Solved Can't access antivirus and microsoft sites

[Resolved] Can't access antivirus and microsoft sites

Hi,
I've the following problem: I can't open antivirus and microsoft sites with my browser (Firefox, IE 6).
I've read this:http://www.windowsbbs.com/malware-virus-removal/announcements.html
Sites I Can't access: www.avast.com, http://www.mcafee.com/, http://www.eset.hu/, http://www.microsoft.com/hu/hu/default.aspx ... etc.

My first guess was, that tis mst be a malware. I installed Avast 5.0.462, but when a I tried to update it, it couldn't connect to the server. After that I tried to download the files manualy, but the bowser couldn't open the above mentioned www.avast.com neither. I read a forum topic, that thid must be a malware, so I'm asking you for help!

OS: WinXP SP2
Installed antivirus softwares: Avast 5.0.462, Malwarebytes
These found some trojans when I started windiws in safe mode, but that didn't help.

Please help me!

LOGs:
DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Rendszergazda at 12:19:39,45 on 2010.04.05.
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.446.39 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\allsnap.exe
C:\WINDOWS\makefolder.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Rendszergazda\Asztal\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.hu/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof0.dll
BHO: GdfrDUEn Class: {a3cf7606-e683-4375-a372-96b75da0aef7} - c:\program files\get styles\enlbrdr.dll
BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSof0.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [fsm]
mRun: [AllSnap] "c:\windows\allsnap.exe "
mRun: [MakeFolder] "c:\windows\makefolder.exe" /s
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoStrCmpLogical = 1 (0x1)
uPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
dPolicies-explorer: NoStrCmpLogical = 1 (0x1)
dPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\get styles\ct.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rendsz~1\applic~1\mozilla\firefox\profiles\2r4116u8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic English Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=2&q=
FF - component: c:\documents and settings\rendszergazda\application data\mozilla\firefox\profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\rendszergazda\application data\mozilla\firefox\profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "editor.use_css ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-4-5 294480]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-5 162640]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-5 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-5 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-5 40384]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2006-11-14 3584]
S2 ekrn;ESET Service; "c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S2 zmwtrbdf;Time Network;c:\windows\system32\svchost.exe -k netsvcs [2006-11-14 14336]

=============== Created Last 30 ================

2010-04-05 08:18:23 0 d-----w- c:\docume~1\rendsz~1\applic~1\Malwarebytes
2010-04-05 08:17:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 08:17:54 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 08:17:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-05 08:17:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 07:44:49 294480 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-04-05 07:44:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-27 10:58:38 0 d-----w- C:\kiegészítők
2010-03-24 16:26:58 0 d-----w- c:\docume~1\rendsz~1\applic~1\eTeks
2010-03-24 15:58:33 164 ----a-w- c:\windows\avrack.ini
2010-03-24 15:58:21 0 d-----w- c:\program files\Realtek AC97
2010-03-24 15:54:45 0 d-----w- c:\docume~1\rendsz~1\applic~1\Software Informer
2010-03-24 15:15:18 0 d-----w- c:\program files\Sweet Home 3D
2010-03-23 16:17:16 0 d-----w- c:\program files\IKEA HomePlanner
2010-03-23 16:16:58 0 d-----w- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2010-04-05 10:03:50 459740 ----a-w- c:\windows\system32\perfh00E.dat
2010-04-05 10:03:49 112044 ----a-w- c:\windows\system32\perfc00E.dat
2010-02-11 07:58:56 4096 ----a-w- c:\windows\system32\detoured.dll
2006-11-14 12:00:00 165397 --sha-r- c:\windows\system32\xpsbwtyp.dll

============= FINISH: 12:20:27,12 ===============


Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2008.11.10. 12:01:45
System Uptime: 2010.04.05. 11:58:40 (1 hours ago)

