Zkontrolujte moj log z Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:37, on 17.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ICQ6\ICQ.exe
D:\half life 2\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Windows Media Player\wmplayer.exe
d:\half life 2\steamapps\ugol\garrysmod\hl2.exe
D:\half life 2\GameOverlayUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll (file missing)
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\system32\XPAud\
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Steam] "d:\half life 2\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: WinMySQLadmin.lnk = D:\XAmpp\xampp\mysql\bin\winmysqladmin.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - D:\XAmpp\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - D:\NERO Traps\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11180 bytes


Plz pomoc sekaju mi aj hry ktore mi nesekali, napr. world of warcraft mi nesekalo a raz som ho spustil a zacalo sekat, niektore hry tiez.

Fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll (file missing)
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [] C:\WINDOWS\system32\XPAud\
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)


Odinštaluj Megaupload toolbar


Toto poznáš?

C:\Program Files\GameSpot

Jj, poznam dam to prec

Myslím, že problém to neodstráni. Preto sprav toto:

Stiahnite ComboFix –->
http://download.bleepingcomputer.com/sU ... mboFix.exe

Riaďte sa inštrukciami na obrazovke, neklikajte, počítač môže byť reštartovaný. Vložte na fórum obsah súbora C:\ComboFix.txt

ComboFix 07-10-17.8 - Martin 2007-10-17 18:39:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.453 [GMT 2:00]
Running from: C:\Documents and Settings\Martin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Martin\Application Data\macromedia\Flash Player\#SharedObjects\EJJSLFQJ\iforex.com
C:\Documents and Settings\Martin\Application Data\macromedia\Flash Player\#SharedObjects\EJJSLFQJ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Martin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Martin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\Common Files\{289F7~1
C:\Program Files\Common Files\{289F7~1\system.dll
C:\Program Files\Common Files\{389F7~1
C:\Program Files\download plugin
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\sfsync02.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-17 18:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-17 18:06 <DIR> d-------- C:\Program Files\Lavalys
2007-10-17 17:54 <DIR> d-------- C:\Program Files\SpeedFan
2007-10-17 17:33 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-17 16:54 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Skype
2007-10-17 16:53 <DIR> d-------- C:\Program Files\Skype
2007-10-17 16:53 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-17 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-14 14:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-14 11:03 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-10-14 11:02 192,000 --------- C:\WINDOWS\system32\DllCache\offfilt.dll
2007-10-14 11:02 98,304 --------- C:\WINDOWS\system32\DllCache\nlhtml.dll
2007-10-14 11:02 29,696 --------- C:\WINDOWS\system32\DllCache\mimefilt.dll
2007-10-14 11:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-10-14 10:43 <DIR> d-------- C:\Program Files\Windows Live
2007-10-14 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-10 14:39 582,656 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll
2007-10-07 01:27 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-10-03 08:52 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-10-03 08:52 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-10-01 23:09 <DIR> d-------- C:\Program Files\Easiestutils
2007-10-01 18:55 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-09-29 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-27 22:15 52,260 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-09-27 22:09 <DIR> d-------- C:\WINDOWS\BricoPacks
2007-09-27 22:09 6,116 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-27 19:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-27 19:10 128,896 --------- C:\WINDOWS\system32\DllCache\fltmgr.sys
2007-09-27 19:10 23,040 --------- C:\WINDOWS\system32\DllCache\fltmc.exe
2007-09-27 19:10 16,896 --------- C:\WINDOWS\system32\DllCache\fltlib.dll
2007-09-27 19:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-27 19:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-27 19:03 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-27 19:02 <DIR> d-------- C:\WINDOWS\system32\DllCache
2007-09-27 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-09-27 18:37 2,450,944 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll
2007-09-27 18:36 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-09-27 18:30 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-26 17:47 <DIR> d-------- C:\Program Files\Xilisoft
2007-09-26 13:34 <DIR> d-------- C:\Documents and Settings\Martin\Phone Browser
2007-09-26 10:11 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Nokia Multimedia Player
2007-09-26 09:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-09-26 09:39 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-26 09:39 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-26 09:39 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Nokia
2007-09-26 09:38 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-09-26 09:38 <DIR> d-------- C:\Program Files\Nokia
2007-09-26 09:38 <DIR> d-------- C:\Program Files\DIFX
2007-09-26 09:38 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\PC Suite
2007-09-26 09:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-26 09:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-09-22 16:46 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-09-22 16:46 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-09-22 16:46 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-09-22 16:46 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-09-22 16:46 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-09-22 16:46 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-09-21 13:03 <DIR> d-------- C:\Program Files\ICQ6
2007-09-20 22:02 <DIR> d-------- C:\Program Files\GameSpot
2007-09-20 19:46 <DIR> d-------- C:\WINDOWS\system32\CSpool
2007-09-20 19:19 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-20 18:23 <DIR> d-------- C:\Temp\PACKAGES
2007-09-20 18:23 11,644,976 --a------ C:\Temp\Icq6setup-5381.exe
2007-09-20 18:23 341 --a------ C:\Temp\setup.bat
2007-09-20 15:44 19,456 --a------ C:\WINDOWS\sctrv32.exe
2007-09-20 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2007-09-20 15:23 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-09-20 15:23 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-09-19 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-19 22:03 7,938 --a------ C:\WINDOWS\slog.dll
2007-09-19 21:53 1 --a------ C:\Documents and Settings\Martin\SI.bin
2007-09-19 20:47 <DIR> d-------- C:\WINDOWS\system32\XPAud
2007-09-19 20:47 <DIR> d-------- C:\WINDOWS\IDDE
2007-09-19 20:47 <DIR> d-------- C:\WINDOWS\Firewall
2007-09-19 20:47 <DIR> d-------- C:\Program Files\Accessories

