EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

PLEASE HELP ME!!! VIRUSS!!

Posted 12/17/2009 11:02 AM
#81075
User avatar

jekyll Member

Date Joined Nov 2016
Total Posts: 4
I have vista and I am realy desperate. PLEASE HELP Ican't access to Internet Explorer. doesn't read the cd's ;can't make any changes to my account; can't dellete files ;can't move files to another directory ;

PLEASE HELP ME!!!!!!!!!!!!!!!!!!!!!!!!!!


ComboFix 09-12-16.05 - settimo 17/12/2009 15.04.51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3062.2039 [GMT 1:00]
Eseguito da: c:\users\settimo\Desktop\KittyFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\settimo\AppData\Roaming\.#

.
((((((((((((((((((((((((( Files Creati Da 2009-11-17 al 2009-12-17 )))))))))))))))))))))))))))))))))))
.

2009-12-17 11:41 . 2009-12-17 14:13 352288 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-17 11:28 . 2009-12-17 11:28 -------- d-----w- c:\windows\CheckSur
2009-12-17 11:27 . 2009-12-17 11:27 388096 ----a-r- c:\users\settimo\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-17 11:27 . 2009-12-17 11:27 -------- d-----w- c:\program files\TrendMicro
2009-12-17 11:25 . 2009-12-17 11:25 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-12-17 11:25 . 2009-12-17 11:25 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-17 11:25 . 2009-12-17 11:25 -------- d-----w- c:\program files\ParetoLogic
2009-12-17 08:54 . 2009-12-17 08:54 -------- d-----w- c:\programdata\RegCure
2009-12-17 08:54 . 2009-12-17 08:54 -------- d-----w- c:\program files\RegCure
2009-12-16 21:37 . 2009-12-16 21:37 -------- d-----w- c:\program files\Sophos
2009-12-16 15:14 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-12-15 20:20 . 2009-12-15 20:20 -------- d-----w- c:\programdata\Simply Super Software
2009-12-15 20:12 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 22:21 . 2009-12-13 22:21 -------- d-----w- C:\found.000
2009-12-12 13:37 . 2008-11-26 11:12 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-12-12 13:37 . 2008-11-26 11:12 227840 ----a-w- c:\windows\system32\Deco_32.dll
2009-12-12 13:36 . 2009-12-12 13:36 -------- d-----w- c:\programdata\onOne Software
2009-12-12 13:02 . 2009-12-12 13:02 -------- d-----w- c:\users\settimo\AppData\Roaming\Sierra Wireless
2009-12-12 12:58 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 12:58 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 12:58 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 12:57 . 2009-12-12 12:57 101504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-12-11 07:25 . 2009-12-11 07:25 -------- d-----w- c:\users\settimo\AppData\Roaming\FloodLightGames
2009-12-09 12:13 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 12:11 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 12:11 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-08 21:52 . 2009-12-08 21:52 476512 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\RadioRip.dll
2009-12-08 21:51 . 2009-12-08 21:51 169312 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgSoundclick.dll
2009-12-08 21:51 . 2009-12-08 21:51 111968 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgPandora.dll
2009-12-08 21:51 . 2009-12-08 21:51 128352 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgMyspace.dll
2009-12-08 21:51 . 2009-12-08 21:51 111968 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgLastfm.dll
2009-12-08 21:51 . 2009-12-08 21:51 132448 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgImeem.dll
2009-12-08 21:51 . 2009-12-08 21:51 99680 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgIJigg.dll
2009-12-08 21:51 . 2009-12-08 21:51 230752 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgHypemachine.dll
2009-12-08 21:51 . 2009-12-08 21:51 120160 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgGeneral.dll
2009-12-08 21:51 . 2009-12-08 21:51 87392 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgDefault.dll
2009-12-08 21:51 . 2009-12-08 21:51 140640 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\RadioRip\PlgDeezer.dll
2009-12-08 21:50 . 2009-12-08 21:50 495616 ----a-w- c:\programdata\RapidSolution\Radiotracker_2009\EncodingBackend\lame_enc.dll
2009-12-08 21:47 . 2009-12-08 21:47 -------- d-----w- c:\programdata\RapidSolution
2009-12-08 21:47 . 2009-12-08 21:47 -------- d-----w- c:\program files\RapidSolution
