Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/TrojanDownloader.Wigon.BS


  • Please log in to reply
9 replies to this topic

#1 Csinszki

Csinszki

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 27 March 2009 - 03:39 PM

Hi

Please help me! The NOD32 always give alert: acpi32.sys, nicsk32.sys, fips32cup.sys, netsik.sys etc.


DDS (Ver_09-03-16.01) - FAT32x86
Run by Rendszergazda at 21:22:35,01 on 2009.03.27.
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.511.172 [GMT 1:00]

AV: ESET NOD32 Antivirus System 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Rendszergazda\Asztal\dds.scr
C:\Documents and Settings\Rendszergazda\Rendszergazda.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: wellgames Toolbar: {8e41e543-e069-4197-8608-e8b4c2f75747} - c:\program files\wellgames\tbwell.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
{31c64d8a-8fe2-49db-bcff-5b9aedcedc9a}
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: wellgames Toolbar: {8e41e543-e069-4197-8608-e8b4c2f75747} - c:\program files\wellgames\tbwell.dll
BHO: Windows Live bejelentkezési segítség: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar.dll
{db0b918e-a0a8-482b-8d75-a682816b0c7b}
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: wellgames Toolbar: {8e41e543-e069-4197-8608-e8b4c2f75747} - c:\program files\wellgames\tbwell.dll
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Rendszergazda] c:\documents and settings\rendszergazda\Rendszergazda.exe /i
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Nod32] "c:\program files\eset\nod32krn.exe" -TRAY
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
mRun: [FLMK08KB] c:\program files\muiltmedia keyboard utility\2.0\KbdAp32A.exe
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\indító~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Google Search - c:\program files\google\googletoolbar.dll/cmsearch.html
IE: &Search - ?p=ZS
IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Backward &Links - c:\program files\google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\googletoolbar.dll/cmcache.html
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Save with Download Manager... - c:\program files\j river\media jukebox\DMDownload.htm
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: Si&milar Pages - c:\program files\google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\googletoolbar.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
{db0b918e-a0a8-482b-8d75-a682816b0c7b}
LSA: Authentication Packages = msv1_0 c:\windows\system32\jkhfe.dll
LSA: Notification Packages = scecli

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-7-31 20616]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2007-11-12 26112]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-25 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-3-27 22024]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-10-31 15424]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2008-8-1 143467]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-10-31 552064]
R3 axsaki;axsaki;c:\windows\system32\drivers\axsaki.sys [2003-3-30 102624]
R3 axskbus;axskbus;c:\windows\system32\drivers\axskbus.sys [2003-3-28 8640]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R4 RegGuard;RegGuard;\??\c:\windows\system32\drivers\regguard.sys --> c:\windows\system32\drivers\regguard.sys [?]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-12-29 16512]
S3 HWACCESS;HWACCESS;c:\windows\system32\HWACCESS.SYS [2009-1-4 6808]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-11-30 30984]
S3 SaiHFF04;SaiHFF04;c:\windows\system32\drivers\SaiHFF04.sys [2005-11-3 176640]
S3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\drivers\SaiIFF04.sys [2005-11-3 16768]

=============== Created Last 30 ================

2009-03-27 20:19 91 a------- c:\windows\system32\Partizan.RRI
2009-03-27 16:03 79 a------- c:\windows\lsoon.ini
2009-03-27 15:54 2 a--shr-- c:\windows\winstart.bat
2009-03-27 15:54 <DIR> --d----- c:\docume~1\rendsz~1\applic~1\Regrun
2009-03-27 15:54 <DIR> --d----- C:\backreg
2009-03-27 15:53 57,556 a------- c:\windows\guard.bmp
2009-03-27 15:49 <DIR> --d----- c:\program files\Greatis
2009-03-27 15:04 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-03-27 15:04 <DIR> --d----- c:\program files\Prevx
2009-03-27 15:04 67 a------- c:\windows\wininit.ini
2009-03-27 15:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-03-25 21:58 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-25 21:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-25 21:37 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-25 21:37 <DIR> --d----- c:\program files\Lavasoft
2009-03-25 14:48 20,452 ----h--- c:\documents and settings\rendszergazda\Rendszergazda.exe
2009-03-24 14:21 <DIR> --dsh--- C:\FOUND.001
2009-03-21 14:02 702,848 a------- C:\DSC00213.JPG
2009-03-21 12:00 <DIR> --d----- c:\program files\Microsoft Common
2009-03-20 17:51 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-03-20 17:51 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-03-20 17:51 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-03-20 17:51 <DIR> --d----- c:\program files\ffdshow
2009-03-20 17:34 815,104 a------- c:\windows\system32\xvidcore.dll
2009-03-20 17:34 77,824 a------- c:\windows\system32\xvid.ax
2009-03-20 17:34 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-03-20 17:34 <DIR> --d----- c:\program files\Xvid
2009-03-20 17:24 56,088 ----h--- C:\treeinfo.wc
2009-03-20 10:52 <DIR> --d----- c:\docume~1\rendsz~1\applic~1\Anabel
2009-03-17 21:13 <DIR> --d----- c:\docume~1\rendsz~1\applic~1\Meridian93
2009-03-17 21:12 <DIR> --d----- c:\program files\WildGames
2009-03-17 21:10 <DIR> --d----- c:\docume~1\rendsz~1\applic~1\panoramik
2009-03-17 21:10 <DIR> --d----- c:\program files\Reflexive
2009-03-14 18:12 <DIR> --d----- c:\program files\Alcohol Soft

==================== Find3M ====================

2009-01-06 20:31 22,328 a------- c:\docume~1\rendsz~1\applic~1\PnkBstrK.sys
2009-01-06 20:31 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-01-06 20:31 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-06 20:31 682,280 a------- c:\windows\system32\pbsvc.exe
2009-01-04 13:11 6,808 a------- c:\windows\system32\HWACCESS.SYS
2008-09-23 15:25 2,402,320 a------- c:\program files\WLinstaller.exe
2008-03-01 09:35 87,608 a------- c:\docume~1\rendsz~1\applic~1\inst.exe
2008-03-01 09:35 47,360 a------- c:\docume~1\rendsz~1\applic~1\pcouffin.sys
2008-01-26 13:08 34,226,770 a------- c:\program files\SunsetStudio.bin

============= FINISH: 21:23:09,31 ===============

Thx: Csinszki

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:46 AM

Posted 27 March 2009 - 07:02 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Csinszki

Csinszki
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 28 March 2009 - 08:35 AM

OTListIt logfile created on: 2009.03.28. 14:07:09 - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Rendszergazda\Asztal
Windows XP Professional Edition Szervizcsomag 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

