Smitfraud-C.CoreService

[panpar]

ComboFix 08-02.05.3 - ΠΑΝΟΣ 2008-02-06 22:39:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1253.1.1032.18.990 [GMT 2:00]
Running from: C:\Users\ΠΑΝΟΣ\Desktop\ComboFix.exe
Command switches used :: C:\Users\ΠΑΝΟΣ\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Windows\System32\drivers\iteatapii.sys.vir
C:\Windows\System32\drivers\spldrr.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\System32\drivers\spldrr.sys
C:\temp\tn3
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\System32\drivers\iteatapii.sys.vir
C:\Windows\System32\drivers\spldrr.sys

.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-06 18:33 . 2006-11-02 11:44 320,000 --a------ C:\kmd.exe
2008-02-06 04:14 . 2008-02-06 04:14 <DIR> d-------- C:\Program Files\Common Files\Xstream
2008-02-02 20:52 . 2008-02-06 04:14 <DIR> d-------- C:\Program Files\myTV
2008-02-02 20:52 . 2005-03-14 18:27 338,432 --a------ C:\Windows\System32\3dabm7u.ocx
2008-02-02 20:52 . 2005-09-17 02:34 227,840 --a------ C:\Windows\System32\tssOfficeMenu1d.ocx
2008-02-02 20:52 . 1998-06-24 00:00 115,016 --a------ C:\Windows\System32\MSINET.OCX
2008-02-02 20:52 . 2000-12-06 01:00 109,248 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-02-02 20:52 . 2002-12-11 20:38 47,104 --a------ C:\Windows\System32\declrds.ax
2008-01-31 08:55 . 2008-01-31 08:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 02:36 . 2008-01-31 02:36 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-01-29 20:52 . 2008-02-06 03:55 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-01-15 23:33 . 2008-01-22 04:14 162 --a------ C:\Windows\wininit.ini
2008-01-15 04:27 . 2008-01-15 04:27 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-15 01:16 . 2008-01-15 04:27 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-13 06:21 . 2008-02-06 16:13 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-13 06:21 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-01-13 06:21 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-01-13 06:21 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-01-13 06:21 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-12 17:09 . 2008-01-13 06:51 <DIR> d-------- C:\Program Files\Trojan Remover
2008-01-09 19:51 . 2008-01-10 22:07 <DIR> d-------- C:\Program Files\Armadillo Run
2008-01-09 13:33 . 2008-01-09 13:33 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 13:33 . 2008-01-09 13:33 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 13:33 . 2008-01-09 13:33 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 13:33 . 2008-01-09 13:33 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 13:33 . 2008-01-09 13:33 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 13:31 . 2008-01-09 13:31 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 13:31 . 2008-01-09 13:31 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 13:31 . 2008-01-09 13:31 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 13:31 . 2008-01-09 13:31 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 13:31 . 2008-01-09 13:31 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 13:31 . 2008-01-09 13:31 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 13:31 . 2008-01-09 13:31 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 13:31 . 2008-01-09 13:31 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 13:31 . 2008-01-09 13:31 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-09 13:31 . 2008-01-09 13:31 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-07 16:32 . 2008-01-07 16:32 0 --a------ C:\Windows\System32\ssprs.tgz
2008-01-07 16:32 . 2008-01-07 16:32 0 --a------ C:\Windows\System32\nsprs.tgz
2008-01-07 16:30 . 2008-01-07 16:32 <DIR> d-------- C:\Program Files\SPSSEval
2008-01-07 13:13 . 2007-04-23 15:54 100,488 --a------ C:\Windows\System32\drivers\s115mgmt.sys
2008-01-07 13:12 . 2007-04-23 15:54 108,680 --a------ C:\Windows\System32\drivers\s115mdm.sys
2008-01-07 13:12 . 2007-04-23 15:54 98,568 --a------ C:\Windows\System32\drivers\s115obex.sys
2008-01-07 13:12 . 2007-04-23 15:54 83,208 --a------ C:\Windows\System32\drivers\s115bus.sys
2008-01-07 13:12 . 2007-04-23 15:54 15,112 --a------ C:\Windows\System32\drivers\s115mdfl.sys
2008-01-07 13:12 . 2007-04-23 15:54 12,424 --a------ C:\Windows\System32\drivers\s115whnt.sys
2008-01-07 13:12 . 2007-04-23 15:54 12,424 --a------ C:\Windows\System32\drivers\s115wh.sys
2008-01-07 13:12 . 2007-04-23 15:54 12,424 --a------ C:\Windows\System32\drivers\s115cmnt.sys
2008-01-07 13:12 . 2007-04-23 15:54 12,424 --a------ C:\Windows\System32\drivers\s115cm.sys
2008-01-07 13:09 . 2008-01-07 13:09 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-01-07 13:09 . 2008-01-07 13:09 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-01-07 13:09 . 2008-01-07 13:09 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-07 13:07 . 2008-01-07 13:10 <DIR> d-------- C:\Users\All Users\Teleca
2008-01-07 13:07 . 2008-01-07 13:09 <DIR> d-------- C:\Users\All Users\Sony Ericsson
2008-01-07 13:07 . 2008-01-07 13:10 <DIR> d-------- C:\ProgramData\Teleca
2008-01-07 13:07 . 2008-01-07 13:09 <DIR> d-------- C:\ProgramData\Sony Ericsson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 16:41 --------- d---a-w C:\ProgramData\TEMP
2008-02-06 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 19:27 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-01-15 19:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-12 16:39 --------- d-----w C:\Program Files\Webteh
