VIRY.CZ

Ahoj,

v poslední době se, vždy když se připojím přes mobil k internetu, odešle v prvních několika minutách (cca 10-15min) cca 5MB dat neznámo kam, nepodařilo se mi cíl zjistit ani analýzou LSP chainu, ani přes TCPView nebo Wireshark. Pokud nejsem připojený přes dialup, ale přes WiFi, toto se nestává. Prosím o kontrolu logu, zda není na první pohled zřetelné, co mi v systému parazituje, děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by dj-bobr at 2012-02-01 03:36:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 181 MB (0%) free of 51 GB
Total RAM: 2046 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:36:40, on 1.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\Program Files\TPFanControl\TPFanControl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\__DELL\sys\Program Files\Paint Shop Pro\Psp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\dj-bobr\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\dj-bobr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TpShocks] ;TpShocks.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [TPFanControl] C:\Program Files\TPFanControl\TPFanControl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\dj-bobr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{261EC8DA-0A98-4660-AED7-7674E90075C1}: NameServer = 217.77.165.81 217.77.161.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{50DA9E97-7323-4D0A-A7C3-22E2A2C74153}: NameServer = 10.0.0.138
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 9408 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\BMMTask.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1202660629-2147020463-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1202660629-2147020463-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\dj-bobr\Data aplikací\Mozilla\Firefox\Profiles\1yd3btan.ikm

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"fe_9.0@nokia.com"=C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@research.microsoft.com/HDView]
"Description"=Microsoft Research HD View
"Path"=C:\Program Files\Microsoft Research\HD View\nphdview.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-12 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"TpShocks"=;TpShocks.exe []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-17 815104]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"LenovoAutoScrollUtility"=C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [2010-04-01 43960]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-20 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-20 396288]
"BLOG"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-04-20 208896]
"SxgTkBar"=C:\WINDOWS\system32\SxgTkBar.exe [2002-07-22 53248]
"TPFanControl"=C:\Program Files\TPFanControl\TPFanControl.exe [2010-04-23 154112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]
"BrStsWnd"=C:\Program Files\Brownie\BrstsWnd.exe [2011-03-25 3618160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTAgent.exe [2011-03-17 842048]
""= []
"Google Update"=C:\Documents and Settings\dj-bobr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-10-20 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\UltraVNC\winvnc.exe"="C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe"
"C:\Program Files\UltraVNC\vncviewer.exe"="C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Documents and Settings\dj-bobr\Plocha\Odorik.exe"="C:\Documents and Settings\dj-bobr\Plocha\Odorik.exe:*:Enabled:Odorik.exe"
"C:\Documents and Settings\dj-bobr\Dokumenty\Stažené soubory\Odorik.exe"="C:\Documents and Settings\dj-bobr\Dokumenty\Stažené soubory\Odorik.exe:*:Enabled:Odorik.exe"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.avis"=ff_acm.acm
"MSVideo8"=VfWWDM32.dll
"VIDC.SP54"=SP5X_32.DLL
"VIDC.SP55"=SP5X_32.DLL
"VIDC.SP56"=SP5X_32.DLL
"VIDC.SP57"=SP5X_32.DLL
"VIDC.SP58"=SP5X_32.DLL
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"midi2"=wdmaud.drv
"wave2"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"midi6"=wdmaud.drv
"midi7"=wdmaud.drv
"vidc.yv12"=yv12vfw.dll
"VIDC.WMV3"=wmv9vcm.dll