511,48 Mb Total Physical Memory | 186,94 Mb Available Physical Memory | 36,55% Memory free
2,42 Gb Paging File | 2,01 Gb Available in Paging File | 83,12% Paging File free
Paging file location(s): D:\pagefile.sys 2000 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 5,93 Gb Free Space | 15,91% Space Free | Partition Type: FAT32
Drive D: | 19,40 Gb Total Space | 1,06 Gb Free Space | 5,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CSINSZKI-C6B8C3
Current User Name: Rendszergazda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009.03.25 21:47:38 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007.06.13 14:23:54 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008.02.07 18:32:24 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2008.05.24 18:43:04 | 00,360,448 | ---- | M] () -- C:\Program Files\Browser Mouse\mouse32a.exe
PRC - [2008.05.24 18:43:48 | 00,383,488 | ---- | M] () -- C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe
PRC - [2006.11.24 01:06:38 | 00,487,424 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2008.08.04 18:04:38 | 00,226,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009.03.25 21:47:40 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2006.11.13 17:05:58 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2007.10.18 11:34:20 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2007.08.08 17:51:48 | 00,410,904 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2006.11.13 17:05:46 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2008.11.29 20:38:08 | 00,775,168 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2008.08.01 15:55:28 | 00,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2007.01.04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2008.02.07 18:32:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2006.08.11 21:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009.01.06 20:31:16 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009.01.06 20:31:24 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2006.10.13 09:11:16 | 00,983,040 | R--- | M] (Obigo AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2001.10.26 12:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2008.08.01 15:56:42 | 00,069,735 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2004.08.17 15:48:38 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2006.11.13 15:17:38 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007.10.15 12:12:22 | 00,079,360 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe
PRC - [2009.03.28 14:06:20 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007.08.08 17:51:48 | 00,410,904 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2005.09.23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008.11.29 20:38:08 | 00,775,168 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS [Auto | Running])
SRV - [2008.08.01 15:56:42 | 00,069,735 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS [On_Demand | Running])
SRV - [2008.08.01 15:55:28 | 00,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS [Auto | Running])
SRV - [2005.09.23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004.08.17 15:47:22 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005.11.14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007.01.04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
SRV - [2009.03.25 21:47:38 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2008.02.07 18:32:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2006.08.11 21:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003.07.28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009.01.06 20:31:16 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009.01.06 20:31:24 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2004.08.17 15:47:22 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2007.10.18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007.10.25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007.01.10 11:46:00 | 00,919,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008.02.07 18:32:24 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2002.07.17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys -- (ASPI [On_Demand | Stopped])
DRV - [2002.07.17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [System | Running])
DRV - [2003.03.30 21:38:18 | 00,102,624 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\axsaki.sys -- (axsaki [On_Demand | Running])
DRV - [2003.03.28 11:58:42 | 00,008,640 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\axskbus.sys -- (axskbus [On_Demand | Running])
DRV - [2008.07.02 14:59:02 | 00,033,800 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Stopped])
DRV - [2008.01.21 19:28:12 | 00,014,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])
DRV - [2008.07.02 14:58:28 | 00,038,920 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2008.07.31 20:45:42 | 00,020,616 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus [Boot | Running])
DRV - [2005.04.30 14:50:20 | 00,011,860 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\vbtenum.sys -- (BTHidEnum [On_Demand | Stopped])
DRV - [2005.04.30 14:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2001.08.17 20:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
DRV - [2004.08.22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [Boot | Running])
DRV - [2004.08.22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [Boot | Running])
DRV - [2001.08.17 20:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Stopped])
DRV - [2001.08.17 20:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Stopped])
DRV - [2008.05.29 12:33:10 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2005.10.16 08:00:00 | 00,012,928 | ---- | M] (Bo Brantén) -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk [System | Running])
DRV - [2004.08.03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped])
DRV - [2001.08.17 22:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\hidgame.sys -- (hidgame [On_Demand | Stopped])
DRV - [2009.01.04 13:11:12 | 00,006,808 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HWACCESS.SYS -- (HWACCESS [On_Demand | Stopped])
DRV - [2002.12.04 15:59:40 | 00,030,984 | ---- | M] (Immersion Corporation) -- C:\WINDOWS\system32\DRIVERS\imhidusb.sys -- (imhidusb [On_Demand | Stopped])
DRV - [2005.08.04 13:51:58 | 00,026,112 | R--- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid [Boot | Running])
DRV - [2008.07.02 14:58:48 | 00,026,248 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\IvtBtBus.sys -- (IvtBtBUs [On_Demand | Running])
DRV - [2009.03.25 21:48:46 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008.02.07 18:32:24 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2006.08.11 21:42:42 | 03,958,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004.06.03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2004.05.25 15:58:02 | 00,048,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Running])
DRV - [2004.01.29 01:45:50 | 00,093,764 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENET.sys -- (NVENET [On_Demand | Running])
DRV - [2004.05.25 15:58:04 | 00,396,032 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Running])
DRV - [2004.04.02 15:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2009.03.27 20:19:18 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\Partizan.RRI -- (Partizan [Boot | Stopped])
DRV - [2008.03.01 09:35:58 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2001.10.26 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009.03.27 15:05:00 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan [Boot | Running])
DRV - [2001.10.26 11:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2001.08.17 20:12:40 | 00,019,017 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8029.SYS -- (rtl8029 [On_Demand | Stopped])
DRV - [2002.03.27 23:00:42 | 00,023,168 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiClass [On_Demand | Stopped])
DRV - [2005.11.03 10:52:14 | 00,176,640 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiHFF04.sys -- (SaiHFF04 [On_Demand | Stopped])
DRV - [2005.11.03 10:52:28 | 00,016,768 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiIFF04.sys -- (SaiIFF04 [On_Demand | Stopped])
DRV - [2005.11.03 10:52:34 | 00,013,824 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiMini.sys -- (SaiMini [On_Demand | Stopped])
DRV - [2002.03.27 23:00:42 | 00,023,168 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiNtBus [On_Demand | Stopped])
DRV - [2003.04.10 11:42:56 | 00,048,384 | ---- | M] (Saitek) -- C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys -- (SaiNtHid [On_Demand | Stopped])
DRV - [2006.09.18 14:58:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped])
DRV - [2006.09.18 14:58:52 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped])
DRV - [2006.09.18 14:58:54 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped])
DRV - [2006.09.18 14:58:58 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped])
DRV - [2006.09.18 14:59:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped])
DRV - [2006.09.18 14:59:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped])
DRV - [2006.09.18 14:59:08 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped])
DRV - [2007.11.13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001.08.17 20:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Stopped])
DRV - [2006.12.13 19:02:22 | 00,513,152 | ---- | M] (Windows ® 2000/XP) -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32 [On_Demand | Stopped])
DRV - [2007.12.25 12:32:44 | 00,643,072 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Stopped])
DRV - [2005.10.21 02:47:06 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008.01.21 19:27:50 | 00,014,856 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\DRIVERS\VComm.sys -- (VComm [On_Demand | Stopped])
DRV - [2008.07.02 14:58:36 | 00,029,960 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
DRV - [2008.01.21 19:28:00 | 00,017,416 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv [On_Demand | Stopped])
DRV - [2003.04.07 14:42:18 | 00,007,296 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\drivers\WBHWDOCT.sys -- (WBHWDOCT [On_Demand | Stopped])
DRV - [2005.04.12 19:21:28 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
DRV - [2005.04.12 19:21:32 | 00,022,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
DRV - [2005.04.12 19:21:32 | 00,017,632 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo [On_Demand | Stopped])
DRV - [2005.04.12 19:21:28 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
DRV - [2005.04.12 19:21:26 | 00,045,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions_Complete = 7
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions_Error = 14
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions_Failed = 3
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-57989841-682003330-994291788-500\S-1-5-21-57989841-682003330-994291788-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"


