Problém s Win32/Daurso.A, prosím kontrolu logu

[RadoS84]

Tu je log z ComboFixu:

ComboFix 09-08-04.04 - Radoslav Šabík . 08. 2009 13:22.5.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.421.1033.18.3327.2086 [GMT 2:00]
Running from: c:\users\Radoslav Šabík\Desktop\ComboFix.exe
Command switches used :: c:\users\Radoslav Šabík\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\Radoslav ćabˇk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ikowin32.exe"
.

((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 11:28 . 2009-08-06 11:28 -------- d-----w- c:\users\RADOSL~2\AppData\Local\temp
2009-08-06 11:28 . 2009-08-06 11:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-06 11:28 . 2009-08-06 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 12:29 . 2009-08-05 12:29 -------- d-----w- c:\program files\Trend Micro
2009-08-05 09:30 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 09:30 . 2009-08-05 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 09:30 . 2009-08-05 09:30 -------- d-----w- c:\programdata\Malwarebytes
2009-08-05 09:30 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 22:11 . 2009-08-02 22:11 -------- d-----w- c:\program files\ESET
2009-08-01 15:00 . 2009-08-01 15:00 -------- d-----w- c:\program files\EasyPHP3.1
2009-07-29 05:22 . 2009-07-21 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-15 06:41 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:41 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:41 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:41 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 10:42 . 2008-05-27 09:41 25768 ----a-w- c:\windows\system32\drivers\s0017nd5.sys
2009-07-12 10:42 . 2008-05-27 09:41 117672 ----a-w- c:\windows\system32\drivers\s0017unic.sys
2009-07-12 10:42 . 2008-05-27 09:41 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys
2009-07-12 10:42 . 2008-05-27 09:41 111912 ----a-w- c:\windows\system32\drivers\s0017obex.sys
2009-07-12 10:41 . 2008-05-27 09:41 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys
2009-07-12 10:41 . 2008-05-27 09:41 122152 ----a-w- c:\windows\system32\drivers\s0017mdm.sys
2009-07-12 10:41 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys
2009-07-12 10:41 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys
2009-07-12 10:41 . 2008-05-27 09:41 115496 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys
2009-07-12 10:40 . 2008-05-27 09:41 90536 ----a-w- c:\windows\system32\drivers\s0017bus.sys
2009-07-12 10:40 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys
2009-07-12 10:40 . 2008-05-27 09:41 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 07:46 . 2008-10-29 19:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 17:45 . 2009-05-12 08:30 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-21 21:52 . 2009-07-29 05:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 05:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 20:13 . 2009-07-29 05:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 06:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 11:35 . 2007-06-05 17:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 10:41 . 2009-07-12 10:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-08 17:44 . 2007-06-05 11:34 -------- d-----w- c:\programdata\Test Drive Unlimited
2009-06-14 15:57 . 2009-06-07 16:22 -------- d--h--w- c:\programdata\ArcSoft
2009-06-07 16:22 . 2009-06-07 16:22 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-07 16:22 . 2009-06-07 16:22 -------- d-----w- c:\program files\WinFast
2009-06-07 16:12 . 2009-06-07 16:12 -------- d-----w- c:\program files\Leadtek Research Inc
2009-06-07 15:40 . 2009-06-07 15:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-03 06:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-31 21:07 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-31 21:07 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-16 12:54 . 2009-05-16 12:54 45568 ----a-w- c:\windows\system32\UTSCSI.EXE
2009-05-16 12:54 . 2009-05-16 12:54 150528 ----a-w- c:\windows\FAVPID.DLL
2009-05-14 13:49 . 2009-05-14 13:49 93312 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-08 22:50 . 2009-05-08 22:50 1459 ----a-w- c:\program files\uninstal.log
2002-05-21 08:00 . 2002-05-21 08:00 1362 ----a-r- c:\program files\ReadMe.txt
2006-05-03 10:06 . 2009-01-24 18:18 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-01-24 18:18 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-24 18:18 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-05_16.17.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-05 16:54 . 2009-08-06 07:32 54390 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-06-05 16:45 . 2009-08-06 08:20 12744 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4136404604-2960614731-549300400-1000_UserData.bin
