Problem s virusom, valjda...

[ clapton @ 14.11.2010. 22:08 ] @

ComboFix 10-11-14.01 - dino 11/14/2010 23:02:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1724 [GMT 1:00]
Running from: c:\documents and settings\dino\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\dino\Application Data\chkntfs.dat
c:\documents and settings\dino\Application Data\Microsoft\stor.cfg
c:\documents and settings\dino\Application Data\Microsoft\svchost.exe
c:\documents and settings\dino\Application Data\Microsoft\Windows\shell.exe
c:\documents and settings\dino\Start Menu\Programs\Startup\chkntfs.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 15:01 . 2010-11-14 15:01 -------- d-----w- c:\program files\CCleaner
2010-11-14 14:54 . 2010-11-14 14:54 388096 ----a-r- c:\documents and settings\dino\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-14 14:54 . 2010-11-14 14:54 -------- d-----w- c:\program files\Trend Micro
2010-11-14 10:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 10:31 . 2010-11-14 10:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-14 10:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 03:10 . 2010-11-14 03:10 -------- d-----w- c:\documents and settings\dino\Application Data\Malwarebytes
2010-11-14 03:10 . 2010-11-14 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-09 02:12 . 2004-04-30 08:37 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2010-11-09 02:12 . 2004-04-30 08:33 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2010-11-09 02:12 . 2010-11-09 02:12 -------- d-----w- c:\program files\Alcohol Soft
2010-11-05 14:00 . 2010-11-05 14:00 -------- d-----w- c:\windows\Sun
2010-11-03 02:33 . 2010-11-03 02:37 -------- d-----w- c:\program files\Free Video Cutter
2010-11-03 02:23 . 2010-11-04 15:32 -------- d-----w- c:\program files\Pinnacle
2010-11-03 02:22 . 2010-11-03 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-11-03 02:21 . 2010-11-03 02:21 -------- d-----w- c:\documents and settings\dino\Local Settings\Application Data\Downloaded Installations
2010-11-02 19:52 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-11-02 19:52 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-11-02 19:50 . 2010-11-02 19:50 -------- d-----w- c:\program files\Microsoft Works
2010-11-02 19:49 . 2010-11-02 19:49 -------- d-----w- c:\program files\Microsoft.NET
2010-11-02 19:45 . 2010-11-02 19:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-11-02 19:44 . 2010-11-02 19:44 -------- d-----w- c:\documents and settings\dino\Local Settings\Application Data\Microsoft Help
2010-11-02 19:44 . 2010-11-02 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-11-01 22:42 . 2010-11-07 11:04 -------- d-----w- c:\documents and settings\dino\Application Data\vlc
2010-11-01 22:41 . 2010-11-01 22:41 -------- d-----w- c:\program files\VideoLAN
2010-10-28 14:41 . 2001-09-05 02:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2010-10-28 14:41 . 2001-09-05 02:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-10-28 14:41 . 2001-09-05 02:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-10-28 14:41 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-10-28 14:40 . 2005-04-02 21:45 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-10-28 14:40 . 2002-07-25 15:06 282624 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2010-10-28 14:40 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-10-28 14:40 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-10-28 14:40 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-10-28 14:40 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-10-28 14:40 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-10-28 14:40 . 2010-10-28 14:40 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-10-28 14:40 . 2010-10-28 14:40 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-10-28 14:40 . 2010-10-28 14:40 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-10-28 14:39 . 2007-06-21 22:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2010-10-28 14:39 . 2006-10-30 22:10 71840 ----a-w- c:\windows\system32\EPPicMgr.dll
2010-10-28 14:39 . 2006-10-30 22:10 120992 ----a-w- c:\windows\system32\EpPicPrt.dll
2010-10-28 14:39 . 2006-10-19 22:10 80024 ----a-w- c:\windows\system32\PICSDK.dll
2010-10-28 14:39 . 2006-10-19 22:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
2010-10-28 14:39 . 2007-04-10 18:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-10-28 14:39 . 2008-08-08 19:09 86528 ----a-w- c:\windows\system32\E_FLBFBE.DLL
2010-10-28 14:39 . 2007-12-07 19:01 78848 ----a-w- c:\windows\system32\E_FD4BFBE.DLL
2010-10-28 14:39 . 2010-10-28 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-10-28 14:04 . 2010-10-28 16:12 -------- d-----w- c:\documents and settings\dino\Application Data\EPSON