[2007.12.17 21:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rendszergazda\Application Data\mozilla\Firefox\Profiles\05t6yodz.default\extensions
[2007.12.17 20:02:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007.12.17 20:02:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: (1150 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost192.168.0.101 www.trendmicro.com
O1 - Hosts: 192.168.0.101 trendmicro.com
O1 - Hosts: 192.168.0.101 rads.mcafee.com
O1 - Hosts: 192.168.0.101 customer.symantec.com
O1 - Hosts: 192.168.0.101 liveupdate.symantec.com
O1 - Hosts: 192.168.0.101 us.mcafee.com
O1 - Hosts: 192.168.0.101 updates.symantec.com
O1 - Hosts: 192.168.0.101 update.symantec.com
O1 - Hosts: 192.168.0.101 www.nai.com
O1 - Hosts: 192.168.0.101 nai.com
O1 - Hosts: 192.168.0.101 secure.nai.com
O1 - Hosts: 192.168.0.101 dispatch.mcafee.com
O1 - Hosts: 192.168.0.101 download.mcafee.com
O1 - Hosts: 192.168.0.101 www.my-etrust.com
O1 - Hosts: 192.168.0.101 my-etrust.com
O1 - Hosts: 192.168.0.101 mast.mcafee.com
O1 - Hosts: 192.168.0.101 ca.com
O1 - Hosts: 192.168.0.101 www.ca.com
O1 - Hosts: 192.168.0.101 networkassociates.com
O1 - Hosts: 192.168.0.101 www.networkassociates.com
O1 - Hosts: 192.168.0.101 avp.com
O1 - Hosts: 192.168.0.101 www.kaspersky.com
O1 - Hosts: 192.168.0.101 www.avp.com
O1 - Hosts: 192.168.0.101 kaspersky.com
O1 - Hosts: 192.168.0.101 www.f-secure.com
O1 - Hosts: 19 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (no name) - {31C64D8A-8FE2-49DB-BCFF-5B9AEDCEDC9A} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (wellgames Toolbar) - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwell.dll (Conduit Ltd.)
O2 - BHO: (Windows Live bejelentkezési segítség) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll (Google Inc.)
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - Reg Error: Key error. File not found
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (wellgames Toolbar) - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwell.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKU\S-1-5-21-57989841-682003330-994291788-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-57989841-682003330-994291788-500\..\Toolbar\WebBrowser: (no name) - {8E41E543-E069-4197-8608-E8B4C2F75747} - C:\Program Files\wellgames\tbwell.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-57989841-682003330-994291788-500\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-57989841-682003330-994291788-500\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" ()
O4 - HKLM..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe ()
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe ()
O4 - HKLM..\Run: [Nod32] "C:\Program Files\ESET\nod32krn.exe" -TRAY (Eset )
O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
O4 - HKU\S-1-5-21-57989841-682003330-994291788-500..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-682003330-994291788-500..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-682003330-994291788-500..\Run: [Rendszergazda] C:\Documents and Settings\Rendszergazda\Rendszergazda.exe /i ()
O4 - HKU\S-1-5-21-57989841-682003330-994291788-500..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZS
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Küldés blogba - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Küldés blogba a Windows Live Writer programmal - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobil kedvenc létrehozása... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkhfe.dll) - C:\WINDOWS\system32\jkhfe.dll File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.31 17:43:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008.10.16 21:39:49 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7c3d36be-f695-11dc-b4ba-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7c3d36be-f695-11dc-b4ba-806d6172696f}\Shell\AutoRun\command - "" = E:\ral.exe -- File not found
O33 - MountPoints2\{b696f84f-87d3-11dc-a23f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b696f84f-87d3-11dc-a23f-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{d63f975c-be07-11dc-acfa-00508d4ca21f}\Shell - "" = AutoRun
O33 - MountPoints2\{d63f975c-be07-11dc-acfa-00508d4ca21f}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{d63f975d-be07-11dc-acfa-00508d4ca21f}\Shell - "" = AutoRun
O33 - MountPoints2\{d63f975d-be07-11dc-acfa-00508d4ca21f}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009.03.28 14:06:19 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTListIt2.exe
[2009.03.27 21:21:28 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Asztal\dds.scr
[2009.03.27 20:19:12 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\Partizan.RRI
[2009.03.27 16:03:46 | 00,000,079 | ---- | C] () -- C:\WINDOWS\lsoon.ini
[2009.03.27 15:54:48 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2009.03.27 15:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Application Data\Regrun
[2009.03.27 15:54:29 | 00,000,000 | ---D | C] -- C:\backreg
[2009.03.27 15:54:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Dokumentumok\RegRun2
[2009.03.27 15:53:57 | 00,057,556 | ---- | C] () -- C:\WINDOWS\guard.bmp
[2009.03.27 15:49:08 | 00,000,000 | ---D | C] -- C:\Program Files\Greatis
[2009.03.27 15:04:59 | 00,022,024 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009.03.27 15:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009.03.27 15:04:49 | 00,000,067 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.03.27 15:04:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009.03.25 21:58:33 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009.03.25 21:49:58 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009.03.25 21:49:52 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009.03.25 21:37:55 | 00,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Ad-Aware.lnk
[2009.03.25 21:37:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009.03.25 21:37:47 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009.03.24 14:21:34 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009.03.22 22:33:12 | 00,000,256 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\hgf.ISO
[2009.03.22 21:13:22 | 00,067,072 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\tételek.doc
[2009.03.22 14:41:06 | 00,000,845 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Asztal\Mystery Legends - Sleepy Hollow.lnk
[2009.03.21 14:02:04 | 00,702,848 | ---- | C] () -- C:\DSC00213.JPG
[2009.03.21 12:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Common
[2009.03.20 17:51:52 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.03.20 17:51:51 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.03.20 17:51:51 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009.03.20 17:51:50 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009.03.20 17:34:03 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.03.20 17:34:03 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009.03.20 17:34:02 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.03.20 17:34:02 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009.03.20 17:24:36 | 00,056,088 | -H-- | C] () -- C:\treeinfo.wc
[2009.03.20 11:45:32 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Asztal\Annabel.lnk
[2009.03.20 10:52:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Application Data\Anabel
[2009.03.17 21:13:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Application Data\Meridian93
[2009.03.17 21:13:30 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Mystery of Unicorn Castle.lnk
[2009.03.17 21:12:36 | 00,000,000 | ---D | C] -- C:\Program Files\WildGames
[2009.03.17 21:10:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Application Data\panoramik
[2009.03.17 21:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\Reflexive
[2009.03.15 20:57:18 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\ciklámen.doc
[2009.03.14 18:14:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rendszergazda\Dokumentumok\Alcohol 120%
[2009.03.14 18:12:17 | 00,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Alcohol 120%.lnk
[2009.03.14 18:12:11 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2009.03.02 14:10:07 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\Rendszergazda\Asztal\BS.Player PRO.lnk