Motherboard: FUJITSU SIEMENS | | AMILO Li 1720
Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | U23 | 1466/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 3,712 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 9,914 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.5 - Hungarian
Apple Software Update
Astro Pop Deluxe
ATI - Szoftver eltávolító
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
µTorrent
avast! Pro Antivirus
AVS Video Converter 4.3.1.371
Bejeweled 2 Deluxe
Big money deluxe
CleanMyPC - Registry Cleaner
Combined Community Codec Pack 2009-09-09
DVD Decrypter (Remove Only)
Eggsucker V2.0
Get Styles
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
IKEA Home Planner
Java(TM) 6 Update 13
K-Lite Codec Pack 2.74 Full
Machinarium
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6)
Nero 7 Premium
Network Play System (Patching)
NLMTIM 1.5 (csak törlés)
Pokoli Szomszédok 2
Popcap Game Collection
PowerDVD
PowerISO
Pretty Good MahJongg version 1.11
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Restaurant Empire 2
Softonic_English Toolbar
Software Informer 1.0 BETA
Sweet Home 3D version 2.3
Synaptics Pointing Device Driver
TC PowerPack 1.7
The Sims
Unlocker 1.8.3
WebFldrs XP
Winamp
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP biztonsági frissítés - KB890046
Windows XP biztonsági frissítés - KB893756
Windows XP biztonsági frissítés - KB896358
Windows XP biztonsági frissítés - KB896422
Windows XP biztonsági frissítés - KB896423
Windows XP biztonsági frissítés - KB896424
Windows XP biztonsági frissítés - KB896428
Windows XP biztonsági frissítés - KB899587
Windows XP biztonsági frissítés - KB899588
Windows XP biztonsági frissítés - KB899589
Windows XP biztonsági frissítés - KB899591
Windows XP biztonsági frissítés - KB900725
Windows XP biztonsági frissítés - KB901017
Windows XP biztonsági frissítés - KB901190
Windows XP biztonsági frissítés - KB901214
Windows XP biztonsági frissítés - KB902400
Windows XP biztonsági frissítés - KB904706
Windows XP biztonsági frissítés - KB905414
Windows XP biztonsági frissítés - KB905749
Windows XP biztonsági frissítés - KB908519
Windows XP biztonsági frissítés - KB908531
Windows XP biztonsági frissítés - KB911280
Windows XP biztonsági frissítés - KB911562
Windows XP biztonsági frissítés - KB911927
Windows XP biztonsági frissítés - KB912812
Windows XP biztonsági frissítés - KB912919
Windows XP biztonsági frissítés - KB913446
Windows XP biztonsági frissítés - KB913580
Windows XP biztonsági frissítés - KB914388
Windows XP biztonsági frissítés - KB914389
Windows XP biztonsági frissítés - KB917159
Windows XP biztonsági frissítés - KB917344
Windows XP biztonsági frissítés - KB917537
Windows XP biztonsági frissítés - KB917953
Windows XP biztonsági frissítés - KB918439
Windows XP frissítés - KB896427
Windows XP frissítés - KB898461
Windows XP frissítés - KB900485
Windows XP frissítés - KB908521
Windows XP frissítés - KB910437
Windows XP frissítés - KB916595
Windows XP gyorsjavítás - KB873333
Windows XP gyorsjavítás - KB873339
Windows XP gyorsjavítás - KB885836
Windows XP gyorsjavítás - KB888113
Windows XP gyorsjavítás - KB888302
Windows XP gyorsjavítás - KB889673
Windows XP gyorsjavítás - KB890047
Windows XP gyorsjavítás - KB890175
Windows XP gyorsjavítás - KB890859
Windows XP gyorsjavítás - KB891781
Windows XP gyorsjavítás - KB893066
Windows XP gyorsjavítás - KB893086
Windows XP gyorsjavítás - KB917730
Windows XP gyorsjavítás - KB918005
WinRAR archiver
Worms Armageddon - New Edition
YouTube Downloader 2.3

==== End Of File ===========================


Thank you!

 

OK, whats next?

Thank you for your help and advises!
I'm not the only one using this computer, so I can't controll always, who installs what (limerwire, torrent...), but I'll forward our aise to them!

I did exactly what you wrote, but the mentione sites won't load.
Here are both requested logs:

Combofix:
ComboFix 10-04-10.02 - Rendszergazda 010.04.11. 11:04:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.446.189 [GMT 2:00]
Running from: c:\documents and settings\Rendszergazda\Asztal\ComboFix.exe
AV: 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\detoured.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-05 13:21 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-05 13:21 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-05 13:21 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-05 13:21 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-05 13:21 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-05 13:21 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-05 13:21 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-05 13:21 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-05 13:21 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-05 12:29 . 2010-04-05 12:29 503808 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79bfe9df-n\msvcp71.dll
2010-04-05 12:29 . 2010-04-05 12:29 499712 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79bfe9df-n\jmc.dll
2010-04-05 12:29 . 2010-04-05 12:29 348160 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79bfe9df-n\msvcr71.dll
2010-04-05 12:29 . 2010-04-05 12:29 61440 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2cddbcbe-n\decora-sse.dll
2010-04-05 12:29 . 2010-04-05 12:29 12800 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2cddbcbe-n\decora-d3d.dll
2010-04-05 11:14 . 2010-04-05 11:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-05 11:08 . 2010-04-05 11:08 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 11:06 . 2010-04-05 11:08 -------- d-----w- c:\program files\QuickTime
2010-04-05 11:06 . 2010-04-05 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-05 11:05 . 2010-04-05 11:05 -------- d-----w- c:\program files\Common Files\Apple
2010-04-05 11:04 . 2010-04-05 11:04 -------- d-----w- c:\program files\Apple Software Update
2010-04-05 11:04 . 2010-04-05 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-05 08:18 . 2010-04-05 08:18 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Malwarebytes
2010-04-05 08:17 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 08:17 . 2010-04-05 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-05 08:17 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 08:17 . 2010-04-05 08:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 07:44 . 2010-04-05 07:44 -------- d-----w- c:\program files\Alwil Software
2010-04-05 07:44 . 2010-04-05 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-27 10:58 . 2010-03-27 11:13 -------- d-----w- C:\kiegészítők
2010-03-24 16:26 . 2010-03-24 16:26 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\eTeks
2010-03-24 15:58 . 2010-03-24 15:58 -------- d-----w- c:\program files\Realtek AC97
2010-03-24 15:54 . 2010-03-24 15:56 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Software Informer
2010-03-24 15:15 . 2010-03-25 17:13 -------- d-----w- c:\program files\Sweet Home 3D
2010-03-23 16:17 . 2010-03-23 22:11 -------- d-----w- c:\program files\IKEA HomePlanner
2010-03-23 16:16 . 2010-03-23 16:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 12:28 . 2008-12-23 16:19 -------- d-----w- c:\program files\Java
2010-04-05 12:26 . 2006-11-14 12:00 459740 ----a-w- c:\windows\system32\perfh00E.dat
2010-04-05 12:26 . 2006-11-14 12:00 112044 ----a-w- c:\windows\system32\perfc00E.dat
2010-04-05 12:20 . 2008-11-10 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-05 07:31 . 2009-02-27 21:39 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\uTorrent
2010-04-05 07:29 . 2008-11-10 11:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 15:58 . 2008-11-10 11:22 -------- d-----w- c:\program files\AvRack
2010-03-15 20:48 . 2009-02-27 21:39 -------- d-----w- c:\program files\uTorrent
2010-03-09 02:28 . 2008-12-23 16:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 16:12 . 2010-03-01 16:12 -------- d-----w- c:\program files\Get Styles
2010-02-28 16:03 . 2010-02-28 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2010-02-28 11:35 . 2009-11-29 17:22 63 ----a-w- c:\windows\popcinfot.dat
2010-02-27 16:58 . 2008-11-10 11:14 -------- d-----w- c:\program files\Winamp
2010-02-27 16:57 . 2010-02-27 16:56 -------- d-----w- c:\program files\winamp5572_full_emusic-7plus
2010-02-27 16:56 . 2009-10-11 16:04 -------- d-----w- c:\program files\Softonic_English
2010-02-27 09:06 . 2010-02-27 08:30 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-14 10:04 . 2010-02-14 10:04 -------- d-----w- c:\program files\Games
2010-02-11 20:47 . 2010-02-11 20:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-11 20:02 . 2010-02-11 20:01 -------- d-----w- c:\program files\Machinarium
2010-02-05 17:50 . 2009-03-13 21:36 161 ----a-w- c:\windows\popcinfo.dat
2010-01-21 16:11 . 2010-02-16 15:18 52224 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
2010-01-21 16:11 . 2010-02-16 15:18 101376 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.dll
2006-11-14 12:00 . 2006-11-14 12:00 165397 --sha-r- c:\windows\system32\xpsbwtyp.dll
.

