BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
PLEASE HELP ME!!! VIRUSS!!
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > PLEASE HELP ME!!! VIRUSS!!  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : PLEASE HELP ME!!! VIRUSS!! Printable version of : PLEASE HELP ME!!! VIRUSS!!
[ << Previous Thread | Next Thread >> ]

jekyll
New Member


Date Joined Dec 2009
Total Posts : 4
 
   Posted 12/17/2009 1:02 PM (GMT +2)    Quote: PLEASE HELP ME!!! VIRUSS!!Alert an admin about: PLEASE HELP ME!!! VIRUSS!!
I have vista and I am realy desperate. PLEASE HELP Ican't access to Internet Explorer. doesn't read the cd's ;can't make any changes to my account; can't dellete files ;can't move files to another directory ;

PLEASE HELP ME!!!!!!!!!!!!!!!!!!!!!!!!!!


ComboFix 09-12-16.05 - settimo 17/12/2009 15.04.51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3062.2039 [GMT 1:00]
Eseguito da: c:\users\settimo\Desktop\KittyFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre elimi!!!!oni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\settimo\AppData\Roaming\.#

.
((((((((((((((((((((((((( Files Creati Da 2009-11-17 al 2009-12-17 )))))))))))))))))))))))))))))))))))
.

2009-12-17 11:41 . 2009-12-17 14:13 352288 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-17 11:28 . 2009-12-17 11:28 -------- d-----w- c:\windows\CheckSur
2009-12-17 11:27 . 2009-12-17 11:27 388096 ----a-r- c:\users\settimo\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-17 11:27 . 2009-12-17 11:27 -------- d-----w- c:\program files\TrendMicro
2009-12-17 11:25 . 2009-12-17 11:25 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-12-17 11:25 . 2009-12-17 11:25 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-17 11:25 . 2009-12-17 11:25 -------- d-----w- c:\program files\ParetoLogic
2009-12-17 08:54 . 2009-12-17 08:54 -------- d-----w- c:\programdata\RegCure
2009-12-17 08:54 . 2009-12-17 08:54 -------- d-----w- c:\program files\RegCure
2009-12-16 21:37 . 2009-12-16 21:37 -------- d-----w- c:\program files\Sophos
2009-12-16 15:14 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-12-15 20:20 . 2009-12-15 20:20 -------- d-----w- c:\programdata\Simply Super Software
2009-12-15 20:12 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 22:21 . 2009-12-13 22:21 -------- d-----w- C:\found.000
2009-12-12 13:37 . 2008-11-26 11:12 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-12-12 13:37 . 2008-11-26 11:12 227840 ----a-w- c:\windows\system32\Deco_32.dll
2009-12-12 13:36 . 2009-12-12 13:36 -------- d-----w- c:\programdata\onOne Software
2009-12-12 13:02 . 2009-12-12 13:02 -------- d-----w- c:\users\settimo\AppData\Roaming\Sierra Wireless
2009-12-12 12:58 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 12:58 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 12:58 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 12:57 . 2009-12-12 12:57 101504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-12-11 07:25 . 2009-12-11 07:25 -------- d-----w- c:\users\settimo\AppData\Roaming\FloodLightGames
2009-12-09 12:13 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 12:11 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 12:11 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-08 21:52 . 2009-12-08 21:52 476512 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\RadioRip.dll
2009-12-08 21:51 . 2009-12-08 21:51 169312 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgSoundclick.dll
2009-12-08 21:51 . 2009-12-08 21:51 111968 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgPandora.dll
2009-12-08 21:51 . 2009-12-08 21:51 128352 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgMyspace.dll
2009-12-08 21:51 . 2009-12-08 21:51 111968 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgLastfm.dll
2009-12-08 21:51 . 2009-12-08 21:51 132448 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgImeem.dll
2009-12-08 21:51 . 2009-12-08 21:51 99680 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgIJigg.dll
2009-12-08 21:51 . 2009-12-08 21:51 230752 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgHypemachine.dll
2009-12-08 21:51 . 2009-12-08 21:51 120160 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgGeneral.dll
2009-12-08 21:51 . 2009-12-08 21:51 87392 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgDefault.dll
2009-12-08 21:51 . 2009-12-08 21:51 140640 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgDeezer.dll
