Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:38 μμ, on 6/11/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [XarkaToday] "C:\Program Files (x86)\Today Application\Today.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: TurboLaunch.lnk = C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\kbdnet.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: G Data Tuner Service - Unknown owner - (no file)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slmdmsr.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12369 bytes


what should i do next?

thnx a lot!!!! i apriciate this!!

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

it is in greek but i suppose you may know and understand the threats

if you dont please tell me to try to translate!

thnx!

Malwarebytes' Anti-Malware 1.41
Έκδοση βάσης δεδομένων: 3112
Windows 6.1.7600

6/11/2009 11:42:52 μμ
mbam-log-2009-11-06 (23-42-14).txt

Τύπος σάρωσης: Πλήρης σάρωση (C:\|)
Αντικείμενα που σαρώθηκαν: 257714
Χρόνος που έχει διανυθεί: 25 minute(s), 32 second(s)

Μολυσμένες διεργασίες στη μνήμη: 0
Μολυσμένα στοιχεία στη μνήμη: 1
Μολυσμένα κλειδιά στο μητρώο: 0
Μολυσμένες τιμές στο μητρώο: 1
Μολυσμένα αντικείμενα δεδομένων στο μητρώο: 2
Μολυσμένοι φάκελοι: 0
Μολυσμένα αρχεία: 7

Μολυσμένες διεργασίες στη μνήμη:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένα στοιχεία στη μνήμη:
C:\Windows\System32\kbdnet.dll (Spyware.Passwords) -> No action taken.

Μολυσμένα κλειδιά στο μητρώο:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένες τιμές στο μητρώο:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> No action taken.

Μολυσμένα αντικείμενα δεδομένων στο μητρώο:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: c:\windows\system32\kbdnet.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.Passwords) -> Data: system32\kbdnet.dll -> No action taken.

Μολυσμένοι φάκελοι:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένα αρχεία:
C:\oocbpnc.exe (Trojan.Waledac) -> No action taken.
C:\System Volume Information\_restore{B6186580-BDA1-4A6B-916A-0C126A6F3C3B}\RP110\A0082954.exe (Rootkit.TDSS) -> No action taken.
C:\Windows\System32\kbdnet.dll (Spyware.Passwords) -> No action taken.
C:\Windows\System32\mscert.dll (Spyware.Passwords) -> No action taken.
C:\Windows\SysWOW64\kbdnet.dll (Spyware.Passwords) -> No action taken.
C:\Windows\SysWOW64\mscert.dll (Spyware.Passwords) -> No action taken.
C:\Program Files (x86)\Adobe\acrotray.exe (Trojan.Agent) -> No action taken.

Please take action on those by clicking Remove Selected. And rebooting as necessary.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • Hidden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The
  log will be saved automatically in the same folder Sysprot.exe was
  extracted to. Open the text file and copy/paste the log here.
  

ok i think i ve done this

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found






is it ok? what next?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
winlogon.exe
comres.dll
crypt32.dll
gpedit.dll
rundll32.exe
sfc.dll
svchost.exe
cngaudit.dll
beep.sys
wscntfy.exe
atapi.sys


  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

ok

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 04:13 on 07/11/2009 by kostas (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\System32\scecli.dll --a--- 175616 bytes [23:33 13/07/2009] [01:16 14/07/2009] 26073302DAEA83CC5B944C546D6B47D2
C:\Windows\SysWOW64\scecli.dll --a--- 175616 bytes [23:33 13/07/2009] [01:16 14/07/2009] 26073302DAEA83CC5B944C546D6B47D2
C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll --a--- 232448 bytes [23:49 13/07/2009] [01:41 14/07/2009] 398712DDDAEFB85EDF61DF6A07B65C79
C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll --a--- 175616 bytes [23:33 13/07/2009] [01:16 14/07/2009] 26073302DAEA83CC5B944C546D6B47D2

Searching for "netlogon.dll"
C:\Windows\System32\netlogon.dll --a--- 563712 bytes [23:38 13/07/2009] [01:16 14/07/2009] EAA75D9000B71F10EEC04D2AE6C60E81
C:\Windows\SysWOW64\netlogon.dll --a--- 563712 bytes [23:38 13/07/2009] [01:16 14/07/2009] EAA75D9000B71F10EEC04D2AE6C60E81
C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll --a--- 692736 bytes [23:53 13/07/2009] [01:41 14/07/2009] 956D030D375F207B22FB111E06EF9C35
C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll --a--- 563712 bytes [23:38 13/07/2009] [01:16 14/07/2009] EAA75D9000B71F10EEC04D2AE6C60E81

Searching for "eventlog.dll"
No files found.