------- Sigcheck -------

[-] 2006-11-14 . DE891AD282E856ACFD40990094A63B6F . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023} "= "c:\program files\Softonic_English\tbSof0.dll" [2010-02-27 2349080]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2010-02-27 16:56 2349080 ----a-w- c:\program files\Softonic_English\tbSof0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023} "= "c:\program files\Softonic_English\tbSof0.dll" [2010-02-27 2349080]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023} "= "c:\program files\Softonic_English\tbSof0.dll" [2010-02-27 2349080]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AllSnap "= "c:\windows\allsnap.exe" [2006-11-14 81920]
"MakeFolder "= "c:\windows\makefolder.exe" [2006-11-14 69632]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2006-11-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "= 1 (0x1)
"ForceCopyAclwithFile "= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "= 1 (0x1)
"ForceCopyAclwithFile "= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\Adobe Reader gyorsindító.lnk
backup=c:\windows\pss\Adobe Reader gyorsindító.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Captions]
2006-11-14 12:00 337408 ----a-w- c:\windows\activecaptions.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 17:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
2009-09-12 15:22 471650 ----a-w- c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-11-10 02:44 557056 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-01-20 18:23 761946 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"6276:TCP "= 6276:TCPdqec

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010.04.05. 15:21 162640]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.03.19. 11:45 93848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010.04.05. 15:21 19024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008.11.10. 13:01 643072]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2006.11.14. 14:00 3584]
S2 ekrn;ESET Service; "c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 zmwtrbdf;Time Network;c:\windows\system32\svchost.exe -k netsvcs [2006.11.14. 14:00 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zmwtrbdf
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic English Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=2&q=
FF - component: c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
HKCU-Run-fsm - (no file)
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
AddRemove-Software Informer_is1 - c:\program files\Software Informer\unins000.exe
AddRemove-The Sims - d:\games\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 11:09
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zmwtrbdf]
"ServiceDll "= "c:\windows\system32\xpsbwtyp.dll "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1645522239-682003330-500\Software\SecuROM\License information*]
"datasecu "=hex:6a,26,83,93,2f,15,70,4b,82,c7,e4,0a,22,ea,09,df,2c,94,6f,ca,16,
8a,84,cf,5e,79,2a,8a,5f,87,f0,11,2b,b1,5a,27,cc,b0,27,25,4d,b5,a2,6d,e0,62,\
"rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-04-11 11:10:45
ComboFix-quarantined-files.txt 2010-04-11 09:10

Pre-Run: 4*730*417*152 bájt szabad
Post-Run: 4*716*924*928 bájt szabad

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional - magyar" /noexecute=alwaysoff /nopae /fastdetect /bootlogo /noguiboot

- - End Of File - - 3A34239EF5320C7F611288D8841B7AB2



HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:29, on 2010.04.11.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TC PowerPack\totalcmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O4 - HKLM\..\Run: [AllSnap] "C:\WINDOWS\allsnap.exe "
O4 - HKLM\..\Run: [MakeFolder] "C:\WINDOWS\makefolder.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6200 bytes

 

OK, I removed the registry cleaner, and did what you wrote.

