GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Virus Detected while browsing Yahoo Site

View previous topic View next topic Go down

Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Sun Dec 27, 2009 1:49 pm

Dear All,

I have encountered virus when i logged on to my Yahoo Account and i have closed the browser and again i wanted to sign in into my Yahoo account the alert stopped me.

Can anyone please help me in this regard.

Thanks

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Belahzur on Sun Dec 27, 2009 3:44 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Sun Dec 27, 2009 5:26 pm

i have followed your given instruction, but it didnt work may be my system has Windows Vista therefore it has another installation method.

Please download the current version of HijackThis from HERE

(I downloaded the HijackThis sofware from the given link)

•Double click and run the installer.

•It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

•After installing, you should get the user agreement, press accept and Hijack This will run.

(After installing i didnt get any user agreement, but during the installation i got that and i have accepted it)
•Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

(After installation i did do a system scan and save a log file, but i get a messege during the scan. and it says that due to some problems the scan has some problem)

After the scan i receive the log without any data and it is empty i dont know what to do now.

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Belahzur on Sun Dec 27, 2009 5:33 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Sun Dec 27, 2009 5:42 pm

DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by FANA at 18:38:19,04 on 27.12.2009
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1804 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Arcor\Arcor Wlan-Monitor 1.0\ArcorWlanUtility.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\FANA\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl8] "c:\program files\homecinema\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\homecinema\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [UpdatePPShortCut] "c:\program files\homecinema\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\homecinema\powerproducer" update "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "c:\program files\homecinema\youcam\muitransfer\muistartmenu.exe" "c:\program files\homecinema\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [UpdatePDRShortCut] "c:\program files\homecinema\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\homecinema\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [PlayMovie] "c:\program files\homecinema\playmovie\PMVService.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\arcorw~1.lnk - c:\program files\arcor\arcor wlan-monitor 1.0\ArcorWlanUtility.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [You must be registered and logged in to see this link.]
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-19 114768]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\homecinema\playmovie\000.fcl [2008-12-11 61424]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\homecinema\powerdvd8\000.fcl [2008-10-7 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-1-19 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-19 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-19 352920]
R3 DCamUSBGene;Genesys Logic USB2.0 PC Camera;c:\windows\system32\drivers\USBGENE.sys [2008-12-9 175360]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-12-9 436224]
S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-19 30192]

=============== Created Last 30 ================

2009-12-27 17:14:12 0 d-----w- c:\program files\TrendMicro
2009-12-24 12:27:49 0 d-----w- c:\windows\system32\AGEIA
2009-12-24 12:18:15 5810782208 ----a-w- c:\users\fana\rld-nfss.iso
2009-12-23 21:12:52 0 d-----w- c:\program files\Sun
2009-12-23 13:53:38 0 d-----w- c:\users\fana\appdata\roaming\Malwarebytes
2009-12-23 13:53:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 13:53:32 0 d-----w- c:\programdata\Malwarebytes
2009-12-23 13:53:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 13:53:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 11:05:46 0 d-----w- c:\program files\Windows Portable Devices
2009-12-15 11:05:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-15 09:55:04 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-15 09:55:04 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-15 09:55:04 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-15 09:53:50 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-15 09:52:36 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-15 09:52:36 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-15 09:52:36 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-14 21:14:51 0 d-----w- c:\windows\system32\eu-ES
2009-12-14 21:14:51 0 d-----w- c:\windows\system32\ca-ES
2009-12-14 21:14:50 0 d-----w- c:\windows\system32\vi-VN
2009-12-14 17:45:14 0 d-----w- c:\windows\system32\EventProviders
2009-12-09 12:00:14 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 12:00:13 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 12:00:13 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-03 15:04:16 57667 ----a-w- c:\windows\system32\ieuinit.inf

==================== Find3M ====================

2009-12-27 16:58:56 618442 ----a-w- c:\windows\system32\perfh007.dat
2009-12-27 16:58:56 122842 ----a-w- c:\windows\system32\perfc007.dat
2009-12-27 13:10:22 96840 ----a-w- c:\programdata\nvModes.dat
2009-12-23 21:11:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 11:05:38 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-15 11:05:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-15 11:05:38 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-15 11:05:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-14 18:01:09 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-24 23:49:48 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-07 11:36:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2008-12-09 19:13:15 36916 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
2008-12-09 19:13:15 36916 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
2008-12-09 19:13:15 290748 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
2008-12-09 19:13:15 290748 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-12 13:12:13 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:39:26,12 ===============

Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 19.01.2009 12:05:26
System Uptime: 27.12.2009 17:52:25 (1 hours ago)

Motherboard: Medion | | P7610
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | U2E1 | 2167/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 279 GiB total, 148,439 GiB free.
D: is FIXED (FAT32) - 20 GiB total, 1,881 GiB free.
E: is CDROM ()
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9 - Deutsch
Adobe Shockwave Player 11
Arcor Wlan-Monitor 1.0
AutoUpdate
avast! Antivirus
AVIcodec (remove only)
Azurewave Wireless LAN
Compatibility Pack für 2007 Office System
Corel MediaOne
CorelDRAW Essential Edition 3
CyberLink MakeDisc
CyberLink MediaShow
CyberLink PhotoNow
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
DE
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
Genesys Logic PC Camera Device
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
H.264 Decoder
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java DB 10.4.2.1
Java(TM) 6 Update 17
Java(TM) SE Development Kit 6 Update 17
Junk Mail filter update
K-Lite Mega Codec Pack 4.7.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [DEU]
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
Move Networks Media Player for Internet Explorer
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed™ SHIFT
Nero 8 Essentials
neroxml
NVIDIA Drivers
NVIDIA PhysX
Picasa 2
Play Movie
Pro Evolution Soccer 2009
Pro Evolution Soccer 2010
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Rhapsody Player Engine
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype 3.0
Skype Plugin Manager
SopCast 3.0.3
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update Manager
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Veoh Video Compass
Veoh Web Player
VirtualCloneDrive
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
WinRAR
WISO Mein Geld 2009 Professional
WISO Sparbuch 2009
Yahoo! Messenger
Yahoo! Toolbar

==== End Of File ===========================

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Belahzur on Sun Dec 27, 2009 6:18 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Sun Dec 27, 2009 7:12 pm

thanks for the guide.

but right now i cant disable my AV for short time and it is AVAST and the AV is asking the password and i dont have it right now

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Sun Dec 27, 2009 8:17 pm

here is the report that you needed, but unfortunately i couldnt stop my AV for short time because i couldnt find the password for AV.

ComboFix 09-12-26.05 - FANA 27.12.2009 21:04:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1866 [GMT 1:00]
ausgeführt von:: c:\users\FANA\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2009-11-27 bis 2009-12-27 ))))))))))))))))))))))))))))))
.

