 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-11 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-10-06 189248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2006-07-31 720896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Prosím pomôžte

Smažte vše, co našel MBAM. Jinak čisto.

Díky moc!! Vypadá to byť už OK.
Pre istotu som spravil ešte scan RSITom. Tu je log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by mirusko at 2010-10-10 12:47:04
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 999 MB (10%) free of 10 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:11, on 10.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\mirusko\Desktop\RSIT.exe
C:\Program Files\trend micro\mirusko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Launch Ai Booster] "H:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Fraps] D:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - D:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - D:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - D:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mahjong Escape - Ancient China\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mahjong Escape - Ancient China\Images\armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8959 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"Launch Ai Booster"=H:\Program Files\ASUS\AI Booster\OverClk.exe []
"NWEReboot"= []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"avast!"=D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-03-24 1073152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-07-31 139264]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Fraps"=D:\PROGRAM FILES\FRAPS\FRAPS.EXE [2009-11-21 2377648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\WINDOWS\FixCamera.exe [2007-07-11 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2007-05-10 835584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2007-04-21 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE [2005-06-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk]
C:\PROGRA~1\Hama\HAMAWE~1\MAGIC-~1\MAGIC-~1.EXE [2007-09-28 330240]

C:\Documents and Settings\mirusko\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - D:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\GameFace Messenger\GameFace.exe"="C:\Program Files\GameFace Messenger\GameFace.exe:*:Enabled:IM"
"D:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE"="D:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE:*:Enabled:XENUS"
"D:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe"="D:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\graw.exe:*:Enabled:graw"
"D:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe"="D:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9"
"D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQLite\ICQLite.exe"="D:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"D:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="D:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="D:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="D:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"D:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="D:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe"="D:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Beta"
"D:\Program Files\4Game\PointBlank\pointblank.exe"="D:\Program Files\4Game\PointBlank\pointblank.exe:*:Enabled:PointBlank"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Gore Special Edition\Gore.exe"="D:\Program Files\Gore Special Edition\Gore.exe:*:Enabled:Gore"
"D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="D:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:UT3"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-10-10 12:47:04 ----D---- C:\rsit
2010-10-08 09:33:27 ----D---- C:\Program Files\trend micro
2010-10-08 08:17:02 ----D---- C:\Documents and Settings\mirusko\Application Data\Malwarebytes
2010-10-08 08:16:51 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-08 08:16:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-10-08 08:16:50 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-06 10:05:17 ----A---- C:\WINDOWS\system32\pbsvc_heroes.exe
2010-09-28 21:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-20 08:27:54 ----D---- C:\WINDOWS\Sun
2010-09-15 15:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 15:19:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 15:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 15:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 15:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 15:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 15:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$

======List of files/folders modified in the last 1 months======

2010-10-10 12:38:28 ----D---- C:\WINDOWS\Prefetch
2010-10-10 12:26:40 ----D---- C:\WINDOWS\Temp
2010-10-10 12:24:35 ----D---- C:\WINDOWS\system32\drivers
2010-10-10 12:24:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-10 12:23:32 ----RD---- C:\Program Files
2010-10-08 14:03:07 ----D---- C:\WINDOWS
2010-10-08 08:38:05 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-08 08:38:00 ----RSD---- C:\WINDOWS\assembly
2010-10-08 08:09:28 ----SHD---- C:\WINDOWS\Installer
2010-10-08 08:09:28 ----HD---- C:\Config.Msi
2010-10-07 21:19:21 ----D---- C:\WINDOWS\system32
2010-10-07 21:19:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-07 21:18:54 ----D---- C:\WINDOWS\WinSxS
2010-10-06 19:32:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-06 10:05:26 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-10-05 21:23:47 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-10-04 00:39:14 ----D---- C:\Documents and Settings\mirusko\Application Data\Skype
2010-10-04 00:08:51 ----D---- C:\Documents and Settings\mirusko\Application Data\skypePM
2010-09-29 19:48:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-28 21:52:54 ----HD---- C:\WINDOWS\inf
2010-09-26 09:29:10 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2010-09-26 09:03:36 ----D---- C:\Program Files\Google
2010-09-23 00:12:06 ----D---- C:\JA
2010-09-21 16:01:49 ----D---- C:\WINDOWS\Debug
2010-09-15 15:19:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 15:19:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 15:16:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2006-12-23 77120]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2005-12-21 7136]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-05-04 717296]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2006-12-23 80768]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 io.sys;IO.DLL Driver; \??\C:\WINDOWS\system32\drivers\io.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 13184]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-04-06 81664]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-02-10 47488]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2005-09-27 16000]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416]
S3 a6lqjt9h;a6lqjt9h; C:\WINDOWS\system32\drivers\a6lqjt9h.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-10-16 10376576]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-02 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-02-20 1222192]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-11 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-10-06 189248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2006-07-31 720896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



Ešteraz DÍKY

Log vypadá čistý. Nemáte zač!