Searching for "winlogon.exe"
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe --a--- 389120 bytes [23:52 13/07/2009] [01:39 14/07/2009] 132328DF455B0028F13BF0ABEE51A63A

Searching for "comres.dll"
C:\Windows\System32\comres.dll --a--- 1297408 bytes [23:44 13/07/2009] [01:04 14/07/2009] 808D8A8B2A3074002852BC856D419576
C:\Windows\SysWOW64\comres.dll --a--- 1297408 bytes [23:44 13/07/2009] [01:04 14/07/2009] 808D8A8B2A3074002852BC856D419576
C:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll --a--- 1297408 bytes [23:59 13/07/2009] [01:26 14/07/2009] 1A47D52E303B7543E4E6026595B95422
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll --a--- 1297408 bytes [23:44 13/07/2009] [01:04 14/07/2009] 808D8A8B2A3074002852BC856D419576

Searching for "crypt32.dll"
C:\Windows\System32\crypt32.dll --a--- 1151488 bytes [23:34 13/07/2009] [01:15 14/07/2009] E6B5DE86ABF68D7D67E451C29287B5C5
C:\Windows\SysWOW64\crypt32.dll --a--- 1151488 bytes [23:34 13/07/2009] [01:15 14/07/2009] E6B5DE86ABF68D7D67E451C29287B5C5
C:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7600.16385_none_b764b382f784cd81\crypt32.dll --a--- 1454592 bytes [23:50 13/07/2009] [01:40 14/07/2009] 15B740D94BAD25467A297E75124D7EE2
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7600.16385_none_5b4617ff3f275c4b\crypt32.dll --a--- 1151488 bytes [23:34 13/07/2009] [01:15 14/07/2009] E6B5DE86ABF68D7D67E451C29287B5C5

Searching for "gpedit.dll"
C:\Windows\System32\gpedit.dll --a--- 951808 bytes [23:38 13/07/2009] [01:15 14/07/2009] F4CB9FF6AA4F0D3FBE707BE54BB05768
C:\Windows\SysWOW64\gpedit.dll --a--- 951808 bytes [23:38 13/07/2009] [01:15 14/07/2009] F4CB9FF6AA4F0D3FBE707BE54BB05768
C:\Windows\winsxs\amd64_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_2a271e3c7e986f2c\gpedit.dll --a--- 1000960 bytes [23:54 13/07/2009] [01:40 14/07/2009] CC532E5812B1ED7C24AFDAA8EFB8DBF3
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.1.7600.16385_none_ce0882b8c63afdf6\gpedit.dll --a--- 951808 bytes [23:38 13/07/2009] [01:15 14/07/2009] F4CB9FF6AA4F0D3FBE707BE54BB05768

Searching for "rundll32.exe"
C:\Windows\System32\rundll32.exe --a--- 44544 bytes [23:41 13/07/2009] [01:14 14/07/2009] 51138BEEA3E2C21EC44D0932C71762A8
C:\Windows\SysWOW64\rundll32.exe --a--- 44544 bytes [23:41 13/07/2009] [01:14 14/07/2009] 51138BEEA3E2C21EC44D0932C71762A8
C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_33fa4336c49b998b\rundll32.exe --a--- 45568 bytes [23:57 13/07/2009] [01:39 14/07/2009] DD81D91FF3B0763C392422865C9AC12E
C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7600.16385_none_d7dba7b30c3e2855\rundll32.exe --a--- 44544 bytes [23:41 13/07/2009] [01:14 14/07/2009] 51138BEEA3E2C21EC44D0932C71762A8

Searching for "sfc.dll"
C:\Windows\System32\sfc.dll --a--- 2560 bytes [23:15 13/07/2009] [01:10 14/07/2009] 40CAEEE0EAF1B8569F7C8DF6420F2CB9
C:\Windows\SysWOW64\sfc.dll --a--- 2560 bytes [23:15 13/07/2009] [01:10 14/07/2009] 40CAEEE0EAF1B8569F7C8DF6420F2CB9
C:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll --a--- 3072 bytes [23:25 13/07/2009] [01:33 14/07/2009] C6DCD1D11ED6827F05C00773C3E7053C
C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll --a--- 2560 bytes [23:15 13/07/2009] [01:10 14/07/2009] 40CAEEE0EAF1B8569F7C8DF6420F2CB9

