Nod 32 i virusi

1

Nod 32 i virusi

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 470

Imam Nod antivirus ali mi se desava da komp cesto nakupi viruse u zadnje vreme koci i sporo radi.......?


DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 20:32:56,64 on ??? 23.12.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1304 [GMT 1:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Drive Space Indicator\DrvSpace.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Users\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.tattoodle.com?tid={582EF506-860F-4069-AB65-640578656A04}
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\administrator\application data\mozilla\firefox\profiles\24w5c27l.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [DriveSpace] c:\program files\drive space indicator\DrvSpace.exe
mRun: [NodEnabler] c:\program files\eset\eset smart security\nodenabler\NodEnabler.exe /s
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SystemTray] SysTray.Exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [NewUser] c:\windows\lastxp\NewUser.cmd
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
IFEO: notepad.exe - "c:\program files\notepad2\Notepad2.exe" /z

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\applic~1\mozilla\firefox\profiles\24w5c27l.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com?tid={36FED752-AC84-6DA9-5DB4-DD7EB8A95923}
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\administrator\application data\mozilla\firefox\profiles\24w5c27l.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\administrator\application data\mozilla\firefox\profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\administrator\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-9-25 68136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-17 54752]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\windows\temp\rar$ex00.187\hwinfo32.sys --> c:\windows\temp\rar$ex00.187\HWiNFO32.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-17 133104]
S3 cpuz130;cpuz130;\??\c:\windows\temp\cpuz130\cpuz_x32.sys --> c:\windows\temp\cpuz130\cpuz_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 oflpydin;oflpydin;c:\windows\temp\oflpydin.sys [2009-1-17 15872]

============== File Associations ===============

inffile=c:\windows\system32\Notepad2.exe %1
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1

=============== Created Last 30 ================

2009-12-21 14:37:51 0 d-----w- c:\users\administrator\WINDOWS
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 17:32:15 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-14 17:32:15 1409 ----a-w- c:\windows\QTFont.for
2009-12-14 16:04:30 0 d-----w- c:\program files\common files\xing shared
2009-12-14 15:44:58 0 d-----w- c:\users\admini~1\applic~1\DMCache
2009-12-12 20:06:07 45 ----a-w- c:\windows\system32\initdebug.nfo
2009-12-10 10:54:40 0 d-----w- c:\program files\Vidomi
2009-12-04 10:23:43 87 ----a-w- c:\windows\NeroDigital.ini
2009-11-24 14:21:59 0 d-----w- c:\program files\Emicsoft Studio

==================== Find3M ====================

2009-12-23 19:25:16 16608 ----a-w- c:\windows\gdrv.sys
2009-10-19 06:36:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-16 05:34:56 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 14:24:58 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-09-30 14:24:25 249856 ------w- c:\windows\Setup1.exe
2009-09-30 14:24:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2008-03-09 05:25:10 236 ----a-w- c:\program files\common files\dx.reg
2008-03-03 09:00:00 480 ----a-r- c:\program files\SetupS.ini
2008-03-03 09:00:00 1341 ----a-r- c:\program files\CopyPath.png
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-09-16 22:44:23 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-09-16 22:44:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-09-16 22:44:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091720090918\index.dat
2009-09-16 22:44:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 20:33:16,78 ===============


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8308
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 470