2009-12-27 20:11 . 2009-12-27 20:11 -------- d-----w- c:\users\FANA\AppData\Local\temp
2009-12-27 20:11 . 2009-12-27 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-27 17:14 . 2009-12-27 17:14 388096 ----a-r- c:\users\FANA\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-27 17:14 . 2009-12-27 17:14 -------- d-----w- c:\program files\TrendMicro
2009-12-24 12:27 . 2009-12-24 12:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-24 12:27 . 2009-12-24 12:27 -------- d-----w- c:\windows\system32\AGEIA
2009-12-23 21:12 . 2009-12-23 21:12 -------- d-----w- c:\program files\Sun
2009-12-23 21:10 . 2009-12-23 21:11 -------- d-----w- c:\program files\Java
2009-12-23 13:53 . 2009-12-23 13:53 -------- d-----w- c:\users\FANA\AppData\Roaming\Malwarebytes
2009-12-23 13:53 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 13:53 . 2009-12-23 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 13:53 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 11:05 . 2009-12-15 11:05 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-15 09:55 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-15 09:55 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-15 09:55 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-15 09:53 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-15 09:53 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-12-15 09:53 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-15 09:53 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-12-15 09:53 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-12-15 09:53 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-15 09:53 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-12-15 09:53 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-12-15 09:53 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-12-15 09:53 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-12-15 09:53 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-12-15 09:53 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-12-15 09:52 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-15 09:52 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-15 09:52 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-14 21:14 . 2009-12-14 22:35 -------- d-----w- c:\windows\system32\ca-ES
2009-12-14 21:14 . 2009-12-14 22:35 -------- d-----w- c:\windows\system32\eu-ES
2009-12-14 21:14 . 2009-12-14 22:35 -------- d-----w- c:\windows\system32\vi-VN
2009-12-14 17:45 . 2009-12-14 17:45 -------- d-----w- c:\windows\system32\EventProviders
2009-12-09 12:00 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 12:00 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 12:00 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 16:58 . 2008-12-09 19:13 618442 ----a-w- c:\windows\system32\perfh007.dat
2009-12-27 16:58 . 2008-12-09 19:13 122842 ----a-w- c:\windows\system32\perfc007.dat
2009-12-27 16:47 . 2009-02-04 12:48 -------- d-----w- c:\program files\GETrans
2009-12-24 12:30 . 2009-12-24 12:30 -------- d-----w- c:\program files\Electronic Arts
2009-12-23 21:11 . 2008-12-09 12:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-23 20:55 . 2009-11-12 13:02 -------- d-----w- c:\program files\BitComet
2009-12-23 20:54 . 2009-03-19 14:23 -------- d-----w- c:\program files\uTorrent
2009-12-23 20:54 . 2009-03-19 14:22 -------- d-----w- c:\users\FANA\AppData\Roaming\uTorrent
2009-12-21 13:27 . 2009-02-07 22:16 7592 ----a-w- c:\users\FANA\AppData\Local\d3d9caps.dat
2009-12-15 11:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-15 11:05 . 2009-12-15 11:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-14 22:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-08 20:24 . 2009-11-20 20:10 -------- d-----w- c:\users\FANA\AppData\Roaming\DivX
2009-11-24 23:54 . 2009-01-19 12:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-01-19 12:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-01-19 12:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-01-19 12:22 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-01-19 12:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-01-19 12:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-01-19 12:22 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 09:35 . 2009-01-19 11:12 78784 ----a-w- c:\users\FANA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 06:40 . 2009-12-09 11:07 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 11:07 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 11:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 11:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 19:58 . 2009-11-20 19:58 -------- d-----w- c:\program files\DivX
2009-11-20 19:58 . 2008-12-09 06:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-20 19:58 . 2009-11-20 19:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-19 21:15 . 2009-01-21 12:34 -------- d-----w- c:\program files\KONAMI
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 15:46 . 2008-12-09 12:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-07 08:52 . 2008-12-09 06:34 -------- d-----w- c:\program files\Microsoft Works
2009-11-07 07:53 . 2008-12-09 05:59 -------- d-----w- c:\program files\Windows Live
2009-11-07 07:49 . 2009-11-07 07:49 -------- d-----w- c:\program files\Microsoft
2009-11-07 07:48 . 2009-11-07 07:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-07 07:42 . 2009-11-07 07:42 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-02 19:42 . 2009-10-03 11:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 14:37 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-07 11:36 . 2009-12-09 11:07 243712 ----a-w- c:\windows\system32\rastls.dll
2008-11-12 13:12 . 2008-11-12 13:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-25 6691360]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-29 13560352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-29 92704]
"RemoteControl8"="c:\program files\HomeCinema\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"PlayMovie"="c:\program files\HomeCinema\PlayMovie\PMVService.exe" [2008-10-21 172032]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Arcor Wlan-Monitor 1.0.lnk - c:\program files\Arcor\Arcor Wlan-Monitor 1.0\ArcorWlanUtility.exe [2007-11-9 5050368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-19 11:11 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-10-14 09:57 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-19 11:11 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,b8,86,ab,0e,7d,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [19.01.2009 13:22 114768]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [11.12.2008 10:45 61424]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\HomeCinema\PowerDVD8\000.fcl [07.10.2008 20:31 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [19.01.2009 13:22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [19.01.2009 13:22 53328]
R3 DCamUSBGene;Genesys Logic USB2.0 PC Camera;c:\windows\System32\drivers\USBGENE.sys [09.12.2008 12:53 175360]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [09.12.2008 13:05 436224]
S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19.01.2009 12:11 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [You must be registered and logged in to see this link.]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-BullGuard - c:\program files\BullGuard Ltd\BullGuard\bullguard.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-27 21:11
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD8\000.fcl"
.
Zeit der Fertigstellung: 2009-12-27 21:14:07
ComboFix-quarantined-files.txt 2009-12-27 20:14

Vor Suchlauf: 9 Verzeichnis(se), 156.916.703.232 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 157.413.371.904 Bytes frei

- - End Of File - - 2255F7EFEB45E98C9E7EC22A4099CF16

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Sun Dec 27, 2009 8:58 pm

here is the exact one, but still i couldnt turn my AV off for short time

ComboFix 09-12-26.05 - FANA 27.12.2009 21:34:11.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1599 [GMT 1:00]
ausgeführt von:: c:\users\FANA\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((( Dateien erstellt von 2009-11-27 bis 2009-12-27 ))))))))))))))))))))))))))))))
.