2008-01-09 11:35 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 11:31 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 11:31 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 11:31 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 11:31 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 11:31 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 11:14 --------- d-----w C:\Program Files\Google
2008-01-09 10:49 --------- d-----w C:\ProgramData\Symantec
2008-01-09 10:48 --------- d-----w C:\ProgramData\Nero
2008-01-05 20:16 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-01-05 14:25 --------- d-----w C:\Program Files\uTorrent
2008-01-05 12:23 --------- d-----w C:\Program Files\Veoh Networks
2007-12-30 10:55 --------- d-----w C:\ProgramData\Eset
2007-12-30 10:55 --------- d-----w C:\Program Files\ESET
2007-12-29 22:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-29 20:59 --------- d-----w C:\Program Files\Symantec
2007-12-29 13:08 --------- d-----w C:\Program Files\Microsoft Works
2007-12-29 13:07 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-23 10:54 --------- d-----w C:\ProgramData\LightScribe
2007-12-23 10:35 --------- d-----w C:\Program Files\Nero
2007-12-21 06:21 71,176 ----a-w C:\Windows\system32\drivers\epfw.sys
2007-12-21 06:21 53,768 ----a-w C:\Windows\system32\drivers\epfwtdi.sys
2007-12-21 06:21 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys
2007-12-21 06:20 30,216 ----a-w C:\Windows\system32\drivers\easdrv.sys
2007-12-21 06:19 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys
2007-12-18 12:33 --------- d-----w C:\Program Files\ZipCentral
2007-12-12 02:48 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 02:48 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 02:48 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 02:47 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 02:47 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 02:47 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 02:47 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 02:47 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 02:47 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 02:47 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 02:47 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 02:45 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 02:45 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-11 19:57 --------- d-----w C:\Program Files\TVUPlayer
2007-11-15 12:46 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 01:02 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 01:02 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 01:02 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 01:02 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 01:02 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 01:02 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 01:02 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 01:02 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 01:02 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 01:02 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-10-24 00:11 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{D0943516-5076-4020-A3B5-AEFAF26AB263}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-12 12:18 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 15:38 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 10:36 1286144]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 17:42 457728]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-04 09:26 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-04 09:26 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-04 09:26 133912]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-03-09 17:51 45056]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-04-04 09:02 678672]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 10:16 206952]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-11-07 14:57 159744]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-11 15:35 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2001-01-17 05:01:22 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-12 17:43]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-12 17:43]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-12 17:43]
R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 15:27]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-12 17:43]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-17 19:36]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 22:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 05:57]
R3 NETw4v32;Πρόγραμμα οδήγησης προσαρμογέα Intel(R) Wireless WiFi Link για Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 00:14]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-07 17:35]
S3 NETw3v32;Πρόγραμμα οδήγησης προσαρμογέα Intel(R) PRO/Wireless 3945ABG για Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 09:30]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 17:07:26 C:\Windows\Tasks\At1.job"
- C:\Windows\system32\kmd.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 22:43:38
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\33C5~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2008-02-06 22:47:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 20:46:57
ComboFix2.txt 2008-02-06 17:11:20
.
2008-01-30 00:03:36 --- E O F ---

