Problém s Win32/Daurso.A, prosím kontrolu logu

RadoS84 · Příspěvekod **RadoS84** » 05 srp 2009 14:53

Dobrý ďeň, mám problém s detekciou Win32/Daurso.A. Windows Defender to nedokáže odstrániť.
Tu je môj log z HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:49, on 5. 8. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\EasyPHP3.1\EasyPHP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\hp32_nword.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Windows\system32\hp32_nword.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\EasyPHP3.1\Apache\bin\apache.exe
C:\PROGRA~1\EasyPHP3.1\MySql\bin\mysqld.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\EasyPHP3.1\Apache\bin\apache.exe
C:\Windows\Explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP3.1\EasyPHP.exe"
O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [hp32_nword] C:\Windows\system32\hp32_nword.exe
O4 - HKLM\..\Run: [braviax] C:\Windows\system32\braviax.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [hp32_nword] C:\Users\Radoslav Šabík\hp32_nword.exe
O4 - HKCU\..\Run: [braviax] C:\Windows\system32\braviax.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - D:\Prog Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Prog Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://195.80.177.99/ConnectComputer/nshelp.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{573D46D1-33C8-41B3-9EF5-C40B79663BF8}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: UAZ Racing 4x4 Drivers Auto Removal (pr2anrqc) (pr2anrqc) - Cenega Publishing - C:\Windows\system32\pr2anrqc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\Windows\system32\UTSCSI.EXE

--
End of file - 12266 bytes

Tu je log z Malwarebytes Anti-Malware:

Malwarebytes' Anti-Malware 1.40
Verzia databázy: 2562
Windows 6.0.6001 Service Pack 1

5. 8. 2009 14:48:11
mbam-log-2009-08-05 (14-48-02).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 85210
Uplynutý cas: 3 minute(s), 52 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 2
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 5

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Windows\Temp\wpv711249195745.exe (Trojan.Agent) -> No action taken.
C:\Windows\Temp\wpv621249321620.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\delself.bat (Malware.Trace) -> No action taken.
C:\Users\Radoslav Šabík\AppData\Roaming\wiaserva.log (Malware.Trace) -> No action taken.
C:\Users\Radoslav Šabík\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken.

Vopred Vám veľmi pekne ďakujem za Vašu pomoc.

Reklama

Příspěvekod **jaro3** » 05 srp 2009 17:17

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hp32_nword] C:\Windows\system32\hp32_nword.exe
O4 - HKLM\..\Run: [braviax] C:\Windows\system32\braviax.exe
O4 - HKCU\..\Run: [hp32_nword] C:\Users\Radoslav Šabík\hp32_nword.exe
O4 - HKCU\..\Run: [braviax] C:\Windows\system32\braviax.exe

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Vypni rez. ochranu u NOD32
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

RadoS84 · Příspěvekod **RadoS84** » 05 srp 2009 17:39

Ďakujem. Tu je nový log po odstránení:

Malwarebytes' Anti-Malware 1.40
Verzia databázy: 2562
Windows 6.0.6001 Service Pack 1

5. 8. 2009 17:36:34
mbam-log-2009-08-05 (17-36-34).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 85131
Uplynutý cas: 3 minute(s), 46 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 2
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 5

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Windows\Temp\wpv711249195745.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpv621249321620.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Radoslav Šabík\AppData\Roaming\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Radoslav Šabík\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

Teraz idem urobiť ten zvyšok.

RadoS84 · Příspěvekod **RadoS84** » 05 srp 2009 18:44

Tu je log z ComboFix:

ComboFix 09-08-04.03 - Radoslav Šabík . 08. 2009 17:58.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.3327.2178 [GMT 2:00]
Running from: c:\users\Radoslav Šabík\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger .lnk
c:\users\RADOSL~1\FAVORI~1\. opuszczone miejsca - budynki, fabryki, kościoły, obiekty przemysłowe ..url
c:\users\RADOSL~1\FAVORI~1\.. Miniaturas ...url
c:\users\RADOSL~1\FAVORI~1\.. www.HUMMER.zde.cz ...url
c:\users\RADOSL~1\FAVORI~1\... GEMBALLA GERMANY ... german news.url
c:\users\RADOSL~1\FAVORI~1\... ZŠ Nováky ročník 1-4 ....url
c:\users\RADOSL~1\FAVORI~1\blue RHD Roadster in London - Automotive Forums .com Car Chat.url
c:\users\RADOSL~1\FAVORI~1\Collectors Car Books -- ETTORE BUGATTI BUGATTI MAGAZINE No 2 ..url
c:\users\RADOSL~1\FAVORI~1\Euro Truck Simulator Gold Edition - CZ .. EURO TRUCK SIMULATOR.url
c:\users\RADOSL~1\FAVORI~1\EUROCITRO 2006 « . BX World Forum de la Citroën BX . - yAronet - Attention forum addictif !.url
c:\users\RADOSL~1\FAVORI~1\LuXury and eXotic cars ...........................url
c:\users\RADOSL~1\FAVORI~1\Orient Express Trains, Royal Scotsman, Danube Express, Blue Train, Rovos ....url
c:\users\RADOSL~1\FAVORI~1\Pagani Zonda F - Automotive Forums .com Car Chat.url
c:\users\RADOSL~1\FAVORI~1\RallyChileno.cl . Foros Ver tema - FIAT 131 ABARTH.url
c:\users\RADOSL~1\FAVORI~1\Searchmight ...FREE LISTING... FREE SEARCHES... THOUSANDS OF MOTORCYCLE PRODUCTS AT YOUR FINGERTIPS....url
c:\users\RADOSL~1\FAVORI~1\Searchmight ...FREE LISTING... FREE SEARCHES... THOUSANDS OF MOTORCYCLE PRODUCTS AT YOUR FINGERTIPS...2.url
c:\users\RADOSL~1\FAVORI~1\Voitures sans numéros ... - Forums Auto de Motorlegend.url
c:\windows\system32\Drivers\iyarwaj.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\hp32_nword.exe
c:\windows\system32\userini.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fkit