ComboFix 09-12-23.02 - Administrator 24.12.2009 9:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1630 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Administrator\My Documents\cc_20090930_143701.reg
c:\windows\system32\d3d10core.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\Plugins
c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll
c:\windows\system32\Plugins\Hoster\archivto.dll
c:\windows\system32\Plugins\Hoster\bluehostto.dll
c:\windows\system32\Plugins\Hoster\dataupde.dll
c:\windows\system32\Plugins\Hoster\fastloadnet.dll
c:\windows\system32\Plugins\Hoster\fastshareorg.dll
c:\windows\system32\Plugins\Hoster\fileuploadnet.dll
c:\windows\system32\Plugins\Hoster\megauploadcom.dll
c:\windows\system32\Plugins\Hoster\meinuploadcom.dll
c:\windows\system32\Plugins\Hoster\moosharede.dll
c:\windows\system32\Plugins\Hoster\myvideode.dll
c:\windows\system32\Plugins\Hoster\netloadin.dll
c:\windows\system32\Plugins\Hoster\PluginSettings.ini
c:\windows\system32\Plugins\Hoster\qsharecom.dll
c:\windows\system32\Plugins\Hoster\rapidsharecom.dll
c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll
c:\windows\system32\Plugins\Hoster\shareplacecom.dll
c:\windows\system32\Plugins\Hoster\silofilescom.dll
c:\windows\system32\Plugins\Hoster\speedysharecom.dll
c:\windows\system32\Plugins\Hoster\uploadedto.dll
c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll
c:\windows\system32\Plugins\Hoster\youtubecom.dll
c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll
c:\windows\system32\Plugins\YouCrypt\captcha.dll
c:\windows\system32\Plugins\YouCrypt\cineto.dll
c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll
c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll
c:\windows\system32\Plugins\YouCrypt\ddlscene.dll
c:\windows\system32\Plugins\YouCrypt\ddl(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\dreidl.dll
c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll
c:\windows\system32\Plugins\YouCrypt\gameblog.dll
c:\windows\system32\Plugins\YouCrypt\gamezam.dll
c:\windows\system32\Plugins\YouCrypt\gapping.dll
c:\windows\system32\Plugins\YouCrypt\g(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\linkbank.dll
c:\windows\system32\Plugins\YouCrypt\linksafe.dll
c:\windows\system32\Plugins\YouCrypt\LinkSave.dll
c:\windows\system32\Plugins\YouCrypt\lix.dll
c:\windows\system32\Plugins\YouCrypt\mirrorit.dll
c:\windows\system32\Plugins\YouCrypt\netfolderin.dll
c:\windows\system32\Plugins\YouCrypt\onekh.dll
c:\windows\system32\Plugins\YouCrypt\rapidfolder.dll
c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll
c:\windows\system32\Plugins\YouCrypt\relinkus.dll
c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll
c:\windows\system32\Plugins\YouCrypt\rslayer.dll
c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll
c:\windows\system32\Plugins\YouCrypt\secured.dll
c:\windows\system32\Plugins\YouCrypt\securnet.dll
c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll
c:\windows\system32\Plugins\YouCrypt\shareonall.dll
c:\windows\system32\Plugins\YouCrypt\shareprotect.dll
c:\windows\system32\Plugins\YouCrypt\stealth.dll
c:\windows\system32\Plugins\YouCrypt\tinyurl.dll
c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll
c:\windows\system32\Plugins\YouCrypt\uppicoasis.dll
c:\windows\system32\Plugins\YouCrypt\urlcash.dll
c:\windows\system32\Plugins\YouCrypt\usercashcom.dll
c:\windows\system32\Plugins\YouCrypt\xlinkin.dll
c:\windows\system32\terminal.exe

