VIrus Win32/Bflient.K.Worm

Salut!

Pentru inceput posteaza un log HiJackThis in urmatorul tau raspuns.

:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Vlad\My Documents\Downloads\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmiode.exe
O4 - HKCU\..\Run: [bcservice] C:\Program Files\BitComet\bcservice.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-1659004503-1177238915-1417001333-1004\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Koss')
O4 - S-1-5-21-1659004503-1177238915-1417001333-1004 Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User 'Koss')
O4 - S-1-5-21-1659004503-1177238915-1417001333-1004 User Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User 'Koss')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5643 bytes

O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmiode.exe

File::
C:\WINDOWS\system32\msvmiode.exe

C:\WINDOWS\system32\msvmiode.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

ComboFix 10-09-06.03 - Vlad 09/07/2010  11:37:17.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1023.645 [GMT 3:00]
Running from: c:\documents and settings\Vlad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vlad\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\system32\msvmiode.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cfdrive32.exe
c:\windows\system32\74.exe

.
(((((((((((((((((((((((((   Files Created from 2010-08-07 to 2010-09-07  )))))))))))))))))))))))))))))))
.

2010-09-06 11:34 . 2010-09-06 11:34 19296 ----a-w- c:\documents and settings\Vlad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 10:15 . 2010-09-06 10:15 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\ESET
2010-09-06 09:14 . 2010-09-06 09:14 -------- d--h--w- c:\windows\$hf_mig$
2010-09-06 08:56 . 2010-09-06 08:56 -------- d-----w- c:\documents and settings\Vlad\Local Settings\Application Data\ESET
2010-09-06 08:55 . 2010-09-06 08:55 -------- d-----w- c:\windows\system32\LogFiles
2010-09-06 08:54 . 2010-09-06 08:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-09-06 08:43 . 2010-09-06 08:43 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-06 08:36 . 2010-09-06 08:43 -------- d-s---w- c:\documents and settings\Administrator.ASDASD
2010-09-05 21:11 . 2010-09-05 21:11 -------- d-----w- c:\program files\VideoLAN
2010-09-05 21:09 . 2010-09-05 21:09 -------- d-----w- c:\windows\system32\skin
2010-09-05 21:09 . 2010-09-05 21:09 -------- d-----w- c:\windows\system32\languages
2010-09-05 21:09 . 2010-09-05 21:09 -------- d-----w- c:\windows\system32\adv
2010-09-03 15:39 . 2010-09-03 15:39 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\DFX
2010-09-03 15:07 . 2010-09-03 15:07 -------- d-----w- c:\documents and settings\Vlad\Local Settings\Application Data\DFX
2010-09-03 15:06 . 2010-09-03 15:06 -------- d-----w- c:\program files\DFX
2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\SUPPORT_388945a0
2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\HelpAssistant
2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\Guest
2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\Administrator
2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\program files\Common Files\DFX
2010-09-03 11:50 . 2010-09-03 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-02 17:32 . 2010-09-02 17:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-02 17:29 . 2010-09-02 17:37 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\Adobe
2010-09-01 14:30 . 2010-09-01 14:39 -------- d-----w- C:\total drama world tour
2010-09-01 14:26 . 2010-09-01 14:26 503808 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-72ed5803-n\msvcp71.dll
2010-09-01 14:26 . 2010-09-01 14:26 499712 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-72ed5803-n\jmc.dll
2010-09-01 14:26 . 2010-09-01 14:26 348160 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-72ed5803-n\msvcr71.dll
2010-09-01 14:26 . 2010-09-01 14:26 61440 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31019b14-n\decora-sse.dll
2010-09-01 14:26 . 2010-09-01 14:26 12800 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31019b14-n\decora-d3d.dll
2010-09-01 12:28 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-31 14:50 . 2010-08-31 14:50 -------- d-----w- c:\windows\Sun
2010-08-31 14:50 . 2010-08-31 14:50 -------- d-----w- c:\program files\Common Files\Java
2010-08-31 14:50 . 2010-08-31 14:50 503808 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-70ac6d28-n\msvcp71.dll
2010-08-31 14:50 . 2010-08-31 14:50 499712 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-70ac6d28-n\jmc.dll
2010-08-31 14:50 . 2010-08-31 14:50 348160 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-70ac6d28-n\msvcr71.dll
2010-08-31 14:50 . 2010-08-31 14:50 61440 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-64a49991-n\decora-sse.dll
2010-08-31 14:50 . 2010-08-31 14:50 12800 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-64a49991-n\decora-d3d.dll
2010-08-31 14:50 . 2010-08-31 14:49 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-31 14:49 . 2010-08-31 14:49 -------- d-----w- c:\program files\Java
2010-08-30 22:52 . 2009-08-11 18:21 90112 ----a-w- c:\documents and settings\Koss\Application Data\BSplayer\AC3 Filter\spdif_test.exe
2010-08-30 22:52 . 2009-08-11 18:21 87552 ----a-w- c:\documents and settings\Koss\Application Data\BSplayer\AC3 Filter\ac3config.exe
2010-08-30 22:52 . 2009-08-11 18:21 1021440 ----a-w- c:\documents and settings\Koss\Application Data\BSplayer\AC3 Filter\ac3filter_intl.dll
2010-08-30 22:52 . 2010-03-22 11:52 697690 ----a-w- c:\documents and settings\Koss\Application Data\BSplayer\AC3 Filter\unins000.exe