2010-10-28 14:03 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-10-28 14:03 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-28 13:48 . 2010-10-28 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2010-10-28 13:44 . 2010-10-28 14:40 -------- d-----w- c:\program files\Epson Software
2010-10-28 13:44 . 2010-10-28 15:01 -------- d-----w- c:\windows\SxsCaPendDel
2010-10-28 13:43 . 2010-10-28 13:43 -------- d-----w- c:\documents and settings\dino\Application Data\InstallShield
2010-10-28 13:25 . 2009-04-30 22:00 15872 ----a-w- c:\windows\system32\escdev.dll
2010-10-28 13:25 . 2009-04-30 22:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2010-10-28 13:25 . 2008-11-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2010-10-28 13:25 . 2010-10-28 14:41 -------- d-----w- c:\program files\epson
2010-10-22 21:29 . 2010-10-22 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2010-10-22 21:28 . 2010-11-09 02:09 -------- d-----w- c:\documents and settings\dino\Application Data\Sports Interactive
2010-10-22 21:28 . 2010-10-22 21:28 -------- d-----w- c:\documents and settings\dino\Local Settings\Application Data\Sports Interactive
2010-10-22 21:18 . 2010-10-22 21:22 -------- d--h--w- c:\program files\Zero G Registry
2010-10-22 21:17 . 2010-10-22 21:17 -------- d--h--w- c:\documents and settings\dino\InstallAnywhere
2010-10-21 19:07 . 2010-10-30 18:46 -------- d-----w- c:\documents and settings\dino\Application Data\vShare
2010-10-21 19:07 . 2010-10-21 19:07 -------- d-----w- c:\program files\vShare
2010-10-19 11:21 . 2010-10-19 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-10-19 11:16 . 2010-10-19 11:16 -------- d-----w- c:\windows\system32\LogFiles
2010-10-19 11:16 . 2004-08-03 21:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-10-19 11:16 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-10-19 11:16 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-19 11:13 . 2010-10-19 11:13 -------- d-----w- c:\documents and settings\dino\Application Data\Nokia
2010-10-19 11:03 . 2010-10-19 11:20 -------- d-----w- c:\documents and settings\dino\Local Settings\Application Data\Nokia
2010-10-19 11:03 . 2010-10-19 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-10-19 11:03 . 2010-10-19 12:07 -------- d-----w- c:\documents and settings\dino\Application Data\PC Suite
2010-10-19 11:02 . 2010-10-19 11:02 -------- d-----w- c:\program files\Common Files\Nokia
2010-10-16 13:11 . 2010-10-16 13:11 -------- d-----w- c:\program files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 15:57 . 2010-10-02 15:58 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-09-15 02:50 . 2010-10-02 19:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-10-02 19:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2006-06-26 01:19 . 2010-10-02 23:23 2388176 ----a-w- c:\program files\d3dx9_30.dll
.

------- Sigcheck -------

[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-02 328056]
"Google Update"="c:\documents and settings\dino\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-12 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 08:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Program files (new)\\pes2011.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program files (new)\\CS 1.6 v42 FULL\\hl.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program files (new)\\Football Manager 2011\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [11/9/2010 03:12 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [11/9/2010 03:12 5248]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/02 17:58];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [4/2/2010 08:11 87536]
R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\drivers\L6TPortGX.sys [10/2/2010 16:45 571264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/19/2010 12:01 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/19/2010 12:01 8320]
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-515967899-725345543-1003Core.job
- c:\documents and settings\dino\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 00:11]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-515967899-725345543-1003UA.job
- c:\documents and settings\dino\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-12 00:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df&t=1
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-HijackThis - c:\documents and settings\dino\Desktop\HiJack\HijackThis.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 23:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-14 23:08:01
ComboFix-quarantined-files.txt 2010-11-14 22:07

Pre-Run: 15,984,820,224 bytes free
Post-Run: 16,139,182,080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 176B55473BAD0C62670D8D45DCB3E2CC