Pls kontrola logu lidicky :-) Vyřešeno

[Romaninho]

Pokračuj zde: viewtopic.php?t=26843
fredik

ComboFix 08-04-18.3 - Romaninho 2008-04-20 1:59:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.118 [GMT 1:00]
Running from: C:\Users\Romaninho\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\NetProject
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\wamdl.dll
C:\Program Files\NetProject\waun.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url
C:\Users\Public\Desktop\Online Security Guide.url
C:\Users\Public\Desktop\Security Troubleshooting.url
C:\Users\ROMANI~1\FAVORI~1\Online Security Test.url
C:\Users\Romaninho\Favorites\Online Security Test.url
C:\Windows\System32\Desktop_.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 01:06 --------- d-----w C:\Program Files\Google
2008-04-20 00:12 --------- d-----w C:\Users\Romaninho\AppData\Roaming\AVG7
2008-04-19 22:50 --------- d-----w C:\Program Files\ICQToolbar
2008-04-18 17:13 --------- d-----w C:\Users\Guest\AppData\Roaming\AVG7
2008-04-17 20:06 --------- d-----w C:\Users\Romaninho\AppData\Roaming\OpenOffice.org2
2008-04-17 19:37 --------- d-----w C:\Program Files\ICQ6
2008-04-16 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 19:11 --------- d-----w C:\Program Files\rajce
2008-04-10 13:01 --------- d-----w C:\Program Files\Windows Mail
2008-04-02 21:48 --------- d-----w C:\Program Files\Intuwave Ltd
2008-03-25 10:13 --------- d-----w C:\Users\Romaninho\AppData\Roaming\gtk-2.0
2008-03-24 19:07 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-24 19:07 --------- d-----w C:\Program Files\Common Files\Real
2008-03-24 19:03 --------- d-----w C:\Program Files\Real
2008-03-23 12:29 --------- d-----w C:\ProgramData\Apple Computer
2008-03-22 01:11 --------- d-----w C:\ProgramData\avg7
2008-03-21 12:38 --------- d-----w C:\Users\Romaninho\AppData\Roaming\Elaborate Bytes
2008-03-21 12:37 --------- d-----w C:\Users\Romaninho\AppData\Roaming\SlySoft
2008-03-21 12:12 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-21 12:10 --------- d-----w C:\Program Files\SlySoft
2008-03-21 09:35 --------- d-----w C:\Users\Romaninho\AppData\Roaming\BitSpirit
2008-03-18 08:30 --------- d-----w C:\Users\Guest\AppData\Roaming\Winamp
2008-03-16 22:02 --------- d-----w C:\Users\Romaninho\AppData\Roaming\Nokia Multimedia Player
2008-03-14 19:32 --------- d-----w C:\Program Files\Kodak
2008-03-14 19:32 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-12 09:37 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-10 19:41 --------- d-----w C:\Program Files\Seznam
2008-03-09 17:22 --------- d-----w C:\ProgramData\PurePlay
2008-03-09 17:22 --------- d-----w C:\Program Files\PurePlay
2008-03-05 20:42 --------- d-----w C:\Program Files\EA Games
2008-03-01 16:53 --------- d-----w C:\Program Files\VID_0E8F&PID_0003
2008-02-22 10:15 --------- d-----w C:\ProgramData\Elaborate Bytes
2008-02-22 10:12 --------- d-----w C:\ProgramData\SlySoft
2008-02-21 22:46 --------- d-----w C:\ProgramData\DVD Shrink
2008-02-21 22:25 --------- d-----w C:\Users\Romaninho\AppData\Roaming\ICQ
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 08:49 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 08:49 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 08:49 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-15 08:49 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 08:49 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-23 09:40 22,328 ----a-w C:\Users\Romaninho\AppData\Roaming\PnkBstrK.sys
2007-09-11 16:37 174 --sha-w C:\Program Files\desktop.ini
2007-07-29 15:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-29 15:30 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-29 15:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Program Files\NetProject\wamdl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []
"Acer Tour Reminder"="" []
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 21:25 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-11-09 14:16 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour"="" []
"SetPanel"="" []
"eRecoveryService"="" []
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-03 21:12 1006264]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 06:37 4186112 C:\Windows\RtHDVCpl.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 13:35 614400]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-02 18:58 464168]
"AVG7_CC"="D:\Programs\Antiviry\Grisoft\avg\avgcc.exe" [2008-04-17 20:26 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-24 20:06 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="D:\Programs\Antiviry\Grisoft\avg\avgw.exe" [2007-10-26 10:20 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-07-30 22:44 9216 C:\Windows\System32\avgwlntf.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Software Kodak EasyShare.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Software Kodak EasyShare.lnk