Logs:



ComboFix 10-04-11.03 - Rendszergazda 010.04.12. 11:40:37.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.446.173 [GMT 2:00]
Running from: c:\documents and settings\Rendszergazda\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Rendszergazda\Asztal\CFScript.txt
AV: 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Alcmtr.exe "
"c:\windows\system32\drivers\epfwtdir.sys "
"c:\windows\system32\xpsbwtyp.dll "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ESET
c:\program files\ESET\ESET NOD32 Antivirus\em000_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em001_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em002_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em003_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em004_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em005_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em006_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em009_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em013_32.dat
c:\windows\Alcmtr.exe
c:\windows\system32\drivers\epfwtdir.sys
c:\windows\system32\xpsbwtyp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EKRN
-------\Legacy_EPFWTDIR
-------\Legacy_ZMWTRBDF
-------\Service_.EsetTrialReset
-------\Service_ekrn
-------\Service_epfwtdir
-------\Service_zmwtrbdf


((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
.

2010-04-12 09:30 . 2010-04-12 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-12 09:29 . 2010-04-12 09:37 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-11 09:12 . 2010-04-11 09:12 -------- d-----w- c:\program files\Trend Micro
2010-04-05 13:21 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-05 13:21 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-05 13:21 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-05 13:21 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-05 13:21 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-05 13:21 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-05 13:21 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-05 13:21 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-05 13:21 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-05 12:29 . 2010-04-05 12:29 503808 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79bfe9df-n\msvcp71.dll
2010-04-05 12:29 . 2010-04-05 12:29 499712 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79bfe9df-n\jmc.dll
2010-04-05 12:29 . 2010-04-05 12:29 348160 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-79bfe9df-n\msvcr71.dll
2010-04-05 12:29 . 2010-04-05 12:29 61440 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2cddbcbe-n\decora-sse.dll
2010-04-05 12:29 . 2010-04-05 12:29 12800 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2cddbcbe-n\decora-d3d.dll
2010-04-05 11:14 . 2010-04-05 11:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-05 11:08 . 2010-04-05 11:08 -------- d-----w- c:\program files\Common Files\Java
2010-04-05 11:06 . 2010-04-05 11:08 -------- d-----w- c:\program files\QuickTime
2010-04-05 11:06 . 2010-04-05 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-05 08:18 . 2010-04-05 08:18 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Malwarebytes
2010-04-05 08:17 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 08:17 . 2010-04-05 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-05 08:17 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 08:17 . 2010-04-05 08:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 07:44 . 2010-04-05 07:44 -------- d-----w- c:\program files\Alwil Software
2010-04-05 07:44 . 2010-04-05 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-27 10:58 . 2010-03-27 11:13 -------- d-----w- C:\kiegészítők
2010-03-24 16:26 . 2010-03-24 16:26 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\eTeks
2010-03-24 15:58 . 2010-03-24 15:58 -------- d-----w- c:\program files\Realtek AC97
2010-03-24 15:54 . 2010-03-24 15:56 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\Software Informer
2010-03-24 15:15 . 2010-03-25 17:13 -------- d-----w- c:\program files\Sweet Home 3D
2010-03-23 16:17 . 2010-03-23 22:11 -------- d-----w- c:\program files\IKEA HomePlanner
2010-03-23 16:16 . 2010-03-23 16:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 12:28 . 2008-12-23 16:19 -------- d-----w- c:\program files\Java
2010-04-05 12:26 . 2006-11-14 12:00 459740 ----a-w- c:\windows\system32\perfh00E.dat
2010-04-05 12:26 . 2006-11-14 12:00 112044 ----a-w- c:\windows\system32\perfc00E.dat
2010-04-05 12:20 . 2008-11-10 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-05 07:31 . 2009-02-27 21:39 -------- d-----w- c:\documents and settings\Rendszergazda\Application Data\uTorrent
2010-04-05 07:29 . 2008-11-10 11:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 15:58 . 2008-11-10 11:22 -------- d-----w- c:\program files\AvRack
2010-03-15 20:48 . 2009-02-27 21:39 -------- d-----w- c:\program files\uTorrent
2010-03-09 02:28 . 2008-12-23 16:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 16:12 . 2010-03-01 16:12 -------- d-----w- c:\program files\Get Styles
2010-02-28 16:03 . 2010-02-28 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2010-02-28 11:35 . 2009-11-29 17:22 63 ----a-w- c:\windows\popcinfot.dat
2010-02-27 16:58 . 2008-11-10 11:14 -------- d-----w- c:\program files\Winamp
2010-02-27 16:57 . 2010-02-27 16:56 -------- d-----w- c:\program files\winamp5572_full_emusic-7plus
2010-02-27 16:56 . 2009-10-11 16:04 -------- d-----w- c:\program files\Softonic_English
2010-02-27 09:06 . 2010-02-27 08:30 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-14 10:04 . 2010-02-14 10:04 -------- d-----w- c:\program files\Games
2010-02-11 20:47 . 2010-02-11 20:47 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-11 20:02 . 2010-02-11 20:01 -------- d-----w- c:\program files\Machinarium
2010-02-05 17:50 . 2009-03-13 21:36 161 ----a-w- c:\windows\popcinfo.dat
2010-01-21 16:11 . 2010-02-16 15:18 52224 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
2010-01-21 16:11 . 2010-02-16 15:18 101376 ----a-w- c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.dll
.