c:\windows\system32\logonui.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-22 11:51 . 2009-12-16 13:42 43008 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-22 11:51 . 2009-12-16 13:42 340480 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-22 11:51 . 2009-12-16 13:41 346624 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-22 11:51 . 2009-12-16 13:42 872960 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-21 14:37 . 2009-12-21 14:37 -------- d-----w- c:\users\Administrator\WINDOWS
2009-12-16 20:06 . 2009-10-08 09:31 3204096 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-12-16 20:06 . 2009-10-07 17:06 106496 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-12-16 20:06 . 2009-09-23 20:29 28672 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-12-16 20:06 . 2009-03-19 22:57 40960 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 16:04 . 2009-12-14 16:04 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-14 15:44 . 2009-12-14 15:44 -------- d-----w- c:\users\Administrator\Application Data\DMCache
2009-12-10 10:54 . 2009-12-10 10:54 -------- d-----w- c:\program files\Vidomi
2009-12-10 10:34 . 2009-12-10 10:34 -------- d-----w- c:\users\Administrator\Application Data\dvdcss
2009-12-09 12:53 . 2009-12-09 12:53 868352 ----a-w- c:\users\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2009-12-09 12:53 . 2009-12-09 12:53 640000 ----a-w- c:\users\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2009-12-09 12:53 . 2009-12-09 12:53 53760 ----a-w- c:\users\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2009-12-09 12:53 . 2009-12-09 12:53 1712128 ----a-w- c:\users\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2009-11-24 14:21 . 2009-11-24 14:21 -------- d-----w- c:\program files\Emicsoft Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 07:59 . 2009-09-25 17:22 16608 ----a-w- c:\windows\gdrv.sys
2009-12-24 07:58 . 2009-09-16 23:30 -------- d-----w- c:\users\Administrator\Application Data\Skype
2009-12-24 07:57 . 2009-09-16 19:00 -------- d-----w- c:\users\Administrator\Application Data\skypePM
2009-12-21 14:52 . 2009-09-16 23:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 12:33 . 2009-09-17 14:19 -------- d-----w- c:\program files\Google
2009-12-14 16:04 . 2009-10-19 06:36 -------- d-----w- c:\program files\Common Files\Real
2009-12-14 16:04 . 2009-10-19 06:36 -------- d-----w- c:\program files\Real
2009-12-14 14:53 . 2009-09-16 22:58 -------- d-----w- c:\program files\Lavalys
2009-11-23 13:45 . 2009-11-23 13:45 -------- d-----w- c:\program files\Common Files\EasyInfo
2009-11-22 08:13 . 2009-11-15 11:40 -------- d-----w- c:\program files\BumpTop
2009-11-20 07:54 . 2009-09-16 21:55 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-20 07:54 . 2009-11-20 07:54 138240 ----a-w- c:\users\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-20 07:54 . 2009-11-20 07:54 138240 ----a-w- c:\users\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-20 07:54 . 2009-11-20 07:54 138240 ----a-w- c:\users\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-20 07:54 . 2009-11-20 07:54 138240 ----a-w- c:\users\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-20 07:54 . 2009-09-16 21:55 -------- d-----w- c:\users\Administrator\Application Data\SystemRequirementsLab
2009-11-17 07:36 . 2009-11-17 07:34 14741600 ----a-w- c:\users\Administrator\Application Data\Bump Technologies, Inc\BumpTop\Updates\BumpTopInstaller.exe
2009-11-15 20:15 . 2009-11-15 20:15 -------- d-----w- c:\program files\Common Files\Skype
2009-11-15 20:15 . 2009-09-16 23:08 -------- d-----r- c:\program files\Skype
2009-11-15 20:15 . 2009-09-16 23:08 -------- d-----w- c:\users\All Users\Application Data\Skype
2009-11-15 13:10 . 2009-11-15 13:10 -------- d-----w- c:\users\Administrator\Application Data\Bump Technologies, Inc
2009-11-14 17:52 . 2009-11-14 17:52 -------- d-----w- c:\users\Administrator\Application Data\Media Player Classic
2009-11-04 08:08 . 2009-09-16 22:39 -------- d-----w- c:\program files\Java
2009-11-04 08:07 . 2009-11-04 08:07 152576 ----a-w- c:\users\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 09:20 . 2009-11-02 09:20 -------- d-----w- c:\program files\City Interactive
2009-11-02 07:43 . 2009-09-27 06:13 -------- d-----w- c:\program files\Call of Duty
2009-10-27 21:14 . 2009-09-16 23:08 -------- d-----w- c:\program files\URUSoft
2009-10-26 13:55 . 2009-10-25 09:12 -------- d-----w- c:\users\Administrator\Application Data\FrostWire
2009-10-25 09:32 . 2009-10-25 09:32 0 ----a-w- c:\users\Administrator\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-10-19 06:36 . 2009-09-16 22:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-16 05:34 . 2009-09-16 22:53 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-10-16 05:34 . 2009-09-16 22:53 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-10-11 03:17 . 2009-09-16 22:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 14:24 . 2009-09-16 22:51 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-09-30 14:24 . 2009-09-30 14:24 249856 ------w- c:\windows\Setup1.exe
2009-09-30 14:24 . 2009-09-30 14:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-25 18:06 . 2009-09-25 18:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2008-03-09 05:25 . 2009-09-22 16:25 236 ----a-w- c:\program files\Common Files\dx.reg
2008-03-03 09:00 . 2009-09-16 22:56 1341 ----a-r- c:\program files\CopyPath.png
2008-03-03 09:00 . 2009-09-16 22:56 480 ----a-r- c:\program files\SetupS.ini
2006-05-03 09:06 . 2009-09-18 16:29 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-18 16:29 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-18 16:29 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-03-08 . EA032FC150B9C6276C98EB3DED3B75C6 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-03-08 . 0797D8DAD6DD09CF7437C4F3132E82A6 . 3736576 . . [7.00.6000.20996] . . c:\windows\system32\mshtml.dll
[7] 2009-01-16 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[-] 2008-11-18 . CCF64982AD1B27461A5B85401657B29A . 2292224 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-03-08 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-03-08 . E7552D59A876B0E6919F05E500937993 . 884224 . . [7.00.6000.20978] . . c:\windows\system32\wininet.dll
[7] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\system32\dllcache\wininet.dll