======List of files/folders created in the last 1 month======

2012-02-01 03:36:30 ----D---- C:\Program Files\trend micro
2012-02-01 03:36:27 ----D---- C:\rsit
2012-01-28 14:42:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Zoner
2012-01-25 03:52:26 ----A---- C:\WINDOWS\system32\PSP Xenon.dll
2012-01-25 03:50:37 ----A---- C:\WINDOWS\system32\PSP VintageWarmer2.dll
2012-01-25 03:50:30 ----A---- C:\WINDOWS\PSP VintageWarmer Setup Log.txt
2012-01-25 03:48:35 ----D---- C:\Program Files\PSPaudioware
2012-01-23 21:36:28 ----A---- C:\WINDOWS\system32\drivers\wceusbsh.sys
2012-01-20 20:42:21 ----D---- C:\Install
2012-01-19 19:37:10 ----D---- C:\PTUN
2012-01-17 20:24:13 ----D---- C:\Program Files\Xirrus
2012-01-15 14:18:12 ----A---- C:\WINDOWS\IE4 Error Log.txt
2012-01-14 09:24:00 ----D---- C:\Documents and Settings\dj-bobr\Data aplikací\TightVNC
2012-01-14 09:23:53 ----D---- C:\Program Files\TightVNC
2012-01-10 23:14:59 ----D---- C:\Program Files\PMP Transcoding Tool
2012-01-06 05:33:45 ----D---- C:\Program Files\Runtime Software
2012-01-04 08:23:53 ----D---- C:\_SHOWROOM
2012-01-04 02:04:23 ----D---- C:\Documents and Settings\dj-bobr\Data aplikací\CorsixTH
2012-01-03 10:09:14 ----D---- C:\Program Files\Common Files\DirectX
2012-01-03 09:51:34 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2012-01-03 09:51:34 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2012-01-03 09:51:33 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2012-01-03 09:51:33 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2012-01-03 09:51:33 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2012-01-03 09:51:32 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2012-01-03 09:51:32 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-01-03 09:51:31 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2012-01-03 09:51:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2012-01-03 09:51:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2012-01-03 09:51:29 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2012-01-03 09:51:26 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2012-01-03 09:51:05 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2012-01-03 09:51:04 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2012-01-03 09:51:04 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2012-01-03 09:51:03 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2012-01-03 09:51:00 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2012-01-03 09:50:59 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2012-01-03 09:50:58 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2012-01-03 09:50:57 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2012-01-03 09:50:56 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2012-01-03 09:50:53 ----A---- C:\WINDOWS\system32\d3dx9_24.dll

======List of files/folders modified in the last 1 month======

2012-02-01 03:36:33 ----D---- C:\WINDOWS\Prefetch
2012-02-01 03:36:30 ----RD---- C:\Program Files
2012-02-01 03:31:07 ----D---- C:\Documents and Settings\dj-bobr\Data aplikací\Skype
2012-02-01 02:55:28 ----D---- C:\WINDOWS\Temp
2012-02-01 02:29:29 ----A---- C:\WINDOWS\WINCMD.INI
2012-02-01 02:02:44 ----A---- C:\WINDOWS\ModemLog_Nokia C5-00 USB Modem.txt
2012-02-01 01:08:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-01 00:53:33 ----A---- C:\WINDOWS\ModemLog_Standardní modem připojený pomocí technologie Bluetooth #3.txt
2012-01-31 19:36:03 ----A---- C:\WINDOWS\ModemLog_Standardní modem připojený pomocí technologie Bluetooth #6.txt
2012-01-31 19:14:27 ----A---- C:\WINDOWS\ModemLog_Standardní modem připojený pomocí technologie Bluetooth #5.txt
2012-01-31 19:14:14 ----A---- C:\WINDOWS\ModemLog_Standardní modem připojený pomocí technologie Bluetooth #4.txt
2012-01-31 05:57:25 ----D---- C:\projekty
2012-01-31 05:57:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\pdf995
2012-01-31 05:29:04 ----D---- C:\Temp
2012-01-31 02:48:14 ----A---- C:\WINDOWS\NeroDigital.ini
2012-01-31 02:31:45 ----D---- C:\Documents and Settings\dj-bobr\Data aplikací\uTorrent
2012-01-29 17:10:21 ----D---- C:\Program Files\SpeedFan
2012-01-28 14:42:15 ----D---- C:\Documents and Settings\dj-bobr\Data aplikací\Zoner
2012-01-27 19:29:29 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-26 00:53:22 ----D---- C:\WINDOWS
2012-01-25 03:53:22 ----SHD---- C:\WINDOWS\Installer
2012-01-25 03:53:21 ----D---- C:\WINDOWS\WinSxS
2012-01-25 03:52:27 ----D---- C:\WINDOWS\system32
2012-01-23 21:36:28 ----D---- C:\WINDOWS\system32\drivers
2012-01-23 18:28:55 ----A---- C:\WINDOWS\cdplayer.ini
2012-01-23 17:52:38 ----D---- C:\Program Files\FreeRIP3
2012-01-23 10:15:35 ----D---- C:\Program Files\Mozilla Thunderbird
2012-01-20 01:30:34 ----D---- C:\Documents and Settings\dj-bobr\Data aplikací\vlc
2012-01-20 00:34:54 ----D---- C:\DOWN_C
2012-01-14 18:26:32 ----A---- C:\WINDOWS\wcx_ftp.ini
2012-01-14 09:15:38 ----D---- C:\Program Files\Look@LAN
2012-01-10 23:43:18 ----A---- C:\WINDOWS\win.ini
2012-01-09 09:26:04 ----D---- C:\Program Files\Mozilla Firefox
2012-01-06 05:50:48 ----A---- C:\WINDOWS\system.ini
2012-01-04 15:22:46 ----HD---- C:\WINDOWS\inf
2012-01-03 10:09:14 ----D---- C:\Program Files\Common Files
2012-01-03 09:51:35 ----D---- C:\WINDOWS\system32\DirectX
2012-01-03 09:51:26 ----RSD---- C:\WINDOWS\assembly
2012-01-03 09:51:10 ----D---- C:\WINDOWS\Microsoft.NET
2012-01-03 08:34:29 ----D---- C:\Program Files\DOSBox-0.74