------- Sigcheck -------

[-] 2006-11-14 . DE891AD282E856ACFD40990094A63B6F . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-04-11_09.09.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-12 09:47 . 2010-04-12 09:47 16384 c:\windows\Temp\Perflib_Perfdata_520.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023} "= "c:\program files\Softonic_English\tbSof0.dll" [2010-02-27 2349080]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2010-02-27 16:56 2349080 ----a-w- c:\program files\Softonic_English\tbSof0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 07:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023} "= "c:\program files\Softonic_English\tbSof0.dll" [2010-02-27 2349080]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023} "= "c:\program files\Softonic_English\tbSof0.dll" [2010-02-27 2349080]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AllSnap "= "c:\windows\allsnap.exe" [2006-11-14 81920]
"MakeFolder "= "c:\windows\makefolder.exe" [2006-11-14 69632]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2006-11-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "= 1 (0x1)
"ForceCopyAclwithFile "= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "= 1 (0x1)
"ForceCopyAclwithFile "= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader gyorsindító.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Indítópult\Adobe Reader gyorsindító.lnk
backup=c:\windows\pss\Adobe Reader gyorsindító.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Captions]
2006-11-14 12:00 337408 ----a-w- c:\windows\activecaptions.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 17:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-11-10 02:44 557056 ----a-w- c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-01-20 18:23 761946 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008.11.10. 13:01 643072]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010.04.05. 15:21 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010.04.05. 15:21 19024]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hu/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic English Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hu/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=2&q=
FF - component: c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Rendszergazda\Application Data\Mozilla\Firefox\Profiles\2r4116u8.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Registry Cleaner Scheduler - c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-12 11:48
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x843C9708]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x843c9708
\Driver\ACPI -> ACPI.sys @ 0xf741ecb8
\Driver\atapi -> atapi.sys @ 0xf73b52f0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876
ParseProcedure -> ntoskrnl.exe @ 0x8057016c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876
ParseProcedure -> ntoskrnl.exe @ 0x8057016c
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf72bebc3
PacketIndicateHandler -> NDIS.sys @ 0xf72cab21
SendHandler -> NDIS.sys @ 0xf72bed33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1645522239-682003330-500\Software\SecuROM\License information*]
"datasecu "=hex:6a,26,83,93,2f,15,70,4b,82,c7,e4,0a,22,ea,09,df,2c,94,6f,ca,16,
8a,84,cf,5e,79,2a,8a,5f,87,f0,11,2b,b1,5a,27,cc,b0,27,25,4d,b5,a2,6d,e0,62,\
"rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3820)
c:\windows\snap_libW.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-04-12 11:50:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-12 09:50
ComboFix2.txt 2010-04-11 09:10

Pre-Run: 4*658*958*336 bájt szabad
Post-Run: 4*554*399*744 bájt szabad

- - End Of File - - 08418B16199B058F9A4FECF892E9CF80






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:02, on 2010.04.12.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\allsnap.exe
C:\WINDOWS\makefolder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O4 - HKLM\..\Run: [AllSnap] "C:\WINDOWS\allsnap.exe "
O4 - HKLM\..\Run: [MakeFolder] "C:\WINDOWS\makefolder.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6174 bytes

 

Yes, I'm hungarian. Why are you asking?

Actally, I had two write the following:
"%userprofile%\Asztal\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
because the Desktop folder in hungarian windows doesn't exist (it's called "Asztal ", and when I tried the commend with the "Desktop ", it couldn't start).

TDSSKillerlog:
10:27:34:109 3556 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
10:27:34:109 3556 ================================================================================
10:27:34:109 3556 SystemInfo:

10:27:34:109 3556 OS Version: 5.1.2600 ServicePack: 2.0
10:27:34:109 3556 Product type: Workstation
10:27:34:109 3556 ComputerName: ESZTIKE
10:27:34:171 3556 UserName: Rendszergazda
10:27:34:171 3556 Windows directory: C:\WINDOWS
10:27:34:171 3556 Processor architecture: Intel x86
10:27:34:171 3556 Number of processors: 1
10:27:34:171 3556 Page size: 0x1000
10:27:34:171 3556 Boot type: Normal boot
10:27:34:171 3556 ================================================================================
10:27:36:203 3556 UnloadDriverW: NtUnloadDriver error 2
10:27:36:203 3556 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
10:27:36:906 3556 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
10:27:36:906 3556 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:27:36:906 3556 wfopen_ex: Trying to KLMD file open
10:27:36:906 3556 wfopen_ex: File opened ok (Flags 2)
10:27:36:906 3556 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
10:27:36:906 3556 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:27:36:906 3556 wfopen_ex: Trying to KLMD file open
10:27:36:906 3556 wfopen_ex: File opened ok (Flags 2)
10:27:36:906 3556 Initialize success
10:27:36:906 3556
10:27:36:906 3556 Scanning Services ...
10:27:40:031 3556 Raw services enum returned 325 services
10:27:40:031 3556
10:27:40:046 3556 Scanning Kernel memory ...
10:27:40:046 3556 Devices to scan: 3
10:27:40:046 3556
10:27:40:046 3556 Driver Name: Disk
10:27:40:046 3556 IRP_MJ_CREATE : 8437FEB0
10:27:40:046 3556 IRP_MJ_CREATE_NAMED_PIPE : 805031BE
10:27:40:046 3556 IRP_MJ_CLOSE : 8437FEB0
10:27:40:046 3556 IRP_MJ_READ : 8437FEB0
10:27:40:046 3556 IRP_MJ_WRITE : 8437FEB0
10:27:40:046 3556 IRP_MJ_QUERY_INFORMATION : 805031BE
10:27:40:046 3556 IRP_MJ_SET_INFORMATION : 805031BE
10:27:40:046 3556 IRP_MJ_QUERY_EA : 805031BE
10:27:40:046 3556 IRP_MJ_SET_EA : 805031BE
10:27:40:046 3556 IRP_MJ_FLUSH_BUFFERS : 8437FEB0
10:27:40:046 3556 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE
10:27:40:046 3556 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE
10:27:40:046 3556 IRP_MJ_DIRECTORY_CONTROL : 805031BE
10:27:40:046 3556 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE
10:27:40:046 3556 IRP_MJ_DEVICE_CONTROL : 8437FEB0
10:27:40:046 3556 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8437FEB0
10:27:40:046 3556 IRP_MJ_SHUTDOWN : 8437FEB0
10:27:40:046 3556 IRP_MJ_LOCK_CONTROL : 805031BE
10:27:40:046 3556 IRP_MJ_CLEANUP : 805031BE
10:27:40:046 3556 IRP_MJ_CREATE_MAILSLOT : 805031BE
10:27:40:046 3556 IRP_MJ_QUERY_SECURITY : 805031BE
10:27:40:046 3556 IRP_MJ_SET_SECURITY : 805031BE
10:27:40:046 3556 IRP_MJ_POWER : 8437FEB0
10:27:40:046 3556 IRP_MJ_SYSTEM_CONTROL : 8437FEB0
10:27:40:046 3556 IRP_MJ_DEVICE_CHANGE : 805031BE
10:27:40:046 3556 IRP_MJ_QUERY_QUOTA : 805031BE
10:27:40:046 3556 IRP_MJ_SET_QUOTA : 805031BE
10:27:40:093 3556 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
10:27:40:093 3556
10:27:40:093 3556 Driver Name: Disk
10:27:40:093 3556 IRP_MJ_CREATE : 8437FEB0
10:27:40:093 3556 IRP_MJ_CREATE_NAMED_PIPE : 805031BE
10:27:40:093 3556 IRP_MJ_CLOSE : 8437FEB0
10:27:40:093 3556 IRP_MJ_READ : 8437FEB0
10:27:40:093 3556 IRP_MJ_WRITE : 8437FEB0
10:27:40:093 3556 IRP_MJ_QUERY_INFORMATION : 805031BE
10:27:40:093 3556 IRP_MJ_SET_INFORMATION : 805031BE
10:27:40:093 3556 IRP_MJ_QUERY_EA : 805031BE
10:27:40:093 3556 IRP_MJ_SET_EA : 805031BE
10:27:40:140 3556 IRP_MJ_FLUSH_BUFFERS : 8437FEB0
10:27:40:140 3556 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE
10:27:40:140 3556 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE
10:27:40:140 3556 IRP_MJ_DIRECTORY_CONTROL : 805031BE
10:27:40:140 3556 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE
10:27:40:140 3556 IRP_MJ_DEVICE_CONTROL : 8437FEB0
10:27:40:140 3556 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8437FEB0
10:27:40:140 3556 IRP_MJ_SHUTDOWN : 8437FEB0
10:27:40:140 3556 IRP_MJ_LOCK_CONTROL : 805031BE
10:27:40:140 3556 IRP_MJ_CLEANUP : 805031BE
10:27:40:140 3556 IRP_MJ_CREATE_MAILSLOT : 805031BE
10:27:40:140 3556 IRP_MJ_QUERY_SECURITY : 805031BE
10:27:40:140 3556 IRP_MJ_SET_SECURITY : 805031BE
10:27:40:140 3556 IRP_MJ_POWER : 8437FEB0
10:27:40:140 3556 IRP_MJ_SYSTEM_CONTROL : 8437FEB0
10:27:40:140 3556 IRP_MJ_DEVICE_CHANGE : 805031BE
10:27:40:140 3556 IRP_MJ_QUERY_QUOTA : 805031BE
10:27:40:140 3556 IRP_MJ_SET_QUOTA : 805031BE
10:27:40:171 3556 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
10:27:40:171 3556
10:27:40:171 3556 Driver Name: atapi
10:27:40:171 3556 IRP_MJ_CREATE : F73B52F0
10:27:40:171 3556 IRP_MJ_CREATE_NAMED_PIPE : 805031BE
10:27:40:171 3556 IRP_MJ_CLOSE : F73B52F0
10:27:40:171 3556 IRP_MJ_READ : 805031BE
10:27:40:171 3556 IRP_MJ_WRITE : 805031BE
10:27:40:171 3556 IRP_MJ_QUERY_INFORMATION : 805031BE
10:27:40:171 3556 IRP_MJ_SET_INFORMATION : 805031BE
10:27:40:171 3556 IRP_MJ_QUERY_EA : 805031BE
10:27:40:171 3556 IRP_MJ_SET_EA : 805031BE
10:27:40:171 3556 IRP_MJ_FLUSH_BUFFERS : 805031BE
10:27:40:171 3556 IRP_MJ_QUERY_VOLUME_INFORMATION : 805031BE
10:27:40:171 3556 IRP_MJ_SET_VOLUME_INFORMATION : 805031BE
10:27:40:171 3556 IRP_MJ_DIRECTORY_CONTROL : 805031BE
10:27:40:171 3556 IRP_MJ_FILE_SYSTEM_CONTROL : 805031BE
10:27:40:171 3556 IRP_MJ_DEVICE_CONTROL : F73B52F0
10:27:40:171 3556 IRP_MJ_INTERNAL_DEVICE_CONTROL : F73B52F0
10:27:40:171 3556 IRP_MJ_SHUTDOWN : 805031BE
10:27:40:171 3556 IRP_MJ_LOCK_CONTROL : 805031BE
10:27:40:171 3556 IRP_MJ_CLEANUP : 805031BE
10:27:40:171 3556 IRP_MJ_CREATE_MAILSLOT : 805031BE
10:27:40:171 3556 IRP_MJ_QUERY_SECURITY : 805031BE
10:27:40:171 3556 IRP_MJ_SET_SECURITY : 805031BE
10:27:40:171 3556 IRP_MJ_POWER : F73B52F0
10:27:40:171 3556 IRP_MJ_SYSTEM_CONTROL : F73B52F0
10:27:40:171 3556 IRP_MJ_DEVICE_CHANGE : 805031BE
10:27:40:171 3556 IRP_MJ_QUERY_QUOTA : 805031BE
10:27:40:171 3556 IRP_MJ_SET_QUOTA : 805031BE
10:27:40:203 3556 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
10:27:40:203 3556
10:27:40:203 3556 Completed
10:27:40:203 3556
10:27:40:203 3556 Results:
10:27:40:203 3556 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
10:27:40:203 3556 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:27:40:203 3556 File objects infected / cured / cured on reboot: 0 / 0 / 0
10:27:40:203 3556
10:27:40:203 3556 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
10:27:40:203 3556 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
10:27:40:203 3556 KLMD(ARK) unloaded successfully