[-] 2008-10-25 . E7EAF1CD2E46E6FFFD1A66983EE1936A . 1589248 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2009-03-08 . BEC5D7EF52E385F457E7C20EDBB1C5E7 . 2185216 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"DriveSpace"="c:\program files\Drive Space Indicator\DrvSpace.exe" [2009-03-07 417455]
"NodEnabler"="c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe" [2009-04-08 357521]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-24 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-24 141336]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-14 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 124928]
"NewUser"="c:\windows\LastXP\NewUser.cmd" [2009-05-20 3563]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^nero.bat.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\nero.bat.lnk
backup=c:\windows\pss\nero.bat.lnkStartup

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^Registration Call of Juarez.LNK]
path=c:\users\Administrator\Start Menu\Programs\Startup\Registration Call of Juarez.LNK
backup=c:\windows\pss\Registration Call of Juarez.LNKStartup

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^winword.exe.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\winword.exe.lnk
backup=c:\windows\pss\winword.exe.lnkStartup

[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 16:24 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [25.9.2009 18:23 68136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17.9.2009 15:24 54752]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.9.2009 23:33 717296]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\windows\Temp\Rar$EX00.187\HWiNFO32.SYS --> c:\windows\Temp\Rar$EX00.187\HWiNFO32.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.9.2009 15:19 133104]
S3 cpuz130;cpuz130;\??\c:\windows\Temp\cpuz130\cpuz_x32.sys --> c:\windows\Temp\cpuz130\cpuz_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864]
S3 oflpydin;oflpydin;\??\c:\windows\Temp\oflpydin.sys --> c:\windows\Temp\oflpydin.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 09:03 124928 ----a-w- c:\windows\system32\advpack.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tattoodle.com?tid={582EF506-860F-4069-AB65-640578656A04}
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com?tid={36FED752-AC84-6DA9-5DB4-DD7EB8A95923}
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
.
.
------- File Associations -------
.
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 09:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-12-24 09:17:35
ComboFix-quarantined-files.txt 2009-12-24 08:17

Pre-Run: 2.309.099.520 bytes free
Post-Run: 5.828.222.976 bytes free

- - End Of File - - 2EE09862641DB5676166873D1C290876

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8308
  • Gde živiš: Novi Beograd

Uploaduj mi:

c:\windows\system32\logonui.exe
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\wininet.dll

preko:

http://www.mycity.rs/ambulanta-upload.php

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 470

Uplodovao sam kao Fajlovi.zip

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8308
  • Gde živiš: Novi Beograd

Daj mi neki log od Noda.