- 2006-11-02 13:00 . 2009-08-05 12:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-08-06 08:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-08-06 08:33 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-08-05 12:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-08-06 08:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:00 . 2009-08-05 12:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-06 11:29 . 2009-08-06 11:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-05 16:11 . 2009-08-05 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-05 16:11 . 2009-08-05 16:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-06 11:29 . 2009-08-06 11:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:03 . 2009-08-06 08:20 119732 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-08-06 08:24 589884 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-05 12:28 589884 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-06 08:24 101896 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-08-05 12:28 101896 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-10-20 4608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-18 192000]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-01-12 2908160]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-21 185896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-01-16 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"EasyPHP"="c:\program files\EasyPHP3.1\EasyPHP.exe" [2006-11-19 176128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CTHELPER.EXE [2007-02-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-02-12 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Radoslav ćabˇk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ikowin32.exe [2008-1-19 29696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-5-12 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4136404604-2960614731-549300400-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D996F270-FB0C-45C9-BD0B-51B36F3CD214}c:\\program files\\icqlite\\icqlite.exe"= UDP:c:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{DE889B34-A51C-4F7E-B594-27E0E915707B}c:\\program files\\icqlite\\icqlite.exe"= TCP:c:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{6A27512D-EA16-43B7-B67A-C0E923867CF1}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{387441EC-BAE4-4EA8-A074-D67CFF5F15E0}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"TCP Query User{6925A2DE-49CF-460B-8BDD-80CC9F531314}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{A9F16713-DA7C-431E-9B64-DC0D42BC3B28}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{1139E4C7-B325-40BB-976C-DBE32B858728}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B90BEEB9-6AE6-4DC3-81FB-B57064447A1F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C5F22BDD-6F71-4657-AA43-151192B7B591}e:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:e:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{FA5C51AF-F98C-4E25-9C33-F3B531F57E0D}e:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:e:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{090C209E-71E4-43DB-B400-065911004E5E}d:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:d:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{F02158A9-1D6B-4A8A-8257-C68F61E26B50}d:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:d:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{4CA0D057-9399-418B-9DAE-FB5D1E66A581}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{8267B91E-41BF-4558-9670-8587A008FDE0}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{DC7D271F-2CB4-48D5-85B9-11A3C27209C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C7D6160-463A-4FFE-AB99-3D28D18F02C5}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{83472396-669F-4C38-8E8F-C01B2329EDF3}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{E969F768-E30A-4641-9FED-49A04659BA9D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D9DFA4FB-ED2A-4806-8F46-B5956BA6C136}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{564D209D-4494-4BB8-BD9E-AEDEF03A69A6}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{7637D181-793B-4151-AC1A-0BC937344AC1}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4F9CE77C-D1A8-4408-9969-57855660E983}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DCFBF83C-5723-4944-845D-534268BC6113}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{FE713FFC-815D-4586-AA45-F24744F4D533}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{8E5A4740-D3A1-4C4D-924B-2954519FC29D}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{08FF9B31-3C3A-4B3E-B49B-21896D49BD92}"= UDP:d:\driversrepublic\missionimpossible45-win32.exe:Driver's Republic - Mission Impossible? 045
"{331BF89F-DCC1-47BE-8EC4-4265D480DBAC}"= TCP:d:\driversrepublic\missionimpossible45-win32.exe:Driver's Republic - Mission Impossible? 045