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\Drivers\iaStor.sys [2008-06-12 317976]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 Shockprf;Shockprf; C:\WINDOWS\System32\DRIVERS\Apsx86.sys [2011-01-13 122992]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-10-01 443448]
R0 TPDIGIMN;TPDIGIMN; C:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2010-09-07 340048]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2005-04-20 16384]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2011-07-14 231248]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2011-01-26 24680]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2010-05-19 13952]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-29 3565056]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2009-06-17 234496]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2011-02-01 31984]
R3 mv2;mv2; C:\WINDOWS\system32\DRIVERS\mv2.sys [2011-06-18 11496]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETwLx32.sys [2010-10-07 6609920]
R3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
R3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 SOFTXG;YAMAHA XG SoftSynthesizer; C:\WINDOWS\system32\drivers\sxgxgwdm.sys [2002-05-22 966784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-11-17 181176]
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-07-31 25216]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 TVicPort;TVICPORT; \??\C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS []
R3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
R3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S2 Ca1528av;SPCA1528 Video Camera Service; C:\WINDOWS\System32\Drivers\Ca1528av.sys [2008-12-16 516480]
S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys []
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-07 283904]
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-03-20 300544]
S3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\system32\DRIVERS\airplus.sys [2003-09-08 255360]
S3 ak2fa16n;ak2fa16n; C:\WINDOWS\system32\drivers\ak2fa16n.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 ATHFMWDL;D-Link predator Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 Bulk1528;SPCA1528 Still Camera Service; C:\WINDOWS\System32\Drivers\Bulk1528.sys [2008-06-27 11648]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2007-08-09 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-12-13 102400]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys [2008-12-30 102656]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 ufldqpow;ufldqpow; \??\C:\DOCUME~1\dj-bobr\LOCALS~1\Temp\ufldqpow.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S3 WLAN;Z-Com Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\XI325NDS.sys [2002-01-17 54784]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM); C:\WINDOWS\system32\drivers\ymidusbw.sys [2011-01-31 34280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 936208]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2011-02-01 38760]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-07-12 153376]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 477456]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2010-12-23 915728]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
R2 uvnc_service;uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2011-05-18 2016504]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2011-01-13 40048]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Ještě dodatky:

Jediné otevřené porty mám 5801 pro VNC, všechno ostatní je zavřené - a problém mám i tehdy, když UltraVNC shodím.

C:\WINDOWS\system32\drivers\ak2fa16n.sys je podle VirusTotalu čistý, stejnětak i sptd.sys od Daemon Toolsu.

Soubor C:\DOCUME~1\dj-bobr\LOCALS~1\Temp\ufldqpow.sys neexistuje - podle mě to souvisí se skenováním pomocí GMERu cca před hodinou.

aby sme mohli zacat pracovat najprv:
System drive C: has 181 MB (0%) free of 51 GB
uvolni na disku miesto - aspon 1,5GB

potom prescanuj PC s MBAM

Vyrobil jsem něco přes 2GB volného na C:..