2010-08-30 22:49 . 2010-09-01 22:19 -------- d-----w- c:\documents and settings\Koss\Application Data\BSplayer
2010-08-30 22:49 . 2010-08-30 22:49 -------- d-----w- c:\documents and settings\Koss\Application Data\BSplayer Pro
2010-08-30 22:27 . 2010-08-30 22:27 -------- d-----w- c:\program files\WinMend
2010-08-30 16:07 . 2010-09-06 23:34 -------- d-----w- c:\documents and settings\Koss\Application Data\uTorrent
2010-08-30 16:00 . 2010-08-30 16:00 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\Mozilla
2010-08-30 15:52 . 2010-09-06 12:53 -------- d-----w- c:\documents and settings\Koss\Application Data\Winamp
2010-08-30 15:51 . 2010-08-30 22:45 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\AskToolbar
2010-08-30 15:51 . 2010-09-01 12:41 19296 ----a-w- c:\documents and settings\Koss\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 15:50 . 2010-09-05 09:22 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\Yahoo
2010-08-30 15:50 . 2010-08-30 15:51 -------- d-----w- c:\documents and settings\Koss\Application Data\Yahoo!
2010-08-30 14:04 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-08-30 14:03 . 2004-08-03 22:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-30 14:03 . 2004-08-04 00:56 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-08-30 14:03 . 2004-08-04 00:56 32285 ----a-w- c:\windows\system32\HSFCISP2.dll
2010-08-30 14:03 . 2004-08-03 22:41 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-08-30 14:03 . 2004-08-03 22:41 1041536 ----a-w- c:\windows\system32\drivers\HSFDPSP2.sys
2010-08-30 14:03 . 2004-08-03 22:41 685056 ----a-w- c:\windows\system32\drivers\HSFCXTS2.sys
2010-08-30 14:03 . 2004-08-03 22:41 220032 ----a-w- c:\windows\system32\drivers\HSFBS2S2.sys
2010-08-30 14:02 . 2008-05-16 11:01 6108928 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-08-30 14:02 . 2008-05-16 11:01 6108928 ----a-w- c:\windows\system32\nv4_disp.dll
2010-08-30 14:02 . 2004-08-03 22:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-30 14:02 . 2004-08-03 22:59 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-08-30 14:02 . 2004-08-04 00:56 74240 ----a-w- c:\windows\system32\usbui.dll
2010-08-30 14:02 . 2004-08-03 23:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 08:34 . 2010-08-30 12:12 -------- d-----w- c:\documents and settings\Vlad\Application Data\uTorrent
2010-09-07 08:26 . 2010-08-30 11:55 0 ----a-w- c:\documents and settings\Vlad\client.dll
2010-09-06 08:43 . 2010-08-30 12:13 -------- d-----w- c:\program files\Ask.com
2010-09-06 08:08 . 2010-08-30 11:43 -------- d-----w- c:\program files\ESET
2010-09-05 09:21 . 2010-08-30 12:09 -------- d-----w- c:\program files\Yahoo!
2010-09-03 19:24 . 2010-08-30 12:08 -------- d-----w- c:\documents and settings\Vlad\Application Data\Winamp
2010-09-03 15:04 . 2010-08-30 12:08 -------- d-----w- c:\program files\Winamp
2010-09-01 00:32 . 2010-08-30 11:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-31 09:51 . 2010-08-30 12:12 -------- d-----w- c:\program files\uTorrent
2010-08-30 16:16 . 2010-08-30 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-30 12:31 . 2010-08-30 12:30 -------- d-----w- c:\documents and settings\Vlad\Application Data\Yahoo!
2010-08-30 12:30 . 2010-08-30 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-30 12:15 . 2010-08-30 12:15 0 ----a-w- c:\windows\nsreg.dat
2010-08-30 12:13 . 2010-08-30 12:12 -------- d-----w- c:\documents and settings\Vlad\Application Data\BSplayer
2010-08-30 12:12 . 2010-08-30 12:12 -------- d-----w- c:\documents and settings\Vlad\Application Data\BSplayer Pro
2010-08-30 12:12 . 2010-08-30 12:12 -------- d-----w- c:\program files\Webteh
2010-08-30 12:08 . 2010-08-30 12:08 -------- d-----w- c:\program files\Winamp Detect
2010-08-30 11:59 . 2010-08-30 11:59 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-30 11:52 . 2010-08-30 11:52 -------- d-----w- c:\program files\C-Media 3D Audio
2010-08-30 11:52 . 2010-08-30 11:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 11:52 . 2010-08-30 11:52 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-30 11:43 . 2010-08-30 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-08-30 11:38 . 2010-08-30 11:38 -------- d-----w- c:\program files\BitComet
2010-08-30 11:24 . 2010-08-30 11:24 -------- d-----w- c:\program files\microsoft frontpage
2010-08-30 11:20 . 2010-08-30 11:20 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-30 11:19 . 2010-08-30 11:19 -------- d-----w- c:\program files\Windows Media Connect 2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 13:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bcservice"="c:\program files\BitComet\bcservice.exe" [2008-01-11 2787689]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-30 328568]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Koss\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\Vlad\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\GAmes\\COunter-strike 1.6\\steamapps\\stanica_cristian\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27550:TCP"= 27550:TCP:BitComet 27550 TCP
"27550:UDP"= 27550:UDP:BitComet 27550 UDP

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960]
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:50]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Vlad\Application Data\Mozilla\Firefox\Profiles\kozv9b17.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- Firefox POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 11:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-09-07  11:41:44
ComboFix-quarantined-files.txt  2010-09-07 08:41

Pre-Run: 2,447,044,608 bytes free
Post-Run: 2,473,201,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 586314473B33BDA4E555CAA4AABAE971