Thanks for your help again! Respect!

 

Yes, Budapest is really nice.

Wow! Avast updated itself, and now I can open its website too.
I tried mirosoft for updates, an its working now.

gmer.log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 11:56:58
Windows 5.1.2600 Szervizcsomag 2
Running: 3jf7ow9n.exe; Driver: C:\DOCUME~1\RENDSZ~1\LOCALS~1\Temp\pfldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF1FA8C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF1FA8B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF1FA90C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF1FA8FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF1FA86E8]
SSDT sptd.sys ZwEnumerateKey [0xF7463D48]
SSDT sptd.sys ZwEnumerateValueKey [0xF74640C0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF1FA8BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF1FA8628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF1FA868C]
SSDT sptd.sys ZwQueryKey [0xF746418A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF1FA8D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF1FA9194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF1FA8CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF1FA8E4C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF1FB54FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF1FB5322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF1FB545C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 15C 804E27C8 4 Bytes CALL 0B402253
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP F1FB2972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP F1FB5326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581EFE 7 Bytes JMP F1FB5502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1132 5 Bytes JMP F1FB14BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A40FA 7 Bytes JMP F1FB5460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? C:\WINDOWS\system32\drivers\sptd.sys A folyamat nem fér hozzá a fájlhoz, mert azt egy másik folyamat használja.
? C:\WINDOWS\System32\Drivers\SPTD1517.SYS A folyamat nem fér hozzá a fájlhoz, mert azt egy másik folyamat használja.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F68DC4D0 16 Bytes [BF, 99, 76, D0, 5C, 99, 30, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F68DC4E1 31 Bytes [B0, 8D, F6, 7F, 41, 0E, 98, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys A folyamat nem fér hozzá a fájlhoz, mert azt egy másik folyamat használja.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F746CF52] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7483658] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F746D550] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F746D454] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F746D620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F746D620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F746D550] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F746D454] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7482F6C] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F746D10E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7482BB0] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F746CFA6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F745FA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F745FB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F745FAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74606CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74605A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F748379E] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F74721BA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7482BB0] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F748379E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7482BBC] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F745F020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F745F020] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[872] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[872] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8437FBF8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{35F9173A-D74F-4C66-95C9-6F789157AEDD} 83ED40E8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\dmio \Device\DmControl\DmIoDaemon 843C9460
Device \Driver\dmio \Device\DmControl\DmConfig 843C9460
Device \Driver\dmio \Device\DmControl\DmPnP 843C9460
Device \Driver\dmio \Device\DmControl\DmInfo 843C9460