[panpar]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:56 πμ, on 7/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\33C5~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://odys-online.blogspot.com/2007...online-tv.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://el.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10039 bytes

[Shaba]

Hi

No worries, it's disabled at least now

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (If available otherwise Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Click OK
• Now under select a target to scan select My Computer
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button
• Save the file to your desktop.
• Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

[panpar]

Hi,
thanks for replying. Kaspersky not clear. SPybot however didn't found anything

KASPERSKY ONLINE SCANNER REPORT
Thursday, February 07, 2008 3:28:22 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/02/2008
Kaspersky Anti-Virus database records: 552737
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 102758
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 4
Duration of the scan process: 01:13:37

Infected Object Name / Virus Name / Last Action
C:\Acer\Empowering Technology\Logs\ETF.log Object is locked skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.ilg Object is locked skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\SpywareSecure10.zip/Launcher.exe Suspicious: Password-protected-EXE skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\SpywareSecure10.zip ZIP: suspicious - 1 skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\SpywareSecure65.zip/Launcher.exe Suspicious: Password-protected-EXE skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\SpywareSecure65.zip ZIP: suspicious - 1 skipped
C:\ProgramData\Eset\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped
C:\ProgramData\Eset\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped
C:\ProgramData\Eset\ESET Smart Security\Logs\virlog.dat Object is locked skipped
C:\ProgramData\Eset\ESET Smart Security\Logs\warnlog.dat Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\$Acer$.cmd Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\486bc160f67a7e07e398548381eef2df_d9800f1f-935b-46b9-96f8-ef5aefffa952 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\91150426480e93fd74442ba40dc96d8e_d9800f1f-935b-46b9-96f8-ef5aefffa952 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_d9800f1f-935b-46b9-96f8-ef5aefffa952 Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog00.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog01.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog02.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog03.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog04.sqm Object is locked skipped
C:\ProgramData\Microsoft\eHome\logs\eHomeLog05.sqm Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Νίκος.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir Object is locked skipped
C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\WER-40201-0.sysdata.xml Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\wmplog00.sqm Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\wmplog01.sqm Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\wmplog02.sqm Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\wmplog03.sqm Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\wmplog04.sqm Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\wmplog05.sqm Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\~DF68AA.tmp Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\~DF68BE.tmp Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\~DF86C9.tmp Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\~DF86D3.tmp Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\~DFAE19.tmp Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\~DFAE42.tmp Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\~DFCC98.tmp Object is locked skipped
C:\Users\Νίκος\AppData\Local\Temp\~DFCCC3.tmp Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008020720080208\index.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\UsrClass.dat{c9c3ca1c-90a3-11dc-b927-0016d4deeb8d}.TM.blf Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\UsrClass.dat{c9c3ca1c-90a3-11dc-b927-0016d4deeb8d}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows\UsrClass.dat{c9c3ca1c-90a3-11dc-b927-0016d4deeb8d}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Local\Microsoft\Windows Defender\FileTracker\{96F5CE17-D7AC-4389-99B1-D540EE2D4A61} Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Roaming\microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Roaming\microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Roaming\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Roaming\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped
C:\Users\ΠΑΝΟΣ\AppData\Roaming\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Users\ΠΑΝΟΣ\Documents\Downloads\BS.Player.PRO.v2.26.956.WinAll.Incl.Keymaker-CORE.rar/keygen.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
C:\Users\ΠΑΝΟΣ\Documents\Downloads\BS.Player.PRO.v2.26.956.WinAll.Incl.Keymaker-CORE.rar/keygen.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
C:\Users\ΠΑΝΟΣ\Documents\Downloads\BS.Player.PRO.v2.26.956.WinAll.Incl.Keymaker-CORE.rar/keygen.exe Infected: Trojan.Win32.Agent.efb skipped
C:\Users\ΠΑΝΟΣ\Documents\Downloads\BS.Player.PRO.v2.26.956.WinAll.Incl.Keymaker-CORE.rar RAR: infected - 3 skipped
C:\Users\ΠΑΝΟΣ\NTUSER.DAT Object is locked skipped
C:\Users\ΠΑΝΟΣ\ntuser.dat.LOG1 Object is locked skipped
C:\Users\ΠΑΝΟΣ\ntuser.dat.LOG2 Object is locked skipped
C:\Users\ΠΑΝΟΣ\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\ΠΑΝΟΣ\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\ΠΑΝΟΣ\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSI4792.tmp Object is locked skipped
C:\Windows\Installer\MSI7A4F.tmp Object is locked skipped
C:\Windows\Installer\MSI8569.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{2D12EC74-CF8D-4B81-9375-E139A68FD9CF}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\components Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\default Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\sam Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\security Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\software Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\system Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\Ikeext.etl Object is locked skipped
C:\Windows\System32\LogFiles\IN0802.log Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked

[panpar]

C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\At1.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\tracing\BAP.LOG Object is locked skipped
C:\Windows\tracing\IASACCT.LOG Object is locked skipped
C:\Windows\tracing\IASDATASTORE.LOG Object is locked skipped
C:\Windows\tracing\IASHLPR.LOG Object is locked skipped
C:\Windows\tracing\IASNAP.LOG Object is locked skipped
C:\Windows\tracing\IASRAD.LOG Object is locked skipped
C:\Windows\tracing\IASSAM.LOG Object is locked skipped
C:\Windows\tracing\IASSDO.LOG Object is locked skipped
C:\Windows\tracing\IASSVCS.LOG Object is locked skipped
C:\Windows\tracing\IpHlpSvc.LOG Object is locked skipped
C:\Windows\tracing\IPMGM.LOG Object is locked skipped
C:\Windows\tracing\IPRouterManager.LOG Object is locked skipped
C:\Windows\tracing\KMDDSP.LOG Object is locked skipped
C:\Windows\tracing\NDPTSP.LOG Object is locked skipped
C:\Windows\tracing\PPP.LOG Object is locked skipped
C:\Windows\tracing\RASAPI32.LOG Object is locked skipped
C:\Windows\tracing\RASAUTH.LOG Object is locked skipped
C:\Windows\tracing\RASBACP.LOG Object is locked skipped
C:\Windows\tracing\RASCCP.LOG Object is locked skipped
C:\Windows\tracing\RASDLG.LOG Object is locked skipped
C:\Windows\tracing\RASEAP.LOG Object is locked skipped
C:\Windows\tracing\RASIPCP.LOG Object is locked skipped
C:\Windows\tracing\RASIPHLP.LOG Object is locked skipped
C:\Windows\tracing\RASIPV6CP.LOG Object is locked skipped
C:\Windows\tracing\RASMAN.LOG Object is locked skipped
C:\Windows\tracing\RASPAP.LOG Object is locked skipped
C:\Windows\tracing\RASQEC.LOG Object is locked skipped
C:\Windows\tracing\RASTAPI.LOG Object is locked skipped
C:\Windows\tracing\Router.LOG Object is locked skipped
C:\Windows\tracing\RTM.LOG Object is locked skipped
C:\Windows\tracing\svchost_RASCHAP.LOG Object is locked skipped
C:\Windows\tracing\svchost_RASTLS.LOG Object is locked skipped
C:\Windows\tracing\tapi32.LOG Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.

[panpar]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:48 πμ, on 7/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\33C5~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://odys-online.blogspot.com/2007...online-tv.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://el.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9777 bytes

[Shaba]

Hi

Empty this folder:

C:\ProgramData\Spybot - Search & Destroy\Recovery\

Delete this:

C:\Users\ΠΑΝΟΣ\Documents\Downloads\BS.Player.PRO.v2.26.956.WinAll.Incl.Keymaker-CORE.rar

Empty Recycle Bin.

Still problems?

[panpar]

Hi,
Sorry again i've deleted C:\Users\ΠΑΝΟΣ\Documents\Downloads\BS.Player.PRO.v2.26.956.WinAll.Incl.Keymaker-CORE.rar
but i can't find this folder C:\ProgramData\Spybot - Search & Destroy\Recovery\

[panpar]

Hi,
don't bother i found it! and deleted all! I think that everything it's works smoothly now

[Shaba]

Hi

Then you're clean!

As for Sweetie, see here
and decide if you want to keep it.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

Please download OTMoveIt2 and save it to desktop.

• Double-click OTMoveIt2.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

• Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and re-enable system restore here:
  
  Windows Vista System Restore Guide

Re-enable system restore with instructions from tutorial above

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
  
  This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
  
  Instructions for Spybot S & D
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!