2009-12-27 20:41 . 2009-12-27 20:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-27 20:41 . 2009-12-27 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-27 17:14 . 2009-12-27 17:14 388096 ----a-r- c:\users\FANA\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-27 17:14 . 2009-12-27 17:14 -------- d-----w- c:\program files\TrendMicro
2009-12-24 12:27 . 2009-12-24 12:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-24 12:27 . 2009-12-24 12:27 -------- d-----w- c:\windows\system32\AGEIA
2009-12-23 21:12 . 2009-12-23 21:12 -------- d-----w- c:\program files\Sun
2009-12-23 21:10 . 2009-12-23 21:11 -------- d-----w- c:\program files\Java
2009-12-23 13:53 . 2009-12-23 13:53 -------- d-----w- c:\users\FANA\AppData\Roaming\Malwarebytes
2009-12-23 13:53 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 13:53 . 2009-12-23 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-23 13:53 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-15 11:05 . 2009-12-15 11:05 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-15 09:55 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-15 09:55 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-15 09:55 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-15 09:53 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-12-15 09:53 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-12-15 09:53 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-15 09:53 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-12-15 09:53 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-12-15 09:53 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-12-15 09:53 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-12-15 09:53 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-12-15 09:53 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-12-15 09:53 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-12-15 09:53 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-12-15 09:53 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-12-15 09:52 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-15 09:52 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-15 09:52 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-14 21:14 . 2009-12-14 22:35 -------- d-----w- c:\windows\system32\ca-ES
2009-12-14 21:14 . 2009-12-14 22:35 -------- d-----w- c:\windows\system32\eu-ES
2009-12-14 21:14 . 2009-12-14 22:35 -------- d-----w- c:\windows\system32\vi-VN
2009-12-14 17:45 . 2009-12-14 17:45 -------- d-----w- c:\windows\system32\EventProviders
2009-12-09 12:00 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 12:00 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 12:00 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 16:58 . 2008-12-09 19:13 618442 ----a-w- c:\windows\system32\perfh007.dat
2009-12-27 16:58 . 2008-12-09 19:13 122842 ----a-w- c:\windows\system32\perfc007.dat
2009-12-27 16:47 . 2009-02-04 12:48 -------- d-----w- c:\program files\GETrans
2009-12-24 12:30 . 2009-12-24 12:30 -------- d-----w- c:\program files\Electronic Arts
2009-12-23 21:11 . 2008-12-09 12:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-23 20:55 . 2009-11-12 13:02 -------- d-----w- c:\program files\BitComet
2009-12-23 20:54 . 2009-03-19 14:23 -------- d-----w- c:\program files\uTorrent
2009-12-23 20:54 . 2009-03-19 14:22 -------- d-----w- c:\users\FANA\AppData\Roaming\uTorrent
2009-12-21 13:27 . 2009-02-07 22:16 7592 ----a-w- c:\users\FANA\AppData\Local\d3d9caps.dat
2009-12-15 11:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-15 11:05 . 2009-12-15 11:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-14 22:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-14 22:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-08 20:24 . 2009-11-20 20:10 -------- d-----w- c:\users\FANA\AppData\Roaming\DivX
2009-11-24 23:54 . 2009-01-19 12:22 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2009-01-19 12:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-01-19 12:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-01-19 12:22 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2009-01-19 12:23 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-01-19 12:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-01-19 12:22 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 09:35 . 2009-01-19 11:12 78784 ----a-w- c:\users\FANA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-21 06:40 . 2009-12-09 11:07 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 11:07 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 11:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 11:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 19:58 . 2009-11-20 19:58 -------- d-----w- c:\program files\DivX
2009-11-20 19:58 . 2008-12-09 06:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-20 19:58 . 2009-11-20 19:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-19 21:15 . 2009-01-21 12:34 -------- d-----w- c:\program files\KONAMI
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-07 15:46 . 2008-12-09 12:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-07 08:52 . 2008-12-09 06:34 -------- d-----w- c:\program files\Microsoft Works
2009-11-07 07:53 . 2008-12-09 05:59 -------- d-----w- c:\program files\Windows Live
2009-11-07 07:49 . 2009-11-07 07:49 -------- d-----w- c:\program files\Microsoft
2009-11-07 07:48 . 2009-11-07 07:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-07 07:42 . 2009-11-07 07:42 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-02 19:42 . 2009-10-03 11:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 14:37 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-07 11:36 . 2009-12-09 11:07 243712 ----a-w- c:\windows\system32\rastls.dll
2008-11-12 13:12 . 2008-11-12 13:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-25 6691360]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-29 13560352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-29 92704]
"RemoteControl8"="c:\program files\HomeCinema\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"PlayMovie"="c:\program files\HomeCinema\PlayMovie\PMVService.exe" [2008-10-21 172032]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Arcor Wlan-Monitor 1.0.lnk - c:\program files\Arcor\Arcor Wlan-Monitor 1.0\ArcorWlanUtility.exe [2007-11-9 5050368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-19 11:11 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-10-14 09:57 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-19 11:11 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,b8,86,ab,0e,7d,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [19.01.2009 13:22 114768]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [11.12.2008 10:45 61424]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\HomeCinema\PowerDVD8\000.fcl [07.10.2008 20:31 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [19.01.2009 13:22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [19.01.2009 13:22 53328]
R3 DCamUSBGene;Genesys Logic USB2.0 PC Camera;c:\windows\System32\drivers\USBGENE.sys [09.12.2008 12:53 175360]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [23.12.2009 14:53 38224]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [09.12.2008 13:05 436224]
S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19.01.2009 12:11 30192]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-27 21:41
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD8\000.fcl"
.
Zeit der Fertigstellung: 2009-12-27 21:43:59
ComboFix-quarantined-files.txt 2009-12-27 20:43
ComboFix2.txt 2009-12-27 20:14