Searching for "svchost.exe"
C:\Windows\System32\svchost.exe --a--- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\SysWOW64\svchost.exe --a--- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe --a--- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a--- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 12288 bytes [23:32 13/07/2009] [01:15 14/07/2009] 50BA656134F78AF64E4DD3C8B6FEFD7E
C:\Windows\SysWOW64\cngaudit.dll --a--- 12288 bytes [23:32 13/07/2009] [01:15 14/07/2009] 50BA656134F78AF64E4DD3C8B6FEFD7E
C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll --a--- 18944 bytes [23:49 13/07/2009] [01:40 14/07/2009] 86FE1B1F8FD42CD0DB641AB1CDB13093
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll --a--- 12288 bytes [23:32 13/07/2009] [01:15 14/07/2009] 50BA656134F78AF64E4DD3C8B6FEFD7E

Searching for "beep.sys"
C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys --a--- 6656 bytes [00:00 14/07/2009] [00:00 14/07/2009] 16A47CE2DECC9B099349A5F840654746

Searching for "wscntfy.exe"
No files found.

Searching for "atapi.sys"
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys --a--- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys --a--- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C

-=End Of File=-

you are great! you are really nice!! i m so greatfull!!

thank you for ever!!!

i don t know what else to say!! thnx!

it seems better

ie opens again
and firefox seems to act normal again

but i m not sure until you tell me... because i did again the test with malwarebytes again and clean everything and there was a different log than this i post here...this one here is before the cleaning....

anyway...you know!!

and i would really would like to know all these operations after malwarebytes what they are doing!!
do i have to ask somewhere? i would like to know just in case in the future...i always like knowing what i m doing!!

thnx anyway again!!!!

Please download a clean (original) copy of a system file you are missing, called eventlog.dll from HMOSLabs and save it to your Desktop. Do not open the file from its location as it is not possible to do.

Move the file to the following folder using Windows Explorer: C:\Windows\System32

==

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.41
Έκδοση βάσης δεδομένων: 3115
Windows 6.1.7600

7/11/2009 1:37:34 μμ
mbam-log-2009-11-07 (13-37-34).txt

Τύπος σάρωσης: Γρήγορη σάρωση
Αντικείμενα που σαρώθηκαν: 87204
Χρόνος που έχει διανυθεί: 2 minute(s), 3 second(s)

Μολυσμένες διεργασίες στη μνήμη: 0
Μολυσμένα στοιχεία στη μνήμη: 0
Μολυσμένα κλειδιά στο μητρώο: 0
Μολυσμένες τιμές στο μητρώο: 0
Μολυσμένα αντικείμενα δεδομένων στο μητρώο: 0
Μολυσμένοι φάκελοι: 0
Μολυσμένα αρχεία: 0

Μολυσμένες διεργασίες στη μνήμη:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένα στοιχεία στη μνήμη:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένα κλειδιά στο μητρώο:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένες τιμές στο μητρώο:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένα αντικείμενα δεδομένων στο μητρώο:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένοι φάκελοι:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένα αρχεία:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)


nothing found

Please download MGADiag.exe to your desktop.


Double-click MGADiag.exe and click Continue in the bottom right of the window to run the tool.

When it's done, capture a screenshot of the finished scan, and post that.

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document.

1. Press the Print screen key
2. Click the "Start" button (normally located in the bottom left of your screen).
3. Click "Run" & type "mspaint" (without quotes) & click the "OK" button.
4. Wait while the application "Paint" opens. Once it is open, proceed to the next step.
5. Click the "Edit" menu and select "Paste".
6. Click the "File" menu and select "Save As...". A dialog box will appear.
7. In the "File name" field, enter a name of your choice.
8. Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)".
9. Click the "Save" button.


Then, go to ImageShack, and upload the picture for me please.

http://img35.imageshack.us/i/screenshotly.jpg/


ok?

OK. Good. I saw "Unknown Windows" at the top of your HijackThis log, but I now realize that HijackThis does not quite recognize Windows 7.

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start> Type in Run and hit enter then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista or 7. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Click Start> Type in Run and hit enter

i didn t get it quite!!

what should i write in run?