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009.03.28 14:08:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009.03.28 14:06:20 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rendszergazda\Asztal\OTListIt2.exe
[2009.03.28 14:02:04 | 00,081,858 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.03.28 14:02:00 | 00,001,007 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2009.03.28 14:01:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.03.28 14:01:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.03.27 21:21:30 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Asztal\dds.scr
[2009.03.27 21:12:34 | 00,002,012 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2009.03.27 20:19:18 | 00,000,091 | ---- | M] () -- C:\WINDOWS\System32\Partizan.RRI
[2009.03.27 20:15:40 | 01,578,968 | -H-- | M] () -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\IconCache.db
[2009.03.27 16:03:48 | 00,000,079 | ---- | M] () -- C:\WINDOWS\lsoon.ini
[2009.03.27 15:54:50 | 00,002,855 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009.03.27 15:54:50 | 00,001,793 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009.03.27 15:54:50 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2009.03.27 15:39:04 | 00,000,067 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009.03.27 15:05:00 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009.03.25 21:49:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009.03.25 21:49:02 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009.03.25 21:48:46 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009.03.25 21:37:56 | 00,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Ad-Aware.lnk
[2009.03.22 22:33:16 | 00,000,256 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\hgf.ISO
[2009.03.22 21:53:02 | 00,056,088 | -H-- | M] () -- C:\treeinfo.wc
[2009.03.22 21:13:24 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\tételek.doc
[2009.03.22 14:41:08 | 00,000,845 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Asztal\Mystery Legends - Sleepy Hollow.lnk
[2009.03.21 19:44:20 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.21 14:03:24 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.03.21 12:56:50 | 00,702,848 | ---- | M] () -- C:\DSC00213.JPG
[2009.03.20 11:46:06 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Asztal\Annabel.lnk
[2009.03.19 13:36:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.03.17 21:13:32 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Mystery of Unicorn Castle.lnk
[2009.03.15 20:57:20 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Dokumentumok\ciklámen.doc
[2009.03.14 18:12:18 | 00,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Alcohol 120%.lnk
[2009.03.02 19:10:48 | 00,067,584 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.03.02 14:10:08 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\Rendszergazda\Asztal\BS.Player PRO.lnk
< End of report >



OTListIt Extras logfile created on: 2009.03.28. 14:07:09 - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Rendszergazda\Asztal
Windows XP Professional Edition Szervizcsomag 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

511,48 Mb Total Physical Memory | 186,94 Mb Available Physical Memory | 36,55% Memory free
2,42 Gb Paging File | 2,01 Gb Available in Paging File | 83,12% Paging File free
Paging file location(s): D:\pagefile.sys 2000 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 5,93 Gb Free Space | 15,91% Space Free | Partition Type: FAT32
Drive D: | 19,40 Gb Total Space | 1,06 Gb Free Space | 5,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CSINSZKI-C6B8C3
Current User Name: Rendszergazda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"6881:UDP" = 6881:UDP:*:Enabled:127.0.0.1
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:WWW
"7820:TCP" = 7820:TCP:*:Enabled:WWW
"53:UDP" = 53:UDP:*:Enabled:DNS
"25:UDP" = 25:UDP:*:Enabled:SMTP
"5306:TCP" = 5306:TCP:*:Enabled:WWW
"9357:TCP" = 9357:TCP:*:Enabled:WWW
"5251:TCP" = 5251:TCP:*:Enabled:WWW