((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-05 16:10 . 2009-08-05 16:10 -------- d-----w- c:\users\RADOSL~2\AppData\Local\temp
2009-08-05 16:10 . 2009-08-05 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 12:29 . 2009-08-05 12:29 -------- d-----w- c:\program files\Trend Micro
2009-08-05 09:30 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 09:30 . 2009-08-05 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 09:30 . 2009-08-05 09:30 -------- d-----w- c:\programdata\Malwarebytes
2009-08-05 09:30 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:11 . 2009-08-02 22:11 -------- d-----w- c:\program files\ESET
2009-08-02 21:55 . 2009-08-02 21:55 10 ----a-w- c:\programdata\SecTaskMan\icn_3BD1D797F0ABD2A4F999D5C2900D7AEF.dll
2009-08-02 21:55 . 2009-08-02 21:55 344 ----a-w- c:\programdata\SecTaskMan\icn_E185035FEF214B342AD85E52A7DA366E.dll
2009-08-02 21:55 . 2009-08-02 21:55 251 ----a-w- c:\programdata\SecTaskMan\icn_7475C687330100005BE8000000000010.dll
2009-08-02 21:55 . 2009-08-02 21:55 154 ----a-w- c:\programdata\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49.dll
2009-08-02 21:55 . 2009-08-02 21:55 3861 ----a-w- c:\programdata\SecTaskMan\icn_68AB67CA330100007706000000000020.dll
2009-08-02 21:55 . 2009-08-02 21:55 725 ----a-w- c:\programdata\SecTaskMan\icn_275C743A4B7F3A34DB15FF9C19487FD0.dll
2009-08-02 21:55 . 2009-08-02 21:55 3568 ----a-w- c:\programdata\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
2009-08-02 21:55 . 2009-08-02 21:55 316 ----a-w- c:\programdata\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2009-08-02 21:55 . 2009-08-02 21:55 283 ----a-w- c:\programdata\SecTaskMan\icn_068F5EECBAF70D087EFC20C2819BE552.dll
2009-08-02 21:55 . 2009-08-02 21:55 73 ----a-w- c:\programdata\SecTaskMan\icn_04DE0F7511F8AA149B62A4660D1D9ACC.dll
2009-08-02 21:55 . 2009-08-02 21:55 314 ----a-w- c:\programdata\SecTaskMan\icn_0149EE8E4CA834F46A62DDCE7AC5973F.dll
2009-08-02 21:55 . 2009-08-02 21:55 833 ----a-w- c:\programdata\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
2009-08-01 15:00 . 2009-08-01 15:00 -------- d-----w- c:\program files\EasyPHP3.1
2009-07-29 05:22 . 2009-07-21 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-15 06:41 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:41 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:41 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:41 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 10:42 . 2008-05-27 09:41 25768 ----a-w- c:\windows\system32\drivers\s0017nd5.sys
2009-07-12 10:42 . 2008-05-27 09:41 117672 ----a-w- c:\windows\system32\drivers\s0017unic.sys
2009-07-12 10:42 . 2008-05-27 09:41 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys
2009-07-12 10:42 . 2008-05-27 09:41 111912 ----a-w- c:\windows\system32\drivers\s0017obex.sys
2009-07-12 10:41 . 2008-05-27 09:41 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys
2009-07-12 10:41 . 2008-05-27 09:41 122152 ----a-w- c:\windows\system32\drivers\s0017mdm.sys
2009-07-12 10:41 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys
2009-07-12 10:41 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys
2009-07-12 10:41 . 2008-05-27 09:41 115496 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys
2009-07-12 10:40 . 2008-05-27 09:41 90536 ----a-w- c:\windows\system32\drivers\s0017bus.sys
2009-07-12 10:40 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys
2009-07-12 10:40 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 16:10 . 2007-12-28 12:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-02 21:57 . 2007-06-05 11:33 -------- d-----w- c:\programdata\SecTaskMan
2009-08-02 07:46 . 2008-10-29 19:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 06:12 . 2007-06-05 18:37 3662 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-26 17:45 . 2009-05-12 08:30 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-21 21:52 . 2009-07-29 05:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 20:13 . 2009-07-29 05:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 06:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 11:35 . 2007-06-05 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 10:41 . 2009-07-12 10:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-08 17:44 . 2007-06-05 11:34 -------- d-----w- c:\programdata\Test Drive Unlimited
2009-06-14 15:57 . 2009-06-07 16:22 -------- d--h--w- c:\programdata\ArcSoft
2009-06-07 16:22 . 2009-06-07 16:22 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-07 16:22 . 2009-06-07 16:22 -------- d-----w- c:\program files\WinFast
2009-06-07 16:12 . 2009-06-07 16:12 -------- d-----w- c:\program files\Leadtek Research Inc
2009-06-07 15:40 . 2009-06-07 15:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-03 06:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-31 21:07 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-31 21:07 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-16 12:54 . 2009-05-16 12:54 45568 ----a-w- c:\windows\system32\UTSCSI.EXE
2009-05-16 12:54 . 2009-05-16 12:54 150528 ----a-w- c:\windows\FAVPID.DLL
2009-05-14 13:49 . 2009-05-14 13:49 93312 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-08 22:50 . 2009-05-08 22:50 1459 ----a-w- c:\program files\uninstal.log
2002-05-21 08:00 . 2002-05-21 08:00 1362 ----a-r- c:\program files\ReadMe.txt
2008-10-30 20:18 . 2008-10-30 20:03 56 --sh--r- c:\windows\System32\2E616DBD38.sys
2006-05-03 10:06 . 2009-01-24 18:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-01-24 18:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-24 18:18 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-20 4608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-18 192000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-01-12 2908160]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"hp32_nword"="c:\users\Radoslav Šabík\hp32_nword.exe" [2009-08-05 27526]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-21 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-01-16 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"EasyPHP"="c:\program files\EasyPHP3.1\EasyPHP.exe" [2006-11-19 176128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-02-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-02-12 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Radoslav ćabˇk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ikowin32.exe [2008-1-19 29696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-5-12 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4136404604-2960614731-549300400-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D996F270-FB0C-45C9-BD0B-51B36F3CD214}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{DE889B34-A51C-4F7E-B594-27E0E915707B}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{6A27512D-EA16-43B7-B67A-C0E923867CF1}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{387441EC-BAE4-4EA8-A074-D67CFF5F15E0}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{6925A2DE-49CF-460B-8BDD-80CC9F531314}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{A9F16713-DA7C-431E-9B64-DC0D42BC3B28}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{1139E4C7-B325-40BB-976C-DBE32B858728}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B90BEEB9-6AE6-4DC3-81FB-B57064447A1F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C5F22BDD-6F71-4657-AA43-151192B7B591}e:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:e:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{FA5C51AF-F98C-4E25-9C33-F3B531F57E0D}e:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:e:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{090C209E-71E4-43DB-B400-065911004E5E}d:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:d:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{F02158A9-1D6B-4A8A-8257-C68F61E26B50}d:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:d:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{4CA0D057-9399-418B-9DAE-FB5D1E66A581}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{8267B91E-41BF-4558-9670-8587A008FDE0}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{DC7D271F-2CB4-48D5-85B9-11A3C27209C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C7D6160-463A-4FFE-AB99-3D28D18F02C5}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{83472396-669F-4C38-8E8F-C01B2329EDF3}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{E969F768-E30A-4641-9FED-49A04659BA9D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D9DFA4FB-ED2A-4806-8F46-B5956BA6C136}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{564D209D-4494-4BB8-BD9E-AEDEF03A69A6}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{7637D181-793B-4151-AC1A-0BC937344AC1}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4F9CE77C-D1A8-4408-9969-57855660E983}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DCFBF83C-5723-4944-845D-534268BC6113}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{FE713FFC-815D-4586-AA45-F24744F4D533}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{8E5A4740-D3A1-4C4D-924B-2954519FC29D}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{08FF9B31-3C3A-4B3E-B49B-21896D49BD92}"= UDP:d:\driversrepublic\missionimpossible45-win32.exe:Driver's Republic - Mission Impossible? 045
"{331BF89F-DCC1-47BE-8EC4-4265D480DBAC}"= TCP:d:\driversrepublic\missionimpossible45-win32.exe:Driver's Republic - Mission Impossible? 045
"{62295D44-7CFD-442C-8E20-D8C38265B603}"= UDP:e:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{DA386CC2-8F43-42F2-8BFB-C6656A68CA5F}"= TCP:e:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{3A13685B-EED3-4760-B499-ED808F0B9DEF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{56BE1C92-DB28-4AFE-8290-87360B45404D}e:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:e:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{8E25D922-BA2D-4F0B-B676-74980B0B8E7E}e:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:e:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{42C1D168-28AB-40B9-B92E-63EB0789CA42}e:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:e:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{BB452156-12BC-43A6-8293-27C9732EFDD1}e:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:e:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{8ED7FD0C-160D-415C-AD39-2C3C6D18E5DF}"= UDP:d:\driversrepublic\ovevision19-win32.exe:Driver's Republic - Xgames 2008
"{42CAF8D1-B722-4CE0-8051-CB7EBB681BFC}"= TCP:d:\driversrepublic\ovevision19-win32.exe:Driver's Republic - Xgames 2008
"{FB093BAC-AD63-4CCE-9C73-456C631E92EF}"= UDP:d:\driversrepublic\ovevision20-win32.exe:Driver's Republic - Corvette ZR1 2008
"{725E2229-8D6F-487E-A81B-C327ED48AEA5}"= TCP:d:\driversrepublic\ovevision20-win32.exe:Driver's Republic - Corvette ZR1 2008
"{53C61C38-3CBD-4121-B905-2A7239E1C283}"= UDP:d:\driversrepublic\ovevision21-win32.exe:Driver's Republic - Buzz Box 2008
"{263491A7-5AE9-4CC2-8C0E-57A74A484E6C}"= TCP:d:\driversrepublic\ovevision21-win32.exe:Driver's Republic - Buzz Box 2008
"{F65C0542-5E36-47FB-9AFA-92AF1AB77CB1}"= UDP:d:\driversrepublic\ovevision22-win32.exe:Driver's Republic - Electric Blue 2008
"{71D8D9C8-E742-40AB-963C-DB1E7E30068A}"= TCP:d:\driversrepublic\ovevision22-win32.exe:Driver's Republic - Electric Blue 2008
"{33458602-D4D0-49A0-995B-8919E56BBD91}"= UDP:d:\driversrepublic\ovevision23-win32.exe:Driver's Republic - One Vision 2008
"{0DC1B1BA-F065-470A-B48E-EF62D810A5CB}"= TCP:d:\driversrepublic\ovevision23-win32.exe:Driver's Republic - One Vision 2008
"{C3192CD7-5F7A-438B-B7F5-74066140CB34}"= UDP:d:\driversrepublic\ovevision24-win32.exe:Driver's Republic - History Repeating 2008
"{4E9A4AF1-7085-4BA8-B1D6-DB8FFBDB7649}"= TCP:d:\driversrepublic\ovevision24-win32.exe:Driver's Republic - History Repeating 2008
"{D651AE9B-2E78-47BE-B4C4-29170F493235}"= UDP:d:\driversrepublic\ovevision25-win32.exe:Driver's Republic - VBombers 2008
"{273793F0-9888-493E-91A6-0C80FCE1A61A}"= TCP:d:\driversrepublic\ovevision25-win32.exe:Driver's Republic - VBombers 2008
"{D89CAD05-C5C3-478B-9E84-4340D8F006EC}"= UDP:d:\driversrepublic\ovevision26-win32.exe:Driver's Republic - Baby Blue 025
"{F9488F5E-DFBB-4685-BFE1-670615C12751}"= TCP:d:\driversrepublic\ovevision26-win32.exe:Driver's Republic - Baby Blue 025
"{F2BC6705-177A-4760-BA7D-BB0A00A907BA}"= UDP:d:\driversrepublic\ovevision27-win32.exe:Driver's Republic - Hard & Fast 027
"{D88C89C9-383E-4C75-BB3F-4511D8627C8B}"= TCP:d:\driversrepublic\ovevision27-win32.exe:Driver's Republic - Hard & Fast 027
"{94BA7D81-341A-4265-BF0D-BA3580829BF3}"= UDP:d:\driversrepublic\ovevision28-win32.exe:Driver's Republic - Future Proof 028
"{18D76BD8-50A3-4C14-A05A-83BE70737FA1}"= TCP:d:\driversrepublic\ovevision28-win32.exe:Driver's Republic - Future Proof 028
"{FD7C3194-38E5-45F3-BC56-E4F656145E31}"= UDP:d:\driversrepublic\ovevision29-win32.exe:Driver's Republic - Black Power 029
"{71EB7E6D-F0B7-4C74-93E0-C0071F3E8AF7}"= TCP:d:\driversrepublic\ovevision29-win32.exe:Driver's Republic - Black Power 029
"{A2D911DC-0551-4376-A95B-D22287762B61}"= UDP:d:\driversrepublic\ovevision30-win32.exe:Driver's Republic - The Truth 030
"{AF582517-5BC3-4537-AF52-C61C5484E6D3}"= TCP:d:\driversrepublic\ovevision30-win32.exe:Driver's Republic - The Truth 030
"{3135555E-B1C5-4699-A496-652F697F49C0}"= UDP:d:\driversrepublic\ovevision31-win32.exe:Driver's Republic - Light Years 031
"{AA4B4360-D695-4D85-A9BE-1B4F0C6E73F6}"= TCP:d:\driversrepublic\ovevision31-win32.exe:Driver's Republic - Light Years 031
"{30A48E43-7BCA-42DF-B02C-708B86E906C9}"= UDP:d:\driversrepublic\ovevision32-win32.exe:Driver's Republic - Giant Killer 032
"{5CF766FC-2760-49F9-8AC8-4D61C40DC7C9}"= TCP:d:\driversrepublic\ovevision32-win32.exe:Driver's Republic - Giant Killer 032
"{C3FA422F-F6D6-46E5-81F0-3318FD679E44}"= UDP:d:\driversrepublic\ovevision33-win32.exe:Driver's Republic - The Enemy Within 033
"{ACF83F4C-9562-4636-83A9-81175F621CC9}"= TCP:d:\driversrepublic\ovevision33-win32.exe:Driver's Republic - The Enemy Within 033
"{446C1589-1004-44B5-B580-DC1028AD8DDD}"= UDP:d:\driversrepublic\ovevision34-win32.exe:Driver's Republic - Super Specials 034
"{6209EC9A-2BD5-4376-B0C1-7D3D44CED38F}"= TCP:d:\driversrepublic\ovevision34-win32.exe:Driver's Republic - Super Specials 034
"{1A755BC2-B91F-4A88-8862-C4A7621D9E08}"= UDP:d:\driversrepublic\ovevision35-win32.exe:Driver's Republic - Face Off 035
"{91B12F7E-F914-4167-9AE6-F0065482D7DC}"= TCP:d:\driversrepublic\ovevision35-win32.exe:Driver's Republic - Face Off 035
"{7F452B4E-8DB8-429B-B7E9-17451AA70992}"= UDP:d:\driversrepublic\ovevision36-win32.exe:Driver's Republic - Open Warfare 036
"{75F66073-4CE9-4A85-BF36-DF445442513E}"= TCP:d:\driversrepublic\ovevision36-win32.exe:Driver's Republic - Open Warfare 036
"{7FCDA223-A078-4238-829E-D739556B120A}"= UDP:d:\driversrepublic\ovevision37-win32.exe:Driver's Republic - Pure Zed 037
"{86C1FFB8-9074-4211-95E5-40D283FAFC8F}"= TCP:d:\driversrepublic\ovevision37-win32.exe:Driver's Republic - Pure Zed 037
"{2132588F-A10E-4973-B733-ED984740781B}"= UDP:d:\driversrepublic\ovevision38-win32.exe:Driver's Republic - Fierce Creatures 038
"{14758368-0961-4583-8816-6EC6DD128869}"= TCP:d:\driversrepublic\ovevision38-win32.exe:Driver's Republic - Fierce Creatures 038
"{9CB8FAD0-F9D3-4B91-B52E-9688A281482D}"= UDP:d:\driversrepublic\ovevision39-win32.exe:Driver's Republic - NightFever 039
"{C8C74249-C9EA-44E2-B668-84816DD19F42}"= TCP:d:\driversrepublic\ovevision39-win32.exe:Driver's Republic - NightFever 039
"{D4A3A844-181D-412D-8ED8-E394CF0D5179}"= UDP:d:\driversrepublic\ovevision40-win32.exe:Driver's Republic - 8 to the power of 10 040
"{FDC773E5-2575-499D-81DC-76B87F0E82B7}"= TCP:d:\driversrepublic\ovevision40-win32.exe:Driver's Republic - 8 to the power of 10 040
"{1F360C03-7E42-4436-AB26-309D5734C1BC}"= UDP:d:\driversrepublic\ovevision41-win32.exe:Driver's Republic - Thunder Cats 041
"{C37909D6-6EF6-4D5C-9CA5-07E41F365249}"= TCP:d:\driversrepublic\ovevision41-win32.exe:Driver's Republic - Thunder Cats 041
"{E63ACCAB-4BB9-4195-94BE-1B9BE4182DCB}"= UDP:d:\driversrepublic\ovevision42-win32.exe:Driver's Republic - Prize Fight 042
"{3DF1E2F3-4A10-4918-950B-517F9DE9A12C}"= TCP:d:\driversrepublic\ovevision42-win32.exe:Driver's Republic - Prize Fight 042
"{3CC268FB-1B58-4609-8CC9-90BAB8BB0839}"= UDP:d:\driversrepublic\ovevision43-win32.exe:Driver's Republic - Pocket Monsters 043
"{F452FAB0-58DB-4E3A-B9EF-3730EEF679FB}"= TCP:d:\driversrepublic\ovevision43-win32.exe:Driver's Republic - Pocket Monsters 043
"{75AD7B36-0108-484B-BF1D-7381D7441231}"= UDP:d:\driversrepublic\ovevision44-win32.exe:Driver's Republic - German Bite 044
"{AE5B0A9A-8B18-4ACC-9032-96CD13A4ED12}"= TCP:d:\driversrepublic\ovevision44-win32.exe:Driver's Republic - German Bite 044
"{E2929D05-FA25-4FA4-A762-46978C46AF1B}"= UDP:d:\driversrepublic\ovevision45-win32.exe:Driver's Republic - Mission Impossible? 045
"{08D7C319-E857-4754-8A94-5BB94004C896}"= TCP:d:\driversrepublic\ovevision45-win32.exe:Driver's Republic - Mission Impossible? 045
"{6DAEE608-4EF8-46AF-8C84-D2A2121EC345}"= UDP:d:\driversrepublic\ovevision46-win32.exe:Driver's Republic - Six Appeal 046
"{83FBCD74-98D8-4EC2-80F0-54684727DE52}"= TCP:d:\driversrepublic\ovevision46-win32.exe:Driver's Republic - Six Appeal 046
"{483D6B38-D5CA-4454-A59B-3D7BDFD1212A}"= UDP:d:\driversrepublic\ovevision47-win32.exe:Driver's Republic - Red Raw 047
"{9BE7E5E1-C673-4606-85D7-44519A328FC8}"= TCP:d:\driversrepublic\ovevision47-win32.exe:Driver's Republic - Red Raw 047
"{921418D5-6C82-4153-B55C-2C0791FC7825}"= UDP:d:\driversrepublic\ovevision48-win32.exe:Driver's Republic - Chasing Shadows 048
"{1C470C18-18CD-42D4-87AD-140F95D06A64}"= TCP:d:\driversrepublic\ovevision48-win32.exe:Driver's Republic - Chasing Shadows 048
"{7FC16FF5-FD0A-4232-A27B-2F79F1407383}"= UDP:d:\driversrepublic\ovevision49-win32.exe:Driver's Republic - Monsters Inc 049
"{6D5B2BEB-8AFD-47DA-9BA6-81EE0EA67EBD}"= TCP:d:\driversrepublic\ovevision49-win32.exe:Driver's Republic - Monsters Inc 049
"{1E79A648-43F4-43F5-953E-57B3AE21AB64}"= UDP:d:\driversrepublic\ovevision50-win32.exe:Driver's Republic - Star Wars 050
"{B153A6B9-B656-4469-8017-78C4672B2D45}"= TCP:d:\driversrepublic\ovevision50-win32.exe:Driver's Republic - Star Wars 050
"{9753139C-D347-4C7F-8F82-1FD90E004A79}"= UDP:d:\driversrepublic\ovevision51-win32.exe:Driver's Republic - Long Time Coming 051
"{FA4EFCF5-5ED3-46E4-8D37-24E8C1CD2DAE}"= TCP:d:\driversrepublic\ovevision51-win32.exe:Driver's Republic - Long Time Coming 051
"{8997528F-CBE6-4D63-8101-857361861F83}"= UDP:d:\driversrepublic\ovevision52-win32.exe:Driver's Republic - Perfect 10 052
"{9DE962ED-2C34-4B07-A3E6-B4518001972A}"= TCP:d:\driversrepublic\ovevision52-win32.exe:Driver's Republic - Perfect 10 052
"{7788E518-55F4-48BA-864D-A6413E246E52}"= UDP:d:\driversrepublic\ovevision53-win32.exe:Driver's Republic - Get Behind Me Satan 053
"{DFDAC7AB-C312-4590-B6DF-95374CC197EE}"= TCP:d:\driversrepublic\ovevision53-win32.exe:Driver's Republic - Get Behind Me Satan 053
"{998EDDAB-E4AB-4B0E-B2C0-12984053ABDA}"= UDP:d:\driversrepublic\ovevision54-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{178A43E3-D8C3-4C60-A2F4-014D4DDF6E9B}"= TCP:d:\driversrepublic\ovevision54-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{608208E2-20FD-437E-8093-DA9F23D5D6F0}"= UDP:d:\driversrepublic\ovevision55-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{25483AEC-4396-46F6-8213-3D2624806E37}"= TCP:d:\driversrepublic\ovevision55-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"TCP Query User{10CBC5C9-F88C-44F2-84F1-D9501F4FA88D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{19A68827-57CF-49E6-9CD8-28065192C8EC}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F13C74EE-593F-4F57-A46A-2825C1483B3E}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{083F9EE7-B07A-448E-84BC-16239E8DF2AD}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.