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 843C9698
Device \Driver\Ftdisk \Device\HarddiskVolume2 843C9698
Device \Driver\Cdrom \Device\CdRom0 84204560
Device \FileSystem\Rdbss \Device\FsWrap 83EAE0E8
Device \Driver\Cdrom \Device\CdRom1 84204560
Device \Driver\atapi \Device\Ide\IdePort0 [F73B52F0] atapi.sys[unknown section] {MOV EAX, 0x843c90c8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7474684; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F73B52F0] atapi.sys[unknown section] {MOV EAX, 0x843c90c8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7474684; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F73B52F0] atapi.sys[unknown section] {MOV EAX, 0x843c90c8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7474684; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F73B52F0] atapi.sys[unknown section] {MOV EAX, 0x843c90c8; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf7474684; RET }
Device \Driver\NetBT \Device\NetBt_Wins_Export 83ED40E8
Device \Driver\00000054 \Device\0000004a sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb 83ED40E8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 8437FEB0

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84182A20
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84182A20
Device \FileSystem\Npfs \Device\NamedPipe 8408F0E8
Device \Driver\Ftdisk \Device\FtControl 843C9698
Device \FileSystem\Msfs \Device\Mailslot 84038EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4C6BA46-E15B-44FF-869C-79035E19A0D5} 83ED40E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 8400A698
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8400A698
Device \FileSystem\Cdfs \Cdfs 83EDA948

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 810012114
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -72366829
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1130563763
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0x00 0x7F 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0xB3 0x68 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4F 0xB1 0xA9 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0x00 0x7F 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0xB3 0x68 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4F 0xB1 0xA9 0x82 ...

---- EOF - GMER 1.0.15 ----

 

Malwarebytes log is in hungarian, but it says, it hasn't found anything:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Adatbázis verzió: 3989

Windows 5.1.2600 Szervizcsomag 2
Internet Explorer 6.0.2900.2180

2010.04.15. 11:58:56
mbam-log-2010-04-15 (11-58-56).txt

Vizsgálat típusa: Gyorsvizsgálat
Ãtvizsgált objektumok: 100553
Eltelt idő: 8 perc, 10 másodperc

Fertőzött memóriafolyamatok: 0
Fertőzött memória modulok: 0
Fertőzött Rendszerleíró kulcsok: 0
Fertőzött Rendszerleíró értékek: 0
Fertőzött Rendszerleíró adatelemek: 0
Fertőzött mappák: 0
Fertőzött fájlok: 0

Fertőzött memóriafolyamatok:
(Nem találhatók rosszindulatú elemek)

Fertőzött memória modulok:
(Nem találhatók rosszindulatú elemek)

Fertőzött Rendszerleíró kulcsok:
(Nem találhatók rosszindulatú elemek)

Fertőzött Rendszerleíró értékek:
(Nem találhatók rosszindulatú elemek)

Fertőzött Rendszerleíró adatelemek:
(Nem találhatók rosszindulatú elemek)

Fertőzött mappák:
(Nem találhatók rosszindulatú elemek)

Fertőzött fájlok:
(Nem találhatók rosszindulatú elemek)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:14, on 2010.04.15.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\allsnap.exe
C:\WINDOWS\makefolder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O4 - HKLM\..\Run: [AllSnap] "C:\WINDOWS\allsnap.exe "
O4 - HKLM\..\Run: [MakeFolder] "C:\WINDOWS\makefolder.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF12303.cfxxe" /c "C:\ComboFix\C.bat "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6246 bytes


May I ask a personal question? Why, and when have you moved to Daly City from Cracow? I'm just curious, nothing serious.

And again, a thousand times thank you for your help!!

 

So, TFC worked fine, I restarted my computer.

But this Kasparesky Online virus checking isn't working:
Sometimes it doesn't even enable the "Accept" button at the very beginning. When it does, it updates itself (every 3rd time it stops at 0%, so I have to reload the page). And when I finally get to Scan (My Computer), it doesn't start, or when it start, then it stops at 51%, and even after 3 hours it won't proceed.
I tried the whole procedure ~20 times, but only ~5 times got to the scanning part, but it stopped at that exact point (51%).

What should I do?
By the way, which antivirus software (free) do YOU recommend?

When will my virus-misery be over?

 

Thanks, eset online scan worked!

ESET Scan result:

D:\Jatekok\WORLD OF GOO\Thinstall (noportable.blogspot.com)\World of Goo\40000025200002i\WorldOfGoo.exe probably a variant of Win32/Spy.Banker trojan cleaned by deleting - quarantined

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:00, on 2010.04.19.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\allsnap.exe
C:\WINDOWS\makefolder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O4 - HKLM\..\Run: [AllSnap] "C:\WINDOWS\allsnap.exe "
O4 - HKLM\..\Run: [MakeFolder] "C:\WINDOWS\makefolder.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF12303.cfxxe" /c "C:\ComboFix\C.bat "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6343 bytes

 

Ok, i did everything.

HJ log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:00, on 2010.04.24.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\allsnap.exe
C:\WINDOWS\makefolder.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O4 - HKLM\..\Run: [AllSnap] "C:\WINDOWS\allsnap.exe "
O4 - HKLM\..\Run: [MakeFolder] "C:\WINDOWS\makefolder.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 5436 bytes

 

Thank you very much!

Sorry for the late answer, but I was very busy in the last two weeks (working on my diploma). My computer is doing well
I turned off System Restore completely (it slows down the PC and I've never used it before) and updated windows.
Thanks for the links, I'll check them, and in the future, I will be more careful!

Thank you again for your help, I appreciate your work!!!

Best regards