2009-12-08 21:50 . 2009-12-08 21:50 495616 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\EncodingBackend\lame_enc.dll
2009-12-08 21:47 . 2009-12-08 21:47 -------- d-----w- c:\programdata\RapidSolution
2009-12-08 21:47 . 2009-12-08 21:47 -------- d-----w- c:\program files\RapidSolution
2009-12-08 21:43 . 2009-12-08 21:43 -------- d-----w- c:\users\settimo\AppData\Local\RapidSolution
2009-12-08 13:50 . 2009-12-08 13:50 -------- d-----w- c:\users\settimo\AppData\Local\Seven Zip
2009-11-30 14:23 . 2009-11-30 14:23 -------- d-----w- c:\users\settimo\AppData\Roaming\Template
2009-11-26 13:55 . 2009-12-13 19:39 -------- d-----w- c:\users\settimo\AppData\Roaming\Skype
2009-11-26 13:28 . 2009-11-26 13:28 27168 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2009-11-25 23:46 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 21:43 . 2009-12-17 14:01 -------- d-----w- c:\windows\system32\wbem\repository
2009-11-25 13:47 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 13:47 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 14:36 . 2009-11-24 14:36 -------- d-----w- c:\program files\Apple Software Update
2009-11-24 14:36 . 2009-11-24 14:36 -------- d-----w- c:\programdata\Apple
2009-11-19 23:02 . 2009-11-19 23:02 -------- d-----w- c:\users\settimo\AppData\Local\Apple
2009-11-19 16:59 . 2009-11-19 16:59 -------- d-----w- c:\users\settimo\{812c0364-1efe-45a7-b9d0-c506a2b8aaa1}
2009-11-19 11:50 . 2009-11-19 11:50 -------- d-----w- c:\users\settimo\AppData\Local\DiardSoftware
2009-11-19 11:47 . 2005-03-19 12:48 32768 ----a-w- c:\windows\PLUGIN.DLL
2009-11-19 11:47 . 2005-03-19 12:48 344064 ----a-w- c:\windows\MSVCRT40.DLL
2009-11-19 11:47 . 2005-03-19 12:48 274432 ----a-w- c:\windows\MSVCRT20.DLL
2009-11-19 11:47 . 2005-03-19 12:48 210944 ----a-w- c:\windows\MSVCRT10.DLL
2009-11-19 11:47 . 2005-03-19 12:48 278581 ----a-w- c:\windows\MSVCRT.DLL
2009-11-19 10:48 . 2009-11-19 10:48 -------- d-----w- c:\users\settimo\AppData\Local\Thinstall
2009-11-19 10:47 . 2009-11-19 10:47 -------- d-----w- c:\users\settimo\Library
2009-11-19 10:47 . 2009-11-19 10:47 -------- d-----w- c:\users\settimo\AppData\Roaming\com.adobe.ExMan
2009-11-18 22:56 . 2009-11-19 09:09 -------- d-----w- c:\programdata\FLEXnet
2009-11-18 21:24 . 2009-11-18 21:24 7680 ----a-w- c:\users\settimo\AppData\Roaming\Thinstall\FLIP Flash Album Deluxe 1.8\4000003500002i\XLiveUpdate.exe
2009-11-18 21:21 . 2009-11-19 16:58 -------- d--h--w- c:\program files\Temp
2009-11-17 21:19 . 2009-11-19 10:48 -------- d-----w- c:\users\settimo\AppData\Roaming\Thinstall
2009-11-17 20:22 . 2009-11-17 21:52 -------- d-----w- c:\users\settimo\AppData\Roaming\Desktop Maestro
2009-11-17 20:06 . 2009-12-17 09:10 -------- d-----w- c:\program files\Desktop Maestro
2009-11-17 19:54 . 2009-11-18 19:42 -------- d-----w- c:\users\settimo\AppData\Local\Mobile Master
2009-11-17 19:54 . 2009-11-17 21:09 -------- d-----w- c:\users\settimo\AppData\Roaming\Mobile Master
2009-11-17 19:48 . 2009-11-17 19:48 -------- d-----w- c:\users\settimo\AppData\Roaming\Jumping Bytes
2009-11-17 18:52 . 2009-11-17 18:52 -------- d-----w- c:\users\settimo\AppData\Roaming\Navigator
2009-11-17 18:52 . 2009-11-17 18:52 -------- d-----w- c:\programdata\Navigator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 14:06 . 2008-01-21 06:30 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-12-17 14:06 . 2008-01-21 06:30 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-12-17 12:35 . 2009-12-17 11:41 2204 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-17 11:25 . 2009-10-20 23:49 -------- d-----w- c:\programdata\ParetoLogic
2009-12-17 09:11 . 2009-12-17 08:57 -------- d-----w- c:\program files\Spyware Doctor
2009-12-17 08:57 . 2009-12-17 08:57 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-17 08:57 . 2009-10-27 20:08 -------- d-----w- c:\program files\Google
2009-12-17 08:57 . 2009-12-17 08:57 -------- d-----w- c:\users\settimo\AppData\Roaming\PC Tools
2009-12-17 08:57 . 2009-12-17 08:57 -------- d-----w- c:\programdata\PC Tools
2009-12-15 22:11 . 2008-04-14 20:19 -------- d-----w- c:\program files\Acer GameZone
2009-12-15 22:10 . 2009-11-11 22:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-15 22:08 . 2009-10-16 20:00 69272 ----a-w- c:\users\settimo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-15 21:56 . 2009-11-01 09:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-15 21:55 . 2009-10-31 15:56 -------- d-----w- c:\program files\Any Video Converter