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 470

C:\pagefile.sys - error opening
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » PROCESS_LIBRARY.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » HIRING_REQUISITION_CUSTOMIZED.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » HARDWARE_TRACKER.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » HIRING_REQUISITION.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » CUSTOMER_SUPPORT.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » TRACK_ISSUES.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » STATUS_REPORT.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\7-Zip\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe » NSIS - bad archive
C:\Program Files\eRightSoft\SUPER\DXdump.exe » tElock v0.98 - unpack error
C:\Program Files\Free Download Manager\Firefox\extension\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\genius_maxfighter_f16u.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\logitech_attack3.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\logitech_extreme_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\logitech_force_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\logitech_freedom.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\saitek_cyborg_evo.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\saitek_x52.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\speed_link_black_hawk.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\speed_link_black_widow.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\speed_link_cougar_flightstick.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\speed_link_dark_tornado.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\client\res\flightsim\controller\xbox_360.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\genius_maxfighter_f16u.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\logitech_attack3.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\logitech_extreme_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\logitech_force_3d.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\logitech_freedom.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\saitek_cyborg_evo.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\saitek_x52.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_hawk.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_widow.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_cougar_flightstick.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_dark_tornado.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Google Earth\plugin\res\flightsim\controller\xbox_360.ini » MIME - is OK (internal scanning not performed)
C:\Program Files\Google\Picasa3\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\additional_resources.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\additional_resources.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\additional_resources.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\additional_resources.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/limewire.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Customer Support.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hardware Tracker.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Status Report.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Nero 9\Nero Burning ROM\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Total Video Converter\StarBurn_SuperVideoCD.iso » ISO » AVSEQ01.MPG - archive damaged
C:\Program Files\Total Video Converter\StarBurn_VideoCD.iso » ISO » AVSEQ01.DAT - archive damaged
C:\Program Files\Vidomi\uninst-Vidomi.exe » NSIS - bad archive
C:\Program Files\Winamp\UninstallWinampEssentials.exe » NSIS - archive damaged - the file could not be extracted.
C:\Program Files\Winamp\UninstWA.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Users\Administrator\NTUSER.DAT - error opening
C:\Users\Administrator\ntuser.dat.LOG - error opening
C:\Users\Administrator\Application Data\Bump Technologies, Inc\BumpTop\Updates\BumpTopInstaller.exe » INNO » files.info - file is not an archive
C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\parent.lock - error opening
C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\ehtip@robertkatic\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Users\Administrator\Application Data\Skype\bokiva\dc.db - error opening
C:\Users\Administrator\Application Data\Skype\bokiva\dc.db-journal - error opening
C:\Users\Administrator\Application Data\Skype\bokiva\dc.lock - error opening
C:\Users\Administrator\Application Data\Skype\bokiva\etilqs_D05DBHtbs4QPgeoQkBRG - error opening
C:\Users\Administrator\Application Data\Skype\bokiva\etilqs_U0Pj25hHx5AIebylwwfm - error opening
C:\Users\Administrator\Application Data\Skype\bokiva\main.db - error opening
C:\Users\Administrator\Application Data\Skype\bokiva\main.db-journal - error opening
C:\Users\Administrator\Application Data\Skype\bokiva\main.lock - error opening
C:\Users\Administrator\Local Settings\Application Data\Identities\{A93CEB86-6128-41CF-BF4B-CCE9AC77E15E}\Microsoft\Outlook Express\Deleted Items.dbx » DBX - is OK (internal scanning not performed)
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{46539f07-3e15-48e8-9a03-d9a4ab6c0d81}\DBStore\contacts.edb - error opening
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{46539f07-3e15-48e8-9a03-d9a4ab6c0d81}\DBStore\tempedb.edb - error opening
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{46539f07-3e15-48e8-9a03-d9a4ab6c0d81}\DBStore\LogFiles\edb.log - error opening
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{46539f07-3e15-48e8-9a03-d9a4ab6c0d81}\DBStore\LogFiles\edbtmp.log - error opening
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{ea5909e2-35a8-4395-9d54-4baedd2562ff}\DBStore\contacts.edb - error opening
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{ea5909e2-35a8-4395-9d54-4baedd2562ff}\DBStore\tempedb.edb - error opening
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{ea5909e2-35a8-4395-9d54-4baedd2562ff}\DBStore\LogFiles\edb.log - error opening
C:\Users\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{ea5909e2-35a8-4395-9d54-4baedd2562ff}\DBStore\LogFiles\edbtmp.log - error opening
C:\Users\LocalService\ntuser.dat - error opening
C:\Users\LocalService\ntuser.dat.LOG - error opening
C:\Users\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Users\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Users\NetworkService\NTUSER.DAT - error opening
C:\Users\NetworkService\ntuser.dat.LOG - error opening
C:\Users\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Users\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\WINDOWS\Installer\1de82.msi » MSI » ISSetupFile.SetupFile11 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\1de82.msi » MSI » ISSetupFile.SetupFile13 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\1de8e.msi » MSI » Binary.Callultraedittbsetup » NSIS » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.cab » CAB » Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\config\default - error opening
C:\WINDOWS\system32\config\default.LOG - error opening
C:\WINDOWS\system32\config\SAM - error opening
C:\WINDOWS\system32\config\SAM.LOG - error opening
C:\WINDOWS\system32\config\SECURITY - error opening
C:\WINDOWS\system32\config\SECURITY.LOG - error opening
C:\WINDOWS\system32\config\software - error opening
C:\WINDOWS\system32\config\software.LOG - error opening
C:\WINDOWS\system32\config\system - error opening
C:\WINDOWS\system32\config\system.LOG - error opening
C:\WINDOWS\system32\drivers\sptd.sys - error opening

