لحظات ويكون عندك
عزيزي ماكس
جزاك الله خير عزيزي ماكس
تم حلها..!
وهذا التقرير
ComboFix 08-09-16.05 - user 09/18/2008 3:09:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.859 [GMT 3:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 00:11 344,096 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-18 00:11 3,304 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-18 00:11 15,960 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-18 00:11 1,770,528 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-18 00:10 --------- d-----w C:\Documents and Settings\user\Application Data\DMCache
2008-09-17 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-17 23:14 --------- d-----w C:\Documents and Settings\user\Application Data\cleaner
2008-09-17 01:42 --------- d-----w C:\Program Files\Windows Defender
2008-09-16 20:01 --------- d-----w C:\Program Files\LtUcx
2008-09-16 19:58 --------- d-----w C:\Program Files\Trend Micro
2008-09-16 18:19 --------- d-----w C:\Program Files\Avira
2008-09-16 18:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-09-16 17:53 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-16 17:41 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-16 17:40 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-16 17:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 16:59 --------- d-----w C:\Documents and Settings\user\Application Data\IDM
2008-09-15 16:53 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-15 14:15 --------- d-----w C:\Program Files\MSXML 6.0
2008-09-15 02:55 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-09-14 21:11 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-09-14 17:45 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer
2008-09-14 14:47 --------- d-----w C:\Program Files\Webteh
2008-09-14 14:47 --------- d-----w C:\Documents and Settings\user\Application Data\BSplayer Pro
2008-09-14 11:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-13 20:53 --------- d-----w C:\Program Files\FRISK Software
2008-09-13 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-13 15:18 --------- d-----w C:\Program Files\Faronics
2008-09-13 14:44 --------- d-----w C:\Program Files\ViStart
2008-09-12 20:13 --------- d-----w C:\Program Files\WinASO
2008-09-12 10:44 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-09-11 16:00 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-11 16:00 --------- d-----w C:\Program Files\Common Files\Real
2008-09-11 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-11 03:51 --------- d-----w C:\Program Files\QuickTime
2008-09-11 03:43 --------- d-----w C:\Documents and Settings\user\Application Data\Apple Computer
2008-09-10 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\FRISK Software
2008-09-10 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-10 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-09-10 16:44 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-10 16:44 --------- d-----w C:\Program Files\ACD Systems
2008-09-10 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-10 16:12 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-09 03:04 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-09-08 14:52 --------- d-----w C:\Documents and Settings\user\Application Data\Malwarebytes
2008-09-08 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 23:34 --------- d-----w C:\Documents and Settings\user\Application Data\TeamViewer
2008-09-07 22:59 --------- d-----w C:\Program Files\UltraISO
2008-09-07 22:56 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-09-07 03:24 --------- d-----w C:\Documents and Settings\user\Application Data\ViStart
2008-09-06 22:46 --------- d-----w C:\Program Files\Windows Live
2008-09-06 20:00 --------- d-----w C:\Documents and Settings\user\Application Data\FRISK Software
2008-09-06 01:06 --------- d-----w C:\Program Files\TechSmith
2008-09-05 22:10 --------- d-----w C:\Program Files\MessengerDiscovery
2008-09-05 19:01 --------- d-----w C:\Documents and Settings\user\Application Data\URSoft
2008-09-04 22:11 --------- d-----w C:\Program Files\Hotspot Shield
2008-09-04 19:42 --------- d-----w C:\Documents and Settings\user\Application Data\Thinstall
2008-09-04 18:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-04 03:42 --------- d-----w C:\Documents and Settings\user\Application Data\ACD Systems
2008-09-04 02:40 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-09-04 02:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-09-04 01:17 --------- d-----w C:\Documents and Settings\user\Application Data\CyberScrub
2008-09-04 00:56 --------- d-----w C:\Program Files\Winferno
2008-09-04 00:48 --------- d-----w C:\Program Files\Real
2008-09-03 20:40 --------- d-----w C:\Program Files\StreamingStar
2008-09-02 22:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-02 13:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-02 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-02 09:30 --------- d-----w C:\Program Files\Microsoft Works