2009-12-15 21:54 . 2008-04-14 20:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-15 21:48 . 2009-11-11 22:45 -------- d-----w- c:\users\settimo\AppData\Roaming\uTorrent
2009-12-15 18:25 . 2009-10-28 15:26 876576 --sha-w- c:\windows\system32\drivers\fidbox2(15).dat
2009-12-15 18:25 . 2009-10-28 15:26 7805984 --sha-w- c:\windows\system32\drivers\fidbox(14).dat
2009-12-13 22:13 . 2008-04-14 20:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 15:08 . 2009-11-03 13:11 -------- d-----w- c:\users\settimo\AppData\Roaming\skypePM
2009-12-13 11:14 . 2009-11-02 17:36 680 ----a-w- c:\users\settimo\AppData\Local\d3d9caps.dat
2009-12-11 22:47 . 2009-10-22 20:24 -------- d-----w- c:\users\settimo\AppData\Roaming\U3
2009-12-11 12:56 . 2009-11-09 14:29 -------- d-----w- c:\users\settimo\AppData\Roaming\Usenet.nl
2009-12-10 10:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 13:59 . 2008-04-14 21:23 -------- d-----w- c:\program files\Yahoo!
2009-12-08 13:56 . 2008-04-14 20:48 -------- d-----w- c:\program files\CyberLink
2009-12-08 13:56 . 2008-04-14 20:49 -------- d-----w- c:\programdata\CyberLink
2009-11-30 14:23 . 2009-11-30 14:23 0 ----a-w- c:\users\settimo\AppData\Roaming\wklnhst.dat
2009-11-26 13:54 . 2009-11-03 13:07 -------- d-----r- c:\program files\Skype
2009-11-26 13:54 . 2009-11-03 13:07 -------- d-----w- c:\programdata\Skype
2009-11-22 21:03 . 2009-11-22 21:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-18 21:21 . 2009-10-16 19:50 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-11-17 19:59 . 2009-11-17 19:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-11-16 23:15 . 2009-11-16 23:14 -------- d-----w- c:\users\settimo\AppData\Roaming\Real Desktop
2009-11-14 08:49 . 2009-11-04 16:08 -------- d-----w- c:\program files\eBay
2009-11-14 08:45 . 2009-10-31 12:07 -------- d-----w- c:\program files\AVS4YOU
2009-11-14 08:44 . 2009-10-31 12:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-14 08:27 . 2008-04-14 20:02 -------- d-----w- c:\program files\Intel
2009-11-12 22:46 . 2009-11-12 22:46 -------- d-----w- c:\users\settimo\AppData\Roaming\Symantec
2009-11-12 22:37 . 2009-11-12 22:37 -------- d-----w- c:\programdata\NortonSystemWorks
2009-11-12 22:36 . 2009-11-12 22:36 -------- d-----w- c:\programdata\Symantec
2009-11-12 21:58 . 2009-11-11 23:12 -------- d-----w- c:\users\settimo\AppData\Roaming\GlarySoft
2009-11-12 21:56 . 2008-04-14 21:02 -------- d-----w- c:\programdata\Microsoft Help
2009-11-12 21:55 . 2008-04-14 21:04 -------- d-----w- c:\program files\Microsoft Works
2009-11-12 21:26 . 2009-11-12 21:26 -------- d-----w- c:\program files\Driver-Soft
2009-11-11 23:15 . 2008-04-14 20:01 -------- d-----w- c:\programdata\NVIDIA
2009-11-11 22:25 . 2009-11-11 22:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-11 22:23 . 2009-11-11 22:23 -------- d-----w- c:\users\settimo\AppData\Roaming\Intel
2009-11-11 22:23 . 2009-11-11 22:23 -------- d-----w- c:\programdata\Roaming
2009-11-11 22:22 . 2009-11-11 22:22 -------- d-----w- c:\program files\Cisco
2009-11-11 22:22 . 2009-11-11 22:22 -------- d-----w- c:\program files\Common Files\Intel
2009-11-11 22:22 . 2009-11-11 22:22 -------- d-----w- c:\programdata\Intel
2009-11-10 09:28 . 2009-12-17 08:57 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 09:28 . 2009-12-17 08:57 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 09:28 . 2009-12-17 08:57 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 09:26 . 2009-12-17 08:57 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 14:29 . 2009-11-09 14:29 -------- d-----w- c:\program files\Usenet.nl
2009-11-09 10:20 . 2009-12-17 08:57 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-08 21:18 . 2009-11-08 21:18 -------- d-----w- c:\users\settimo\AppData\Roaming\Stegisoft
2009-11-06 14:24 . 2009-11-06 14:24 0 ----a-w- c:\programdata\RapidSolution\GUIcommon.dll
2009-11-06 08:59 . 2009-11-06 08:59 -------- d-----w- c:\program files\epson
2009-11-04 16:08 . 2009-11-04 16:08 -------- d-----w- c:\programdata\eBay
2009-11-03 13:07 . 2009-11-03 13:07 -------- d-----w- c:\program files\Common Files\Skype
2009-11-02 19:42 . 2009-10-28 22:11 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 13:03 . 2009-11-14 07:46 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-11-01 09:36 . 2009-11-01 09:36 -------- d-----w- c:\users\settimo\AppData\Roaming\Media Player Classic