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2009.01.18 14:59:12 | 04,038,144 | ---- | M] (IniCom Networks, Inc.) -- C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[2006.11.13 17:05:46 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006.11.13 17:05:58 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006.11.13 17:06:00 | 04,287,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2007.10.18 11:34:20 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe:*:Enabled:Windows Live Messenger
[2007.10.02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007.08.02 02:02:12 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
[2007.10.23 01:47:00 | 00,360,448 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
[2007.10.16 02:30:08 | 05,816,320 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
File not found -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
File not found -- D:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed
[2009.01.06 20:31:16 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2009.01.06 20:31:24 | 00,107,832 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe:*:Enabled:PnkBstrB
File not found -- C:\Program Files\Azureus1\Azureus.exe:*:Enabled:Azureus Vuze
[2004.10.13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2009.01.18 14:59:12 | 04,038,144 | ---- | M] (IniCom Networks, Inc.) -- C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
File not found -- C:\Documents and Settings\Rendszergazda\Application Data\Opera\Opera\PROFILE\CACHE4\temporary_download\incredimail_install.exe:*:Enabled:IncrediMail Installer
File not found -- C:\Documents and Settings\Rendszergazda\Application Data\Opera\Opera\PROFILE\CACHE4\temporary_download\incredimail_install (1).exe:*:Enabled:IncrediMail Installer
[2006.11.13 17:05:46 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006.11.13 17:05:58 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006.11.13 17:06:00 | 04,287,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2007.03.20 13:38:02 | 00,726,552 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD
[2005.11.26 14:28:44 | 00,837,156 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows
[2008.10.03 02:17:04 | 14,781,440 | ---- | M] () -- C:\Program Files\PDCPoker\client.exe:*:Enabled:PDC Poker Client
[2007.10.18 11:34:20 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe:*:Enabled:Windows Live Messenger
[2007.10.02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2007.08.31 07:52:34 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
[2008.08.28 07:47:56 | 05,620,736 | ---- | M] () -- C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++
[2008.08.04 17:34:52 | 00,458,840 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
[2008.11.29 20:38:08 | 00,775,168 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS
[2008.12.01 21:18:40 | 05,156,864 | ---- | M] (Martin Prikryl) -- C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:SFTP, FTP and SCP client
File not found -- C:\Documents and Settings\Rendszergazda\Local Settings\Temp\Rar$EX00.625\FlashGet 1.9.6.1073 Portable\FlashGet.exe:*:Enabled:Portabled by mdxy81
File not found -- C:\WINDOWS\System32\xmlztmjj.exe:*:Enabled:Internet Explorer
[2008.02.07 18:32:24 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\NOD32KUI.EXE:*:Enabled:ENABLE
[2007.06.13 14:23:54 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{114C7913-FC33-41E7-839B-51042BDF3D9C}" = Windows Live Mail
"{16913489-B5E3-403E-AFD3-2B19BBE464D4}" = Opera 9.24
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java™ SE Development Kit 6
"{350C940e-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update
"{5C728FCF-A513-4337-BBC8-C8C97AA684A9}_is1" = Neverland
"{679068CA-C9E9-4C22-A90D-2C4F2881EF9C}" = Bluesoleil 6.2.227.11
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113498953}" = Bubble Shooter Premium Edition
"{9011040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90AF040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint megjelenítő 2003
"{955D8242-B99E-4A9A-80C4-3FF7D7587EA3}" = Msxml4 SP2
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999CE3F5-C179-4607-BEDF-B9544B0DD232}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AF2815A6-0573-45A4-BAE3-3194C1D4393C}" = Windows Live Messenger
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live bejelentkezési segéd
"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C5401ABF-5175-4E69-9849-EAA397952111}" = Windows Live Writer
"{C7A4D259-C9DF-44F4-A0C2-EA5D6F323B1A}" = Windows Live Fotótár
"{D66FEEF4-0ADE-41D3-B871-35EC1F8167B7}_is1" = Mystery of Unicorn Castle
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"Adobe Shockwave Player" = Adobe Shockwave Player
"All To MP3 Converter_is1" = All To MP3 Converter 1.6rc4
"Azureus" = Azureus
"Browser Mouse" = Browser Mouse
"BShooter4_is1" = Bubble Shooter v4.02
"BSPlayerp" = BS.Player PRO
"DC++" = DC++ 0.708
"DVD Photo Slideshow Pro" = DVD Photo Slideshow Pro 6.70
"DVDFab Platinum_is1" = DVDFab Platinum 4.0.3.2 by Dr.Pc Putte - Team RES
"Easy CD-DA Extractor 10" = Easy CD-DA Extractor 10
"ffdshow_is1" = ffdshow [rev 2787] [2009-03-17]
"Governor of Poker1.0" = Governor of Poker
"Hell's Kitchen1.0" = Hell's Kitchen
"Indeo® software" = Indeo® software
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Muiltmedia keyboard Utility 2.0" = Muiltmedia keyboard Utility 2.0
"Mystery Legends - Sleepy Hollow" = Mystery Legends - Sleepy Hollow
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NOD32" = NOD32 antivirus system
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PCSI" = Prevx CSI
"PunkBusterSvc" = PunkBuster Services
"RBR Audio" = Uninstall v2.3
"Registry Mechanic_is1" = Registry Mechanic 6.0
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Sony Ericsson Bluetooth Remote Control" = Sony Ericsson Bluetooth Remote Control 4.00
"SystemRequirementsLab" = System Requirements Lab
"TeLLmeMoreV40" = TeLL me More
"TurboFast" = Remove TurboFast
"UltraFXP" = UltraFXP (remove only)
"Unlocker" = Unlocker 1.8.5
"wellgames Toolbar" = wellgames Toolbar
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"WinAVI VideoConverter_is1" = WinAVI VideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinISO_is1" = WinISO 5.3
"WinRAR archiver" = WinRAR archiváló
"winscp3_is1" = WinSCP 4.1.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.82.4
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0853" = 0853
"PDC Poker" = PDC Poker
"WinImage" = WinImage

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-682003330-994291788-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0853" = 0853
"PDC Poker" = PDC Poker
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009.03.16. 8:21:59 | Computer Name = CSINSZKI-C6B8C3 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: Opera.exe, verzió: 9.24.8816.0, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.03.17. 7:14:14 | Computer Name = CSINSZKI-C6B8C3 | Source = Application Error | ID = 1000
Description = Hibás alkalmazás: generic.exe, verzió: 1.4.12.0, hibás modul: unknown,
verzió: 0.0.0.0, memóriacím: 0x70655276.

Error - 2009.03.17. 11:25:44 | Computer Name = CSINSZKI-C6B8C3 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: TOTALCMD.EXE, verzió: 6.5.3.0, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.03.17. 11:26:51 | Computer Name = CSINSZKI-C6B8C3 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: TOTALCMD.EXE, verzió: 6.5.3.0, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.03.17. 11:27:03 | Computer Name = CSINSZKI-C6B8C3 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: TOTALCMD.EXE, verzió: 6.5.3.0, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.03.17. 11:30:03 | Computer Name = CSINSZKI-C6B8C3 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: iexplore.exe, verzió: 6.0.2900.2180, nem
válaszoló modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.03.22. 17:01:09 | Computer Name = CSINSZKI-C6B8C3 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: TOTALCMD.EXE, verzió: 6.5.3.0, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.03.22. 17:01:26 | Computer Name = CSINSZKI-C6B8C3 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: TOTALCMD.EXE, verzió: 6.5.3.0, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

Error - 2009.03.25. 16:38:03 | Computer Name = CSINSZKI-C6B8C3 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2009.03.27. 11:29:27 | Computer Name = CSINSZKI-C6B8C3 | Source = Application Hang | ID = 1002
Description = Nem válaszoló alkalmazás: regrun2.exe, verzió: 5.7.5.937, nem válaszoló
modul: hungapp, verzió: 0.0.0.0, memóriacím: 0x00000000.

[ System Events ]
Error - 2009.03.27. 9:33:00 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Feltöltéskezelő) a következő hiba következtében leállt:
%%1079

Error - 2009.03.27. 10:30:24 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Feltöltéskezelő) a következő hiba következtében leállt:
%%1079

Error - 2009.03.27. 11:01:06 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Feltöltéskezelő) a következő hiba következtében leállt:
%%1079

Error - 2009.03.27. 14:50:38 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Feltöltéskezelő) a következő hiba következtében leállt:
%%1079

Error - 2009.03.27. 15:08:09 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Feltöltéskezelő) a következő hiba következtében leállt:
%%1079

Error - 2009.03.27. 15:17:07 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Feltöltéskezelő) a következő hiba következtében leállt:
%%1079

Error - 2009.03.27. 15:17:07 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7026
Description = A következő boot- vagy rendszerindító illesztőprogram(ok) nem indult(ak)
el: sptd

Error - 2009.03.27. 15:19:12 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7034
Description = A(z) CSIScanner szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal
fordult elő.