backup=C:\Windows\pss\Software Kodak EasyShare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-01-14 19:38 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup]
D:\Programs\DVD\Deamon\DAEMON Tools\AdVantageSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-21 13:27 499712 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
D:\Programs\Antiviry\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 16:09 171464 D:\Programs\DVD\Deamon\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Detect]
C:\Program Files\iNTERNET Turbo\iDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2006-11-06 02:05 106496 C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-04-01 11:40 172280 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2006-11-06 02:02 98304 C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 14:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 17:03 278528 D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-11-07 18:35 1294336 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-11-06 02:02 81920 C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
--a------ 2008-02-21 22:22 453936 C:\Program Files\Seznam\Postak\Postak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-10-23 04:00 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F89F12FD-6327-4777-B7CB-4D1B707212A7}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{101C3451-015E-41DF-A8E8-489118426DA0}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{17D15BBA-92A6-48E5-B201-A1C92CA27FC4}"= UDP:D:\Programs\Antiviry\Grisoft\avg\avginet.exe:avginet.exe
"{14FC9855-DCBF-4926-BF0A-C161C09BC938}"= TCP:D:\Programs\Antiviry\Grisoft\avg\avginet.exe:avginet.exe
"{7A5AE8FC-383E-4968-874A-3D68A68D2C39}"= UDP:D:\Programs\Antiviry\Grisoft\avg\avgamsvr.exe:avgamsvr.exe
"{1BB6C4C4-6852-4D42-B4EA-25A82A04B60E}"= TCP:D:\Programs\Antiviry\Grisoft\avg\avgamsvr.exe:avgamsvr.exe
"{C78505FE-476D-47E2-BF6B-7D3C80F857F8}"= UDP:D:\Programs\Antiviry\Grisoft\avg\avgcc.exe:avgcc.exe
"{BBAD7824-DA22-4EB8-95E0-8F077D5FD8ED}"= TCP:D:\Programs\Antiviry\Grisoft\avg\avgcc.exe:avgcc.exe
"{6D7A7A7D-3769-4F60-9322-EC75179BF325}"= UDP:D:\Programs\Antiviry\Grisoft\avg\avgemc.exe:avgemc.exe
"{9049DFB6-A23C-41F0-98A5-0DD23BB13B27}"= TCP:D:\Programs\Antiviry\Grisoft\avg\avgemc.exe:avgemc.exe
"TCP Query User{112D8B25-BEC1-423E-8866-14CCD26F154E}D:\\programs\\komunikace\\skype\\phone\\skype.exe"= UDP:D:\programs\komunikace\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{64838240-58CC-437A-AD5E-6D2E23E9294C}D:\\programs\\komunikace\\skype\\phone\\skype.exe"= TCP:D:\programs\komunikace\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{75FE41D8-3AEC-4872-B9F6-723E1748E3D8}D:\\programs\\komunikace\\skype\\phone\\skype.exe"= UDP:D:\programs\komunikace\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C5BB24F2-4FC5-4DCC-94C0-539A7480F5DA}D:\\programs\\komunikace\\skype\\phone\\skype.exe"= TCP:D:\programs\komunikace\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{64AD1A37-5439-4153-B081-659C5BD7FD2B}D:\\programs\\inet\\firefox.exe"= UDP:D:\programs\inet\firefox.exe:Firefox
"UDP Query User{75E0987E-FCC5-4778-BB8E-428CE5A023A9}D:\\programs\\inet\\firefox.exe"= TCP:D:\programs\inet\firefox.exe:Firefox
"TCP Query User{703673D4-4774-458A-BC3A-9E43AB35B5DD}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D6C25157-9C29-4BDB-A794-B88202906F71}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{50BCB622-401D-40F6-BA08-06DDA56BF667}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{3B1D0997-2C3B-41A1-BEEC-E6BE2185CB08}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{055A6017-0E1D-44BB-ACE8-A73DBA137B3F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C711FE80-510C-489B-9D7A-15FE934C9CCF}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9F0E86C2-23E1-40E6-8AD4-9D69BBB47F1C}"= UDP:D:\Program Files\iTunes\iTunes.exe:iTunes
"{6EF7A08C-5675-4933-BE5B-CE8A7B9F10D9}"= TCP:D:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{DA5FAD4C-C826-4547-871A-6E6EB12E0637}C:\\qip\\qip.exe"= UDP:C:\qip\qip.exe:Quiet Internet Pager
"UDP Query User{04B9D121-21BB-4C6B-B2F8-E79A093992D6}C:\\qip\\qip.exe"= TCP:C:\qip\qip.exe:Quiet Internet Pager
"TCP Query User{1C5D5895-3B6E-4B91-A222-8C41D27D0928}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{451BAE59-250F-427A-89E5-147DAC426BF0}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{8F632484-164D-46F0-8F96-635CFF63CB76}D:\\programs\\inet\\firefox.exe"= UDP:D:\programs\inet\firefox.exe:Firefox
"UDP Query User{D5F37BAE-9103-450E-8C99-41581AB95FA9}D:\\programs\\inet\\firefox.exe"= TCP:D:\programs\inet\firefox.exe:Firefox