2009-11-01 09:28 . 2009-11-01 09:28 -------- d-----w- c:\program files\ffdshow
2009-11-01 09:27 . 2009-11-01 09:26 4284535 ----a-w- c:\users\settimo\AppData\Roaming\ffdshow.exe
2009-11-01 09:27 . 2009-11-01 09:26 4284535 ----a-w- c:\users\settimo\AppData\Roaming\ffdshow.exe
2009-11-01 09:26 . 2009-11-01 09:26 642685 ----a-w- c:\users\settimo\AppData\Roaming\xvid.exe
2009-11-01 09:26 . 2009-11-01 09:26 642685 ----a-w- c:\users\settimo\AppData\Roaming\xvid.exe
2009-11-01 09:26 . 2009-11-01 09:26 2169915 ----a-w- c:\users\settimo\AppData\Roaming\Imgburn.exe
2009-11-01 09:26 . 2009-11-01 09:26 2169915 ----a-w- c:\users\settimo\AppData\Roaming\Imgburn.exe
2009-11-01 09:26 . 2009-11-01 09:25 4182178 ----a-w- c:\users\settimo\AppData\Roaming\Avisynth.exe
2009-11-01 09:26 . 2009-11-01 09:25 4182178 ----a-w- c:\users\settimo\AppData\Roaming\Avisynth.exe
2009-10-31 13:31 . 2009-10-31 13:31 -------- d-----w- c:\programdata\LightScribe
2009-10-31 13:27 . 2009-10-21 13:23 -------- d-----w- c:\users\settimo\AppData\Roaming\CyberLink
2009-10-31 12:09 . 2009-10-31 12:09 -------- d-----w- c:\users\settimo\AppData\Roaming\AVS4YOU
2009-10-31 12:09 . 2009-10-31 12:09 -------- d-----w- c:\programdata\AVS4YOU
2009-10-31 11:52 . 2009-10-31 11:52 -------- d-----w- c:\programdata\NtiDvdCopy
2009-10-30 10:11 . 2009-12-17 08:57 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-30 10:09 . 2009-12-17 08:57 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-29 23:08 . 2009-10-29 23:08 -------- d-----w- c:\programdata\Socusoft
2009-10-29 17:26 . 2009-10-29 17:24 -------- d-----w- c:\programdata\EPSON
2009-10-29 13:36 . 2009-10-29 13:36 -------- d-----w- c:\programdata\CanonCP
2009-10-28 15:26 . 2009-10-28 15:26 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-28 15:22 . 2008-04-14 21:15 -------- d-----w- c:\programdata\McAfee
2009-10-28 10:22 . 2009-10-28 10:22 49152 ----a-r- c:\windows\system32\inetwh32.dll
2009-10-28 10:22 . 2009-10-28 10:22 1044480 ----a-r- c:\windows\system32\roboex32.dll
2009-10-28 00:36 . 2009-12-17 08:57 1152444 ----a-w- c:\windows\UDB.zip
2009-10-27 13:20 . 2009-12-09 12:18 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 12:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-09 12:18 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-25 22:52 . 2009-10-25 22:52 -------- d-----w- c:\users\settimo\AppData\Roaming\vlc
2009-10-25 22:44 . 2009-10-25 22:44 -------- d-----w- c:\program files\VideoLAN
2009-10-25 19:59 . 2009-10-25 19:59 -------- d-----w- c:\program files\Pixarra
2009-10-21 18:28 . 2009-10-21 18:28 -------- d-----w- c:\users\settimo\AppData\Roaming\Macrovision
2009-10-21 14:11 . 2008-04-14 20:41 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-21 14:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-21 14:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"DesktopMaestro"="c:\program files\Desktop Maestro\RMTray.exe" [2008-08-01 288656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2009-12-17 2467]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETAUDIO.EXE]
backup=c:\windows\pss\SETAUDIO.EXE.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETRES.EXE]
backup=c:\windows\pss\SETRES.EXE.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [17/12/2009 9.57.36 207792]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [16/10/2009 21.03.04 41456]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [17/12/2009 9.57.40 112592]
R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18/02/2009 14.40.36 587216]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [15/04/2008 5.34.59 179712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 7.40.22 3668480]
R3 RRNetCapMP;RRNetCapMP;c:\windows\System32\drivers\rrnetcap.sys [26/11/2009 14.28.30 27168]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [15/04/2008 5.34.59 43008]
S3 RRNetCap;RRNetCap Service;c:\windows\System32\drivers\rrnetcap.sys [26/11/2009 14.28.30 27168]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/12/2009 9.57.30 359624]
.
------- Scansione supplementare -------
.
LSP: c:\windows\system32\INetHTTPFilter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 15:14
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\settimo\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3392)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Ora fine scansione: 2009-12-17 15:28:25
ComboFix-quarantined-files.txt 2009-12-17 14:28