2008-09-02 01:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-01 23:58 --------- d-----w C:\Program Files\Alwil Software
2008-09-01 23:51 --------- d-----w C:\Program Files\AVG
2008-09-01 23:16 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-01 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-01 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-01 22:12 --------- d-----w C:\Program Files\CCleaner
2008-09-01 21:19 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-01 21:13 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-01 21:13 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-01 21:10 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-09-01 21:09 155,995 ----a-w C:\WINDOWS\java\Packages\QKSRTVTB.ZIP
2008-09-01 21:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-01 19:26 --------- d-----w C:\Program Files\Synaptics
2008-09-01 19:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-01 19:25 --------- d-----w C:\Program Files\Toshiba
2008-09-01 18:33 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 17:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 15:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((( snapshot@Sat 09-13-2008_22.51.00.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-03 22:56:54 158,208 -c----w C:\WINDOWS\$NtUninstallKB906569$\msconfig.exe
+ 2005-02-25 03:35:05 209,632 -c----w C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe
+ 2005-02-25 03:35:06 371,936 -c----w C:\WINDOWS\$NtUninstallKB906569$\spuninst\updspapi.dll
+ 2004-08-03 23:05:44 12,928 -c----w C:\WINDOWS\$NtUninstallKB918997$\ndisuio.sys
+ 2004-08-03 22:56:46 1,708,032 -c----w C:\WINDOWS\$NtUninstallKB918997$\netshell.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB918997$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB918997$\spuninst\updspapi.dll
+ 2004-08-03 22:56:48 378,368 -c----w C:\WINDOWS\$NtUninstallKB918997$\wzcdlg.dll
+ 2004-08-03 23:05:44 51,712 -c----w C:\WINDOWS\$NtUninstallKB918997$\wzcsapi.dll
+ 2004-08-03 23:05:44 359,936 -c----w C:\WINDOWS\$NtUninstallKB918997$\wzcsvc.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2005-04-19 23:54:04 14,592 ------w C:\WINDOWS\Driver Cache\i386\ndisuio.sys
+ 2005-04-20 19:21:33 52,736 ------w C:\WINDOWS\Driver Cache\i386\wzcsapi.dll
+ 2005-04-20 19:21:33 474,624 ------w C:\WINDOWS\Driver Cache\i386\wzcsvc.dll
+ 2008-09-14 21:12:19 246,784 ----a-r C:\WINDOWS\Installer\{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}\Icon16CBC2751.exe
+ 2008-09-14 21:12:19 30,720 ----a-r C:\WINDOWS\Installer\{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}\Icon16CBC2753.exe
+ 2008-09-14 21:12:19 2,237,952 ----a-r C:\WINDOWS\Installer\{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}\IconEF5C4888.exe
+ 2008-09-14 11:05:43 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-09-16 19:58:27 15,662 ----a-r C:\WINDOWS\Installer\{D5462C8A-D08C-4163-8293-82F2E11A2760}\ARPPRODUCTICON.exe
+ 2008-09-14 12:02:26 96,256 ----a-w C:\WINDOWS\Installer\atl80.dll
+ 2008-09-14 12:02:29 159,168 ----a-w C:\WINDOWS\Installer\libexpat.dll
+ 2008-09-14 12:02:29 1,101,824 ----a-w C:\WINDOWS\Installer\mfc80.dll
+ 2008-09-14 12:02:29 1,093,120 ----a-w C:\WINDOWS\Installer\mfc80u.dll
+ 2008-09-14 12:02:29 69,632 ----a-w C:\WINDOWS\Installer\mfcm80.dll
+ 2008-09-14 12:02:29 57,856 ----a-w C:\WINDOWS\Installer\mfcm80u.dll
+ 2008-09-14 12:02:30 479,232 ----a-w C:\WINDOWS\Installer\msvcm80.dll
+ 2008-09-14 12:02:31 548,864 ----a-w C:\WINDOWS\Installer\msvcp80.dll
+ 2008-09-14 12:02:31 626,688 ----a-w C:\WINDOWS\Installer\msvcr80.dll
+ 2008-09-14 12:02:32 24,576 ----a-w C:\WINDOWS\Installer\nlsdl.dll
+ 2008-09-14 12:02:39 126,208 ----a-w C:\WINDOWS\Installer\TmDbg32.dll
- 2004-08-03 22:56:54 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2005-09-27 00:34:26 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
- 2008-09-13 14:05:04 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
+ 2008-09-16 22:32:35 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
- 2008-09-13 14:05:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-16 22:32:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-13 14:05:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-09-16 22:32:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-09-14 11:58:10 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-03-12 17:27:00 50,520 ----a-w C:\WINDOWS\system32\csvidcap.dll
- 2004-08-03 22:56:54 158,208 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe
+ 2005-09-27 00:34:26 169,984 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe
+ 2005-04-19 23:54:04 14,592 -c----w C:\WINDOWS\system32\dllcache\ndisuio.sys
- 2004-08-03 22:56:46 1,708,032 -c--a-w C:\WINDOWS\system32\dllcache\netshell.dll