Výsledek MBAM Úplného scanu neobsahuje nic, o čem bych nevěděl - různé hacktooly a patchery, i když mě teda překvapilo, že Cain, který používám na diagnostiku sítě v práci a různě, je označen taky jako Hacktool

btw, roztomilý avatar

spust Combofix - log vloz
P.S. ak by som mal byt nejake zvieratko, bol by som kocurik

ComboFix 12-02-05.01 - dj-bobr 04.02.2012 18:45:44.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.591 [GMT 1:00]
Spuštěný z: c:\documents and settings\dj-bobr\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\dj-bobr\LOCALS~1\Temp\VTT7A3.tmp
c:\docume~1\dj-bobr\LOCALS~1\Temp\VTT7AA.tmp
c:\documents and settings\dj-bobr\Local Settings\Temp\VTT7A3.tmp
c:\documents and settings\dj-bobr\Local Settings\Temp\VTT7AA.tmp
c:\documents and settings\dj-bobr\WINDOWS
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\EventSystem.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\qfe1AF.tmp
c:\windows\qfe266.tmp
c:\windows\qfe49B.tmp
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\SETB54.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETF0.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-04 do 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-02 23:47 . 2012-02-02 23:47 -------- d-----w- c:\documents and settings\dj-bobr\Local Settings\Data aplikací\CrashRpt
2012-02-02 23:45 . 2012-02-02 23:46 -------- d-----w- c:\program files\Algodoo
2012-02-02 19:54 . 2012-02-02 19:54 -------- d-----w- c:\documents and settings\dj-bobr\Data aplikací\MusicBrainz
2012-02-02 19:50 . 2012-02-02 19:50 -------- d-----w- c:\program files\MusicBrainz Picard
2012-02-01 06:45 . 2012-02-01 06:45 -------- d-----w- c:\documents and settings\dj-bobr\Data aplikací\Malwarebytes
2012-02-01 06:45 . 2012-02-01 06:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-01 06:44 . 2012-02-01 06:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 06:44 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 02:36 . 2012-02-01 02:36 -------- d-----w- c:\program files\trend micro
2012-02-01 02:36 . 2012-02-01 02:36 -------- d-----w- C:\rsit
2012-01-28 13:42 . 2012-01-28 13:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Zoner
2012-01-25 02:52 . 2007-12-13 18:25 6791168 ----a-w- c:\windows\system32\PSP Xenon.dll
2012-01-25 02:50 . 2012-01-25 02:50 6475776 ----a-w- c:\windows\system32\PSP VintageWarmer2.dll
2012-01-25 02:48 . 2012-01-25 02:52 -------- d-----w- c:\program files\PSPaudioware
2012-01-23 20:36 . 2008-04-14 06:43 31744 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2012-01-20 19:42 . 2012-01-20 19:42 -------- d-----w- C:\Install
2012-01-19 18:37 . 2012-01-19 18:53 -------- d-----w- C:\PTUN
2012-01-17 19:24 . 2012-01-17 19:24 -------- d-----w- c:\program files\Xirrus
2012-01-14 08:24 . 2012-01-14 08:24 -------- d-----w- c:\documents and settings\dj-bobr\Data aplikací\TightVNC
2012-01-14 08:23 . 2012-01-14 08:23 -------- d-----w- c:\program files\TightVNC
2012-01-10 22:14 . 2012-01-10 22:15 -------- d-----w- c:\program files\PMP Transcoding Tool
2012-01-09 08:25 . 2012-01-09 08:25 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-09 08:25 . 2012-01-09 08:25 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 08:25 . 2012-01-09 08:25 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 08:25 . 2012-01-09 08:25 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-06 04:33 . 2012-01-06 04:34 -------- d-----w- c:\program files\Runtime Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 22:27 . 2011-06-18 18:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-09 08:25 . 2011-06-17 15:51 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-31 . 05F3441246BFEDC2A5B12CF827012F7F . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2011-07-31 . 05F3441246BFEDC2A5B12CF827012F7F . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-19 399736]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 17353352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-19 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-19 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-19 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-19 208896]
"SxgTkBar"="SxgTkBar.exe" [2002-07-22 53248]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2010-04-23 154112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2011-03-25 3618160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Documents and Settings\\dj-bobr\\Plocha\\Odorik.exe"=
"c:\\Documents and Settings\\dj-bobr\\Dokumenty\\Stažené soubory\\Odorik.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [13.1.2011 13:02 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.6.2011 17:30 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.6.2011 17:31 165584]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [17.6.2011 17:08 13680]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [17.6.2011 17:33 16384]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [26.1.2011 18:28 24680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.6.2011 17:31 17744]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.2.2012 7:44 652360]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [17.7.2009 14:32 3576320]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 18:07 35088]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [17.6.2011 17:08 99328]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [17.6.2011 16:36 64440]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [18.6.2011 20:29 2016504]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [10.10.2011 15:26 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.2.2012 7:44 20464]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [18.6.2011 20:29 11496]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [17.6.2011 17:20 6609920]
R3 SOFTXG;YAMAHA XG SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys [19.6.2011 17:44 966784]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [29.6.2011 14:18 516480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.8.2011 8:52 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [17.6.2011 17:08 45496]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [19.6.2011 12:00 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [19.6.2011 12:00 43392]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [29.6.2011 14:18 11648]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.8.2011 8:52 136176]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [9.9.2011 16:01 24448]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [6.12.2011 19:16 102656]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10.11.2011 19:21 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10.11.2011 19:21 8576]
S3 WLAN;Z-Com Wireless LAN Driver;c:\windows\system32\drivers\XI325NDS.sys [31.7.2011 16:14 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [31.1.2011 14:04 34280]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-04 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2011-06-17 23:38]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-11 07:52]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-11 07:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{19D2AA49-AD38-46A7-B839-B4ACFEF14705}: NameServer = 10.0.0.138
TCP: Interfaces\{50DA9E97-7323-4D0A-A7C3-22E2A2C74153}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\dj-bobr\Data aplikací\Mozilla\Firefox\Profiles\1yd3btan.ikm\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-04 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4060)
c:\program files\Unlocker\UnlockerHook.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wudfhost.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\SxgTkBar.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-04 19:11:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-04 18:10
.
Před spuštěním: 1 574 871 040
Po spuštění: 2 591 354 880
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9A6A8320A9012B443A829AA32ADE2AD8