Vor Suchlauf: 12 Verzeichnis(se), 157.426.282.496 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 157.408.800.768 Bytes frei

- - End Of File - - 41E30B419624CE7D0B2341C7A9B43154

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Belahzur on Sun Dec 27, 2009 9:14 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\BitComet
    c:\program files\uTorrent
    c:\users\FANA\AppData\Roaming\uTorrent


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Sun Dec 27, 2009 9:24 pm

Here is the Copy of Result Window:

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.1.4.0 log created on 12272009_222117


Here is the result of Log:

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.1.4.0 log created on 12272009_222117

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Belahzur on Sun Dec 27, 2009 9:36 pm

I think you missed the colon in front of files, or missed :files as the top line altogether. Goofy Re-run it, include :files and see what log you get this time.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Sun Dec 27, 2009 9:43 pm

here is the Copy of Results:

========== FILES ==========
File/Folder c:\program files\BitComet not found.
File/Folder c:\program files\uTorrent not found.
File/Folder c:\users\FANA\AppData\Roaming\uTorrent not found.

OTM by OldTimer - Version 3.1.4.0 log created on 12272009_224209

and here is the copy of Log:

========== FILES ==========
File/Folder c:\program files\BitComet not found.
File/Folder c:\program files\uTorrent not found.
File/Folder c:\users\FANA\AppData\Roaming\uTorrent not found.

OTM by OldTimer - Version 3.1.4.0 log created on 12272009_224209

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Belahzur on Sun Dec 27, 2009 10:57 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Mon Dec 28, 2009 11:42 am

i have done this, buttttttttt still i am having the problem.

When i am browsing some website, i receive AV alert that i cant browse the site and suddenly i am disconnected from net.

these sites were previous save ones and they are such as, Eurosport.yahoo.com

Yahoo.com (when i sign in i receive threat)

can you please reply me faster and help me in this regard.

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Belahzur on Mon Dec 28, 2009 1:37 pm

What browser are you using?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus Detected while browsing Yahoo Site

Post by Ahmad Fawad Habib on Mon Dec 28, 2009 1:45 pm

Internet Explorer

Ahmad Fawad Habib
Novice
Novice

Status :
Online
Offline

Posts : 28
Joined : 2009-12-23
Gender : Male
OS : Windows Vista
Points : 25683
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum