VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by hp at 2011-07-09 18:31:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (55%) free of 19 GB
Total RAM: 255 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:32:25, on 9.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\hp\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\hp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9263088531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9DFCAC5-E674-4665-BA1C-4BC02D23CC31}: NameServer = 194.228.41.113 160.218.161.54
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7509 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\hp\Data aplikací\Mozilla\Firefox\Profiles\t7q553ki.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz"
prefs.js - "extensions.enabledItems" - "{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1, {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.4, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=mcafee&p="

"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"=C:\Program Files\McAfee\SiteAdvisor
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\Toolbar\firefox\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
jyxo-cz.xml
mall-cz.xml
McSiteAdvisor.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-06-01 1237240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-04-08 251928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-04-08 251928]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-06-01 1237240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SpywareTerminator"=C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2011-07-07 2216960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-07 3318784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Disabled:Opera Internet Browser"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

======List of files/folders created in the last 1 month======

2011-07-09 18:31:15 ----D---- C:\rsit
2011-07-07 20:08:37 ----A---- C:\ComboFix.txt
2011-07-07 19:33:34 ----A---- C:\Boot.bak
2011-07-07 19:32:53 ----RASHD---- C:\cmdcons
2011-07-07 19:19:13 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-07 19:19:13 ----A---- C:\WINDOWS\MBR.exe
2011-07-07 19:19:12 ----A---- C:\WINDOWS\zip.exe
2011-07-07 19:19:12 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-07 19:19:12 ----A---- C:\WINDOWS\SWSC.exe
2011-07-07 19:19:12 ----A---- C:\WINDOWS\SWREG.exe
2011-07-07 19:19:12 ----A---- C:\WINDOWS\sed.exe
2011-07-07 19:19:12 ----A---- C:\WINDOWS\PEV.exe
2011-07-07 19:19:12 ----A---- C:\WINDOWS\grep.exe
2011-07-07 19:17:36 ----D---- C:\WINDOWS\ERDNT
2011-07-07 19:16:15 ----D---- C:\Qoobox
2011-07-07 17:01:53 ----D---- C:\Program Files\Trend Micro
2011-07-07 14:30:50 ----D---- C:\Program Files\Crawler
2011-07-07 14:30:37 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-07-07 14:30:33 ----D---- C:\Documents and Settings\hp\Data aplikací\Spyware Terminator
2011-07-07 14:30:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-07-07 14:30:02 ----D---- C:\Program Files\Spyware Terminator
2011-07-02 08:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-16 12:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-16 12:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-16 12:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-16 12:19:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-16 12:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-06-10 10:06:49 ----D---- C:\Program Files\Windows Defender