Error - 2009.03.28. 9:02:15 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7000
Description = A szolgáltatás (Feltöltéskezelő) a következő hiba következtében leállt:
%%1079

Error - 2009.03.28. 9:02:15 | Computer Name = CSINSZKI-C6B8C3 | Source = Service Control Manager | ID = 7026
Description = A következő boot- vagy rendszerindító illesztőprogram(ok) nem indult(ak)
el: Partizan sptd


< End of report >



GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-03-28 14:35:00
Windows 5.1.2600 Szervizcsomag 2


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF85FC818]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF86A687E]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF85F0A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF85F12A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF85FC910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF85FC794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF85F12C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF85FC866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF85FC0B0]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF86A6C10]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[576] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
? C:\WINDOWS\System32\svchost.exe[1664] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
? C:\WINDOWS\System32\svchost.exe[2980] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
? C:\WINDOWS\System32\svchost.exe[3552] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DC6BF0] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DC7883] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DC761B] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DCEBE7] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DEC534] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DED11B] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DC7753] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F26C5B] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F25002] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F15B13] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF71] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A9CC] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C80176B] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C814EEA] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C802367] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80220F] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C81042C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C864B0F] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C8350BF] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C810B1C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C8024A7] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C802520] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C809E79] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C91043D] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C9179FD] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C812F1D] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C8111DA] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80B905] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80945C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C81CDDA] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80C058] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802442] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81CE03] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C82FC00] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C809B47] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C810637] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80E93F] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80EA1B] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C830D74] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809A09] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809E01] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C80929C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C810D87] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C810B8E] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C910331] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C821982] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C812BB6] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9105D4] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7CA40EE0] C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F6818C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [77F8C41E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77F72240] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7E37E5C2] C:\WINDOWS\system32\USER32.dll (Windows XP USER API ügyfél DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7E3686C7] C:\WINDOWS\system32\USER32.dll (Windows XP USER API ügyfél DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7E36A8AD] C:\WINDOWS\system32\USER32.dll (Windows XP USER API ügyfél DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [771B60D9] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [771B30A3] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [771B79A2] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [771B4D4C] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [771B368D] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [771B828C] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [71A53B91] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [71A5428A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [71A5615A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1664] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [71A5406A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DC6BF0] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DC7883] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DC761B] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DCEBE7] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DEC534] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DED11B] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DC7753] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F26C5B] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F25002] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F15B13] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF71] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A9CC] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C80176B] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C814EEA] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C802367] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80220F] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C81042C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C864B0F] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C8350BF] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C810B1C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C8024A7] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C802520] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C809E79] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C91043D] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C9179FD] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C812F1D] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C8111DA] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80B905] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80945C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C81CDDA] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80C058] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802442] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81CE03] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C82FC00] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C809B47] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C810637] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80E93F] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80EA1B] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C830D74] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809A09] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809E01] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C80929C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C810D87] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C810B8E] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C910331] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C821982] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C812BB6] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9105D4] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7CA40EE0] C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F6818C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [77F8C41E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77F72240] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7E37E5C2] C:\WINDOWS\system32\USER32.dll (Windows XP USER API ügyfél DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7E3686C7] C:\WINDOWS\system32\USER32.dll (Windows XP USER API ügyfél DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7E36A8AD] C:\WINDOWS\system32\USER32.dll (Windows XP USER API ügyfél DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [771B60D9] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [771B30A3] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [771B79A2] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [771B4D4C] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [771B368D] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [771B828C] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [71A53B91] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [71A5428A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [71A5615A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2980] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [71A5406A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DC6BF0] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DC7883] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DC761B] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DCEBE7] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DEC534] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DED11B] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DC7753] C:\WINDOWS\system32\ADVAPI32.dll (Speciális 32 bites Windows API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F26C5B] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F25002] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F15B13] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1EF71] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A9CC] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C80176B] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C814EEA] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C802367] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80220F] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C81042C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C864B0F] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C8350BF] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C810B1C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C8024A7] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C802520] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C809E79] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C91043D] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C9179FD] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C812F1D] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C8111DA] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80B905] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C80945C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C81CDDA] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80C058] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C802442] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81CE03] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C82FC00] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C809B47] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C810637] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80E93F] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80EA1B] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C830D74] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809A09] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C809E01] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C80929C] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C810D87] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C810B8E] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C910331] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C821982] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C812BB6] C:\WINDOWS\system32\kernel32.dll (Win32 kernel mag komponens/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9105D4] C:\WINDOWS\system32\ntdll.dll (NT réteg DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7CA40EE0] C:\WINDOWS\system32\SHELL32.dll (Windows rendszerhéj - közös DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F6818C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [77F8C41E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77F72240] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7E37E5C2] C:\WINDOWS\system32\USER32.dll (Windows XP USER API ügyfél DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7E3686C7] C:\WINDOWS\system32\USER32.dll (Windows XP USER API ügyfél DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7E36A8AD] C:\WINDOWS\system32\USER32.dll (Windows XP USER API ügyfél DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [771B60D9] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [771B30A3] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [771B79A2] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [771B4D4C] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [771B368D] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [771B828C] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [71A53B91] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [71A5428A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [71A5615A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3552] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [71A5406A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82CC60E0

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \FileSystem\Fastfat \FatCdrom 82F7ABD0

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Cdrom \Device\CdRom0 827F1BC8
Device \Driver\Cdrom \Device\CdRom0 82BC7810
Device \FileSystem\Rdbss \Device\FsWrap 82D1F0E0
Device \Driver\Cdrom \Device\CdRom1 827F1BC8
Device \Driver\Cdrom \Device\CdRom1 82BC7810
Device \Driver\Cdrom \Device\CdRom2 827F1BC8
Device \Driver\Cdrom \Device\CdRom2 82BC7810
Device \Driver\nvatabus \Device\00000074 827ECA48
Device \Driver\nvatabus \Device\00000074 82C015F8
Device \Driver\Cdrom \Device\CdRom3 827F1BC8
Device \Driver\Cdrom \Device\CdRom3 82BC7810
Device \Driver\nvatabus \Device\00000075 827ECA48
Device \Driver\nvatabus \Device\00000075 82C015F8
Device \Driver\nvatabus \Device\00000076 827ECA48
Device \Driver\nvatabus \Device\00000076 82C015F8
Device \Driver\nvatabus \Device\00000077 827ECA48
Device \Driver\nvatabus \Device\00000077 82C015F8
Device \FileSystem\Srv \Device\LanmanServer 82C7BFB0
Device \Driver\nvatabus \Device\NvAta0 827ECA48
Device \Driver\nvatabus \Device\NvAta0 82C015F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82CCF0E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82CCF0E0
Device \FileSystem\Npfs \Device\NamedPipe 82D6E0E0
Device \FileSystem\Msfs \Device\Mailslot 82DFD0D8
Device \Driver\axsaki \Device\Scsi\axsaki1Port2Path0Target0Lun0 82BACC70
Device \Driver\axsaki \Device\Scsi\axsaki1Port2Path0Target0Lun0 82F62330
Device \Driver\axsaki \Device\Scsi\axsaki1 82BACC70
Device \Driver\axsaki \Device\Scsi\axsaki1 82F62330
Device \Driver\d347prt \Device\Scsi\d347prt1Port1Path0Target0Lun0 82BD2130
Device \Driver\d347prt \Device\Scsi\d347prt1 82BD2130
Device \FileSystem\Fastfat \Fat 82F7ABD0