"{62295D44-7CFD-442C-8E20-D8C38265B603}"= UDP:e:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{DA386CC2-8F43-42F2-8BFB-C6656A68CA5F}"= TCP:e:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{3A13685B-EED3-4760-B499-ED808F0B9DEF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{56BE1C92-DB28-4AFE-8290-87360B45404D}e:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:e:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{8E25D922-BA2D-4F0B-B676-74980B0B8E7E}e:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:e:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{42C1D168-28AB-40B9-B92E-63EB0789CA42}e:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:e:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{BB452156-12BC-43A6-8293-27C9732EFDD1}e:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:e:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{8ED7FD0C-160D-415C-AD39-2C3C6D18E5DF}"= UDP:d:\driversrepublic\ovevision19-win32.exe:Driver's Republic - Xgames 2008
"{42CAF8D1-B722-4CE0-8051-CB7EBB681BFC}"= TCP:d:\driversrepublic\ovevision19-win32.exe:Driver's Republic - Xgames 2008
"{FB093BAC-AD63-4CCE-9C73-456C631E92EF}"= UDP:d:\driversrepublic\ovevision20-win32.exe:Driver's Republic - Corvette ZR1 2008
"{725E2229-8D6F-487E-A81B-C327ED48AEA5}"= TCP:d:\driversrepublic\ovevision20-win32.exe:Driver's Republic - Corvette ZR1 2008
"{53C61C38-3CBD-4121-B905-2A7239E1C283}"= UDP:d:\driversrepublic\ovevision21-win32.exe:Driver's Republic - Buzz Box 2008
"{263491A7-5AE9-4CC2-8C0E-57A74A484E6C}"= TCP:d:\driversrepublic\ovevision21-win32.exe:Driver's Republic - Buzz Box 2008
"{F65C0542-5E36-47FB-9AFA-92AF1AB77CB1}"= UDP:d:\driversrepublic\ovevision22-win32.exe:Driver's Republic - Electric Blue 2008
"{71D8D9C8-E742-40AB-963C-DB1E7E30068A}"= TCP:d:\driversrepublic\ovevision22-win32.exe:Driver's Republic - Electric Blue 2008
"{33458602-D4D0-49A0-995B-8919E56BBD91}"= UDP:d:\driversrepublic\ovevision23-win32.exe:Driver's Republic - One Vision 2008
"{0DC1B1BA-F065-470A-B48E-EF62D810A5CB}"= TCP:d:\driversrepublic\ovevision23-win32.exe:Driver's Republic - One Vision 2008
"{C3192CD7-5F7A-438B-B7F5-74066140CB34}"= UDP:d:\driversrepublic\ovevision24-win32.exe:Driver's Republic - History Repeating 2008
"{4E9A4AF1-7085-4BA8-B1D6-DB8FFBDB7649}"= TCP:d:\driversrepublic\ovevision24-win32.exe:Driver's Republic - History Repeating 2008
"{D651AE9B-2E78-47BE-B4C4-29170F493235}"= UDP:d:\driversrepublic\ovevision25-win32.exe:Driver's Republic - VBombers 2008
"{273793F0-9888-493E-91A6-0C80FCE1A61A}"= TCP:d:\driversrepublic\ovevision25-win32.exe:Driver's Republic - VBombers 2008
"{D89CAD05-C5C3-478B-9E84-4340D8F006EC}"= UDP:d:\driversrepublic\ovevision26-win32.exe:Driver's Republic - Baby Blue 025
"{F9488F5E-DFBB-4685-BFE1-670615C12751}"= TCP:d:\driversrepublic\ovevision26-win32.exe:Driver's Republic - Baby Blue 025
"{F2BC6705-177A-4760-BA7D-BB0A00A907BA}"= UDP:d:\driversrepublic\ovevision27-win32.exe:Driver's Republic - Hard & Fast 027
"{D88C89C9-383E-4C75-BB3F-4511D8627C8B}"= TCP:d:\driversrepublic\ovevision27-win32.exe:Driver's Republic - Hard & Fast 027
"{94BA7D81-341A-4265-BF0D-BA3580829BF3}"= UDP:d:\driversrepublic\ovevision28-win32.exe:Driver's Republic - Future Proof 028
"{18D76BD8-50A3-4C14-A05A-83BE70737FA1}"= TCP:d:\driversrepublic\ovevision28-win32.exe:Driver's Republic - Future Proof 028
"{FD7C3194-38E5-45F3-BC56-E4F656145E31}"= UDP:d:\driversrepublic\ovevision29-win32.exe:Driver's Republic - Black Power 029
"{71EB7E6D-F0B7-4C74-93E0-C0071F3E8AF7}"= TCP:d:\driversrepublic\ovevision29-win32.exe:Driver's Republic - Black Power 029
"{A2D911DC-0551-4376-A95B-D22287762B61}"= UDP:d:\driversrepublic\ovevision30-win32.exe:Driver's Republic - The Truth 030
"{AF582517-5BC3-4537-AF52-C61C5484E6D3}"= TCP:d:\driversrepublic\ovevision30-win32.exe:Driver's Republic - The Truth 030
"{3135555E-B1C5-4699-A496-652F697F49C0}"= UDP:d:\driversrepublic\ovevision31-win32.exe:Driver's Republic - Light Years 031
"{AA4B4360-D695-4D85-A9BE-1B4F0C6E73F6}"= TCP:d:\driversrepublic\ovevision31-win32.exe:Driver's Republic - Light Years 031
"{30A48E43-7BCA-42DF-B02C-708B86E906C9}"= UDP:d:\driversrepublic\ovevision32-win32.exe:Driver's Republic - Giant Killer 032
"{5CF766FC-2760-49F9-8AC8-4D61C40DC7C9}"= TCP:d:\driversrepublic\ovevision32-win32.exe:Driver's Republic - Giant Killer 032
"{C3FA422F-F6D6-46E5-81F0-3318FD679E44}"= UDP:d:\driversrepublic\ovevision33-win32.exe:Driver's Republic - The Enemy Within 033
"{ACF83F4C-9562-4636-83A9-81175F621CC9}"= TCP:d:\driversrepublic\ovevision33-win32.exe:Driver's Republic - The Enemy Within 033
"{446C1589-1004-44B5-B580-DC1028AD8DDD}"= UDP:d:\driversrepublic\ovevision34-win32.exe:Driver's Republic - Super Specials 034
"{6209EC9A-2BD5-4376-B0C1-7D3D44CED38F}"= TCP:d:\driversrepublic\ovevision34-win32.exe:Driver's Republic - Super Specials 034
"{1A755BC2-B91F-4A88-8862-C4A7621D9E08}"= UDP:d:\driversrepublic\ovevision35-win32.exe:Driver's Republic - Face Off 035
"{91B12F7E-F914-4167-9AE6-F0065482D7DC}"= TCP:d:\driversrepublic\ovevision35-win32.exe:Driver's Republic - Face Off 035
"{7F452B4E-8DB8-429B-B7E9-17451AA70992}"= UDP:d:\driversrepublic\ovevision36-win32.exe:Driver's Republic - Open Warfare 036
"{75F66073-4CE9-4A85-BF36-DF445442513E}"= TCP:d:\driversrepublic\ovevision36-win32.exe:Driver's Republic - Open Warfare 036
"{7FCDA223-A078-4238-829E-D739556B120A}"= UDP:d:\driversrepublic\ovevision37-win32.exe:Driver's Republic - Pure Zed 037