R0 pe3anrqc;UAZ Racing 4x4 Environment Driver (pe3anrqc);c:\windows\System32\drivers\pe3anrqc.sys [9. 11. 2007 15:07 65152]
R0 ps7anrqc;UAZ Racing 4x4 Synchronization Driver (ps7anrqc);c:\windows\System32\drivers\ps7anrqc.sys [9. 11. 2007 15:07 68744]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14. 5. 2009 15:47 107256]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [7. 6. 2009 19:14 59776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 15:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14. 5. 2009 15:49 93312]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt11\ArcNameService.exe [1. 5. 2007 10:15 157264]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\System32\drivers\wf2ktunr.sys [7. 6. 2009 19:14 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\System32\drivers\wf2kXbar.sys [7. 6. 2009 19:14 9600]
S2 pr2anrqc;UAZ Racing 4x4 Drivers Auto Removal (pr2anrqc);c:\windows\system32\pr2anrqc.exe svc --> c:\windows\system32\pr2anrqc.exe svc [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [12. 7. 2009 12:40 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [12. 7. 2009 12:41 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [12. 7. 2009 12:41 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [12. 7. 2009 12:41 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [12. 7. 2009 12:42 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [12. 7. 2009 12:42 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [12. 7. 2009 12:42 117672]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23. 4. 2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [23. 4. 2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [23. 4. 2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [23. 4. 2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [23. 4. 2007 13:54 98568]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\System32\drivers\s716bus.sys [27. 12. 2007 21:39 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\System32\drivers\s716mdfl.sys [27. 12. 2007 21:39 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\System32\drivers\s716mdm.sys [27. 12. 2007 21:39 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s716mgmt.sys [27. 12. 2007 21:40 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\System32\drivers\s716nd5.sys [27. 12. 2007 21:39 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\System32\drivers\s716obex.sys [27. 12. 2007 21:39 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\System32\drivers\s716unic.sys [27. 12. 2007 21:40 98952]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [27. 12. 2007 21:40 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [27. 12. 2007 21:40 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [27. 12. 2007 21:40 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [27. 12. 2007 21:41 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [19. 6. 2007 8:51 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [27. 12. 2007 21:41 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [27. 12. 2007 21:41 97704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
HKLM-Run-hp32_nword - c:\windows\system32\hp32_nword.exe
ShellExecuteHooks-{92BADD0D-A53F-41B5-8803-2B3854A20073} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download All by FlashGet - d:\prog files\FlashGet\jc_all.htm
IE: Download using FlashGet - d:\prog files\FlashGet\jc_link.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {573D46D1-33C8-41B3-9EF5-C40B79663BF8} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 18:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\RADOSL~1\AppData\Local\Temp\~TM67BB.tmp 1203792 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4136404604-2960614731-549300400-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8b,83,2b,12,6f,c7,08,49,0b,44,98,b7,ee,2e,f9,8e,39,fe,10,31,55,9c,03,
d7,7e,fc,fc,d3,2d,1d,e6,cc,14,78,1e,9b,ef,d9,c3,eb,7a,a4,2e,27,b0,4b,1d,51,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\oodag.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\UTSCSI.EXE
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\users\Radoslav abík\hp32_nword.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2009-08-05 18:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 16:22

Pre-Run: 11 184 058 368 bytes free
Post-Run: 10 965 499 904 bytes free

444 --- E O F --- 2009-08-04 06:53

Po reštartovaní počítača pri spustení ComboFixu som nedokázal zabrániť spusteniu programov, ktoré sa spúšťajú automaticky po spustení, ale snažil som sa ich pohotovo ukončiť. Dúfam, že to nespôsobilo nejaký problém.

Tu je aktuálny log z HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:08, on 5. 8. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\EasyPHP3.1\EasyPHP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Users\Radoslav Šabík\hp32_nword.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\PROGRA~1\EasyPHP3.1\MySql\bin\mysqld.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\hp32_nword.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP3.1\EasyPHP.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [hp32_nword] C:\Windows\system32\hp32_nword.exe
O4 - HKLM\..\Run: [braviax] C:\Windows\system32\braviax.exe
O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [hp32_nword] C:\Users\Radoslav Šabík\hp32_nword.exe
O4 - HKCU\..\Run: [braviax] C:\Windows\system32\braviax.exe
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - D:\Prog Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Prog Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://195.80.177.99/ConnectComputer/nshelp.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: UAZ Racing 4x4 Drivers Auto Removal (pr2anrqc) (pr2anrqc) - Cenega Publishing - C:\Windows\system32\pr2anrqc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\Windows\system32\UTSCSI.EXE

--
End of file - 10847 bytes

Keď som robil fixnutie podľa pokynov, tak tam riadok s názvom braviax nebol, teraz tam však opäť je. A Windows Defender stále upozorňuje na ten istý problém. Keď som ukončil odstraňovanie cez MbAM, pýtalo reštartovanie, ja som však najskôr urobil ostatné pokyny a až potom reštartoval. Dúfam, že to nespôsobilo problém.

Příspěvekod **jaro3** » 05 srp 2009 19:13

zkus něco z tohoto otestovat na Virustotal
c:\programdata\SecTaskMan\icn_3BD1D797F0ABD2A4F999D5C2900D7AEF.dll
c:\programdata\SecTaskMan\icn_E185035FEF214B342AD85E52A7DA366E.dll
c:\programdata\SecTaskMan\icn_7475C687330100005BE8000000000010.dll
c:\programdata\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49.dll
c:\programdata\SecTaskMan\icn_68AB67CA330100007706000000000020.dll
c:\programdata\SecTaskMan\icn_275C743A4B7F3A34DB15FF9C19487FD0.dll
c:\programdata\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
c:\programdata\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
c:\programdata\SecTaskMan\icn_068F5EECBAF70D087EFC20C2819BE552.dll
c:\programdata\SecTaskMan\icn_04DE0F7511F8AA149B62A4660D1D9ACC.dll
c:\programdata\SecTaskMan\icn_0149EE8E4CA834F46A62DDCE7AC5973F.dll
c:\programdata\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
Vlož sem pak odkazy výsledků.

Zatím udělám script.

RadoS84 · Příspěvekod **RadoS84** » 05 srp 2009 19:55

Příspěvekod **jaro3** » 05 srp 2009 20:02

Fajn..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\bthservsdp.dat
c:\windows\system32\KGyGaAvL.sys
c:\windows\System32\2E616DBD38.sys
c:\users\Radoslav Šabík\hp32_nword.exe
c:\users\Radoslav abík\hp32_nword.exe

Driver::
2E616DBD38

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hp32_nword"=-
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

RadoS84 · Příspěvekod **RadoS84** » 05 srp 2009 21:23

Log z ComboFixu:

ComboFix 09-08-04.03 - Radoslav Šabík . 08. 2009 20:54.2.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.3327.2227 [GMT 2:00]
Running from: c:\users\Radoslav Šabík\Desktop\ComboFix.exe
Command switches used :: c:\users\Radoslav Šabík\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\Radoslav abík\hp32_nword.exe"
"c:\users\Radoslav Šabík\hp32_nword.exe"
"c:\windows\bthservsdp.dat"
"c:\windows\System32\2E616DBD38.sys"
"c:\windows\system32\KGyGaAvL.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Radoslav Šabík\hp32_nword.exe
c:\windows\bthservsdp.dat
c:\windows\System32\2E616DBD38.sys
c:\windows\system32\DelSelf.bat
c:\windows\system32\hp32_nword.exe
c:\windows\system32\KGyGaAvL.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-05 19:01 . 2009-08-05 19:01 -------- d-----w- c:\users\RADOSL~2\AppData\Local\temp
2009-08-05 19:01 . 2009-08-05 19:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-05 19:01 . 2009-08-05 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 12:29 . 2009-08-05 12:29 -------- d-----w- c:\program files\Trend Micro
2009-08-05 09:30 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 09:30 . 2009-08-05 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 09:30 . 2009-08-05 09:30 -------- d-----w- c:\programdata\Malwarebytes
2009-08-05 09:30 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:11 . 2009-08-02 22:11 -------- d-----w- c:\program files\ESET
2009-08-02 21:55 . 2009-08-02 21:55 10 ----a-w- c:\programdata\SecTaskMan\icn_3BD1D797F0ABD2A4F999D5C2900D7AEF.dll
2009-08-02 21:55 . 2009-08-02 21:55 344 ----a-w- c:\programdata\SecTaskMan\icn_E185035FEF214B342AD85E52A7DA366E.dll
2009-08-02 21:55 . 2009-08-02 21:55 251 ----a-w- c:\programdata\SecTaskMan\icn_7475C687330100005BE8000000000010.dll
2009-08-02 21:55 . 2009-08-02 21:55 154 ----a-w- c:\programdata\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49.dll
2009-08-02 21:55 . 2009-08-02 21:55 3861 ----a-w- c:\programdata\SecTaskMan\icn_68AB67CA330100007706000000000020.dll
2009-08-02 21:55 . 2009-08-02 21:55 725 ----a-w- c:\programdata\SecTaskMan\icn_275C743A4B7F3A34DB15FF9C19487FD0.dll
2009-08-02 21:55 . 2009-08-02 21:55 3568 ----a-w- c:\programdata\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
2009-08-02 21:55 . 2009-08-02 21:55 316 ----a-w- c:\programdata\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2009-08-02 21:55 . 2009-08-02 21:55 283 ----a-w- c:\programdata\SecTaskMan\icn_068F5EECBAF70D087EFC20C2819BE552.dll
2009-08-02 21:55 . 2009-08-02 21:55 73 ----a-w- c:\programdata\SecTaskMan\icn_04DE0F7511F8AA149B62A4660D1D9ACC.dll
2009-08-02 21:55 . 2009-08-02 21:55 314 ----a-w- c:\programdata\SecTaskMan\icn_0149EE8E4CA834F46A62DDCE7AC5973F.dll
2009-08-02 21:55 . 2009-08-02 21:55 833 ----a-w- c:\programdata\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
2009-08-01 15:00 . 2009-08-01 15:00 -------- d-----w- c:\program files\EasyPHP3.1
2009-07-29 05:22 . 2009-07-21 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-15 06:41 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:41 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:41 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:41 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 10:42 . 2008-05-27 09:41 25768 ----a-w- c:\windows\system32\drivers\s0017nd5.sys
2009-07-12 10:42 . 2008-05-27 09:41 117672 ----a-w- c:\windows\system32\drivers\s0017unic.sys
2009-07-12 10:42 . 2008-05-27 09:41 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys
2009-07-12 10:42 . 2008-05-27 09:41 111912 ----a-w- c:\windows\system32\drivers\s0017obex.sys
2009-07-12 10:41 . 2008-05-27 09:41 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys
2009-07-12 10:41 . 2008-05-27 09:41 122152 ----a-w- c:\windows\system32\drivers\s0017mdm.sys
2009-07-12 10:41 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys
2009-07-12 10:41 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys
2009-07-12 10:41 . 2008-05-27 09:41 115496 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys
2009-07-12 10:40 . 2008-05-27 09:41 90536 ----a-w- c:\windows\system32\drivers\s0017bus.sys
2009-07-12 10:40 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys
2009-07-12 10:40 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 21:57 . 2007-06-05 11:33 -------- d-----w- c:\programdata\SecTaskMan
2009-08-02 07:46 . 2008-10-29 19:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 17:45 . 2009-05-12 08:30 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-21 21:52 . 2009-07-29 05:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 20:13 . 2009-07-29 05:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 06:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 11:35 . 2007-06-05 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 10:41 . 2009-07-12 10:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-08 17:44 . 2007-06-05 11:34 -------- d-----w- c:\programdata\Test Drive Unlimited
2009-06-14 15:57 . 2009-06-07 16:22 -------- d--h--w- c:\programdata\ArcSoft
2009-06-07 16:22 . 2009-06-07 16:22 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-07 16:22 . 2009-06-07 16:22 -------- d-----w- c:\program files\WinFast
2009-06-07 16:12 . 2009-06-07 16:12 -------- d-----w- c:\program files\Leadtek Research Inc
2009-06-07 15:40 . 2009-06-07 15:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-03 06:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-31 21:07 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-31 21:07 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-16 12:54 . 2009-05-16 12:54 45568 ----a-w- c:\windows\system32\UTSCSI.EXE
2009-05-16 12:54 . 2009-05-16 12:54 150528 ----a-w- c:\windows\FAVPID.DLL
2009-05-14 13:49 . 2009-05-14 13:49 93312 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-08 22:50 . 2009-05-08 22:50 1459 ----a-w- c:\program files\uninstal.log
2002-05-21 08:00 . 2002-05-21 08:00 1362 ----a-r- c:\program files\ReadMe.txt
2006-05-03 10:06 . 2009-01-24 18:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-01-24 18:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-24 18:18 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-05_16.17.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-05 16:54 . 2009-08-05 19:04 53954 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-06-05 16:45 . 2009-08-05 19:05 12712 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4136404604-2960614731-549300400-1000_UserData.bin
- 2006-11-02 13:00 . 2009-08-05 12:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-08-05 16:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-08-05 16:34 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-08-05 12:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-08-05 16:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:00 . 2009-08-05 12:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-05 19:02 . 2009-08-05 19:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-05 16:11 . 2009-08-05 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-05 16:11 . 2009-08-05 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-05 19:02 . 2009-08-05 19:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:03 . 2009-08-05 19:05 119466 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-08-05 16:36 589884 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-05 12:28 589884 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-05 16:36 101896 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-08-05 12:28 101896 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-20 4608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-18 192000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-01-12 2908160]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-21 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-01-16 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"EasyPHP"="c:\program files\EasyPHP3.1\EasyPHP.exe" [2006-11-19 176128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"hp32_nword"="c:\windows\system32\hp32_nword.exe" [BU]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-02-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-02-12 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Radoslav ćabˇk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ikowin32.exe [2008-1-19 29696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-5-12 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4136404604-2960614731-549300400-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D996F270-FB0C-45C9-BD0B-51B36F3CD214}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{DE889B34-A51C-4F7E-B594-27E0E915707B}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{6A27512D-EA16-43B7-B67A-C0E923867CF1}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{387441EC-BAE4-4EA8-A074-D67CFF5F15E0}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{6925A2DE-49CF-460B-8BDD-80CC9F531314}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{A9F16713-DA7C-431E-9B64-DC0D42BC3B28}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{1139E4C7-B325-40BB-976C-DBE32B858728}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B90BEEB9-6AE6-4DC3-81FB-B57064447A1F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C5F22BDD-6F71-4657-AA43-151192B7B591}e:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:e:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{FA5C51AF-F98C-4E25-9C33-F3B531F57E0D}e:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:e:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{090C209E-71E4-43DB-B400-065911004E5E}d:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:d:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{F02158A9-1D6B-4A8A-8257-C68F61E26B50}d:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:d:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{4CA0D057-9399-418B-9DAE-FB5D1E66A581}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{8267B91E-41BF-4558-9670-8587A008FDE0}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{DC7D271F-2CB4-48D5-85B9-11A3C27209C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C7D6160-463A-4FFE-AB99-3D28D18F02C5}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{83472396-669F-4C38-8E8F-C01B2329EDF3}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{E969F768-E30A-4641-9FED-49A04659BA9D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D9DFA4FB-ED2A-4806-8F46-B5956BA6C136}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{564D209D-4494-4BB8-BD9E-AEDEF03A69A6}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{7637D181-793B-4151-AC1A-0BC937344AC1}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4F9CE77C-D1A8-4408-9969-57855660E983}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DCFBF83C-5723-4944-845D-534268BC6113}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{FE713FFC-815D-4586-AA45-F24744F4D533}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{8E5A4740-D3A1-4C4D-924B-2954519FC29D}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{08FF9B31-3C3A-4B3E-B49B-21896D49BD92}"= UDP:d:\driversrepublic\missionimpossible45-win32.exe:Driver's Republic - Mission Impossible? 045
"{331BF89F-DCC1-47BE-8EC4-4265D480DBAC}"= TCP:d:\driversrepublic\missionimpossible45-win32.exe:Driver's Republic - Mission Impossible? 045
"{62295D44-7CFD-442C-8E20-D8C38265B603}"= UDP:e:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{DA386CC2-8F43-42F2-8BFB-C6656A68CA5F}"= TCP:e:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{3A13685B-EED3-4760-B499-ED808F0B9DEF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{56BE1C92-DB28-4AFE-8290-87360B45404D}e:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:e:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{8E25D922-BA2D-4F0B-B676-74980B0B8E7E}e:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:e:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{42C1D168-28AB-40B9-B92E-63EB0789CA42}e:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:e:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{BB452156-12BC-43A6-8293-27C9732EFDD1}e:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:e:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{8ED7FD0C-160D-415C-AD39-2C3C6D18E5DF}"= UDP:d:\driversrepublic\ovevision19-win32.exe:Driver's Republic - Xgames 2008
"{42CAF8D1-B722-4CE0-8051-CB7EBB681BFC}"= TCP:d:\driversrepublic\ovevision19-win32.exe:Driver's Republic - Xgames 2008
"{FB093BAC-AD63-4CCE-9C73-456C631E92EF}"= UDP:d:\driversrepublic\ovevision20-win32.exe:Driver's Republic - Corvette ZR1 2008
"{725E2229-8D6F-487E-A81B-C327ED48AEA5}"= TCP:d:\driversrepublic\ovevision20-win32.exe:Driver's Republic - Corvette ZR1 2008
"{53C61C38-3CBD-4121-B905-2A7239E1C283}"= UDP:d:\driversrepublic\ovevision21-win32.exe:Driver's Republic - Buzz Box 2008
"{263491A7-5AE9-4CC2-8C0E-57A74A484E6C}"= TCP:d:\driversrepublic\ovevision21-win32.exe:Driver's Republic - Buzz Box 2008
"{F65C0542-5E36-47FB-9AFA-92AF1AB77CB1}"= UDP:d:\driversrepublic\ovevision22-win32.exe:Driver's Republic - Electric Blue 2008
"{71D8D9C8-E742-40AB-963C-DB1E7E30068A}"= TCP:d:\driversrepublic\ovevision22-win32.exe:Driver's Republic - Electric Blue 2008
"{33458602-D4D0-49A0-995B-8919E56BBD91}"= UDP:d:\driversrepublic\ovevision23-win32.exe:Driver's Republic - One Vision 2008
"{0DC1B1BA-F065-470A-B48E-EF62D810A5CB}"= TCP:d:\driversrepublic\ovevision23-win32.exe:Driver's Republic - One Vision 2008
"{C3192CD7-5F7A-438B-B7F5-74066140CB34}"= UDP:d:\driversrepublic\ovevision24-win32.exe:Driver's Republic - History Repeating 2008
"{4E9A4AF1-7085-4BA8-B1D6-DB8FFBDB7649}"= TCP:d:\driversrepublic\ovevision24-win32.exe:Driver's Republic - History Repeating 2008
"{D651AE9B-2E78-47BE-B4C4-29170F493235}"= UDP:d:\driversrepublic\ovevision25-win32.exe:Driver's Republic - VBombers 2008
"{273793F0-9888-493E-91A6-0C80FCE1A61A}"= TCP:d:\driversrepublic\ovevision25-win32.exe:Driver's Republic - VBombers 2008
"{D89CAD05-C5C3-478B-9E84-4340D8F006EC}"= UDP:d:\driversrepublic\ovevision26-win32.exe:Driver's Republic - Baby Blue 025
"{F9488F5E-DFBB-4685-BFE1-670615C12751}"= TCP:d:\driversrepublic\ovevision26-win32.exe:Driver's Republic - Baby Blue 025
"{F2BC6705-177A-4760-BA7D-BB0A00A907BA}"= UDP:d:\driversrepublic\ovevision27-win32.exe:Driver's Republic - Hard & Fast 027
"{D88C89C9-383E-4C75-BB3F-4511D8627C8B}"= TCP:d:\driversrepublic\ovevision27-win32.exe:Driver's Republic - Hard & Fast 027
"{94BA7D81-341A-4265-BF0D-BA3580829BF3}"= UDP:d:\driversrepublic\ovevision28-win32.exe:Driver's Republic - Future Proof 028
"{18D76BD8-50A3-4C14-A05A-83BE70737FA1}"= TCP:d:\driversrepublic\ovevision28-win32.exe:Driver's Republic - Future Proof 028
"{FD7C3194-38E5-45F3-BC56-E4F656145E31}"= UDP:d:\driversrepublic\ovevision29-win32.exe:Driver's Republic - Black Power 029
"{71EB7E6D-F0B7-4C74-93E0-C0071F3E8AF7}"= TCP:d:\driversrepublic\ovevision29-win32.exe:Driver's Republic - Black Power 029
"{A2D911DC-0551-4376-A95B-D22287762B61}"= UDP:d:\driversrepublic\ovevision30-win32.exe:Driver's Republic - The Truth 030
"{AF582517-5BC3-4537-AF52-C61C5484E6D3}"= TCP:d:\driversrepublic\ovevision30-win32.exe:Driver's Republic - The Truth 030
"{3135555E-B1C5-4699-A496-652F697F49C0}"= UDP:d:\driversrepublic\ovevision31-win32.exe:Driver's Republic - Light Years 031
"{AA4B4360-D695-4D85-A9BE-1B4F0C6E73F6}"= TCP:d:\driversrepublic\ovevision31-win32.exe:Driver's Republic - Light Years 031
"{30A48E43-7BCA-42DF-B02C-708B86E906C9}"= UDP:d:\driversrepublic\ovevision32-win32.exe:Driver's Republic - Giant Killer 032
"{5CF766FC-2760-49F9-8AC8-4D61C40DC7C9}"= TCP:d:\driversrepublic\ovevision32-win32.exe:Driver's Republic - Giant Killer 032
"{C3FA422F-F6D6-46E5-81F0-3318FD679E44}"= UDP:d:\driversrepublic\ovevision33-win32.exe:Driver's Republic - The Enemy Within 033
"{ACF83F4C-9562-4636-83A9-81175F621CC9}"= TCP:d:\driversrepublic\ovevision33-win32.exe:Driver's Republic - The Enemy Within 033
"{446C1589-1004-44B5-B580-DC1028AD8DDD}"= UDP:d:\driversrepublic\ovevision34-win32.exe:Driver's Republic - Super Specials 034
"{6209EC9A-2BD5-4376-B0C1-7D3D44CED38F}"= TCP:d:\driversrepublic\ovevision34-win32.exe:Driver's Republic - Super Specials 034
"{1A755BC2-B91F-4A88-8862-C4A7621D9E08}"= UDP:d:\driversrepublic\ovevision35-win32.exe:Driver's Republic - Face Off 035
"{91B12F7E-F914-4167-9AE6-F0065482D7DC}"= TCP:d:\driversrepublic\ovevision35-win32.exe:Driver's Republic - Face Off 035
"{7F452B4E-8DB8-429B-B7E9-17451AA70992}"= UDP:d:\driversrepublic\ovevision36-win32.exe:Driver's Republic - Open Warfare 036
"{75F66073-4CE9-4A85-BF36-DF445442513E}"= TCP:d:\driversrepublic\ovevision36-win32.exe:Driver's Republic - Open Warfare 036
"{7FCDA223-A078-4238-829E-D739556B120A}"= UDP:d:\driversrepublic\ovevision37-win32.exe:Driver's Republic - Pure Zed 037
"{86C1FFB8-9074-4211-95E5-40D283FAFC8F}"= TCP:d:\driversrepublic\ovevision37-win32.exe:Driver's Republic - Pure Zed 037
"{2132588F-A10E-4973-B733-ED984740781B}"= UDP:d:\driversrepublic\ovevision38-win32.exe:Driver's Republic - Fierce Creatures 038
"{14758368-0961-4583-8816-6EC6DD128869}"= TCP:d:\driversrepublic\ovevision38-win32.exe:Driver's Republic - Fierce Creatures 038
"{9CB8FAD0-F9D3-4B91-B52E-9688A281482D}"= UDP:d:\driversrepublic\ovevision39-win32.exe:Driver's Republic - NightFever 039
"{C8C74249-C9EA-44E2-B668-84816DD19F42}"= TCP:d:\driversrepublic\ovevision39-win32.exe:Driver's Republic - NightFever 039
"{D4A3A844-181D-412D-8ED8-E394CF0D5179}"= UDP:d:\driversrepublic\ovevision40-win32.exe:Driver's Republic - 8 to the power of 10 040
"{FDC773E5-2575-499D-81DC-76B87F0E82B7}"= TCP:d:\driversrepublic\ovevision40-win32.exe:Driver's Republic - 8 to the power of 10 040
"{1F360C03-7E42-4436-AB26-309D5734C1BC}"= UDP:d:\driversrepublic\ovevision41-win32.exe:Driver's Republic - Thunder Cats 041
"{C37909D6-6EF6-4D5C-9CA5-07E41F365249}"= TCP:d:\driversrepublic\ovevision41-win32.exe:Driver's Republic - Thunder Cats 041
"{E63ACCAB-4BB9-4195-94BE-1B9BE4182DCB}"= UDP:d:\driversrepublic\ovevision42-win32.exe:Driver's Republic - Prize Fight 042
"{3DF1E2F3-4A10-4918-950B-517F9DE9A12C}"= TCP:d:\driversrepublic\ovevision42-win32.exe:Driver's Republic - Prize Fight 042
"{3CC268FB-1B58-4609-8CC9-90BAB8BB0839}"= UDP:d:\driversrepublic\ovevision43-win32.exe:Driver's Republic - Pocket Monsters 043
"{F452FAB0-58DB-4E3A-B9EF-3730EEF679FB}"= TCP:d:\driversrepublic\ovevision43-win32.exe:Driver's Republic - Pocket Monsters 043
"{75AD7B36-0108-484B-BF1D-7381D7441231}"= UDP:d:\driversrepublic\ovevision44-win32.exe:Driver's Republic - German Bite 044
"{AE5B0A9A-8B18-4ACC-9032-96CD13A4ED12}"= TCP:d:\driversrepublic\ovevision44-win32.exe:Driver's Republic - German Bite 044
"{E2929D05-FA25-4FA4-A762-46978C46AF1B}"= UDP:d:\driversrepublic\ovevision45-win32.exe:Driver's Republic - Mission Impossible? 045
"{08D7C319-E857-4754-8A94-5BB94004C896}"= TCP:d:\driversrepublic\ovevision45-win32.exe:Driver's Republic - Mission Impossible? 045
"{6DAEE608-4EF8-46AF-8C84-D2A2121EC345}"= UDP:d:\driversrepublic\ovevision46-win32.exe:Driver's Republic - Six Appeal 046
"{83FBCD74-98D8-4EC2-80F0-54684727DE52}"= TCP:d:\driversrepublic\ovevision46-win32.exe:Driver's Republic - Six Appeal 046
"{483D6B38-D5CA-4454-A59B-3D7BDFD1212A}"= UDP:d:\driversrepublic\ovevision47-win32.exe:Driver's Republic - Red Raw 047
"{9BE7E5E1-C673-4606-85D7-44519A328FC8}"= TCP:d:\driversrepublic\ovevision47-win32.exe:Driver's Republic - Red Raw 047
"{921418D5-6C82-4153-B55C-2C0791FC7825}"= UDP:d:\driversrepublic\ovevision48-win32.exe:Driver's Republic - Chasing Shadows 048
"{1C470C18-18CD-42D4-87AD-140F95D06A64}"= TCP:d:\driversrepublic\ovevision48-win32.exe:Driver's Republic - Chasing Shadows 048
"{7FC16FF5-FD0A-4232-A27B-2F79F1407383}"= UDP:d:\driversrepublic\ovevision49-win32.exe:Driver's Republic - Monsters Inc 049
"{6D5B2BEB-8AFD-47DA-9BA6-81EE0EA67EBD}"= TCP:d:\driversrepublic\ovevision49-win32.exe:Driver's Republic - Monsters Inc 049
"{1E79A648-43F4-43F5-953E-57B3AE21AB64}"= UDP:d:\driversrepublic\ovevision50-win32.exe:Driver's Republic - Star Wars 050
"{B153A6B9-B656-4469-8017-78C4672B2D45}"= TCP:d:\driversrepublic\ovevision50-win32.exe:Driver's Republic - Star Wars 050
"{9753139C-D347-4C7F-8F82-1FD90E004A79}"= UDP:d:\driversrepublic\ovevision51-win32.exe:Driver's Republic - Long Time Coming 051
"{FA4EFCF5-5ED3-46E4-8D37-24E8C1CD2DAE}"= TCP:d:\driversrepublic\ovevision51-win32.exe:Driver's Republic - Long Time Coming 051
"{8997528F-CBE6-4D63-8101-857361861F83}"= UDP:d:\driversrepublic\ovevision52-win32.exe:Driver's Republic - Perfect 10 052
"{9DE962ED-2C34-4B07-A3E6-B4518001972A}"= TCP:d:\driversrepublic\ovevision52-win32.exe:Driver's Republic - Perfect 10 052
"{7788E518-55F4-48BA-864D-A6413E246E52}"= UDP:d:\driversrepublic\ovevision53-win32.exe:Driver's Republic - Get Behind Me Satan 053
"{DFDAC7AB-C312-4590-B6DF-95374CC197EE}"= TCP:d:\driversrepublic\ovevision53-win32.exe:Driver's Republic - Get Behind Me Satan 053
"{998EDDAB-E4AB-4B0E-B2C0-12984053ABDA}"= UDP:d:\driversrepublic\ovevision54-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{178A43E3-D8C3-4C60-A2F4-014D4DDF6E9B}"= TCP:d:\driversrepublic\ovevision54-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{608208E2-20FD-437E-8093-DA9F23D5D6F0}"= UDP:d:\driversrepublic\ovevision55-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{25483AEC-4396-46F6-8213-3D2624806E37}"= TCP:d:\driversrepublic\ovevision55-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"TCP Query User{10CBC5C9-F88C-44F2-84F1-D9501F4FA88D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{19A68827-57CF-49E6-9CD8-28065192C8EC}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F13C74EE-593F-4F57-A46A-2825C1483B3E}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{083F9EE7-B07A-448E-84BC-16239E8DF2AD}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.