+ 2005-04-20 19:21:33 1,705,472 -c--a-w C:\WINDOWS\system32\dllcache\netshell.dll
- 2007-10-26 03:36:51 8,454,656 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2004-08-03 22:56:48 378,368 -c--a-w C:\WINDOWS\system32\dllcache\wzcdlg.dll
+ 2005-04-20 19:21:33 381,440 -c--a-w C:\WINDOWS\system32\dllcache\wzcdlg.dll
+ 2005-04-20 19:21:33 52,736 -c----w C:\WINDOWS\system32\dllcache\wzcsapi.dll
+ 2005-04-20 19:21:33 474,624 -c----w C:\WINDOWS\system32\dllcache\wzcsvc.dll
+ 2008-03-28 11:06:28 592,224 ----a-w C:\WINDOWS\system32\drivers\FStopW.sys
- 2008-09-01 23:06:11 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-09-16 17:40:06 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2004-08-03 23:05:44 12,928 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
+ 2005-04-19 23:54:04 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
+ 2008-03-28 11:06:28 592,224 -c--a-w C:\WINDOWS\system32\DRVSTORE\FPAV_RTP_3CC6B59C15150CE6F946C6822528A1E18B16E90E\FStopW.sys
+ 2007-08-22 07:16:00 46,456 ----a-r C:\WINDOWS\system32\exitwx.exe
+ 2001-09-05 18:00:58 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
+ 2007-05-15 12:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2005-09-07 22:03:50 86,728 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2004-08-03 22:56:46 1,708,032 ----a-w C:\WINDOWS\system32\netshell.dll
+ 2005-04-20 19:21:33 1,705,472 ----a-w C:\WINDOWS\system32\netshell.dll
- 2008-09-13 19:42:44 38,094 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-17 23:20:43 38,094 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-13 19:42:44 305,652 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-17 23:20:43 305,652 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2006-11-01 07:14:24 69,120 ------w C:\WINDOWS\system32\wlanapi.dll
- 2004-08-03 22:56:48 378,368 ----a-w C:\WINDOWS\system32\wzcdlg.dll
+ 2005-04-20 19:21:33 381,440 ----a-w C:\WINDOWS\system32\wzcdlg.dll
- 2004-08-03 23:05:44 51,712 ----a-w C:\WINDOWS\system32\wzcsapi.dll
+ 2005-04-20 19:21:33 52,736 ----a-w C:\WINDOWS\system32\wzcsapi.dll
- 2004-08-03 23:05:44 359,936 ----a-w C:\WINDOWS\system32\wzcsvc.dll
+ 2005-04-20 19:21:33 474,624 ----a-w C:\WINDOWS\system32\wzcsvc.dll
- 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-09-18 00:13:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b4.dat
+ 2005-09-22 20:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-22 20:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 20:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [11/29/2007 07:25 PM 5724184]
"AFProg"="C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [06/26/2006 05:26 AM 118784]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/15/2008 07:48 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/16/2007 05:50 PM 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/16/2007 05:50 PM 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/16/2007 05:50 PM 138008]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/25/2007 06:19 PM 888832]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/11/2008 06:59 PM 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"RTHDCPL"="RTHDCPL.EXE" [08/10/2007 03:21 PM 16384000 C:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 FPAV_RTP;FPAV_RTP;C:\WINDOWS\system32\DRIVERS\FStopW.sys [03/28/2008 02:06 PM 592224]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [07/19/2008 05:35 PM 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [07/19/2008 05:37 PM 20560]
R2 FPAVServer;F-PROT Antivirus for Windows system;C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [04/21/2008 09:26 PM 45960]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [01/25/2008 12:12 PM 25088]
S4 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [07/11/2008 12:23 PM 164097]
S4 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [06/12/2008 02:59 PM 258305]
S4 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [05/09/2008 01:22 PM 41217]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a95624f7-7855-11dd-bb52-8950e44dc50b}]
\Shell\Auto\command - F:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - F:\tbm9.bat
\Shell\open\Command - F:\tbm9.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a95624f8-7855-11dd-bb52-8950e44dc50b}]
\Shell\Auto\command - G:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - G:\tbm9.bat
\Shell\open\Command - G:\tbm9.bat
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{2C688203-7EB3-4327-9995-1CB417BA23F9} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\isewvtcy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-18 03:14:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 09/18/2008 3:18:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-18 00:18:54
ComboFix2.txt 2008-09-13 19:51:35
Pre-Run: 33,171,509,248 bytes free
Post-Run: 33,160,736,768 bytes free
316 --- E O F --- 2008-09-15 14:15:29