"{86C1FFB8-9074-4211-95E5-40D283FAFC8F}"= TCP:d:\driversrepublic\ovevision37-win32.exe:Driver's Republic - Pure Zed 037
"{2132588F-A10E-4973-B733-ED984740781B}"= UDP:d:\driversrepublic\ovevision38-win32.exe:Driver's Republic - Fierce Creatures 038
"{14758368-0961-4583-8816-6EC6DD128869}"= TCP:d:\driversrepublic\ovevision38-win32.exe:Driver's Republic - Fierce Creatures 038
"{9CB8FAD0-F9D3-4B91-B52E-9688A281482D}"= UDP:d:\driversrepublic\ovevision39-win32.exe:Driver's Republic - NightFever 039
"{C8C74249-C9EA-44E2-B668-84816DD19F42}"= TCP:d:\driversrepublic\ovevision39-win32.exe:Driver's Republic - NightFever 039
"{D4A3A844-181D-412D-8ED8-E394CF0D5179}"= UDP:d:\driversrepublic\ovevision40-win32.exe:Driver's Republic - 8 to the power of 10 040
"{FDC773E5-2575-499D-81DC-76B87F0E82B7}"= TCP:d:\driversrepublic\ovevision40-win32.exe:Driver's Republic - 8 to the power of 10 040
"{1F360C03-7E42-4436-AB26-309D5734C1BC}"= UDP:d:\driversrepublic\ovevision41-win32.exe:Driver's Republic - Thunder Cats 041
"{C37909D6-6EF6-4D5C-9CA5-07E41F365249}"= TCP:d:\driversrepublic\ovevision41-win32.exe:Driver's Republic - Thunder Cats 041
"{E63ACCAB-4BB9-4195-94BE-1B9BE4182DCB}"= UDP:d:\driversrepublic\ovevision42-win32.exe:Driver's Republic - Prize Fight 042
"{3DF1E2F3-4A10-4918-950B-517F9DE9A12C}"= TCP:d:\driversrepublic\ovevision42-win32.exe:Driver's Republic - Prize Fight 042
"{3CC268FB-1B58-4609-8CC9-90BAB8BB0839}"= UDP:d:\driversrepublic\ovevision43-win32.exe:Driver's Republic - Pocket Monsters 043
"{F452FAB0-58DB-4E3A-B9EF-3730EEF679FB}"= TCP:d:\driversrepublic\ovevision43-win32.exe:Driver's Republic - Pocket Monsters 043
"{75AD7B36-0108-484B-BF1D-7381D7441231}"= UDP:d:\driversrepublic\ovevision44-win32.exe:Driver's Republic - German Bite 044
"{AE5B0A9A-8B18-4ACC-9032-96CD13A4ED12}"= TCP:d:\driversrepublic\ovevision44-win32.exe:Driver's Republic - German Bite 044
"{E2929D05-FA25-4FA4-A762-46978C46AF1B}"= UDP:d:\driversrepublic\ovevision45-win32.exe:Driver's Republic - Mission Impossible? 045
"{08D7C319-E857-4754-8A94-5BB94004C896}"= TCP:d:\driversrepublic\ovevision45-win32.exe:Driver's Republic - Mission Impossible? 045
"{6DAEE608-4EF8-46AF-8C84-D2A2121EC345}"= UDP:d:\driversrepublic\ovevision46-win32.exe:Driver's Republic - Six Appeal 046
"{83FBCD74-98D8-4EC2-80F0-54684727DE52}"= TCP:d:\driversrepublic\ovevision46-win32.exe:Driver's Republic - Six Appeal 046
"{483D6B38-D5CA-4454-A59B-3D7BDFD1212A}"= UDP:d:\driversrepublic\ovevision47-win32.exe:Driver's Republic - Red Raw 047
"{9BE7E5E1-C673-4606-85D7-44519A328FC8}"= TCP:d:\driversrepublic\ovevision47-win32.exe:Driver's Republic - Red Raw 047
"{921418D5-6C82-4153-B55C-2C0791FC7825}"= UDP:d:\driversrepublic\ovevision48-win32.exe:Driver's Republic - Chasing Shadows 048
"{1C470C18-18CD-42D4-87AD-140F95D06A64}"= TCP:d:\driversrepublic\ovevision48-win32.exe:Driver's Republic - Chasing Shadows 048
"{7FC16FF5-FD0A-4232-A27B-2F79F1407383}"= UDP:d:\driversrepublic\ovevision49-win32.exe:Driver's Republic - Monsters Inc 049
"{6D5B2BEB-8AFD-47DA-9BA6-81EE0EA67EBD}"= TCP:d:\driversrepublic\ovevision49-win32.exe:Driver's Republic - Monsters Inc 049
"{1E79A648-43F4-43F5-953E-57B3AE21AB64}"= UDP:d:\driversrepublic\ovevision50-win32.exe:Driver's Republic - Star Wars 050
"{B153A6B9-B656-4469-8017-78C4672B2D45}"= TCP:d:\driversrepublic\ovevision50-win32.exe:Driver's Republic - Star Wars 050
"{9753139C-D347-4C7F-8F82-1FD90E004A79}"= UDP:d:\driversrepublic\ovevision51-win32.exe:Driver's Republic - Long Time Coming 051
"{FA4EFCF5-5ED3-46E4-8D37-24E8C1CD2DAE}"= TCP:d:\driversrepublic\ovevision51-win32.exe:Driver's Republic - Long Time Coming 051
"{8997528F-CBE6-4D63-8101-857361861F83}"= UDP:d:\driversrepublic\ovevision52-win32.exe:Driver's Republic - Perfect 10 052
"{9DE962ED-2C34-4B07-A3E6-B4518001972A}"= TCP:d:\driversrepublic\ovevision52-win32.exe:Driver's Republic - Perfect 10 052
"{7788E518-55F4-48BA-864D-A6413E246E52}"= UDP:d:\driversrepublic\ovevision53-win32.exe:Driver's Republic - Get Behind Me Satan 053
"{DFDAC7AB-C312-4590-B6DF-95374CC197EE}"= TCP:d:\driversrepublic\ovevision53-win32.exe:Driver's Republic - Get Behind Me Satan 053
"{998EDDAB-E4AB-4B0E-B2C0-12984053ABDA}"= UDP:d:\driversrepublic\ovevision54-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{178A43E3-D8C3-4C60-A2F4-014D4DDF6E9B}"= TCP:d:\driversrepublic\ovevision54-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{608208E2-20FD-437E-8093-DA9F23D5D6F0}"= UDP:d:\driversrepublic\ovevision55-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"{25483AEC-4396-46F6-8213-3D2624806E37}"= TCP:d:\driversrepublic\ovevision55-win32.exe:Driver's Republic - Getting To Know The GT-R 054
"TCP Query User{10CBC5C9-F88C-44F2-84F1-D9501F4FA88D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{19A68827-57CF-49E6-9CD8-28065192C8EC}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{F13C74EE-593F-4F57-A46A-2825C1483B3E}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{083F9EE7-B07A-448E-84BC-16239E8DF2AD}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.