- přišel mi trochu podezřelý řádek
[-] 2011-07-31 . 05F3441246BFEDC2A5B12CF827012F7F . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
avšak soubor tcpip.sys se po skenu na VirusTotalu jeví jako čistý.

log vypada OK
preventivne prescanuj PC este s AVPTool

Ty mi dáváš, stahovat 113MB přes mobil

Výsledek AVPToolu: no threats detected

tak já už nevím. Škoda, že žádný z běžných zobrazovačů aktivních spojení (Wireshark, TCPView) nejde použít na dial-up vytáčené připojení, protože jindy než při vytočeném dialup připojení se problém neprojevuje.. nebo něco existuje?

Pouštím AVPTool ještě jednou, na všechny disky - ne jen default umístění. Bude to pár hodin trvat..

preventivne pridaj log z TDSSKiller

TDSSKiller našel pouze pár unsigned souborů..

HA! AVPTool po skenu celých disků našel: Trojan.Win32.Genome.aafsu v jednom keygenu, který jsem v době, kdy jsem ho použil, skenoval na VirusTotalu a jevil se jako čistý (a to jsem ho pouštěl v sandboxu od Avastu..)

Současný sken toho keygenu: https://www.virustotal.com/file/050d93f ... /analysis/

Našel jsem zatím pouze návod, jak odstranit nejspíš jinou mutaci tohoto malwaru Trojan.Win32.Genome.dlnl, nicméně soubor msdx.dll a příslušný klíč s položkou winlogonu neexistují..

keygen jednoducho ZMAZ, ak by sa branil pouzi Avenger

pre istotu skontroluj PC so SUPERAntiSpyware

Ten keygen jsem použil jen jednorázově kdysi - takže smazání mě tolik nebolelo..

SUPERAntiSpywarem proskenuju dnes večer..

Jak to dopadlo?

VIRY.CZ

Prosím o kontrolu - něco produkuje nežádoucí upload

Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload

Re: Prosím o kontrolu - něco produkuje nežádoucí upload