Winweb Security Vyřešeno

[brano]

aj po SDfix je stále tam ale už aspoň viem kde je.

[Reklama]

[brano]

SDFix: Version 1.240
Run by PC on çt 04.12.2008 at 21:44

Microsoft Windows XP [Verzia 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 21:50:34
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000016d

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe"="C:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe:*:Disabled:SoF"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Tue 2 Dec 2008 88 ..SHR --- "C:\WINDOWS\system32\A97C149DEC.sys"
Tue 2 Dec 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Wed 19 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

[brano]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:40, on 4.12.2008
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\1636008257\860178344.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/sk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: BHOws Object - {D5DF7C9D-6069-4552-8B0C-D02A912FC889} - ws.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [860178344] "C:\Documents and Settings\All Users\Application Data\1636008257\860178344.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Search - ?p=ZRfox000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7579 bytes

[brano]

Nemohol som ten súbor nájsť aby som ho zadal do virustotalu, tak som ho našiel cez vyhladávač a vystrihol na pracovnú ploch. Teraz ho nejako odstrániť. Prosím o info. čo robiť s progr. ktoré som posťahoval podľa tvojich rád, mám ich nechať v poč. alebo odinštalovať až sa zbavím toho winwebu, aby nekolidovali s esetom. Všimol som si, že mi ostali fragmenty už odinštalovaných programov napr. spyboot. Ktorý program mám použiť na dočistenie? Ďakujem.

[brano]

Keď som teraz zapol poč. ikona winweb security už zmizla zo spodnej lišty, už je iba na prac. ploche, kde som ju včera vystrihol. Sú to dva súbory jeden application a druhý súbor PF. Teraz by som to rád dostal preč. Mám to jednoducho vyhodiť cez kôš, alebo nejako ináč? Ďakujem.

[jaro3]

Najdi a smaž:
C:\SDFix
Teda Ty jsi ho přesouval?,To je špatně, měls ho nechat kde je, všechno vrať.
Podívej se co je v této složce:
:\Documents and Settings\All Users\Application Data\1636008257\
tedy kromě té nákazy exe.Měla by se odstřelit celá tato složka.

Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

To dočištění po odinstalovaných programů bude až vyčištění compu.

//Edit jestli to chceš mít pryč:
Stahni si Avanger
do něj podle navodu:
zadej prikaz z kodu:

Kód: Vybrat vše

Folders to delete:
C:\Documents and Settings\All Users\Application Data\1636008257

po restartu novy log z avengeru
Musíš vše vrátit na původní místo!!

[brano]