R0 pe3anrqc;UAZ Racing 4x4 Environment Driver (pe3anrqc);c:\windows\System32\drivers\pe3anrqc.sys [9. 11. 2007 15:07 65152]
R0 ps7anrqc;UAZ Racing 4x4 Synchronization Driver (ps7anrqc);c:\windows\System32\drivers\ps7anrqc.sys [9. 11. 2007 15:07 68744]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14. 5. 2009 15:47 107256]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [7. 6. 2009 19:14 59776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 15:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14. 5. 2009 15:49 93312]
R2 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt11\ArcNameService.exe [1. 5. 2007 10:15 157264]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\System32\drivers\wf2ktunr.sys [7. 6. 2009 19:14 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\System32\drivers\wf2kXbar.sys [7. 6. 2009 19:14 9600]
S2 pr2anrqc;UAZ Racing 4x4 Drivers Auto Removal (pr2anrqc);c:\windows\system32\pr2anrqc.exe svc --> c:\windows\system32\pr2anrqc.exe svc [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [12. 7. 2009 12:40 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [12. 7. 2009 12:41 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [12. 7. 2009 12:41 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [12. 7. 2009 12:41 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [12. 7. 2009 12:42 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [12. 7. 2009 12:42 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [12. 7. 2009 12:42 117672]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23. 4. 2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [23. 4. 2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [23. 4. 2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [23. 4. 2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [23. 4. 2007 13:54 98568]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\System32\drivers\s716bus.sys [27. 12. 2007 21:39 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\System32\drivers\s716mdfl.sys [27. 12. 2007 21:39 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\System32\drivers\s716mdm.sys [27. 12. 2007 21:39 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s716mgmt.sys [27. 12. 2007 21:40 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\System32\drivers\s716nd5.sys [27. 12. 2007 21:39 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\System32\drivers\s716obex.sys [27. 12. 2007 21:39 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\System32\drivers\s716unic.sys [27. 12. 2007 21:40 98952]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [27. 12. 2007 21:40 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [27. 12. 2007 21:40 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [27. 12. 2007 21:40 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [27. 12. 2007 21:41 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [19. 6. 2007 8:51 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [27. 12. 2007 21:41 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [27. 12. 2007 21:41 97704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c" onclick="window.open(this.href);return false;:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c" onclick="window.open(this.href);return false;:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download All by FlashGet - d:\prog files\FlashGet\jc_all.htm
IE: Download using FlashGet - d:\prog files\FlashGet\jc_link.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-08-06 13:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4136404604-2960614731-549300400-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8b,83,2b,12,6f,c7,08,49,0b,44,98,b7,ee,2e,f9,8e,39,fe,10,31,55,9c,03,
d7,7e,fc,fc,d3,2d,1d,e6,cc,14,78,1e,9b,ef,d9,c3,eb,7a,a4,2e,27,b0,4b,1d,51,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2332)
c:\windows\System32\ctagent.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\oodag.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\UTSCSI.EXE
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2009-08-06 13:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 11:40
ComboFix2.txt 2009-08-06 08:29
ComboFix3.txt 2009-08-06 08:02
ComboFix4.txt 2009-08-05 19:13
ComboFix5.txt 2009-08-06 11:21