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8308
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\Temp\oflpydin.sys

Driver::
oflpydin


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • boksi  Male
  • Ugledni građanin
  • Pridružio: 11 Jun 2008
  • Poruke: 470

ComboFix 09-12-24.02 - Administrator 24.12.2009 20:32:17.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1609 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

c:\windows\system32\logonui.exe . . . is infected!!

--------

c:\windows\system32\logonui.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OFLPYDIN
-------\Service_oflpydin


((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-22 11:51 . 2009-12-16 13:42 43008 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-22 11:51 . 2009-12-16 13:42 340480 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-22 11:51 . 2009-12-16 13:41 346624 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-22 11:51 . 2009-12-16 13:42 872960 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-21 14:37 . 2009-12-21 14:37 -------- d-----w- c:\users\Administrator\WINDOWS
2009-12-16 20:06 . 2009-10-08 09:31 3204096 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-12-16 20:06 . 2009-10-07 17:06 106496 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-12-16 20:06 . 2009-09-23 20:29 28672 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-12-16 20:06 . 2009-03-19 22:57 40960 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 16:04 . 2009-12-14 16:04 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-14 15:44 . 2009-12-14 15:44 -------- d-----w- c:\users\Administrator\Application Data\DMCache
2009-12-10 10:54 . 2009-12-10 10:54 -------- d-----w- c:\program files\Vidomi
2009-12-10 10:34 . 2009-12-10 10:34 -------- d-----w- c:\users\Administrator\Application Data\dvdcss
2009-12-09 12:53 . 2009-12-09 12:53 868352 ----a-w- c:\users\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2009-12-09 12:53 . 2009-12-09 12:53 640000 ----a-w- c:\users\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2009-12-09 12:53 . 2009-12-09 12:53 53760 ----a-w- c:\users\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2009-12-09 12:53 . 2009-12-09 12:53 1712128 ----a-w- c:\users\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 19:31 . 2009-09-25 17:22 16608 ----a-w- c:\windows\gdrv.sys
2009-12-24 19:29 . 2009-09-16 23:30 -------- d-----w- c:\users\Administrator\Application Data\Skype
2009-12-24 19:13 . 2009-09-16 19:00 -------- d-----w- c:\users\Administrator\Application Data\skypePM
2009-12-21 14:52 . 2009-09-16 23:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 12:33 . 2009-09-17 14:19 -------- d-----w- c:\program files\Google
2009-12-14 16:04 . 2009-10-19 06:36 -------- d-----w- c:\program files\Common Files\Real
2009-12-14 16:04 . 2009-10-19 06:36 -------- d-----w- c:\program files\Real
2009-12-14 14:53 . 2009-09-16 22:58 -------- d-----w- c:\program files\Lavalys
2009-11-24 14:21 . 2009-11-24 14:21 -------- d-----w- c:\program files\Emicsoft Studio
2009-11-23 13:45 . 2009-11-23 13:45 -------- d-----w- c:\program files\Common Files\EasyInfo
2009-11-22 08:13 . 2009-11-15 11:40 -------- d-----w- c:\program files\BumpTop
