هذا تقرير الكومبوفيكس
ComboFix 08-06-08.7 - Administrator 2008-06-09 12:47:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.968.1033.18.77 [GMT 4:00]
Running from: C:\Documents and Settings\Administrator.GH2007-A80566F6\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\tazebama
C:\Documents and Settings\Administrator\Application Data\tazebama\zPharaoh.dat
C:\Documents and Settings\FSH037\Application Data\HbTools
C:\Documents and Settings\FSH037\Application Data\HbTools\eskin\empty_bg_st.htm
C:\Documents and Settings\FSH037\Application Data\HbTools\eskin\FileManager.txt
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\1055531.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\1210754.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\1402514.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\1405095.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\1420235.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\2208948.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\2883904.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\2884334.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\2885069.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\566217.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\600583.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\625696.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\716566.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\805478.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\890068.sdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13546
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1369
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18721
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\19650
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\2021
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\20517
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\258537
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\3009
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35047
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\398397
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\40766
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\41999
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44730
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\48525
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\531510
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\54189
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\56815
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\56907
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\5749
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578081
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578140
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578150
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\591951
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64222
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64223
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64224
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64517
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6458
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6468
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68021
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\6915
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\73905
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\85062
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87304
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87385
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\90358
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95610
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\97499
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\99008
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\3291.dat
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar10.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar11.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar12.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar13.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar14.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar2.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar3.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar4.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar5.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar6.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar7.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar8.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar9.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_x.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtone.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\Documents and Settings\FSH037\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Documents and Settings\FSH037\Local Settings\Temporary Internet Files\loader.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.
2008-06-09 10:25 . 2008-03-01 17:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-09 10:25 . 2007-04-17 13:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-09 10:25 . 2007-03-08 09:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-09 10:25 . 2008-03-01 17:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-09 10:25 . 2008-03-01 17:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-09 10:25 . 2008-03-01 17:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-09 10:25 . 2008-03-01 17:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-09 10:25 . 2008-03-01 17:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-09 10:25 . 2008-02-22 14:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-09 07:43 . 2008-06-09 07:43 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Flood Light Games
2008-06-09 07:08 . 2008-06-09 07:08 <DIR> d----c--- C:\Documents and Settings\Administrator.GH2007-A80566F6\Application Data\Flood Light Games
2008-06-08 13:13 . 2008-06-08 13:13 1,169 --a------ C:\WINDOWS\Active Setup Log.BAK
2008-06-04 07:39 . 2008-06-09 13:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 07:39 . 2008-06-09 12:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-24 11:44 . 2008-05-24 11:44 91 --a------ C:\WINDOWS\pdf2rtf.INI
2008-05-24 11:41 . 2008-05-24 11:42 1,024 --a------ C:\WINDOWS\system32\pdf2word.DAT
2008-05-24 11:40 . 2008-05-24 11:40 <DIR> d-------- C:\Program Files\PDF2Word v1.6
2008-05-10 10:22 . 2008-05-10 10:37 <DIR> d----c--- C:\Documents and Settings\Administrator.GH2007-A80566F6\Application Data\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 03:42 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-09 03:29 --------- dc--a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-09 03:07 --------- d-----w C:\Program Files\MSN Games
2008-04-29 10:08 --------- d-----w C:\Program Files\IVT Corporation
2008-04-27 04:56 667 -c-ha-w C:\os848618.bin
2008-04-27 04:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 04:27 --------- d-----w C:\Program Files\Common Files\Adobe
2007-01-10 08:32 47,400 -c--a-w C:\Documents and Settings\Administrator.GH2007-A80566F6\Application Data\GDIPFONTCACHEV1.DAT
1998-12-08 23:53 99,840 -c--a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-08 23:53 70,144 -c--a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-08 23:53 48,640 -c--a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-08 23:53 31,744 -c--a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-08 23:53 186,368 -c--a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-08 23:53 17,920 -c--a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360]
"FlyAway"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 18:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 18:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 18:23 114688]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-10 13:02 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-13 12:59 77824]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 01:27 52848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-06-27 10:52:39 84]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabled
xpsp2res.dll,-22009
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e252fc7-1d49-11dc-acf5-101111111111}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{248584ad-debd-11dc-adce-000bcd30678b}]
\Shell\AutoRun\command - F:\8ng8w.com
\Shell\explore\Command - F:\8ng8w.com
\Shell\open\Command - F:\8ng8w.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f0a949c-efdd-11db-acdd-101111111111}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{452cbfb6-f97c-11dc-ade3-000bcd30678b}]
\Shell\AutoRun\command - F:\fooool.exe
\Shell\explore\Command - F:\fooool.exe
\Shell\open\Command - F:\fooool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b97b321-1e4a-11dd-ae10-000bcd30678b}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a713ff83-20a5-11dd-ae13-000bcd30678b}]
\Shell\AutoRun\command - F:\8ng8w.com
\Shell\explore\Command - F:\8ng8w.com
\Shell\open\Command - F:\8ng8w.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c44cf85e-601d-11dc-ad4c-101111111111}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8a45168-e4e7-11dc-add4-000bcd30678b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc1f3177-a88f-11dc-ad8b-000bcd30678b}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
.
s of the 'Scheduled Tasks' folder
"2008-02-16 05:16:37 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job"
- C:\PROGRA~1\NORTON~1\Navw32.exep/TASK:
"2008-06-09 09:22:19 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-06-09 13:17:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Real\RealPlayer\realplay.exe
.
**************************************************************************
.
Completion time: 2008-06-09 13:25:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 09:24:49
Pre-Run: 8,317,587,456 bytes free
Post-Run: 9,733,398,528 bytes free
297