Pre-Run: 11 020 496 896 bytes free
Post-Run: 10 971 402 240 bytes free

362 --- E O F --- 2009-08-04 06:53

Tu je log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:38, on 6. 8. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP3.1\EasyPHP.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C" onclick="window.open(this.href);return false;:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C" onclick="window.open(this.href);return false;:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C" onclick="window.open(this.href);return false;:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C" onclick="window.open(this.href);return false;:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C" onclick="window.open(this.href);return false;:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C" onclick="window.open(this.href);return false;:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C" onclick="window.open(this.href);return false;:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C" onclick="window.open(this.href);return false;:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C" onclick="window.open(this.href);return false;:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C" onclick="window.open(this.href);return false;:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - D:\Prog Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Prog Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C" onclick="window.open(this.href);return false;:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://195.80.177.99/ConnectComputer/nshelp.dll" onclick="window.open(this.href);return false;
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100" onclick="window.open(this.href);return false;
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: UAZ Racing 4x4 Drivers Auto Removal (pr2anrqc) (pr2anrqc) - Cenega Publishing - C:\Windows\system32\pr2anrqc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\Windows\system32\UTSCSI.EXE

--
End of file - 9623 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.

[RadoS84]

Windows Defender už nehlási problém. Použil som aj programy na vyčistenie podľa inštrukcií. Ďakujem za tvoj čas, ktorý si mi venoval.