2009-11-20 07:54 . 2009-09-16 21:55 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-20 07:54 . 2009-11-20 07:54 138240 ----a-w- c:\users\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-20 07:54 . 2009-11-20 07:54 138240 ----a-w- c:\users\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-20 07:54 . 2009-11-20 07:54 138240 ----a-w- c:\users\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-20 07:54 . 2009-11-20 07:54 138240 ----a-w- c:\users\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-20 07:54 . 2009-09-16 21:55 -------- d-----w- c:\users\Administrator\Application Data\SystemRequirementsLab
2009-11-17 07:36 . 2009-11-17 07:34 14741600 ----a-w- c:\users\Administrator\Application Data\Bump Technologies, Inc\BumpTop\Updates\BumpTopInstaller.exe
2009-11-15 20:15 . 2009-11-15 20:15 -------- d-----w- c:\program files\Common Files\Skype
2009-11-15 20:15 . 2009-09-16 23:08 -------- d-----r- c:\program files\Skype
2009-11-15 20:15 . 2009-09-16 23:08 -------- d-----w- c:\users\All Users\Application Data\Skype
2009-11-15 13:10 . 2009-11-15 13:10 -------- d-----w- c:\users\Administrator\Application Data\Bump Technologies, Inc
2009-11-14 17:52 . 2009-11-14 17:52 -------- d-----w- c:\users\Administrator\Application Data\Media Player Classic
2009-11-04 08:08 . 2009-09-16 22:39 -------- d-----w- c:\program files\Java
2009-11-04 08:07 . 2009-11-04 08:07 152576 ----a-w- c:\users\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 09:20 . 2009-11-02 09:20 -------- d-----w- c:\program files\City Interactive
2009-11-02 07:43 . 2009-09-27 06:13 -------- d-----w- c:\program files\Call of Duty
2009-10-27 21:14 . 2009-09-16 23:08 -------- d-----w- c:\program files\URUSoft
2009-10-26 13:55 . 2009-10-25 09:12 -------- d-----w- c:\users\Administrator\Application Data\FrostWire
2009-10-25 09:32 . 2009-10-25 09:32 0 ----a-w- c:\users\Administrator\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-10-19 06:36 . 2009-09-16 22:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-16 05:34 . 2009-09-16 22:53 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-10-16 05:34 . 2009-09-16 22:53 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-10-11 03:17 . 2009-09-16 22:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 14:24 . 2009-09-16 22:51 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-09-30 14:24 . 2009-09-30 14:24 249856 ------w- c:\windows\Setup1.exe
2009-09-30 14:24 . 2009-09-30 14:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2008-03-09 05:25 . 2009-09-22 16:25 236 ----a-w- c:\program files\Common Files\dx.reg
2008-03-03 09:00 . 2009-09-16 22:56 1341 ----a-r- c:\program files\CopyPath.png
2008-03-03 09:00 . 2009-09-16 22:56 480 ----a-r- c:\program files\SetupS.ini
2006-05-03 09:06 . 2009-09-18 16:29 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-09-18 16:29 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-18 16:29 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-03-08 . EA032FC150B9C6276C98EB3DED3B75C6 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-03-08 . 0797D8DAD6DD09CF7437C4F3132E82A6 . 3736576 . . [7.00.6000.20996] . . c:\windows\system32\mshtml.dll
[7] 2009-01-16 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[-] 2008-11-18 . CCF64982AD1B27461A5B85401657B29A . 2292224 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-03-08 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-03-08 . E7552D59A876B0E6919F05E500937993 . 884224 . . [7.00.6000.20978] . . c:\windows\system32\wininet.dll
[7] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\system32\dllcache\wininet.dll