R0 pe3anrqc;UAZ Racing 4x4 Environment Driver (pe3anrqc);c:\windows\System32\drivers\pe3anrqc.sys [9. 11. 2007 15:07 65152]
R0 ps7anrqc;UAZ Racing 4x4 Synchronization Driver (ps7anrqc);c:\windows\System32\drivers\ps7anrqc.sys [9. 11. 2007 15:07 68744]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14. 5. 2009 15:47 107256]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [7. 6. 2009 19:14 59776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 15:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14. 5. 2009 15:49 93312]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt11\ArcNameService.exe [1. 5. 2007 10:15 157264]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\System32\drivers\wf2ktunr.sys [7. 6. 2009 19:14 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\System32\drivers\wf2kXbar.sys [7. 6. 2009 19:14 9600]
S2 pr2anrqc;UAZ Racing 4x4 Drivers Auto Removal (pr2anrqc);c:\windows\system32\pr2anrqc.exe svc --> c:\windows\system32\pr2anrqc.exe svc [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [12. 7. 2009 12:40 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [12. 7. 2009 12:41 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [12. 7. 2009 12:41 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [12. 7. 2009 12:41 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [12. 7. 2009 12:42 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [12. 7. 2009 12:42 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [12. 7. 2009 12:42 117672]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23. 4. 2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [23. 4. 2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [23. 4. 2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [23. 4. 2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [23. 4. 2007 13:54 98568]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\System32\drivers\s716bus.sys [27. 12. 2007 21:39 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\System32\drivers\s716mdfl.sys [27. 12. 2007 21:39 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\System32\drivers\s716mdm.sys [27. 12. 2007 21:39 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s716mgmt.sys [27. 12. 2007 21:40 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\System32\drivers\s716nd5.sys [27. 12. 2007 21:39 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\System32\drivers\s716obex.sys [27. 12. 2007 21:39 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\System32\drivers\s716unic.sys [27. 12. 2007 21:40 98952]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [27. 12. 2007 21:40 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [27. 12. 2007 21:40 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [27. 12. 2007 21:40 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [27. 12. 2007 21:41 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [19. 6. 2007 8:51 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [27. 12. 2007 21:41 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [27. 12. 2007 21:41 97704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-hp32_nword - c:\users\Radoslav Šabík\hp32_nword.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download All by FlashGet - d:\prog files\FlashGet\jc_all.htm
IE: Download using FlashGet - d:\prog files\FlashGet\jc_link.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 21:03
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4136404604-2960614731-549300400-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8b,83,2b,12,6f,c7,08,49,0b,44,98,b7,ee,2e,f9,8e,39,fe,10,31,55,9c,03,
d7,7e,fc,fc,d3,2d,1d,e6,cc,14,78,1e,9b,ef,d9,c3,eb,7a,a4,2e,27,b0,4b,1d,51,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\oodag.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\UTSCSI.EXE
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\progra~1\EasyPHP3.1\apache\bin\apache.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\progra~1\EasyPHP3.1\mysql\bin\mysqld.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\progra~1\EasyPHP3.1\apache\bin\apache.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-08-05 21:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 19:13
ComboFix2.txt 2009-08-05 16:23

Pre-Run: 11 021 963 264 bytes free
Post-Run: 10 939 875 328 bytes free

447 --- E O F --- 2009-08-04 06:53

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:23, on 5. 8. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\EasyPHP3.1\EasyPHP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\EasyPHP3.1\MySql\bin\mysqld.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP3.1\EasyPHP.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [hp32_nword] C:\Windows\system32\hp32_nword.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - D:\Prog Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Prog Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://195.80.177.99/ConnectComputer/nshelp.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: UAZ Racing 4x4 Drivers Auto Removal (pr2anrqc) (pr2anrqc) - Cenega Publishing - C:\Windows\system32\pr2anrqc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\Windows\system32\UTSCSI.EXE

--
End of file - 10317 bytes

Příspěvekod **jaro3** » 05 srp 2009 22:24

Odinstaluj:
SecTaskMan

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\programdata\SecTaskMan

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hp32_nword"=- 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Zítra..

RadoS84 · Příspěvekod **RadoS84** » 06 srp 2009 10:51

Na začiatok sa musím ospravedniť, pretože som si včera pri kopírovaní prvého skriptu nevšimol, že je text dlhší (rolovací panel textu bol mimo zobrazovanú plochu). Preto som dnes ho skopíroval opäť a spustil. Potom som spustil nový skript.

Tu je log z ComboFixu:

ComboFix 09-08-04.04 - Radoslav Šabík . 08. 2009 10:09.4.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.3327.2232 [GMT 2:00]
Running from: c:\users\Radoslav Šabík\Desktop\ComboFix.exe
Command switches used :: c:\users\Radoslav Šabík\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\SecTaskMan
c:\programdata\SecTaskMan\_entreelist.dll
c:\programdata\SecTaskMan\_enviewlist.dll
c:\programdata\SecTaskMan\icn_000021599B0090400000000000F01FEC
c:\programdata\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
c:\programdata\SecTaskMan\icn_0149EE8E4CA834F46A62DDCE7AC5973F
c:\programdata\SecTaskMan\icn_0149EE8E4CA834F46A62DDCE7AC5973F.dll
c:\programdata\SecTaskMan\icn_020F151BEED1617449F47295CFC315AD
c:\programdata\SecTaskMan\icn_020F151BEED1617449F47295CFC315AD.dll
c:\programdata\SecTaskMan\icn_04AB644DF5F1BE447A49A01CF408C997
c:\programdata\SecTaskMan\icn_04AB644DF5F1BE447A49A01CF408C997.dll
c:\programdata\SecTaskMan\icn_04DE0F7511F8AA149B62A4660D1D9ACC
c:\programdata\SecTaskMan\icn_04DE0F7511F8AA149B62A4660D1D9ACC.dll
c:\programdata\SecTaskMan\icn_068F5EECBAF70D087EFC20C2819BE552
c:\programdata\SecTaskMan\icn_068F5EECBAF70D087EFC20C2819BE552.dll
c:\programdata\SecTaskMan\icn_0B54E49C6AA69BF4A9EA2280F5368108
c:\programdata\SecTaskMan\icn_0B54E49C6AA69BF4A9EA2280F5368108.dll
c:\programdata\SecTaskMan\icn_0D756077321A70C3E844C138CE981581
c:\programdata\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
c:\programdata\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
c:\programdata\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
c:\programdata\SecTaskMan\icn_104C2FB8EC20D424CB62C6F4F94B646B
c:\programdata\SecTaskMan\icn_104C2FB8EC20D424CB62C6F4F94B646B.dll
c:\programdata\SecTaskMan\icn_11DD28868B33AED43850E767B57FB43D
c:\programdata\SecTaskMan\icn_11DD28868B33AED43850E767B57FB43D.dll
c:\programdata\SecTaskMan\icn_12340
c:\programdata\SecTaskMan\icn_12345
c:\programdata\SecTaskMan\icn_12AF449BFA1877A43882ECF4C45C0115
c:\programdata\SecTaskMan\icn_12AF449BFA1877A43882ECF4C45C0115.dll
c:\programdata\SecTaskMan\icn_14472C61981560F458D5DF2F8D22E475
c:\programdata\SecTaskMan\icn_14472C61981560F458D5DF2F8D22E475.dll
c:\programdata\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6
c:\programdata\SecTaskMan\icn_1B6FFD204561C114D8B7DF0625FE10F6.dll
c:\programdata\SecTaskMan\icn_1CB0A73CEE2579F42832C59ACF30750B
c:\programdata\SecTaskMan\icn_1CB0A73CEE2579F42832C59ACF30750B.dll
c:\programdata\SecTaskMan\icn_1E6C74A02BB9C320BBCED2D3EB9AA1A9
c:\programdata\SecTaskMan\icn_1E6C74A02BB9C320BBCED2D3EB9AA1A9.dll
c:\programdata\SecTaskMan\icn_1FD7E29CA42659D44A4C81BC94B1444A
c:\programdata\SecTaskMan\icn_1FD7E29CA42659D44A4C81BC94B1444A.dll
c:\programdata\SecTaskMan\icn_20527A23C2CB93C4CAAECBD364F36079
c:\programdata\SecTaskMan\icn_20527A23C2CB93C4CAAECBD364F36079.dll
c:\programdata\SecTaskMan\icn_20C83EB7DFC9CD874B3F2361B800A4FC
c:\programdata\SecTaskMan\icn_20C83EB7DFC9CD874B3F2361B800A4FC.dll
c:\programdata\SecTaskMan\icn_22FE4248FC444DD47B20AFAD93894FAB
c:\programdata\SecTaskMan\icn_22FE4248FC444DD47B20AFAD93894FAB.dll
c:\programdata\SecTaskMan\icn_2367501907ACC3146B82D2C3BDBB09B6
c:\programdata\SecTaskMan\icn_2367501907ACC3146B82D2C3BDBB09B6.dll
c:\programdata\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D
c:\programdata\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
c:\programdata\SecTaskMan\icn_275C743A4B7F3A34DB15FF9C19487FD0
c:\programdata\SecTaskMan\icn_275C743A4B7F3A34DB15FF9C19487FD0.dll
c:\programdata\SecTaskMan\icn_29286FD6C368349218E341E414BD9180
c:\programdata\SecTaskMan\icn_29286FD6C368349218E341E414BD9180.dll
c:\programdata\SecTaskMan\icn_29C90CAF7A39CB83AB74F80234C97218
c:\programdata\SecTaskMan\icn_29C90CAF7A39CB83AB74F80234C97218.dll
c:\programdata\SecTaskMan\icn_2CE27694B1714B74C87E057D0836067D
c:\programdata\SecTaskMan\icn_2CE27694B1714B74C87E057D0836067D.dll
c:\programdata\SecTaskMan\icn_36E5B8C7A128BFD4DBAF9158D488CEC5
c:\programdata\SecTaskMan\icn_36E5B8C7A128BFD4DBAF9158D488CEC5.dll
c:\programdata\SecTaskMan\icn_38E97B37B094D0640B6DC2B737893052
c:\programdata\SecTaskMan\icn_38E97B37B094D0640B6DC2B737893052.dll
c:\programdata\SecTaskMan\icn_3BD1D797F0ABD2A4F999D5C2900D7AEF
c:\programdata\SecTaskMan\icn_3BD1D797F0ABD2A4F999D5C2900D7AEF.dll
c:\programdata\SecTaskMan\icn_3CA4644AE58D9464788407161960D36F
c:\programdata\SecTaskMan\icn_3CA4644AE58D9464788407161960D36F.dll
c:\programdata\SecTaskMan\icn_41D315C1BA7D44B4AAF85206C61D2709
c:\programdata\SecTaskMan\icn_41D315C1BA7D44B4AAF85206C61D2709.dll
c:\programdata\SecTaskMan\icn_4559AC80EF5B313439F84D4A718B1157
c:\programdata\SecTaskMan\icn_4559AC80EF5B313439F84D4A718B1157.dll
c:\programdata\SecTaskMan\icn_4698F737910D54D5F54F9842EF265F46
c:\programdata\SecTaskMan\icn_4698F737910D54D5F54F9842EF265F46.dll
c:\programdata\SecTaskMan\icn_4A8170DF6BC62E245A5EC23177F7BCA4
c:\programdata\SecTaskMan\icn_4A8170DF6BC62E245A5EC23177F7BCA4.dll
c:\programdata\SecTaskMan\icn_4A9A7FBC4D0C0AB498199C7B9DA02589
c:\programdata\SecTaskMan\icn_4A9A7FBC4D0C0AB498199C7B9DA02589.dll
c:\programdata\SecTaskMan\icn_4B47F99FB27960B48B39B6B3D00B21B8
c:\programdata\SecTaskMan\icn_4B47F99FB27960B48B39B6B3D00B21B8.dll
c:\programdata\SecTaskMan\icn_4C7BB6329144DF244090E152A7523ED4
c:\programdata\SecTaskMan\icn_4C7BB6329144DF244090E152A7523ED4.dll
c:\programdata\SecTaskMan\icn_4E56A87A88D1A774384BE35C046F5AA5
c:\programdata\SecTaskMan\icn_4E56A87A88D1A774384BE35C046F5AA5.dll
c:\programdata\SecTaskMan\icn_4EA42A62D9304AC4784BF238120601FF
c:\programdata\SecTaskMan\icn_4EA42A62D9304AC4784BF238120601FF.dll
c:\programdata\SecTaskMan\icn_502643A929AE60441BBA0573D93A0F75
c:\programdata\SecTaskMan\icn_502643A929AE60441BBA0573D93A0F75.dll
c:\programdata\SecTaskMan\icn_503C5DB272B114D46B09A71671D2F2BE
c:\programdata\SecTaskMan\icn_503C5DB272B114D46B09A71671D2F2BE.dll
c:\programdata\SecTaskMan\icn_53E8CF8D793D61C478EA41A12625124E
c:\programdata\SecTaskMan\icn_53E8CF8D793D61C478EA41A12625124E.dll
c:\programdata\SecTaskMan\icn_544ADF5B4CAC6AB48ABF7A12B24D93ED
c:\programdata\SecTaskMan\icn_544ADF5B4CAC6AB48ABF7A12B24D93ED.dll
c:\programdata\SecTaskMan\icn_5546FC0F8DDE6C149AA62283476E06CC
c:\programdata\SecTaskMan\icn_5546FC0F8DDE6C149AA62283476E06CC.dll
c:\programdata\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9
c:\programdata\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9.dll
c:\programdata\SecTaskMan\icn_5AB7963F8D8C5294CAAC4F687CB6DA33
c:\programdata\SecTaskMan\icn_5AB7963F8D8C5294CAAC4F687CB6DA33.dll
c:\programdata\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1
c:\programdata\SecTaskMan\icn_5BDC64552EC2B8940B95B5B38FF14CF1.dll
c:\programdata\SecTaskMan\icn_5F6919A2C7B938AEB68C49B47F7041D3
c:\programdata\SecTaskMan\icn_5F6919A2C7B938AEB68C49B47F7041D3.dll
c:\programdata\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA
c:\programdata\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll
c:\programdata\SecTaskMan\icn_60982C5E68CEE404BBF4A62B954015FF
c:\programdata\SecTaskMan\icn_60982C5E68CEE404BBF4A62B954015FF.dll
c:\programdata\SecTaskMan\icn_61429251464AABF4BB692789AECACF70
c:\programdata\SecTaskMan\icn_61429251464AABF4BB692789AECACF70.dll
c:\programdata\SecTaskMan\icn_619AB06C44E94AD41BA1E9727B26E45F
c:\programdata\SecTaskMan\icn_619AB06C44E94AD41BA1E9727B26E45F.dll
c:\programdata\SecTaskMan\icn_61A89AC4E1CF9274790470FC7FBE7B44
c:\programdata\SecTaskMan\icn_61A89AC4E1CF9274790470FC7FBE7B44.dll
c:\programdata\SecTaskMan\icn_652D325CD31366843BA63FED252864FE
c:\programdata\SecTaskMan\icn_652D325CD31366843BA63FED252864FE.dll
c:\programdata\SecTaskMan\icn_68AB67CA330100007706000000000020
c:\programdata\SecTaskMan\icn_68AB67CA330100007706000000000020.dll
c:\programdata\SecTaskMan\icn_68AB67CA7DA73301B7447A8000000020
c:\programdata\SecTaskMan\icn_68AB67CA7DA73301B7447A8000000020.dll
c:\programdata\SecTaskMan\icn_68DDD261780C95E47B8AC0D1F888A4A9
c:\programdata\SecTaskMan\icn_68DDD261780C95E47B8AC0D1F888A4A9.dll
c:\programdata\SecTaskMan\icn_6A83D3EA1B313B0449321DAF9928BFA6
c:\programdata\SecTaskMan\icn_6A83D3EA1B313B0449321DAF9928BFA6.dll
c:\programdata\SecTaskMan\icn_6CA17315407BC0E4A84C69A7D7C25D39
c:\programdata\SecTaskMan\icn_6CA17315407BC0E4A84C69A7D7C25D39.dll
c:\programdata\SecTaskMan\icn_6CF190A4EFD60BC4FB549DA02B532362
c:\programdata\SecTaskMan\icn_6CF190A4EFD60BC4FB549DA02B532362.dll
c:\programdata\SecTaskMan\icn_6E928D191D1FF33468F15025FDDEE0DA
c:\programdata\SecTaskMan\icn_6E928D191D1FF33468F15025FDDEE0DA.dll
c:\programdata\SecTaskMan\icn_729E426147F12E4346BF62C36E6ADCF6
c:\programdata\SecTaskMan\icn_729E426147F12E4346BF62C36E6ADCF6.dll
c:\programdata\SecTaskMan\icn_72B17402207D8EF4D8CE7020CCC8A058
c:\programdata\SecTaskMan\icn_72B17402207D8EF4D8CE7020CCC8A058.dll
c:\programdata\SecTaskMan\icn_7475C687330100005BE8000000000010
c:\programdata\SecTaskMan\icn_7475C687330100005BE8000000000010.dll
c:\programdata\SecTaskMan\icn_7475C6877341D3440BE6970AF04E1501
c:\programdata\SecTaskMan\icn_7475C6877341D3440BE6970AF04E1501.dll
c:\programdata\SecTaskMan\icn_7D52C05A9E261154DA07E8D25A7EB9D7
c:\programdata\SecTaskMan\icn_7D52C05A9E261154DA07E8D25A7EB9D7.dll
c:\programdata\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49
c:\programdata\SecTaskMan\icn_7E577B2224C65CF4E801A9E52375DB49.dll
c:\programdata\SecTaskMan\icn_8358123696A4F79448550924160B9E4E
c:\programdata\SecTaskMan\icn_8358123696A4F79448550924160B9E4E.dll
c:\programdata\SecTaskMan\icn_85EFC63F0C7457D499B50E715236AF38
c:\programdata\SecTaskMan\icn_85EFC63F0C7457D499B50E715236AF38.dll
c:\programdata\SecTaskMan\icn_8804D69E5CAAF734E993CEE08387794B
c:\programdata\SecTaskMan\icn_8804D69E5CAAF734E993CEE08387794B.dll
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610000
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610000.dll
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001.dll
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610002.dll
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005.dll
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610007
c:\programdata\SecTaskMan\icn_8A0F842331866D117AB7000B0D610007.dll
c:\programdata\SecTaskMan\icn_9040710900063D11C8EF10054038389C
c:\programdata\SecTaskMan\icn_9040710900063D11C8EF10054038389C.dll
c:\programdata\SecTaskMan\icn_997C1B3D37BCED24ABF0324497A390C5
c:\programdata\SecTaskMan\icn_997C1B3D37BCED24ABF0324497A390C5.dll
c:\programdata\SecTaskMan\icn_9AC859DEB542F474DB721EC0AA0112B7
c:\programdata\SecTaskMan\icn_9AC859DEB542F474DB721EC0AA0112B7.dll
c:\programdata\SecTaskMan\icn_9B353DEA7D6EF6040B70C2555C62E53B
c:\programdata\SecTaskMan\icn_9B353DEA7D6EF6040B70C2555C62E53B.dll
c:\programdata\SecTaskMan\icn_9E9CA95DEAFFB1741BFFB413D13214A7
c:\programdata\SecTaskMan\icn_9E9CA95DEAFFB1741BFFB413D13214A7.dll
c:\programdata\SecTaskMan\icn_A01125EC3777F444E9D5A4544E97D26B
c:\programdata\SecTaskMan\icn_A01125EC3777F444E9D5A4544E97D26B.dll
c:\programdata\SecTaskMan\icn_A06AD1091E41F6E4E0D95663C413391A
c:\programdata\SecTaskMan\icn_A06AD1091E41F6E4E0D95663C413391A.dll
c:\programdata\SecTaskMan\icn_A0C5E5D363B589F4997A82F7D7DBEC30
c:\programdata\SecTaskMan\icn_A0C5E5D363B589F4997A82F7D7DBEC30.dll
c:\programdata\SecTaskMan\icn_A18EF62000FD0B043B52F7C99612DE20
c:\programdata\SecTaskMan\icn_A18EF62000FD0B043B52F7C99612DE20.dll
c:\programdata\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372
c:\programdata\SecTaskMan\icn_A76A12931BA584E449447C8141FC0372.dll
c:\programdata\SecTaskMan\icn_AE36A588B2834DD47A554108B958756D
c:\programdata\SecTaskMan\icn_AE36A588B2834DD47A554108B958756D.dll
c:\programdata\SecTaskMan\icn_AE8C22496C0B79148BCFCD976785AC00
c:\programdata\SecTaskMan\icn_AE8C22496C0B79148BCFCD976785AC00.dll
c:\programdata\SecTaskMan\icn_AF4BDFE5C62760F4CA9311CFDEFAA5EB
c:\programdata\SecTaskMan\icn_AF4BDFE5C62760F4CA9311CFDEFAA5EB.dll
c:\programdata\SecTaskMan\icn_B140210900063D11C8EF10054038389C
c:\programdata\SecTaskMan\icn_B140210900063D11C8EF10054038389C.dll
c:\programdata\SecTaskMan\icn_b25099274a207264182f8181add555d0
c:\programdata\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
c:\programdata\SecTaskMan\icn_B29206D386C115727E80E61439819C1E
c:\programdata\SecTaskMan\icn_B29206D386C115727E80E61439819C1E.dll
c:\programdata\SecTaskMan\icn_B32F89E4823122346ACEE2CDF83C4AEF
c:\programdata\SecTaskMan\icn_B32F89E4823122346ACEE2CDF83C4AEF.dll
c:\programdata\SecTaskMan\icn_B3CCF5624184B2B4986D12D7BFA88D68
c:\programdata\SecTaskMan\icn_B3CCF5624184B2B4986D12D7BFA88D68.dll
c:\programdata\SecTaskMan\icn_B506604BEF54F8D42805E177745938EA
c:\programdata\SecTaskMan\icn_B506604BEF54F8D42805E177745938EA.dll
c:\programdata\SecTaskMan\icn_B80D730C3884D1943992CDA5AC097F79
c:\programdata\SecTaskMan\icn_B80D730C3884D1943992CDA5AC097F79.dll
c:\programdata\SecTaskMan\icn_B95B0244CEF9C4F8573AF39E728DEA1A
c:\programdata\SecTaskMan\icn_B95B0244CEF9C4F8573AF39E728DEA1A.dll
c:\programdata\SecTaskMan\icn_B985ED7CBF9573A133ADED0DC88AD84C
c:\programdata\SecTaskMan\icn_B985ED7CBF9573A133ADED0DC88AD84C.dll
c:\programdata\SecTaskMan\icn_BC9CABE57D79DC448AD2F4BC735F28CA
c:\programdata\SecTaskMan\icn_BC9CABE57D79DC448AD2F4BC735F28CA.dll
c:\programdata\SecTaskMan\icn_BF0D824FD567BE04DB8D1A7E5F5C79AF
c:\programdata\SecTaskMan\icn_BF0D824FD567BE04DB8D1A7E5F5C79AF.dll
c:\programdata\SecTaskMan\icn_C016D0FEEB29F8D4DB33F956F878451F
c:\programdata\SecTaskMan\icn_C016D0FEEB29F8D4DB33F956F878451F.dll
c:\programdata\SecTaskMan\icn_C168B70F9B274A04B8A1AADEC4607A8E
c:\programdata\SecTaskMan\icn_C168B70F9B274A04B8A1AADEC4607A8E.dll
c:\programdata\SecTaskMan\icn_C19308D027A0BB34B92C41F336CC11D1
c:\programdata\SecTaskMan\icn_C19308D027A0BB34B92C41F336CC11D1.dll
c:\programdata\SecTaskMan\icn_C1B24092317057547BACC5E8B780994D
c:\programdata\SecTaskMan\icn_C1B24092317057547BACC5E8B780994D.dll
c:\programdata\SecTaskMan\icn_C429CFF860DEBC448876C37A87CE9E30
c:\programdata\SecTaskMan\icn_C429CFF860DEBC448876C37A87CE9E30.dll
c:\programdata\SecTaskMan\icn_C44CC767CBB9D834AB3DDF5459DD41B8
c:\programdata\SecTaskMan\icn_C44CC767CBB9D834AB3DDF5459DD41B8.dll
c:\programdata\SecTaskMan\icn_C7F1F23FD2239B646BA9C5E3CD887BC4
c:\programdata\SecTaskMan\icn_C7F1F23FD2239B646BA9C5E3CD887BC4.dll
c:\programdata\SecTaskMan\icn_C9D4CD15927F7A84C90ECB7725E9CC2A
c:\programdata\SecTaskMan\icn_C9D4CD15927F7A84C90ECB7725E9CC2A.dll
c:\programdata\SecTaskMan\icn_CC95ABAFB743B8742B7A73FB8058ACBC
c:\programdata\SecTaskMan\icn_CC95ABAFB743B8742B7A73FB8058ACBC.dll
c:\programdata\SecTaskMan\icn_CF80410CC7117B44B8C07197E425A610
c:\programdata\SecTaskMan\icn_CF80410CC7117B44B8C07197E425A610.dll
c:\programdata\SecTaskMan\icn_D0182037FCA793342BB77510C6AADDDC
c:\programdata\SecTaskMan\icn_D0182037FCA793342BB77510C6AADDDC.dll
c:\programdata\SecTaskMan\icn_D47ABDE8686099C4FBDD8F4976E81520
c:\programdata\SecTaskMan\icn_D47ABDE8686099C4FBDD8F4976E81520.dll
c:\programdata\SecTaskMan\icn_D6389426FFA0C9540A767430DA959F27
c:\programdata\SecTaskMan\icn_D6389426FFA0C9540A767430DA959F27.dll
c:\programdata\SecTaskMan\icn_D6E743D330A524345BABA67781583F97
c:\programdata\SecTaskMan\icn_D6E743D330A524345BABA67781583F97.dll
c:\programdata\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100
c:\programdata\SecTaskMan\icn_D7314F9862C648A4DB8BE2A5B47BE100.dll
c:\programdata\SecTaskMan\icn_D91C44E5F1D39F78562D8FC7F666FD19
c:\programdata\SecTaskMan\icn_D91C44E5F1D39F78562D8FC7F666FD19.dll
c:\programdata\SecTaskMan\icn_DB2607ECF6EB35146945D3270D1CCC71
c:\programdata\SecTaskMan\icn_DB2607ECF6EB35146945D3270D1CCC71.dll
c:\programdata\SecTaskMan\icn_DB98AF553D127F2429949CC400498AC3
c:\programdata\SecTaskMan\icn_DB98AF553D127F2429949CC400498AC3.dll
c:\programdata\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217
c:\programdata\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll
c:\programdata\SecTaskMan\icn_E185035FEF214B342AD85E52A7DA366E
c:\programdata\SecTaskMan\icn_E185035FEF214B342AD85E52A7DA366E.dll
c:\programdata\SecTaskMan\icn_E6675F4729723C04588F0B14119F402B
c:\programdata\SecTaskMan\icn_E6675F4729723C04588F0B14119F402B.dll
c:\programdata\SecTaskMan\icn_E920D1FAA93ECA83508AD759BEB35050
c:\programdata\SecTaskMan\icn_E920D1FAA93ECA83508AD759BEB35050.dll
c:\programdata\SecTaskMan\icn_EA669D457BEA9CB70BA97ABBE0CA32C6
c:\programdata\SecTaskMan\icn_EA669D457BEA9CB70BA97ABBE0CA32C6.dll
c:\programdata\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9
c:\programdata\SecTaskMan\icn_EB940C659E972054EB7A79453A6EF0B9.dll
c:\programdata\SecTaskMan\icn_EDAED600E21E0AD4BA5631F4D09EFAA9
c:\programdata\SecTaskMan\icn_EDAED600E21E0AD4BA5631F4D09EFAA9.dll
c:\programdata\SecTaskMan\icn_F55C81FBF19771C4BA573E79EE101CB4
c:\programdata\SecTaskMan\icn_F55C81FBF19771C4BA573E79EE101CB4.dll
c:\programdata\SecTaskMan\icn_F942F94A19C0F79468FD2B85E5E8677B
c:\programdata\SecTaskMan\icn_F942F94A19C0F79468FD2B85E5E8677B.dll
c:\programdata\SecTaskMan\icn_FCC7C0F46665B4740BE2CA15A459CE39
c:\programdata\SecTaskMan\icn_FCC7C0F46665B4740BE2CA15A459CE39.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 08:16 . 2009-08-06 08:16 -------- d-----w- c:\users\RADOSL~2\AppData\Local\temp
2009-08-06 08:16 . 2009-08-06 08:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-06 08:16 . 2009-08-06 08:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 12:29 . 2009-08-05 12:29 -------- d-----w- c:\program files\Trend Micro
2009-08-05 09:30 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 09:30 . 2009-08-05 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 09:30 . 2009-08-05 09:30 -------- d-----w- c:\programdata\Malwarebytes
2009-08-05 09:30 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:11 . 2009-08-02 22:11 -------- d-----w- c:\program files\ESET
2009-08-01 15:00 . 2009-08-01 15:00 -------- d-----w- c:\program files\EasyPHP3.1
2009-07-29 05:22 . 2009-07-21 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-15 06:41 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:41 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:41 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:41 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 10:42 . 2008-05-27 09:41 25768 ----a-w- c:\windows\system32\drivers\s0017nd5.sys
2009-07-12 10:42 . 2008-05-27 09:41 117672 ----a-w- c:\windows\system32\drivers\s0017unic.sys
2009-07-12 10:42 . 2008-05-27 09:41 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys
2009-07-12 10:42 . 2008-05-27 09:41 111912 ----a-w- c:\windows\system32\drivers\s0017obex.sys
2009-07-12 10:41 . 2008-05-27 09:41 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys
2009-07-12 10:41 . 2008-05-27 09:41 122152 ----a-w- c:\windows\system32\drivers\s0017mdm.sys
2009-07-12 10:41 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys
2009-07-12 10:41 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys
2009-07-12 10:41 . 2008-05-27 09:41 115496 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys
2009-07-12 10:40 . 2008-05-27 09:41 90536 ----a-w- c:\windows\system32\drivers\s0017bus.sys
2009-07-12 10:40 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys
2009-07-12 10:40 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 07:46 . 2008-10-29 19:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 17:45 . 2009-05-12 08:30 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-21 21:52 . 2009-07-29 05:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 20:13 . 2009-07-29 05:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 06:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 11:35 . 2007-06-05 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 10:41 . 2009-07-12 10:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-08 17:44 . 2007-06-05 11:34 -------- d-----w- c:\programdata\Test Drive Unlimited
2009-06-14 15:57 . 2009-06-07 16:22 -------- d--h--w- c:\programdata\ArcSoft
2009-06-07 16:22 . 2009-06-07 16:22 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-07 16:22 . 2009-06-07 16:22 -------- d-----w- c:\program files\WinFast
2009-06-07 16:12 . 2009-06-07 16:12 -------- d-----w- c:\program files\Leadtek Research Inc
2009-06-07 15:40 . 2009-06-07 15:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-03 06:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-31 21:07 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-31 21:07 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-16 12:54 . 2009-05-16 12:54 45568 ----a-w- c:\windows\system32\UTSCSI.EXE
2009-05-16 12:54 . 2009-05-16 12:54 150528 ----a-w- c:\windows\FAVPID.DLL
2009-05-14 13:49 . 2009-05-14 13:49 93312 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-08 22:50 . 2009-05-08 22:50 1459 ----a-w- c:\program files\uninstal.log
2002-05-21 08:00 . 2002-05-21 08:00 1362 ----a-r- c:\program files\ReadMe.txt
2006-05-03 10:06 . 2009-01-24 18:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-01-24 18:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-24 18:18 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-05_16.17.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-05 16:54 . 2009-08-06 07:32 54390 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-06-05 16:45 . 2009-08-05 19:05 12712 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4136404604-2960614731-549300400-1000_UserData.bin
+ 2006-11-02 13:00 . 2009-08-06 08:03 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-08-05 12:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-08-06 08:03 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-08-05 12:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-08-06 08:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:00 . 2009-08-05 12:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:03 . 2009-08-05 19:05 119466 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-08-06 07:57 589884 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-05 12:28 589884 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-06 07:57 101896 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-08-05 12:28 101896 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-20 4608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-18 192000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-01-12 2908160]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-21 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-01-16 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"EasyPHP"="c:\program files\EasyPHP3.1\EasyPHP.exe" [2006-11-19 176128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-02-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-02-12 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Radoslav ćabˇk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ikowin32.exe [2008-1-19 29696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-5-12 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4136404604-2960614731-549300400-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D996F270-FB0C-45C9-BD0B-51B36F3CD214}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{DE889B34-A51C-4F7E-B594-27E0E915707B}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{6A27512D-EA16-43B7-B67A-C0E923867CF1}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{387441EC-BAE4-4EA8-A074-D67CFF5F15E0}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{6925A2DE-49CF-460B-8BDD-80CC9F531314}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{A9F16713-DA7C-431E-9B64-DC0D42BC3B28}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{1139E4C7-B325-40BB-976C-DBE32B858728}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B90BEEB9-6AE6-4DC3-81FB-B57064447A1F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C5F22BDD-6F71-4657-AA43-151192B7B591}e:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:e:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{FA5C51AF-F98C-4E25-9C33-F3B531F57E0D}e:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:e:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{090C209E-71E4-43DB-B400-065911004E5E}d:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:d:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{F02158A9-1D6B-4A8A-8257-C68F61E26B50}d:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:d:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{4CA0D057-9399-418B-9DAE-FB5D1E66A581}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{8267B91E-41BF-4558-9670-8587A008FDE0}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{DC7D271F-2CB4-48D5-85B9-11A3C27209C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C7D6160-463A-4FFE-AB99-3D28D18F02C5}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{83472396-669F-4C38-8E8F-C01B2329EDF3}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{E969F768-E30A-4641-9FED-49A04659BA9D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D9DFA4FB-ED2A-4806-8F46-B5956BA6C136}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{564D209D-4494-4BB8-BD9E-AEDEF03A69A6}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{7637D181-793B-4151-AC1A-0BC937344AC1}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4F9CE77C-D1A8-4408-9969-57855660E983}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DCFBF83C-5723-4944-845D-534268BC6113}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{FE713FFC-815D-4586-AA45-F24744F4D533}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{8E5A4740-D3A1-4C4D-924B-2954519FC29D}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{08FF9B31-3C3A-4B3E-B49B-21896D49BD92}"= UDP:d:\driversrepublic\missionimpossible45-win32.exe:Driver's Republic - Mission Impossible? 045
"{331BF89F-DCC1-47BE-8EC4-4265D480DBAC}"= TCP:d:\driversrepublic\missionimpossible45-win32.exe:Driver's Republic - Mission Impossible? 045
"{62295D44-7CFD-442C-8E20-D8C38265B603}"= UDP:e:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{DA386CC2-8F43-42F2-8BFB-C6656A68CA5F}"= TCP:e:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{3A13685B-EED3-4760-B499-ED808F0B9DEF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{56BE1C92-DB28-4AFE-8290-87360B45404D}e:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:e:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{8E25D922-BA2D-4F0B-B676-74980B0B8E7E}e:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:e:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{42C1D168-28AB-40B9-B92E-63EB0789CA42}e:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:e:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{BB452156-12BC-43A6-8293-27C9732EFDD1}e:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:e:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{8ED7FD0C-160D-415C-AD39-2C3C6D18E5DF}"= UDP:d:\driversrepublic\ovevision19-win32.exe:Driver's Republic - Xgames 2008
"{42CAF8D1-B722-4CE0-8051-CB7EBB681BFC}"= TCP:d:\driversrepublic\ovevision19-win32.exe:Driver's Republic - Xgames 2008
"{FB093BAC-AD63-4CCE-9C73-456C631E92EF}"= UDP:d:\driversrepublic\ovevision20-win32.exe:Driver's Republic - Corvette ZR1 2008
"{725E2229-8D6F-487E-A81B-C327ED48AEA5}"= TCP:d:\driversrepublic\ovevision20-win32.exe:Driver's Republic - Corvette ZR1 2008
"{53C61C38-3CBD-4121-B905-2A7239E1C283}"= UDP:d:\driversrepublic\ovevision21-win32.exe:Driver's Republic - Buzz Box 2008
"{263491A7-5AE9-4CC2-8C0E-57A74A484E6C}"= TCP:d:\driversrepublic\ovevision21-win32.exe:Driver's Republic - Buzz Box 2008
"{F65C0542-5E36-47FB-9AFA-92AF1AB77CB1}"= UDP:d:\driversrepublic\ovevision22-win32.exe:Driver's Republic - Electric Blue 2008
"{71D8D9C8-E742-40AB-963C-DB1E7E30068A}"= TCP:d:\driversrepublic\ovevision22-win32.exe:Driver's Republic - Electric Blue 2008
"{33458602-D4D0-49A0-995B-8919E56BBD91}"= UDP:d:\driversrepublic\ovevision23-win32.exe:Driver's Republic - One Vision 2008
"{0DC1B1BA-F065-470A-B48E-EF62D810A5CB}"= TCP:d:\driversrepublic\ovevision23-win32.exe:Driver's Republic - One Vision 2008
"{C3192CD7-5F7A-438B-B7F5-74066140CB34}"= UDP:d:\driversrepublic\ovevision24-win32.exe:Driver's Republic - History Repeating 2008
"{4E9A4AF1-7085-4BA8-B1D6-DB8FFBDB7649}"= TCP:d:\driversrepublic\ovevision24-win32.exe:Driver's Republic - History Repeating 2008
"{D651AE9B-2E78-47BE-B4C4-29170F493235}"= UDP:d:\driversrepublic\ovevision25-win32.exe:Driver's Republic - VBombers 2008
"{273793F0-9888-493E-91A6-0C80FCE1A61A}"= TCP:d:\driversrepublic\ovevision25-win32.exe:Driver's Republic - VBombers 2008
"{D89CAD05-C5C3-478B-9E84-4340D8F006EC}"= UDP:d:\driversrepublic\ovevision26-win32.exe:Driver's Republic - Baby Blue 025
"{F9488F5E-DFBB-4685-BFE1-670615C12751}"= TCP:d:\driversrepublic\ovevision26-win32.exe:Driver's Republic - Baby Blue 025
"{F2BC6705-177A-4760-BA7D-BB0A00A907BA}"= UDP:d:\driversrepublic\ovevision27-win32.exe:Driver's Republic - Hard & Fast 027
"{D88C89C9-383E-4C75-BB3F-4511D8627C8B}"= TCP:d:\driversrepublic\ovevision27-win32.exe:Driver's Republic - Hard & Fast 027
"{94BA7D81-341A-4265-BF0D-BA3580829BF3}"= UDP:d:\driversrepublic\ovevision28-win32.exe:Driver's Republic - Future Proof 028
"{18D76BD8-50A3-4C14-A05A-83BE70737FA1}"= TCP:d:\driversrepublic\ovevision28-win32.exe:Driver's Republic - Future Proof 028
"{FD7C3194-38E5-45F3-BC56-E4F656145E31}"= UDP:d:\driversrepublic\ovevision29-win32.exe:Driver's Republic - Black Power 029
"{71EB7E6D-F0B7-4C74-93E0-C0071F3E8AF7}"= TCP:d:\driversrepublic\ovevision29-win32.exe:Driver's Republic - Black Power 029
"{A2D911DC-0551-4376-A95B-D22287762B61}"= UDP:d:\driversrepublic\ovevision30-win32.exe:Driver's Republic - The Truth 030
"{AF582517-5BC3-4537-AF52-C61C5484E6D3}"= TCP:d:\driversrepublic\ovevision30-win32.exe:Driver's Republic - The Truth 030
"{3135555E-B1C5-4699-A496-652F697F49C0}"= UDP:d:\driversrepublic\ovevision31-win32.exe:Driver's Republic - Light Years 031
"{AA4B4360-D695-4D85-A9BE-1B4F0C6E73F6}"= TCP:d:\driversrepublic\ovevision31-win32.exe:Driver's Republic - Light Years 031
"{30A48E43-7BCA-42DF-B02C-708B86E906C9}"= UDP:d:\driversrepublic\ovevision32-win32.exe:Driver's Republic - Giant Killer 032
"{5CF766FC-2760-49F9-8AC8-4D61C40DC7C9}"= TCP:d:\driversrepublic\ovevision32-win32.exe:Driver's Republic - Giant Killer 032
"{C3FA422F-F6D6-46E5-81F0-3318FD679E44}"= UDP:d:\driversrepublic\ovevision33-win32.exe:Driver's Republic - The Enemy Within 033
"{ACF83F4C-9562-4636-83A9-81175F621CC9}"= TCP:d:\driversrepublic\ovevision33-win32.exe:Driver's Republic - The Enemy Within 033
"{446C1589-1004-44B5-B580-DC1028AD8DDD}"= UDP:d:\driversrepublic\ovevision34-win32.exe:Driver's Republic - Super Specials 034
"{6209EC9A-2BD5-4376-B0C1-7D3D44CED38F}"= TCP:d:\driversrepublic\ovevision34-win32.exe:Driver's Republic - Super Specials 034
"{1A755BC2-B91F-4A88-8862-C4A7621D9E08}"= UDP:d:\driversrepublic\ovevision35-win32.exe:Driver's Republic - Face Off 035
"{91B12F7E-F914-4167-9AE6-F0065482D7DC}"= TCP:d:\driversrepublic\ovevision35-win32.exe:Driver's Republic - Face Off 035
"{7F452B4E-8DB8-429B-B7E9-17451AA70992}"= UDP:d:\driversrepublic\ovevision36-win32.exe:Driver's Republic - Open Warfare 036
"{75F66073-4CE9-4A85-BF36-DF445442513E}"= TCP:d:\driversrepublic\ovevision36-win32.exe:Driver's Republic - Open Warfare 036
"{7FCDA223-A078-4238-829E-D739556B120A}"= UDP:d:\driversrepublic\ovevision37-win32.exe:Driver's Republic - Pure Zed 037
"{86C1FFB8-9074-4211-95E5-40D283FAFC8F}"= TCP:d:\driversrepublic\ovevision37-win32.exe:Driver's Republic - Pure Zed 037
"{2132588F-A10E-4973-B733-ED984740781B}"= UDP:d:\driversrepublic\ovevision38-win32.exe:Driver's Republic - Fierce Creatures 038
"{14758368-0961-4583-8816-6EC6DD128869}"= TCP:d:\driversrepublic\ovevision38-win32.exe:Driver's Republic - Fierce Creatures 038
"{9CB8FAD0-F9D3-4B91-B52E-9688A281482D}"= UDP:d:\driversrepublic\ovevision39-win32.exe:Driver's Republic - NightFever 039
"{C8C74249-C9EA-44E2-B668-84816DD19F42}"= TCP:d:\driversrepublic\ovevision39-win32.exe:Driver's Republic - NightFever 039
"{D4A3A844-181D-412D-8ED8-E394CF0D5179}"= UDP:d:\driversrepublic\ovevision40-win32.exe:Driver's Republic - 8 to the power of 10 040
"{FDC773E5-2575-499D-81DC-76B87F0E82B7}"= TCP:d:\driversrepublic\ovevision40-win32.exe:Driver's Republic - 8 to the power of 10 040
"{1F360C03-7E42-4436-AB26-309D5734C1BC}"= UDP:d:\driversrepublic\ovevision41-win32.exe:Driver's Republic - Thunder Cats 041
"{C37909D6-6EF6-4D5C-9CA5-07E41F365249}"= TCP:d:\driversrepublic\ovevision41-win32.exe:Driver's Republic - Thunder Cats 041
"{E63ACCAB-4BB9-4195-94BE-1B9BE4182DCB}"= UDP:d:\driversrepublic\ovevision42-win32.exe:Driver's Republic - Prize Fight 042
"{3DF1E2F3-4A10-4918-950B-517F9DE9A12C}"= TCP:d:\driversrepublic\ovevision42-win32.exe:Driver's Republic - Prize Fight 042
"{3CC268FB-1B58-4609-8CC9-90BAB8BB0839}"= UDP:d:\driversrepublic\ovevision43-win32.exe:Driver's Republic - Pocket Monsters 043
"{F452FAB0-58DB-4E3A-B9EF-3730EEF679FB}"= TCP:d:\driversrepublic\ovevision43-win32.exe:Driver's Republic - Pocket Monsters 043
"{75AD7B36-0108-484B-BF1D-7381D7441231}"= UDP:d:\driversrepublic\ovevision44-win32.exe:Driver's Republic - German Bite 044
"{AE5B0A9A-8B18-4ACC-9032-96CD13A4ED12}"= TCP:d:\driversrepublic\ovevision44-win32.exe:Driver's Republic - German Bite 044
"{E2929D05-FA25-4FA4-A762-46978C46AF1B}"= UDP:d:\driversrepublic\ovevision45-win32.exe:Driver's Republic - Mission Impossible? 045
"{08D7C319-E857-4754-8A94-5BB94004C896}"= TCP:d:\driversrepublic\ovevision45-win32.exe:Driver's Republic - Mission Impossible? 045
"{6DAEE608-4EF8-46AF-8C84-D2A2121EC345}"= UDP:d:\driversrepublic\ovevision46-win32.exe:Driver's Republic - Six Appeal 046
"{83FBCD74-98D8-4EC2-80F0-54684727DE52}"= TCP:d:\driversrepublic\ovevision46-win32.exe:Driver's Republic - Six Appeal 046
"{483D6B38-D5CA-4454-A59B-3D7BDFD1212A}"= UDP:d:\driversrepublic\ovevision47-win32.exe:Driver's Republic - Red Raw 047
"{9BE7E5E1-C673-4606-85D7-44519A328FC8}"= TCP:d:\driversrepublic\ovevision47-win32.exe:Driver's Republic - Red Raw 047
"{921418D5-6C82-4153-B55C-2C0791FC7825}"= UDP:d:\driversrepublic\ovevision48-win32.exe:Driver's Republic - Chasing Shadows 048
"{1C470C18-18CD-42D4-87AD-140F95D06A64}"= TCP:d:\driversrepublic\ovevision48-win32.exe:Driver's Republic - Chasing Shadows 048
"{7FC16FF5-FD0A-4232-A27B-2F79F1407383}"= UDP:d:\driversrepublic\ovevision49-win32.exe:Driver's Republic - Monsters Inc 049
"{6D5B2BEB-8AFD-47DA-9BA6-81EE0EA67EBD}"= TCP:d:\driversrepublic\ovevision49-win32.exe:Driver's Republic - Monsters Inc 049
"{1E79A648-43F4-43F5-953E-57B3AE21AB64}"= UDP:d:\driversrepublic\ovevision50-win32.exe:Driver's Republic - Star Wars 050
"{B153A6B9-B656-4469-8017-78C4672B2D45}"= TCP:d:\driversrepublic\ovevision50-win32.exe:Driver's Republic - Star Wars 050
"{9753139C-D347-4C7F-8F82-1FD90E004A79}"= UDP:d:\driversrepublic\ovevision51-win32.exe:Driver's Republic - Long Time Coming 051
"{FA4EFCF5-5ED3-46E4-8D37-24E8C1CD2DAE}"= TCP:d:\driversrepublic\ovevision51-win32.exe:Driver's Republic - Long Time Coming 051
"{8997528F-CBE6-4D63-8101-857361861F83}"= UDP:d:\driversrepublic\ovevision52-win32.exe:Driver's Republic - Perfect 10 052
"{9DE962ED-2C34-4B07-A3E6-B4518001972A}"= TCP:d:\driversrepublic\ovevision52-win32.exe:Driver's Republic - Perfect 10 052
"{7788E518-55F4-48BA-864D-A6413E246E52}"= UDP:d:\driversrepublic\ovevision53-win32.exe:Driver's Republic - Get Behind Me Satan 053
"{DFDAC7AB-C312-4590-B6DF-95374CC197EE}"= TCP:d:\driversrepublic\ovevision53-win32.exe:Driver's Republic - Get Behind Me Satan 053
"{998EDDAB-E4AB-4B0E-B2C0-12984053ABDA}"= UDP:d:\driversrepublic\ovevision54-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{178A43E3-D8C3-4C60-A2F4-014D4DDF6E9B}"= TCP:d:\driversrepublic\ovevision54-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{608208E2-20FD-437E-8093-DA9F23D5D6F0}"= UDP:d:\driversrepublic\ovevision55-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{25483AEC-4396-46F6-8213-3D2624806E37}"= TCP:d:\driversrepublic\ovevision55-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"TCP Query User{10CBC5C9-F88C-44F2-84F1-D9501F4FA88D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{19A68827-57CF-49E6-9CD8-28065192C8EC}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F13C74EE-593F-4F57-A46A-2825C1483B3E}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{083F9EE7-B07A-448E-84BC-16239E8DF2AD}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.