ComboFix 08-12-04.04 - PC 2008-12-05 8:26:57.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1508 [GMT 1:00]
Running from: c:\documents and settings\All Users\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-04 21:42 . 2008-12-04 21:42 <DIR> d-------- c:\windows\ERUNT
2008-12-04 21:41 . 2008-12-04 21:51 <DIR> d-------- C:\SDFix
2008-12-04 21:28 . 2008-12-05 08:28 198,741 --a------ c:\windows\system32\ws.dll
2008-12-04 19:29 . 2008-12-04 19:29 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 19:28 . 2008-12-04 19:28 812,344 --a------ c:\program files\HJTInstall.exe
2008-12-04 19:16 . 2008-12-04 19:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 19:16 . 2008-12-04 19:16 <DIR> d-------- c:\documents and settings\PC\Application Data\Malwarebytes
2008-12-04 19:16 . 2008-12-04 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 19:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 19:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 19:13 . 2008-12-04 19:14 2,539,400 --a------ c:\program files\mbam-setup.exe
2008-12-04 18:00 . 2008-12-04 18:00 <DIR> d-------- c:\program files\ESET
2008-12-04 18:00 . 2008-12-04 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-02 15:19 . 2008-12-02 16:55 <DIR> d-------- c:\documents and settings\PC\Application Data\gtk-2.0
2008-12-02 15:19 . 2008-12-02 15:19 <DIR> d-------- c:\documents and settings\PC\.thumbnails
2008-12-02 15:18 . 2008-12-02 22:08 <DIR> d-------- c:\documents and settings\PC\.gimp-2.6
2008-12-02 15:18 . 2008-12-02 15:18 <DIR> d-------- c:\documents and settings\PC\.gegl-0.0
2008-12-02 13:23 . 2008-12-02 13:23 <DIR> d---s---- c:\documents and settings\PC\UserData
2008-12-01 16:16 . 2008-12-05 08:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\1636008257
2008-11-30 12:14 . 2008-11-30 12:14 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-29 13:34 . 2008-12-02 13:51 <DIR> d-------- c:\documents and settings\PC\Application Data\Corel
2008-11-29 13:34 . 2008-12-02 13:51 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-11-29 13:34 . 2008-12-02 13:51 88 -r-hs---- c:\windows\system32\A97C149DEC.sys
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\program files\Corel
2008-11-29 13:33 . 2008-11-29 13:34 <DIR> d-------- c:\program files\Common Files\Corel
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\All Users\My Music
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2008-11-29 12:47 . 2008-11-29 12:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-29 12:43 . 2008-11-29 12:43 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-11-28 10:23 . 2008-11-28 10:25 <DIR> d-------- c:\documents and settings\PC\Application Data\DepositFiles Uploader
2008-11-26 14:04 . 2008-11-26 14:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\388C
2008-11-26 11:27 . 2008-11-26 13:51 <DIR> d-------- c:\program files\NCH Software
2008-11-26 11:27 . 2008-12-01 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-26 11:27 . 2008-11-26 11:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2008-11-26 11:26 . 2008-12-01 18:16 <DIR> d-------- c:\program files\NCH Swift Sound
2008-11-26 11:26 . 2008-11-26 13:52 <DIR> d-------- c:\documents and settings\PC\Application Data\NCH Swift Sound
2008-11-26 11:26 . 2008-11-26 11:26 404,120 --a------ c:\program files\switchsetup.exe
2008-11-26 10:54 . 2008-11-26 10:54 <DIR> d-------- c:\documents and settings\PC\Application Data\Uniblue
2008-11-26 09:01 . 2008-12-04 16:29 7,340,032 --a------ C:\dump_dvd.vob
2008-11-26 01:09 . 2008-11-26 01:15 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-24 19:15 . 2008-11-24 19:15 <DIR> d-------- c:\documents and settings\PC\Application Data\Conceiva
2008-11-24 18:40 . 2008-11-24 18:40 <DIR> d-------- c:\windows\system32\windows media
2008-11-24 18:40 . 2008-11-24 18:40 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-24 18:40 . 2008-11-24 18:40 <DIR> d-------- c:\program files\Windows Media Components
2008-11-24 18:40 . 2008-11-24 18:40 36,734 --a------ c:\windows\system32\OggDSuninst.exe
2008-11-23 18:50 . 2008-11-23 18:50 1,411,535 --a------ c:\program files\wr380sk.exe
2008-11-23 16:39 . 2008-11-23 16:40 <DIR> d-------- c:\documents and settings\PC\Application Data\PeaZip
2008-11-23 10:45 . 2008-11-26 17:08 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-22 20:31 . 2008-11-23 19:18 <DIR> d-------- C:\desktop
2008-11-22 20:22 . 2008-11-23 16:30 394,074 ---h----- C:\treeinfo.wc
2008-11-22 19:21 . 2008-11-22 19:22 <DIR> d-------- c:\windows\system32\Adobe
2008-11-22 13:53 . 2008-11-24 19:26 <DIR> d-------- c:\documents and settings\PC\Application Data\skypePM
2008-11-22 13:53 . 2008-11-22 13:53 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-22 13:52 . 2008-11-25 23:42 <DIR> d-------- c:\documents and settings\PC\Application Data\Skype
2008-11-22 13:51 . 2008-11-22 13:51 <DIR> d-------- c:\program files\Skype
2008-11-22 13:51 . 2008-11-22 13:51 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-22 13:51 . 2008-11-22 13:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-11-22 13:48 . 2008-11-22 13:49 22,285,608 --a------ c:\program files\SkypeSetup.exe
2008-11-22 11:23 . 2008-11-24 09:12 4,594,616 --a------ c:\program files\Shockwave_Installer_Slim.exe
2008-11-22 11:22 . 2008-11-22 19:18 1,851,544 --a------ c:\program files\install_flash_player.exe
2008-11-21 15:15 . 2008-11-21 15:15 201,440 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-21 15:15 . 2008-11-21 15:15 138,512 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-21 15:15 . 2008-11-21 15:15 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-20 13:46 . 2008-11-20 13:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\C1D4
2008-11-20 13:40 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx
2008-11-20 10:40 . 2008-11-20 15:29 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-20 10:39 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-20 10:39 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-20 10:38 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-20 10:38 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-20 10:38 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-20 10:38 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-20 10:38 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-19 23:27 . 2008-11-21 00:03 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-19 20:45 . 2008-11-19 20:45 <DIR> d-------- c:\program files\iTunes