2009-12-08 21:43 . 2009-12-08 21:43 -------- d-----w- c:\users\settimo\AppData\Local\RapidSolution
2009-12-08 13:50 . 2009-12-08 13:50 -------- d-----w- c:\users\settimo\AppData\Local\Seven Zip
2009-11-30 14:23 . 2009-11-30 14:23 -------- d-----w- c:\users\settimo\AppData\Roaming\Template
2009-11-26 13:55 . 2009-12-13 19:39 -------- d-----w- c:\users\settimo\AppData\Roaming\Skype
2009-11-26 13:28 . 2009-11-26 13:28 27168 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2009-11-25 23:46 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 21:43 . 2009-12-17 14:01 -------- d-----w- c:\windows\system32\wbem\repository
2009-11-25 13:47 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 13:47 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 14:36 . 2009-11-24 14:36 -------- d-----w- c:\program files\Apple Software Update
2009-11-24 14:36 . 2009-11-24 14:36 -------- d-----w- c:\programdata\Apple
2009-11-19 23:02 . 2009-11-19 23:02 -------- d-----w- c:\users\settimo\AppData\Local\Apple
2009-11-19 16:59 . 2009-11-19 16:59 -------- d-----w- c:\users\settimo\{812c0364-1efe-45a7-b9d0-c506a2b8aaa1}
2009-11-19 11:50 . 2009-11-19 11:50 -------- d-----w- c:\users\settimo\AppData\Local\DiardSoftware
2009-11-19 11:47 . 2005-03-19 12:48 32768 ----a-w- c:\windows\PLUGIN.DLL
2009-11-19 11:47 . 2005-03-19 12:48 344064 ----a-w- c:\windows\MSVCRT40.DLL
2009-11-19 11:47 . 2005-03-19 12:48 274432 ----a-w- c:\windows\MSVCRT20.DLL
2009-11-19 11:47 . 2005-03-19 12:48 210944 ----a-w- c:\windows\MSVCRT10.DLL
2009-11-19 11:47 . 2005-03-19 12:48 278581 ----a-w- c:\windows\MSVCRT.DLL
2009-11-19 10:48 . 2009-11-19 10:48 -------- d-----w- c:\users\settimo\AppData\Local\Thinstall
2009-11-19 10:47 . 2009-11-19 10:47 -------- d-----w- c:\users\settimo\Library
2009-11-19 10:47 . 2009-11-19 10:47 -------- d-----w- c:\users\settimo\AppData\Roaming\com.adobe.ExMan
2009-11-18 22:56 . 2009-11-19 09:09 -------- d-----w- c:\programdata\FLEXnet
2009-11-18 21:24 . 2009-11-18 21:24 7680 ----a-w- c:\users\settimo\AppData\Roaming\Thinstall\FLIP Flash Album Deluxe 1.8\4000003500002i\XLiveUpdate.exe
2009-11-18 21:21 . 2009-11-19 16:58 -------- d--h--w- c:\program files\Temp
2009-11-17 21:19 . 2009-11-19 10:48 -------- d-----w- c:\users\settimo\AppData\Roaming\Thinstall
2009-11-17 20:22 . 2009-11-17 21:52 -------- d-----w- c:\users\settimo\AppData\Roaming\Desktop Maestro
2009-11-17 20:06 . 2009-12-17 09:10 -------- d-----w- c:\program files\Desktop Maestro
2009-11-17 19:54 . 2009-11-18 19:42 -------- d-----w- c:\users\settimo\AppData\Local\Mobile Master
2009-11-17 19:54 . 2009-11-17 21:09 -------- d-----w- c:\users\settimo\AppData\Roaming\Mobile Master
2009-11-17 19:48 . 2009-11-17 19:48 -------- d-----w- c:\users\settimo\AppData\Roaming\Jumping Bytes
2009-11-17 18:52 . 2009-11-17 18:52 -------- d-----w- c:\users\settimo\AppData\Roaming\Navigator
2009-11-17 18:52 . 2009-11-17 18:52 -------- d-----w- c:\programdata\Navigator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 14:06 . 2008-01-21 06:30 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-12-17 14:06 . 2008-01-21 06:30 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-12-17 12:35 . 2009-12-17 11:41 2204 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-17 11:25 . 2009-10-20 23:49 -------- d-----w- c:\programdata\ParetoLogic
2009-12-17 09:11 . 2009-12-17 08:57 -------- d-----w- c:\program files\Spyware Doctor
2009-12-17 08:57 . 2009-12-17 08:57 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-17 08:57 . 2009-10-27 20:08 -------- d-----w- c:\program files\Google
2009-12-17 08:57 . 2009-12-17 08:57 -------- d-----w- c:\users\settimo\AppData\Roaming\PC Tools
2009-12-17 08:57 . 2009-12-17 08:57 -------- d-----w- c:\programdata\PC Tools
2009-12-15 22:11 . 2008-04-14 20:19 -------- d-----w- c:\program files\Acer GameZone
2009-12-15 22:10 . 2009-11-11 22:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-15 22:08 . 2009-10-16 20:00 69272 ----a-w- c:\users\settimo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-15 21:56 . 2009-11-01 09:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-15 21:55 . 2009-10-31 15:56 -------- d-----w- c:\program files\Any Video Converter
2009-12-15 21:54 . 2008-04-14 20:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-15 21:48 . 2009-11-11 22:45 -------- d-----w- c:\users\settimo\AppData\Roaming\uTorrent