R0 pe3anrqc;UAZ Racing 4x4 Environment Driver (pe3anrqc);c:\windows\System32\drivers\pe3anrqc.sys [9. 11. 2007 15:07 65152]
R0 ps7anrqc;UAZ Racing 4x4 Synchronization Driver (ps7anrqc);c:\windows\System32\drivers\ps7anrqc.sys [9. 11. 2007 15:07 68744]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14. 5. 2009 15:47 107256]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [7. 6. 2009 19:14 59776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 15:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14. 5. 2009 15:49 93312]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt11\ArcNameService.exe [1. 5. 2007 10:15 157264]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\System32\drivers\wf2ktunr.sys [7. 6. 2009 19:14 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\System32\drivers\wf2kXbar.sys [7. 6. 2009 19:14 9600]
S2 pr2anrqc;UAZ Racing 4x4 Drivers Auto Removal (pr2anrqc);c:\windows\system32\pr2anrqc.exe svc --> c:\windows\system32\pr2anrqc.exe svc [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [12. 7. 2009 12:40 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [12. 7. 2009 12:41 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [12. 7. 2009 12:41 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [12. 7. 2009 12:41 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [12. 7. 2009 12:42 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [12. 7. 2009 12:42 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [12. 7. 2009 12:42 117672]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23. 4. 2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [23. 4. 2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [23. 4. 2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [23. 4. 2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [23. 4. 2007 13:54 98568]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\System32\drivers\s716bus.sys [27. 12. 2007 21:39 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\System32\drivers\s716mdfl.sys [27. 12. 2007 21:39 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\System32\drivers\s716mdm.sys [27. 12. 2007 21:39 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s716mgmt.sys [27. 12. 2007 21:40 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\System32\drivers\s716nd5.sys [27. 12. 2007 21:39 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\System32\drivers\s716obex.sys [27. 12. 2007 21:39 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\System32\drivers\s716unic.sys [27. 12. 2007 21:40 98952]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [27. 12. 2007 21:40 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [27. 12. 2007 21:40 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [27. 12. 2007 21:40 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [27. 12. 2007 21:41 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [19. 6. 2007 8:51 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [27. 12. 2007 21:41 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [27. 12. 2007 21:41 97704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download All by FlashGet - d:\prog files\FlashGet\jc_all.htm
IE: Download using FlashGet - d:\prog files\FlashGet\jc_link.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 10:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4136404604-2960614731-549300400-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8b,83,2b,12,6f,c7,08,49,0b,44,98,b7,ee,2e,f9,8e,39,fe,10,31,55,9c,03,
d7,7e,fc,fc,d3,2d,1d,e6,cc,14,78,1e,9b,ef,d9,c3,eb,7a,a4,2e,27,b0,4b,1d,51,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\oodag.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\UTSCSI.EXE
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-08-06 10:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 08:29
ComboFix2.txt 2009-08-06 08:02
ComboFix3.txt 2009-08-05 19:13
ComboFix4.txt 2009-08-05 16:23