======List of files/folders modified in the last 1 month======

2011-07-09 18:30:24 ----D---- C:\WINDOWS\Prefetch
2011-07-09 16:46:39 ----D---- C:\WINDOWS\Temp
2011-07-09 11:15:05 ----D---- C:\Program Files\Mozilla Firefox
2011-07-08 09:24:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-07 20:07:19 ----SD---- C:\WINDOWS\Tasks
2011-07-07 20:02:40 ----D---- C:\WINDOWS
2011-07-07 20:02:40 ----A---- C:\WINDOWS\system.ini
2011-07-07 19:48:14 ----D---- C:\WINDOWS\system32\drivers
2011-07-07 19:48:14 ----D---- C:\WINDOWS\system32
2011-07-07 19:48:14 ----D---- C:\WINDOWS\AppPatch
2011-07-07 19:48:04 ----D---- C:\Program Files\Common Files
2011-07-07 19:36:08 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-07 19:33:34 ----RASH---- C:\boot.ini
2011-07-07 17:01:59 ----SHD---- C:\WINDOWS\Installer
2011-07-07 17:01:59 ----D---- C:\Config.Msi
2011-07-07 17:01:58 ----SD---- C:\Documents and Settings\hp\Data aplikací\Microsoft
2011-07-07 17:01:53 ----RD---- C:\Program Files
2011-07-02 08:23:48 ----HD---- C:\WINDOWS\inf
2011-07-02 08:23:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-06-30 20:45:32 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-16 12:25:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-06-16 12:22:36 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-16 12:21:21 ----A---- C:\WINDOWS\imsins.BAK
2011-06-16 12:18:35 ----D---- C:\Program Files\Internet Explorer
2011-06-16 12:18:09 ----D---- C:\WINDOWS\ie8updates
2011-06-12 09:14:38 ----D---- C:\WINDOWS\system32\config
2011-06-12 09:14:19 ----D---- C:\WINDOWS\system32\wbem
2011-06-12 09:14:18 ----D---- C:\WINDOWS\Registration
2011-06-10 10:06:49 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2007-09-06 26624]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-09-06 42912]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2007-09-06 94416]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-09-06 23152]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-07-17 46167]
S3 catchme;catchme; \??\C:\DOCUME~1\hp\LOCALS~1\Temp\catchme.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-09-06 16248]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-09-06 132472]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2011-02-16 88176]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-07-07 496128]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-09-06 243064]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-09-06 345464]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Toto je OK. 7.7. jste provedl sken ComboFix. Rád bych viděl log z něho. Najdete jej v C:\combofix.txt .

Tady to je:

ComboFix 11-07-07.03 - hp 07.07.2011 19:40:50.1.1 - x86
Spuštěný z: c:\documents and settings\hp\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! antivirus 4.7.1043 [VPS 110707-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-07 do 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 15:01 . 2011-07-07 15:01 388096 ----a-r- c:\documents and settings\hp\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-07 15:01 . 2011-07-07 15:01 -------- d-----w- c:\program files\Trend Micro
2011-07-07 12:46 . 2011-07-07 13:21 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Spyware Terminator
2011-07-07 12:41 . 2011-07-07 12:41 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-07-07 12:30 . 2011-07-07 12:31 -------- d-----w- c:\program files\Crawler
2011-07-07 12:30 . 2011-07-07 12:30 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-07-07 12:30 . 2011-07-07 15:04 -------- d-----w- c:\documents and settings\hp\Data aplikací\Spyware Terminator
2011-07-07 12:30 . 2011-07-07 12:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-07-07 12:30 . 2011-07-07 12:58 -------- d-----w- c:\program files\Spyware Terminator
2011-06-15 14:08 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 07:14 . 2011-06-12 07:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-10 08:06 . 2011-06-12 07:13 -------- d-----w- c:\program files\Windows Defender
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:32 . 2010-03-22 09:20 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-07-07 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-07-07 2216960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-3-22 962663]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7.7.2011 14:30 142592]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SP_RSDRV2
*NewlyCreated* - SP_RSSRV
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\hp\Data aplikací\Mozilla\Firefox\Profiles\t7q553ki.default\
FF - prefs.js: browser.search.selectedEngine - Bezpečné vyhledávání
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 20:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-299502267-1844237615-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3280)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2011-07-07 20:08:36
ComboFix-quarantined-files.txt 2011-07-07 18:08
.
Před spuštěním: Volných bajtů: 10 809 962 496
Po spuštění: Volných bajtů: 11 231 223 808
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 483751A9252FA54F1D0FBC01884068B6

I tento log je zcela čistý. Dávat log RSIT krátce po skenu CF je zbytečné, bude vždy čistý. CF nedoporučujeme ke spouštění laiky, možné poškození systému.

Znovu vám opakuji, že problémy se řeší zde, v topic. Mám to napsané i ve svém podpisu. Ve vašem případě ještě zkuste defragmentovat disk a vyčistit PC od balastu CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478. Do budoucna doporučuji zvětšit RAM alespoň na 512 - 1024MB. 255MB je i pro WinXP málo.

Ještě jednou se omlouvám, a jinak moc dík. Myslel jsem si že problem bude v moralně zastaralem PC.

Rádo se stalo!