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 15:56 --------- d-----w C:\Documents and Settings\Martin\Application Data\MegauploadToolbar
2007-10-16 14:30 1,086,297 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-15 17:10 --------- d-----w C:\Program Files\Winamp
2007-10-14 13:18 --------- d-----w C:\Program Files\PhotonFX
2007-10-14 13:18 --------- d-----w C:\Program Files\FileZilla
2007-10-13 22:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-03 06:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-01 15:13 --------- d-----w C:\Program Files\Java
2007-09-29 17:16 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-26 12:35 --------- d-----w C:\Documents and Settings\Martin\Application Data\AVG7
2007-09-21 11:03 --------- d-----w C:\Documents and Settings\Martin\Application Data\ICQ
2007-09-20 17:21 --------- d-----w C:\Documents and Settings\Martin\Application Data\Hamachi
2007-09-20 17:19 --------- d-----w C:\Documents and Settings\Martin\Application Data\Lionhead Studios
2007-09-20 16:09 --------- d-----w C:\Documents and Settings\Martin\Application Data\GetRightToGo
2007-09-20 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-19 19:57 --------- d-----w C:\Program Files\ICQToolbar
2007-09-19 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2007-09-18 19:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-17 14:21 --------- d-----w C:\Program Files\12Ghosts
2007-09-10 20:08 --------- d-----w C:\Program Files\BearShare Applications
2007-09-06 19:14 --------- d-----w C:\Program Files\MegauploadToolbar
2007-09-05 18:01 --------- d-----w C:\Documents and Settings\Martin\Application Data\Sony
2007-09-05 18:01 --------- d-----w C:\Documents and Settings\Martin\Application Data\Publish Providers
2007-09-05 17:57 --------- d-----w C:\Program Files\PrivacyEraser Computing
2007-09-03 19:02 --------- d--h--r C:\Documents and Settings\Martin\Application Data\SecuROM
2007-08-22 02:33 46,432 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-08-15 13:04 578,560 ----a-w C:\WINDOWS\WLXPGSS.SCR
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 23:05]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 08:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 08:03]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-16 09:06]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-01 10:00 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-08-08 17:03]
"Steam"="d:\half life 2\steam.exe" [2007-10-14 21:51]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 10:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnsc"=C:\WINDOWS\system32\msnsc.exe
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Martin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50]
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GDM_TrayApp.exe [2007-08-28 19:23:00]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Martin\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Documents and Settings\Martin\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"D:\BearShare\BearShare.exe" /pause

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
S0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 oflpydin;oflpydin;\??\C:\DOCUME~1\Martin\LOCALS~1\Temp\oflpydin.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 16:00:01 C:\WINDOWS\Tasks\A787B64891842FC4.job"
- c:\docume~1\martin\applic~1\baitme~1\Way Owns Meow.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 18:48:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 18:51:46 - machine was rebooted
.
--- E O F ---

Návod => http://www.viry.cz/forum/viewtopic.php?t=34528