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

Device \FileSystem\Fs_Rec \FileSystem\NtfsRecognizer 82F220D8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 82F220D8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 82F220D8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 82F220D8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 82F220D8
Device \FileSystem\Cdfs \Cdfs 82C9C7C0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x95 0x3D 0x1A 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0x41 0x3D 0x1A 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0x41 0x3D 0x1A 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z3 0x41 0x3D 0x1A 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z4 0x41 0x3D 0x1A 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z0 0x29 0xF4 0x42 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42@hj34z0 0x3F 0x11 0x7D 0xB5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 1050
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 10
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32647F65-B063-931D-8417-3082BB1119B5}

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:46 AM

Posted 28 March 2009 - 11:10 AM

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

================




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Csinszki

Csinszki
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 28 March 2009 - 11:37 AM

ComboFix 09-03-27.02 - Rendszergazda 2009-03-28 17:26:04.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1038.18.511.287 [GMT 1:00]
Running from: c:\documents and settings\Rendszergazda\Asztal\ComboFix.exe
AV: ESET NOD32 Antivirus System 2.70 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rendszergazda\EULA.txt
c:\documents and settings\Rendszergazda\Rendszergazda.exe
c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCIDump


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.

2009-03-27 20:19 . 2009-03-27 20:19 91 --a------ c:\windows\system32\Partizan.RRI
2009-03-27 16:03 . 2009-03-27 16:03 79 --a------ c:\windows\lsoon.ini
2009-03-27 15:54 . 2009-03-27 15:54 <DIR> d-------- C:\backreg
2009-03-27 15:54 . 2009-03-27 15:54 2 -rahs---- c:\windows\winstart.bat
2009-03-27 15:53 . 2003-09-06 15:55 57,556 --a------ c:\windows\guard.bmp
2009-03-27 15:49 . 2009-03-27 15:49 <DIR> d-------- c:\program files\Greatis
2009-03-27 15:04 . 2009-03-27 15:05 <DIR> d-------- c:\program files\Prevx
2009-03-27 15:04 . 2009-03-27 15:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-03-27 15:04 . 2009-03-27 15:05 22,024 --a------ c:\windows\system32\drivers\pxscan.sys
2009-03-27 15:04 . 2009-03-27 15:39 67 --a------ c:\windows\wininit.ini
2009-03-25 21:58 . 2009-03-25 21:49 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-25 21:49 . 2009-03-25 21:48 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-25 21:37 . 2009-03-25 21:37 <DIR> d-------- c:\program files\Lavasoft
2009-03-25 21:37 . 2009-03-25 21:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-24 14:21 . 2009-03-24 14:21 <DIR> d--hs---- C:\FOUND.001
2009-03-21 14:02 . 2009-03-21 12:56 702,848 --a------ C:\DSC00213.JPG
2009-03-20 17:51 . 2009-03-20 17:51 <DIR> d-------- c:\program files\ffdshow
2009-03-20 17:51 . 2009-03-02 19:10 67,584 --a------ c:\windows\system32\ff_vfw.dll
2009-03-20 17:51 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d-------- c:\program files\Xvid
2009-03-20 17:34 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll
2009-03-20 17:34 . 2008-12-04 21:46 180,224 --a------ c:\windows\system32\xvidvfw.dll
2009-03-20 17:34 . 2008-12-13 20:01 77,824 --a------ c:\windows\system32\xvid.ax
2009-03-20 17:24 . 2009-03-22 21:53 56,088 ---h----- C:\treeinfo.wc
2009-03-17 21:12 . 2009-03-17 21:12 <DIR> d-------- c:\program files\WildGames
2009-03-17 21:10 . 2009-03-17 21:10 <DIR> d-------- c:\program files\Reflexive
2009-03-14 18:12 . 2009-03-14 18:12 <DIR> d-------- c:\program files\Alcohol Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 14:47 --------- d-----w c:\documents and settings\All Users\Application Data\Intenium
2009-02-20 17:49 --------- d-----w c:\program files\Webteh
2009-02-15 11:23 --------- d-----w c:\program files\Abev 2006
2009-02-12 10:19 --------- d-----w c:\program files\Mystery Museum
2009-02-10 11:08 --------- d-----w c:\program files\Deep Voyage
2009-02-01 11:10 --------- d-----w c:\documents and settings\All Users\Application Data\Media Art
2009-01-31 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\Ludia
2009-01-31 16:20 --------- d-----w c:\program files\Hell's Kitchen
2009-01-06 19:31 682,280 ----a-w c:\windows\system32\pbsvc.exe
2009-01-06 19:31 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-06 19:31 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-04 12:11 6,808 ----a-w c:\windows\system32\HWACCESS.SYS
2008-09-23 14:25 2,402,320 ----a-w c:\program files\WLinstaller.exe
2008-01-26 12:08 34,226,770 ----a-w c:\program files\SunsetStudio.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8e41e543-e069-4197-8608-e8b4c2f75747}"= "c:\program files\wellgames\tbwell.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{8e41e543-e069-4197-8608-e8b4c2f75747}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8e41e543-e069-4197-8608-e8b4c2f75747}]
2007-07-31 16:33 1391640 --a------ c:\program files\wellgames\tbwell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8e41e543-e069-4197-8608-e8b4c2f75747}"= "c:\program files\wellgames\tbwell.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{8e41e543-e069-4197-8608-e8b4c2f75747}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8E41E543-E069-4197-8608-E8B4C2F75747}"= "c:\program files\wellgames\tbwell.dll" [2007-07-31 1391640]

[HKEY_CLASSES_ROOT\clsid\{8e41e543-e069-4197-8608-e8b4c2f75747}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\mouse32a.exe" [2008-05-24 360448]
"FLMK08KB"="c:\program files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe" [2008-05-24 383488]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-25 515416]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-02 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Indítópult^RAID Manager.lnk]
backup=c:\windows\pss\RAID Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rendszergazda^Start Menu^Programs^Indítópult^Azureus.lnk]
backup=c:\windows\pss\Azureus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rendszergazda^Start Menu^Programs^Indítópult^DUMeter.exe]
backup=c:\windows\pss\DUMeter.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rendszergazda^Start Menu^Programs^Indítópult^HDDlife.lnk]
path=c:\documents and settings\Rendszergazda\Start Menu\Programs\Indítópult\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rendszergazda^Start Menu^Programs^Indítópult^utorrent.lnk]
backup=c:\windows\pss\utorrent.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-08-08 17:51 148760 c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
--a------ 2007-08-08 17:47 1169456 c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-10-23 01:47 360448 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\PDCPoker\\client.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Browser Mouse\\MOUSE32A.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:UDP"= 6881:UDP:127.0.0.1
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"80:TCP"= 80:TCP:WWW
"7820:TCP"= 7820:TCP:WWW
"53:UDP"= 53:UDP:DNS
"25:UDP"= 25:UDP:SMTP
"5306:TCP"= 5306:TCP:WWW
"9357:TCP"= 9357:TCP:WWW
"5251:TCP"= 5251:TCP:WWW