"TCP Query User{9DF5F54F-A46E-4493-9D66-0C938BACF7D1}D:\\program files\\itunes\\itunes.exe"= UDP:D:\program files\itunes\itunes.exe:iTunes
"UDP Query User{8D12AB9B-E4A8-47D2-B34C-048BDE108EFA}D:\\program files\\itunes\\itunes.exe"= TCP:D:\program files\itunes\itunes.exe:iTunes
"TCP Query User{7B0C7A99-074F-482D-98E0-5BAA8922F2C9}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= UDP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
"UDP Query User{0167A953-33CB-4D8B-B040-12E254C81404}C:\\program files\\atari\\act of war - direct action\\actofwar.exe"= TCP:C:\program files\atari\act of war - direct action\actofwar.exe:ACTOFWAR
"TCP Query User{71D69392-59DC-4EB9-A795-E6541660C8CC}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"UDP Query User{913E720A-B9EE-43CC-BF8F-C36F25A6B317}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"TCP Query User{98535998-50DB-40C6-B43E-8F619F25A143}D:\\downloads\\torrent\\bitspirit\\bitspirit.exe"= UDP:D:\downloads\torrent\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client
"UDP Query User{FDC79789-546A-43E9-83F5-AB0472C29295}D:\\downloads\\torrent\\bitspirit\\bitspirit.exe"= TCP:D:\downloads\torrent\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client
"TCP Query User{205BCFB7-7FAF-42BB-B7C6-5B69BB0B194F}D:\\downloads\\torrent\\bitspirit\\bitspirit.exe"= UDP:D:\downloads\torrent\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client
"UDP Query User{1BA27A78-615B-416C-8755-26D263DA9C8C}D:\\downloads\\torrent\\bitspirit\\bitspirit.exe"= TCP:D:\downloads\torrent\bitspirit\bitspirit.exe:The powerful and easy-to-use BitTorrent Client
"TCP Query User{8AEBB3C6-97AF-4E63-83FE-23581976C479}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{99EF8CC7-10CE-4F33-BA3F-E6C54669B27E}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{D2FAC6BC-D0F4-41E5-9BA8-3C7C1387DA8A}C:\\program files\\intuwave ltd\\shared\\mrouterruntime\\mrouterruntime.exe"= UDP:C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime
"UDP Query User{B567F331-0993-459B-A761-FF8EB3454DDB}C:\\program files\\intuwave ltd\\shared\\mrouterruntime\\mrouterruntime.exe"= TCP:C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe:mRouterRuntime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-01-02 18:59]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-01-02 18:59]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-01-02 18:59]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-01-02 18:58]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 20:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 16:46]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 16:39]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-01-23 15:25]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-12 10:37]
R3 Cam5607;Acer OrbiCam;C:\Windows\system32\Drivers\BisonC07.sys [2006-12-27 02:57]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 03:29]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-10-24 04:40]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\Windows\system32\DRIVERS\s716bus.sys [2007-06-29 09:59]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s716mdfl.sys [2007-06-29 09:59]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s716mdm.sys [2007-06-29 09:59]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s716mgmt.sys [2007-06-29 09:59]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\Windows\system32\DRIVERS\s716nd5.sys [2007-06-29 09:59]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s716obex.sys [2007-06-29 09:59]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\Windows\system32\DRIVERS\s716unic.sys [2007-06-29 09:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71148b5a-5df6-11dc-96a9-0016d4d2852a}]
\shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8424e9f2-c679-11dc-be63-0016d4d2852a}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8424ea06-c679-11dc-be63-0016d4d2852a}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84b15eb9-c66f-11dc-9188-0016d4d2852a}]
\shell\AutoRun\command - F:\VMC_PBStarter.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 18:42:00 C:\Windows\Tasks\EasyShare Registration Task.job"
- C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.20.2.sxt _RegistrationOffer@16
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 02:08:07
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Programs\Antiviry\Grisoft\avg\avgamsvr.exe
D:\Programs\Antiviry\Grisoft\avg\avgupsvc.exe
D:\Programs\Antiviry\Grisoft\avg\avgrssvc.exe
D:\Programs\Antiviry\Grisoft\avg\avgrssvc.exe
D:\Programs\Antiviry\Grisoft\avg\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Users\ROMANI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-04-20 2:13:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 01:13:04

[Reklama]