Pre-Run: 73.742.274.560 byte disponibili
Post-Run: 75.599.003.648 byte disponibili

- - End Of File - - C7355F6D5184B46CA83C1D89C18319CB

Post Edited (jekyll) : 17-12-2009 14:42:27 GMT

Back to Top
 

jekyll
New Member


Date Joined Dec 2009
Total Posts : 4
 
   Posted 12/17/2009 4:50 PM (GMT +2)    Quote: PLEASE HELP ME!!! VIRUSS!!Alert an admin about: PLEASE HELP ME!!! VIRUSS!!
At the end comes out this:
this application has requested the runtime to terminate it in an unusual way please contact the application's support team for more information

The process is : PEV.cfxxe
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 12/19/2009 6:14 AM (GMT +2)    Quote: PLEASE HELP ME!!! VIRUSS!!Alert an admin about: PLEASE HELP ME!!! VIRUSS!!
Hello jekyll,

Sorry for the delay, but Touch and I both assist at many forums, so have to move around and respond to as many requests as possible. As a security measure for autorun infections ComboFix disabled autorun on drives, which is likely why the CD player does not seem to work automatically right now. Let's get some different views of things there then decide on the repairs needed.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Back to Top
 

jekyll
New Member


Date Joined Dec 2009
Total Posts : 4
 
   Posted 12/20/2009 12:46 AM (GMT +2)    Quote: PLEASE HELP ME!!! VIRUSS!!Alert an admin about: PLEASE HELP ME!!! VIRUSS!!
    jumpin jumpin jumpin    Thank you very much for your assistance but i made the restore of the computer. it wasn't so easy 'cause practicly the virus taked all the power of my account.all i could do was to look smhair . Because I could not disinstall programs, change the account to make changes to account access the internet access to certain programs freaked freaked freaked  anyway thank goodness I solved everything because I was desperate.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 12/20/2009 5:54 PM (GMT +2)    Quote: PLEASE HELP ME!!! VIRUSS!!Alert an admin about: PLEASE HELP ME!!! VIRUSS!!
Good that you were able to solve your problem, and thanks for posting back the update.
Back to Top
 
You cannot post new topics in this forum. Post reply to : PLEASE HELP ME!!! VIRUSS!! Printable version of : PLEASE HELP ME!!! VIRUSS!!
 
Forum Information
Currently it is Friday, October 31, 2014 5:07 PM (GMT +2)
There are a total of 60,718 posts in 13,336 threads.
In the last 3 days there were 2 new threads and 6 reply posts. View Active Threads
Who's Online
This forum has 36605 registered members. Please welcome our newest member, wayahpanas.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard dosent update to latest versions (20)10/31/2014 1:28:48 PM (klimek69)
Cheap Kitchens Newcastle (0)10/31/2014 11:45:29 AM (wayahpanas)
COMPUTER PROBLEMS (2)10/31/2014 3:00:32 AM (Deb1957)
Errors, warnings, infections, trojans and junk (35)10/28/2014 7:50:29 PM (Deb1957)