2009-12-15 18:25 . 2009-10-28 15:26 876576 --sha-w- c:\windows\system32\drivers\fidbox2(15).dat
2009-12-15 18:25 . 2009-10-28 15:26 7805984 --sha-w- c:\windows\system32\drivers\fidbox(14).dat
2009-12-13 22:13 . 2008-04-14 20:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 15:08 . 2009-11-03 13:11 -------- d-----w- c:\users\settimo\AppData\Roaming\skypePM
2009-12-13 11:14 . 2009-11-02 17:36 680 ----a-w- c:\users\settimo\AppData\Local\d3d9caps.dat
2009-12-11 22:47 . 2009-10-22 20:24 -------- d-----w- c:\users\settimo\AppData\Roaming\U3
2009-12-11 12:56 . 2009-11-09 14:29 -------- d-----w- c:\users\settimo\AppData\Roaming\Usenet.nl
2009-12-10 10:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 13:59 . 2008-04-14 21:23 -------- d-----w- c:\program files\Yahoo!
2009-12-08 13:56 . 2008-04-14 20:48 -------- d-----w- c:\program files\CyberLink
2009-12-08 13:56 . 2008-04-14 20:49 -------- d-----w- c:\programdata\CyberLink
2009-11-30 14:23 . 2009-11-30 14:23 0 ----a-w- c:\users\settimo\AppData\Roaming\wklnhst.dat
2009-11-26 13:54 . 2009-11-03 13:07 -------- d-----r- c:\program files\Skype
2009-11-26 13:54 . 2009-11-03 13:07 -------- d-----w- c:\programdata\Skype
2009-11-22 21:03 . 2009-11-22 21:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-18 21:21 . 2009-10-16 19:50 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-11-17 19:59 . 2009-11-17 19:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-11-16 23:15 . 2009-11-16 23:14 -------- d-----w- c:\users\settimo\AppData\Roaming\Real Desktop
2009-11-14 08:49 . 2009-11-04 16:08 -------- d-----w- c:\program files\eBay
2009-11-14 08:45 . 2009-10-31 12:07 -------- d-----w- c:\program files\AVS4YOU
2009-11-14 08:44 . 2009-10-31 12:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-14 08:27 . 2008-04-14 20:02 -------- d-----w- c:\program files\Intel
2009-11-12 22:46 . 2009-11-12 22:46 -------- d-----w- c:\users\settimo\AppData\Roaming\Symantec
2009-11-12 22:37 . 2009-11-12 22:37 -------- d-----w- c:\programdata\NortonSystemWorks
2009-11-12 22:36 . 2009-11-12 22:36 -------- d-----w- c:\programdata\Symantec
2009-11-12 21:58 . 2009-11-11 23:12 -------- d-----w- c:\users\settimo\AppData\Roaming\GlarySoft
2009-11-12 21:56 . 2008-04-14 21:02 -------- d-----w- c:\programdata\Microsoft Help
2009-11-12 21:55 . 2008-04-14 21:04 -------- d-----w- c:\program files\Microsoft Works
2009-11-12 21:26 . 2009-11-12 21:26 -------- d-----w- c:\program files\Driver-Soft
2009-11-11 23:15 . 2008-04-14 20:01 -------- d-----w- c:\programdata\NVIDIA
2009-11-11 22:25 . 2009-11-11 22:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-11 22:23 . 2009-11-11 22:23 -------- d-----w- c:\users\settimo\AppData\Roaming\Intel
2009-11-11 22:23 . 2009-11-11 22:23 -------- d-----w- c:\programdata\Roaming
2009-11-11 22:22 . 2009-11-11 22:22 -------- d-----w- c:\program files\Cisco
2009-11-11 22:22 . 2009-11-11 22:22 -------- d-----w- c:\program files\Common Files\Intel
2009-11-11 22:22 . 2009-11-11 22:22 -------- d-----w- c:\programdata\Intel
2009-11-10 09:28 . 2009-12-17 08:57 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 09:28 . 2009-12-17 08:57 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 09:28 . 2009-12-17 08:57 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 09:26 . 2009-12-17 08:57 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-09 14:29 . 2009-11-09 14:29 -------- d-----w- c:\program files\Usenet.nl
2009-11-09 10:20 . 2009-12-17 08:57 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-08 21:18 . 2009-11-08 21:18 -------- d-----w- c:\users\settimo\AppData\Roaming\Stegisoft
2009-11-06 14:24 . 2009-11-06 14:24 0 ----a-w- c:\programdata\RapidSolution\GUIcommon.dll
2009-11-06 08:59 . 2009-11-06 08:59 -------- d-----w- c:\program files\epson
2009-11-04 16:08 . 2009-11-04 16:08 -------- d-----w- c:\programdata\eBay
2009-11-03 13:07 . 2009-11-03 13:07 -------- d-----w- c:\program files\Common Files\Skype
2009-11-02 19:42 . 2009-10-28 22:11 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 13:03 . 2009-11-14 07:46 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-11-01 09:36 . 2009-11-01 09:36 -------- d-----w- c:\users\settimo\AppData\Roaming\Media Player Classic
2009-11-01 09:28 . 2009-11-01 09:28 -------- d-----w- c:\program files\ffdshow