2008-11-19 20:45 . 2008-11-19 20:45 <DIR> d-------- c:\program files\iPod
2008-11-19 20:45 . 2008-11-19 20:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-19 20:44 . 2008-11-19 20:44 <DIR> d-------- c:\program files\QuickTime
2008-11-19 20:44 . 2008-11-19 20:44 <DIR> d-------- c:\program files\Bonjour
2008-11-19 20:43 . 2008-11-19 20:43 <DIR> d-------- c:\program files\Apple Software Update
2008-11-19 20:36 . 2008-11-19 20:39 67,167,528 --a------ c:\program files\iTunes801Setup.exe
2008-11-19 20:18 . 2008-11-19 20:18 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-11-19 20:18 . 2008-11-19 20:19 <DIR> d-------- c:\program files\ICQ6
2008-11-19 20:18 . 2008-11-19 20:19 <DIR> d-------- c:\documents and settings\PC\Application Data\ICQ
2008-11-19 20:18 . 2008-11-19 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\ICQ
2008-11-19 19:29 . 2008-11-19 19:29 <DIR> d-------- c:\documents and settings\PC\Application Data\Sony
2008-11-19 19:29 . 2008-11-19 19:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-19 19:22 . 2008-11-19 19:22 <DIR> d-------- c:\program files\Sony
2008-11-19 19:22 . 2008-11-19 19:22 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-11-19 19:21 . 2008-11-21 15:15 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-19 19:21 . 2008-11-25 12:09 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-19 19:21 . 2006-09-16 01:05 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-11-19 19:16 . 2008-11-19 19:16 <DIR> d-------- c:\program files\Sony Setup
2008-11-06 09:59 . 2008-11-06 09:59 <DIR> d-------- c:\program files\ASIO4ALL v2
2008-11-06 09:58 . 2008-11-06 09:59 <DIR> d-------- c:\program files\VstPlugins
2008-11-06 09:58 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2008-11-06 09:58 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2008-11-06 09:57 . 2008-11-06 09:59 <DIR> d-------- c:\program files\Image-Line
2008-11-06 09:55 . 2007-02-02 19:57 78,837,111 --a------ c:\program files\flstudio7_RC6b.exe
2008-11-05 20:08 . 2008-11-05 20:08 271,360 --a------ c:\windows\system32\drivers\atksgt.sys
2008-11-05 20:08 . 2008-11-05 20:08 18,048 --a------ c:\windows\system32\drivers\lirsgt.sys
2008-11-05 20:07 . 2008-11-05 20:07 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-05 20:07 . 2008-11-05 21:51 <DIR> d-------- c:\program files\Playlogic
2008-11-05 20:07 . 2008-11-05 20:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-05 20:07 . 2008-11-05 20:07 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\Support
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\SPA
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\ITA
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\game
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\FR
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\ENG
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\DirectX
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\Ageia
2008-11-05 20:05 . 2006-12-15 10:08 2,829 --a------ c:\documents and settings\PC\_gzuninstall.pif
2008-11-05 10:02 . 2008-11-19 19:37 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-05 10:02 . 2008-11-06 13:56 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 16:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-04 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 16:49 17,420,800 ----a-w c:\program files\Nod32_3.0.642-0.msi
2008-12-04 15:38 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2008-12-01 17:16 --------- d-----w c:\program files\NCH Swift Sound
2008-11-29 21:20 --------- d-----w c:\program files\Common Files\Adobe
2008-11-29 13:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 13:24 --------- d-----w c:\program files\ASUS
2008-11-26 12:51 --------- d-----w c:\program files\NCH Software
2008-11-22 22:43 --------- d-----w c:\program files\totalcmd
2008-11-22 20:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-19 19:44 --------- d-----w c:\program files\Common Files\Apple
2008-11-19 18:22 --------- d-----w c:\program files\Sony Ericsson
2008-11-19 18:17 --------- d-----w c:\documents and settings\PC\Application Data\Sony Setup
2008-11-19 15:41 --------- d-----w c:\program files\Avanquest update
2008-11-04 19:43 --------- d-----r c:\program files\Zoner
2008-11-04 14:16 --------- d-----w c:\documents and settings\PC\Application Data\Zoner
2008-11-04 07:09 --------- d-----w c:\program files\MP3Gain
2008-11-04 06:54 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-11-04 06:53 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-11-03 18:26 --------- d-----w c:\documents and settings\PC\Application Data\Apple Computer
2008-11-03 18:06 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-03 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-01 20:36 --------- d-----w c:\program files\Realtek
2008-11-01 20:36 --------- d-----w c:\documents and settings\PC\Application Data\InstallShield
2008-11-01 20:33 --------- d-----w c:\program files\Intel
2008-11-01 20:21 --------- d-----w c:\program files\microsoft frontpage
2008-11-01 15:31 --------- d-----w c:\documents and settings\PC\Application Data\OpenOffice.org
2008-11-01 15:30 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-01 14:56 --------- d-----w c:\program files\Common Files\Ahead
2008-11-01 14:56 --------- d-----w c:\documents and settings\PC\Application Data\Ahead
2008-11-01 14:55 --------- d-----w c:\program files\Nero
2008-11-01 14:55 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-01 14:26 --------- d-----w c:\program files\Alwil Software
2008-11-01 14:21 --------- d-----w c:\program files\VIA
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-02-12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-02-12 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-13 380928]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"860178344"="c:\documents and settings\All Users\Application Data\1636008257\860178344.exe" [2008-12-01 1070115]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800]
"nwiz"="nwiz.exe" [2007-09-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]