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2007-11-12 26112]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-25 64160]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-03-27 22024]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
R3 axsaki;axsaki;c:\windows\system32\drivers\axsaki.sys [2003-03-30 102624]
R3 axskbus;axskbus;c:\windows\system32\drivers\axskbus.sys [2003-03-28 8640]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-12-29 16512]
S3 HWACCESS;HWACCESS;c:\windows\system32\HWACCESS.SYS [2009-01-04 6808]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-11-30 30984]
S3 SaiHFF04;SaiHFF04;c:\windows\system32\drivers\SaiHFF04.sys [2005-11-03 176640]
S3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\drivers\SaiIFF04.sys [2005-11-03 16768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c3d36be-f695-11dc-b4ba-806d6172696f}]
\Shell\AutoRun\command - E:\ral.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b696f84f-87d3-11dc-a23f-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d63f975c-be07-11dc-acfa-00508d4ca21f}]
\Shell\AutoRun\command - G:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d63f975d-be07-11dc-acfa-00508d4ca21f}]
\Shell\AutoRun\command - H:\AUTORUN.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-25 21:47]
.
- - - - ORPHANS REMOVED - - - -

BHO-{31C64D8A-8FE2-49DB-BCFF-5B9AEDCEDC9A} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Rendszergazda - c:\documents and settings\Rendszergazda\Rendszergazda.exe
HKLM-Run-Nod32 - c:\program files\ESET\nod32krn.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-DU Meter - c:\windows\system32\DUMeter.exe
MSConfigStartUp-HPDJ Taskbar Utility - c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
MSConfigStartUp-OSSelectorReinstall - c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-Tweak UI - TWEAKUI.CPL


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: &Search - ?p=ZS
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save with Download Manager... - c:\program files\J River\Media Jukebox\DMDownload.htm
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
DPF: Microsoft XML Parser for Java
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 17:31:09
Windows 5.1.2600 Szervizcsomag 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-682003330-994291788-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-57989841-682003330-994291788-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32647F65-B063-931D-8417-3082BB1119B5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-57989841-682003330-994291788-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4d,a8,1b,86,55,5e,2b,d4,d9,ca,fb,9b,18,ed,df,22,65,70,1d,dc,09,70,af,
f5,99,24,ce,8a,d9,7b,9c,d9,63,28,50,9a,d0,1e,c6,d9,45,bb,d3,e8,c5,7a,09,db,\
"??"=hex:fe,7b,c3,9d,28,ad,62,6d,fe,a5,50,5c,40,ef,7c,f4
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\SEAGATE\SCHEDULE2\SCHEDUL2.EXE
c:\program files\IVT CORPORATION\BLUESOLEIL\BLUESOLEILCS.EXE
c:\program files\COMMON FILES\INTERVIDEO\REGMGR\IVIREGMGR.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\PNKBSTRA.EXE
c:\windows\SYSTEM32\PNKBSTRB.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\windows\system32\MACROMED\SHOCKW~1\SWHELP~2.EXE
c:\program files\MICROSOFT ACTIVESYNC\RAPIMGR.EXE
c:\program files\IVT CORPORATION\BLUESOLEIL\BSHELPCS.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-28 17:34:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-28 16:34:30

Pre-Run: 6 291 357 696 bájt szabad
Post-Run: 6,224,773,120 bájt szabad

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
275 --- E O F --- 2009-02-20 10:41:26

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:46 AM

Posted 28 March 2009 - 05:33 PM

Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Csinszki

Csinszki
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 29 March 2009 - 01:48 AM

Scanning Report
Sunday, March 29, 2009 08:02:40 - 08:45:47

Computer name: CSINSZKI-C6B8C3
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 12 malware found
RiskTool.Win32.HideWindows (spyware)
System
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
Trojan.Win32.Agent.bwob (virus)
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SDER056B\INSIDE[1].EXE (Renamed & Submitted)
Trojan.Win32.Qhost.go (virus)
C:\DOCUMENTS AND SETTINGS\RENDSZERGAZDA\DOKUMENTUMOK\REGRUN2\BACK27D_03M_09Y_162901\HOSTS (Renamed & Submitted)
Trojan.Win32.Tdss.vbv (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8BDBE1A1-EF39-4920-9436-4CF5D6D81FB1}\RP327\A0107450.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8BDBE1A1-EF39-4920-9436-4CF5D6D81FB1}\RP321\A0107176.EXE (Renamed & Submitted)
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\RYBFM2XJ\EXPLORER[1].EXE (Renamed & Submitted)
W32/Packed_FSG.D (virus)
C:\ZENE\ALBUM\DC\SID MEIERS - PIRATES\CD KEY GENERATOR\RLD-SPKG.EXE (Submitted)
C:\APPZ\ALS\AUTODATA 2005 V2.12 CRACK BY TBE & FOUNDS BUGS BY TFT.EXE (Submitted)
W32/Packed_Krunchy.B (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8BDBE1A1-EF39-4920-9436-4CF5D6D81FB1}\RP320\A0105445.EXE (Submitted)
Worm.Win32.AutoRun.acvs (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8BDBE1A1-EF39-4920-9436-4CF5D6D81FB1}\RP327\A0107451.EXE (Renamed)
Statistics
Scanned:
Files: 29506
System: 3560
Not scanned: 5
Actions:
Disinfected: 0
Renamed: 6
Deleted: 0
None: 6
Submitted: 8
Files not scanned:
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Hydra: 3.8.9080, 2009-03-28
F-Secure AVP: 7.0.171, 2009-03-27
F-Secure Pegasus: 1.20.0, 1970-00-01
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.






Which anti-virus one do you offer?

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:46 AM

Posted 29 March 2009 - 09:15 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\ZENE\ALBUM\DC\SID MEIERS - PIRATES\CD KEY GENERATOR\RLD-SPKG.EXE 
C:\APPZ\ALS\AUTODATA 2005 V2.12 CRACK BY TBE & FOUNDS BUGS BY TFT.EXE
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Csinszki

Csinszki
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 29 March 2009 - 01:52 PM

Thank you for your help. It looks like, everything is ok. If not, I will post new reply in that topic.

Sorry, but I can't post contents of ComboFix.txt. So I uploaded to the web space.
ComboFix.txt

Edited by Csinszki, 29 March 2009 - 02:01 PM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:46 AM

Posted 29 March 2009 - 03:18 PM

Looks good to me! :)


Let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :step4:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users