Pre-Run: 11 014 553 600 bytes free
Post-Run: 10 972 315 648 bytes free

615 --- E O F --- 2009-08-04 06:53

RadoS84 · Příspěvekod **RadoS84** » 06 srp 2009 10:52

Tu je log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:38, on 6. 8. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\EasyPHP3.1\EasyPHP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\EasyPHP3.1\MySql\bin\mysqld.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP3.1\EasyPHP.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - D:\Prog Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Prog Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://195.80.177.99/ConnectComputer/nshelp.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: UAZ Racing 4x4 Drivers Auto Removal (pr2anrqc) (pr2anrqc) - Cenega Publishing - C:\Windows\system32\pr2anrqc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\Windows\system32\UTSCSI.EXE

--
End of file - 10153 bytes

Příspěvekod **jaro3** » 06 srp 2009 12:51

Já si to myslel , ještě jeden (poslední)script v CF:

Kód: Vybrat vše

KillAll::
File::
c:\users\Radoslav ćabˇk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ikowin32.exe

Postup stejný , pošli potom log z CF.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O4 - Startup: ikowin32.exe
O13 - Gopher Prefix:

Pak pošli nový log z HJT.

Problém s Win32/Daurso.A, prosím kontrolu logu Vyřešeno

Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Re: Problém s Win32/Daurso.A, prosím kontrolu logu

Kdo je online