c:\documents and settings\PC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-13 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"My Web Search Bar"=rundll32 c:\progra~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-03-13 472320]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-19 222456]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sys [2008-11-01 12416]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\DRIVERS\psched.sys [2008-02-12 69120]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-11-01 222976]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2008-11-01 10752]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-11-04 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-11-04 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-11-04 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-11-04 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-11-04 100648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5da3b160-aa3d-11dd-9f61-002215c9b29c}]
\Shell\AutoRun\command - 8ng8w.com
\Shell\explore\Command - 8ng8w.com
\Shell\open\Command - 8ng8w.com
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
BHO-{D5DF7C9D-6069-4552-8B0C-D02A912FC889} - ws.dll
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/sk/
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZRfox000
FireFox -: Profile - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\kl5g0g5a.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.bearshare.com/sk/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 08:28:37
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-05 8:29:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 07:29:36

Pre-Run: 102 418 690 048 bytes free
Post-Run: 10 adresárov, 102,714,785,792 voľných bajtov

289 --- E O F --- 2008-11-30 11:14:16

[brano]

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3, v.5657)
Fri Dec 05 08:37:09 2008

08:37:09: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Documents and Settings\All Users\Application Data\1636008257" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[brano]

Už tá ikona konečne zmizla z lišty. Všetko som najprv vrátil na pôvodné miesto podľa inštrukcií. V súbore boli ešte okrem exe. 3 zložky 2 textové súbory a jazyk ang. nem. špan. Teraz hádam ešte dočistiť prosím. Pri načítaní mozzila ma stále hodí na bearshare aj keď som ho už dávnejšie odinštaloval, zavliekla mi to tam dcéra k ipodu.Ďakujem.

[jaro3]

Odinstaluj bearshare.
Když nepůjde , smaž celou složku:
c:\program files\BearShare Applications

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"My Web Search Bar"=rundll32 c:\progra~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\program files\Nod32_3.0.642-0.msi
Vlož výsledek..
//EdIT: můžeš smazat složku: C:\SDFix

[brano]

ComboFix 08-12-04.04 - PC 2008-12-05 9:44:06.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1535 [GMT 1:00]
Running from: c:\documents and settings\All Users\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-04 21:42 . 2008-12-04 21:42 <DIR> d-------- c:\windows\ERUNT
2008-12-04 21:41 . 2008-12-04 21:51 <DIR> d-------- C:\SDFix
2008-12-04 21:28 . 2008-12-05 08:28 198,741 --a------ c:\windows\system32\ws.dll
2008-12-04 19:29 . 2008-12-04 19:29 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 19:28 . 2008-12-04 19:28 812,344 --a------ c:\program files\HJTInstall.exe
2008-12-04 19:16 . 2008-12-04 19:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 19:16 . 2008-12-04 19:16 <DIR> d-------- c:\documents and settings\PC\Application Data\Malwarebytes
2008-12-04 19:16 . 2008-12-04 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 19:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 19:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-04 19:13 . 2008-12-04 19:14 2,539,400 --a------ c:\program files\mbam-setup.exe
2008-12-04 18:00 . 2008-12-04 18:00 <DIR> d-------- c:\program files\ESET
2008-12-04 18:00 . 2008-12-04 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-02 15:19 . 2008-12-02 16:55 <DIR> d-------- c:\documents and settings\PC\Application Data\gtk-2.0
2008-12-02 15:19 . 2008-12-02 15:19 <DIR> d-------- c:\documents and settings\PC\.thumbnails
2008-12-02 15:18 . 2008-12-02 22:08 <DIR> d-------- c:\documents and settings\PC\.gimp-2.6
2008-12-02 15:18 . 2008-12-02 15:18 <DIR> d-------- c:\documents and settings\PC\.gegl-0.0
2008-12-02 13:23 . 2008-12-02 13:23 <DIR> d---s---- c:\documents and settings\PC\UserData
2008-11-30 12:14 . 2008-11-30 12:14 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-29 13:34 . 2008-12-02 13:51 <DIR> d-------- c:\documents and settings\PC\Application Data\Corel
2008-11-29 13:34 . 2008-12-02 13:51 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-11-29 13:34 . 2008-12-02 13:51 88 -r-hs---- c:\windows\system32\A97C149DEC.sys
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\program files\Corel
2008-11-29 13:33 . 2008-11-29 13:34 <DIR> d-------- c:\program files\Common Files\Corel
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\All Users\My Music
2008-11-29 13:33 . 2008-11-29 13:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2008-11-29 12:47 . 2008-11-29 12:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-29 12:43 . 2008-11-29 12:43 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-11-28 10:23 . 2008-11-28 10:25 <DIR> d-------- c:\documents and settings\PC\Application Data\DepositFiles Uploader
2008-11-26 14:04 . 2008-11-26 14:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\388C
2008-11-26 11:27 . 2008-11-26 13:51 <DIR> d-------- c:\program files\NCH Software
2008-11-26 11:27 . 2008-12-01 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-26 11:27 . 2008-11-26 11:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2008-11-26 11:26 . 2008-12-01 18:16 <DIR> d-------- c:\program files\NCH Swift Sound
2008-11-26 11:26 . 2008-11-26 13:52 <DIR> d-------- c:\documents and settings\PC\Application Data\NCH Swift Sound
2008-11-26 11:26 . 2008-11-26 11:26 404,120 --a------ c:\program files\switchsetup.exe
2008-11-26 10:54 . 2008-11-26 10:54 <DIR> d-------- c:\documents and settings\PC\Application Data\Uniblue
2008-11-26 09:01 . 2008-12-04 16:29 7,340,032 --a------ C:\dump_dvd.vob
2008-11-26 01:09 . 2008-11-26 01:15 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-24 19:15 . 2008-11-24 19:15 <DIR> d-------- c:\documents and settings\PC\Application Data\Conceiva
2008-11-24 18:40 . 2008-11-24 18:40 <DIR> d-------- c:\windows\system32\windows media
2008-11-24 18:40 . 2008-11-24 18:40 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-24 18:40 . 2008-11-24 18:40 <DIR> d-------- c:\program files\Windows Media Components
2008-11-24 18:40 . 2008-11-24 18:40 36,734 --a------ c:\windows\system32\OggDSuninst.exe
2008-11-23 18:50 . 2008-11-23 18:50 1,411,535 --a------ c:\program files\wr380sk.exe
2008-11-23 16:39 . 2008-11-23 16:40 <DIR> d-------- c:\documents and settings\PC\Application Data\PeaZip
2008-11-23 10:45 . 2008-11-26 17:08 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-22 20:31 . 2008-11-23 19:18 <DIR> d-------- C:\desktop
2008-11-22 20:22 . 2008-11-23 16:30 394,074 ---h----- C:\treeinfo.wc
2008-11-22 19:21 . 2008-11-22 19:22 <DIR> d-------- c:\windows\system32\Adobe
2008-11-22 13:53 . 2008-11-24 19:26 <DIR> d-------- c:\documents and settings\PC\Application Data\skypePM
2008-11-22 13:53 . 2008-11-22 13:53 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-22 13:52 . 2008-11-25 23:42 <DIR> d-------- c:\documents and settings\PC\Application Data\Skype
2008-11-22 13:51 . 2008-11-22 13:51 <DIR> d-------- c:\program files\Skype
2008-11-22 13:51 . 2008-11-22 13:51 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-22 13:51 . 2008-11-22 13:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-11-22 13:48 . 2008-11-22 13:49 22,285,608 --a------ c:\program files\SkypeSetup.exe
2008-11-22 11:23 . 2008-11-24 09:12 4,594,616 --a------ c:\program files\Shockwave_Installer_Slim.exe
2008-11-22 11:22 . 2008-11-22 19:18 1,851,544 --a------ c:\program files\install_flash_player.exe
2008-11-21 15:15 . 2008-11-21 15:15 201,440 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-21 15:15 . 2008-11-21 15:15 138,512 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-21 15:15 . 2008-11-21 15:15 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-20 13:46 . 2008-11-20 13:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\C1D4
2008-11-20 13:40 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx
2008-11-20 10:40 . 2008-11-20 15:29 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-20 10:39 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-20 10:39 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-20 10:38 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-20 10:38 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-20 10:38 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-20 10:38 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-20 10:38 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-19 23:27 . 2008-11-21 00:03 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-19 20:45 . 2008-11-19 20:45 <DIR> d-------- c:\program files\iTunes
2008-11-19 20:45 . 2008-11-19 20:45 <DIR> d-------- c:\program files\iPod
2008-11-19 20:45 . 2008-11-19 20:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-19 20:44 . 2008-11-19 20:44 <DIR> d-------- c:\program files\QuickTime
2008-11-19 20:44 . 2008-11-19 20:44 <DIR> d-------- c:\program files\Bonjour
2008-11-19 20:43 . 2008-11-19 20:43 <DIR> d-------- c:\program files\Apple Software Update
2008-11-19 20:36 . 2008-11-19 20:39 67,167,528 --a------ c:\program files\iTunes801Setup.exe
2008-11-19 20:18 . 2008-11-19 20:18 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-11-19 20:18 . 2008-11-19 20:19 <DIR> d-------- c:\program files\ICQ6
2008-11-19 20:18 . 2008-11-19 20:19 <DIR> d-------- c:\documents and settings\PC\Application Data\ICQ
2008-11-19 20:18 . 2008-11-19 20:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\ICQ
2008-11-19 19:29 . 2008-11-19 19:29 <DIR> d-------- c:\documents and settings\PC\Application Data\Sony
2008-11-19 19:29 . 2008-11-19 19:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-19 19:22 . 2008-11-19 19:22 <DIR> d-------- c:\program files\Sony
2008-11-19 19:22 . 2008-11-19 19:22 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-11-19 19:21 . 2008-11-21 15:15 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-19 19:21 . 2008-11-25 12:09 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-19 19:21 . 2006-09-16 01:05 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-11-19 19:16 . 2008-11-19 19:16 <DIR> d-------- c:\program files\Sony Setup
2008-11-06 09:59 . 2008-11-06 09:59 <DIR> d-------- c:\program files\ASIO4ALL v2
2008-11-06 09:58 . 2008-11-06 09:59 <DIR> d-------- c:\program files\VstPlugins
2008-11-06 09:58 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2008-11-06 09:58 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
2008-11-06 09:57 . 2008-11-06 09:59 <DIR> d-------- c:\program files\Image-Line
2008-11-06 09:55 . 2007-02-02 19:57 78,837,111 --a------ c:\program files\flstudio7_RC6b.exe
2008-11-05 20:08 . 2008-11-05 20:08 271,360 --a------ c:\windows\system32\drivers\atksgt.sys
2008-11-05 20:08 . 2008-11-05 20:08 18,048 --a------ c:\windows\system32\drivers\lirsgt.sys
2008-11-05 20:07 . 2008-11-05 20:07 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-05 20:07 . 2008-11-05 21:51 <DIR> d-------- c:\program files\Playlogic
2008-11-05 20:07 . 2008-11-05 20:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-05 20:07 . 2008-11-05 20:07 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\Support
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\SPA
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\ITA
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\game
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\FR
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\ENG
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\DirectX
2008-11-05 20:05 . 2008-11-05 20:05 <DIR> d-------- c:\documents and settings\PC\Ageia
2008-11-05 20:05 . 2006-12-15 10:08 2,829 --a------ c:\documents and settings\PC\_gzuninstall.pif
2008-11-05 10:02 . 2008-11-19 19:37 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-05 10:02 . 2008-11-06 13:56 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 16:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-04 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 16:49 17,420,800 ----a-w c:\program files\Nod32_3.0.642-0.msi
2008-12-04 15:38 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2008-12-01 17:16 --------- d-----w c:\program files\NCH Swift Sound
2008-11-29 21:20 --------- d-----w c:\program files\Common Files\Adobe
2008-11-29 13:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 13:24 --------- d-----w c:\program files\ASUS
2008-11-26 12:51 --------- d-----w c:\program files\NCH Software
2008-11-22 22:43 --------- d-----w c:\program files\totalcmd
2008-11-22 20:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-19 19:44 --------- d-----w c:\program files\Common Files\Apple
2008-11-19 18:22 --------- d-----w c:\program files\Sony Ericsson
2008-11-19 18:17 --------- d-----w c:\documents and settings\PC\Application Data\Sony Setup
2008-11-19 15:41 --------- d-----w c:\program files\Avanquest update
2008-11-04 19:43 --------- d-----r c:\program files\Zoner
2008-11-04 14:16 --------- d-----w c:\documents and settings\PC\Application Data\Zoner
2008-11-04 07:09 --------- d-----w c:\program files\MP3Gain
2008-11-04 06:54 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-11-04 06:53 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-11-03 18:26 --------- d-----w c:\documents and settings\PC\Application Data\Apple Computer
2008-11-03 18:06 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-03 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-01 20:36 --------- d-----w c:\program files\Realtek
2008-11-01 20:36 --------- d-----w c:\documents and settings\PC\Application Data\InstallShield
2008-11-01 20:33 --------- d-----w c:\program files\Intel
2008-11-01 20:21 --------- d-----w c:\program files\microsoft frontpage
2008-11-01 15:31 --------- d-----w c:\documents and settings\PC\Application Data\OpenOffice.org
2008-11-01 15:30 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-01 14:56 --------- d-----w c:\program files\Common Files\Ahead
2008-11-01 14:56 --------- d-----w c:\documents and settings\PC\Application Data\Ahead
2008-11-01 14:55 --------- d-----w c:\program files\Nero
2008-11-01 14:55 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-01 14:26 --------- d-----w c:\program files\Alwil Software
2008-11-01 14:21 --------- d-----w c:\program files\VIA
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-02-12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-02-12 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-13 380928]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800]
"nwiz"="nwiz.exe" [2007-09-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]

c:\documents and settings\PC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-13 393216]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-03-13 472320]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-11-19 222456]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sys [2008-11-01 12416]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\DRIVERS\psched.sys [2008-02-12 69120]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-11-01 222976]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2008-11-01 10752]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-11-04 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-11-04 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-11-04 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-11-04 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-11-04 100648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5da3b160-aa3d-11dd-9f61-002215c9b29c}]
\Shell\AutoRun\command - 8ng8w.com
\Shell\explore\Command - 8ng8w.com
\Shell\open\Command - 8ng8w.com

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/sk/
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZRfox000
FireFox -: Profile - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\kl5g0g5a.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.bearshare.com/sk/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 09:44:35
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-05 9:45:05
ComboFix-quarantined-files.txt 2008-12-05 08:44:56
ComboFix2.txt 2008-12-05 08:38:35
ComboFix3.txt 2008-12-05 07:29:40

Pre-Run: 102 702 055 424 bytes free
Post-Run: 11 adresárov, 102,690,770,944 voľných bajtov

263 --- E O F --- 2008-11-30 11:14:16

[brano]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:47, on 5.12.2008
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3311)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Search - ?p=ZRfox000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7021 bytes