2009-11-01 09:27 . 2009-11-01 09:26 4284535 ----a-w- c:\users\settimo\AppData\Roaming\ffdshow.exe
2009-11-01 09:27 . 2009-11-01 09:26 4284535 ----a-w- c:\users\settimo\AppData\Roaming\ffdshow.exe
2009-11-01 09:26 . 2009-11-01 09:26 642685 ----a-w- c:\users\settimo\AppData\Roaming\xvid.exe
2009-11-01 09:26 . 2009-11-01 09:26 642685 ----a-w- c:\users\settimo\AppData\Roaming\xvid.exe
2009-11-01 09:26 . 2009-11-01 09:26 2169915 ----a-w- c:\users\settimo\AppData\Roaming\Imgburn.exe
2009-11-01 09:26 . 2009-11-01 09:26 2169915 ----a-w- c:\users\settimo\AppData\Roaming\Imgburn.exe
2009-11-01 09:26 . 2009-11-01 09:25 4182178 ----a-w- c:\users\settimo\AppData\Roaming\Avisynth.exe
2009-11-01 09:26 . 2009-11-01 09:25 4182178 ----a-w- c:\users\settimo\AppData\Roaming\Avisynth.exe
2009-10-31 13:31 . 2009-10-31 13:31 -------- d-----w- c:\programdata\LightScribe
2009-10-31 13:27 . 2009-10-21 13:23 -------- d-----w- c:\users\settimo\AppData\Roaming\CyberLink
2009-10-31 12:09 . 2009-10-31 12:09 -------- d-----w- c:\users\settimo\AppData\Roaming\AVS4YOU
2009-10-31 12:09 . 2009-10-31 12:09 -------- d-----w- c:\programdata\AVS4YOU
2009-10-31 11:52 . 2009-10-31 11:52 -------- d-----w- c:\programdata\NtiDvdCopy
2009-10-30 10:11 . 2009-12-17 08:57 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-30 10:09 . 2009-12-17 08:57 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-29 23:08 . 2009-10-29 23:08 -------- d-----w- c:\programdata\Socusoft
2009-10-29 17:26 . 2009-10-29 17:24 -------- d-----w- c:\programdata\EPSON
2009-10-29 13:36 . 2009-10-29 13:36 -------- d-----w- c:\programdata\CanonCP
2009-10-28 15:26 . 2009-10-28 15:26 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-28 15:22 . 2008-04-14 21:15 -------- d-----w- c:\programdata\McAfee
2009-10-28 10:22 . 2009-10-28 10:22 49152 ----a-r- c:\windows\system32\inetwh32.dll
2009-10-28 10:22 . 2009-10-28 10:22 1044480 ----a-r- c:\windows\system32\roboex32.dll
2009-10-28 00:36 . 2009-12-17 08:57 1152444 ----a-w- c:\windows\UDB.zip
2009-10-27 13:20 . 2009-12-09 12:18 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 12:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-09 12:18 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-25 22:52 . 2009-10-25 22:52 -------- d-----w- c:\users\settimo\AppData\Roaming\vlc
2009-10-25 22:44 . 2009-10-25 22:44 -------- d-----w- c:\program files\VideoLAN
2009-10-25 19:59 . 2009-10-25 19:59 -------- d-----w- c:\program files\Pixarra
2009-10-21 18:28 . 2009-10-21 18:28 -------- d-----w- c:\users\settimo\AppData\Roaming\Macrovision
2009-10-21 14:11 . 2008-04-14 20:41 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-21 14:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-21 14:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"DesktopMaestro"="c:\program files\Desktop Maestro\RMTray.exe" [2008-08-01 288656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2009-12-17 2467]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETAUDIO.EXE]
backup=c:\windows\pss\SETAUDIO.EXE.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETRES.EXE]
backup=c:\windows\pss\SETRES.EXE.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [17/12/2009 9.57.36 207792]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [16/10/2009 21.03.04 41456]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [17/12/2009 9.57.40 112592]
R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18/02/2009 14.40.36 587216]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [15/04/2008 5.34.59 179712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 7.40.22 3668480]
R3 RRNetCapMP;RRNetCapMP;c:\windows\System32\drivers\rrnetcap.sys [26/11/2009 14.28.30 27168]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [15/04/2008 5.34.59 43008]
S3 RRNetCap;RRNetCap Service;c:\windows\System32\drivers\rrnetcap.sys [26/11/2009 14.28.30 27168]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/12/2009 9.57.30 359624]
.
------- Scansione supplementare -------
.
LSP: c:\windows\system32\INetHTTPFilter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-12-17 15:14
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\settimo\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3392)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Ora fine scansione: 2009-12-17 15:28:25
ComboFix-quarantined-files.txt 2009-12-17 14:28