[-] 2008-10-25 . E7EAF1CD2E46E6FFFD1A66983EE1936A . 1589248 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2009-03-08 . BEC5D7EF52E385F457E7C20EDBB1C5E7 . 2185216 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-12-24_08.15.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-24 19:31 . 2009-12-24 19:31 16384 c:\windows\Temp\Perflib_Perfdata_4d8.dat
+ 2009-12-24 19:31 . 2009-12-24 19:31 16384 c:\windows\Temp\Perflib_Perfdata_438.dat
+ 2009-12-24 19:36 . 2009-12-24 19:36 53248 c:\windows\Temp\catchme.dll
- 2009-12-24 08:15 . 2009-12-24 08:15 53248 c:\windows\Temp\catchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"DriveSpace"="c:\program files\Drive Space Indicator\DrvSpace.exe" [2009-03-07 417455]
"NodEnabler"="c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe" [2009-04-08 357521]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-24 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-24 141336]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-14 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 124928]
"NewUser"="c:\windows\LastXP\NewUser.cmd" [2009-05-20 3563]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^nero.bat.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\nero.bat.lnk
backup=c:\windows\pss\nero.bat.lnkStartup

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^Registration Call of Juarez.LNK]
path=c:\users\Administrator\Start Menu\Programs\Startup\Registration Call of Juarez.LNK
backup=c:\windows\pss\Registration Call of Juarez.LNKStartup

[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^winword.exe.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\winword.exe.lnk
backup=c:\windows\pss\winword.exe.lnkStartup

[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 16:24 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [25.9.2009 18:23 68136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17.9.2009 15:24 54752]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.9.2009 23:33 717296]
S1 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\windows\Temp\Rar$EX00.187\HWiNFO32.SYS --> c:\windows\Temp\Rar$EX00.187\HWiNFO32.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.9.2009 15:19 133104]
S3 cpuz130;cpuz130;\??\c:\windows\Temp\cpuz130\cpuz_x32.sys --> c:\windows\Temp\cpuz130\cpuz_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 21:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 09:03 124928 ----a-w- c:\windows\system32\advpack.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tattoodle.com?tid={582EF506-860F-4069-AB65-640578656A04}
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com?tid={36FED752-AC84-6DA9-5DB4-DD7EB8A95923}
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\24w5c27l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
.
.
------- File Associations -------
.
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 20:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-12-24 20:38:57
ComboFix-quarantined-files.txt 2009-12-24 19:38
ComboFix2.txt 2009-12-24 08:17

Pre-Run: 5.614.002.176 bytes free
Post-Run: 5.593.612.288 bytes free

- - End Of File - - A3884469A42F138946B589BEF7688B27

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8308
  • Gde živiš: Novi Beograd

Kakvo je sad stanje?

Ko je trenutno na forumu
 

Ukupno su 977 korisnika na forumu :: 68 registrovanih, 6 sakrivenih i 903 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 5.56, _Petar, _Sale, A.R.Chafee.Jr., amonsrb, amstel2, axa, Bane san, bato, blue, bojank2, bondon46, Boris90, bulovic, darcaud, Deneb, Djokkinen, DM1994, Dorcolac, draganca, filiplukac1337, Gama, Georgius, ikan, kovac9mm, kovinacc, Krstić, Kubovac, lojola, MarKhan, marsovac 2, Mercury, Metanoja, milos7160, miodrag, Mixelotti, Panter, pein, pjaka2001, raketaš, Raptor1, RecA2, rovac, SAA fan, sakota79, Senne, shaja1, Sibin, Sr.Stat., Srki94, Srna2, ssekir75, stalker, stug, suton, trajkoni018, USSVoyager, vasa.93, vathra, Vieri, VJ, Vlada1389, vladas87, vlahale, vlvl, voja64, zastavnik, 372