Pre-Run: 73.742.274.560 byte disponibili
Post-Run: 75.599.003.648 byte disponibili

- - End Of File - - C7355F6D5184B46CA83C1D89C18319CB
Posted 12/17/2009 2:50 PM
#81079
User avatar

jekyll Member

Date Joined Nov 2016
Total Posts: 4
At the end comes out this:
this application has requested the runtime to terminate it in an unusual way please contact the application's support team for more information [/b]

The process is : PEV.cfxxe
Posted 12/19/2009 4:14 AM
#81131
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Hello jekyll,

Sorry for the delay, but Touch and I both assist at many forums, so have to move around and respond to as many requests as possible. As a security measure for autorun infections ComboFix disabled autorun on drives, which is likely why the CD player does not seem to work automatically right now. Let's get some different views of things there then decide on the repairs needed.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Posted 12/19/2009 10:46 PM
#81165
User avatar

jekyll Member

Date Joined Nov 2016
Total Posts: 4
:jumpin: :jumpin: :jumpin: Thank you very much for your assistance but i made the restore of the computer. it wasn't so easy 'cause practicly the virus taked all the power of my account.all i could do was to look :smhair: . Because I could not disinstall programs, change the account to make changes to account access the internet access to certain programs :freaked: :freaked: :freaked: anyway thank goodness I solved everything because I was desperate.
Posted 12/20/2009 3:54 PM
#81185
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Good that you were able to solve your problem, and thanks for posting back the update.
Post a reply
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, July 2, 2022, 12:30 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
49 Guest(s), 0 Registered Member(s) are currently online.