التقرير الاول
ComboFix 08-10-08.02 - azooz 10/09/2008 7:56:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1454 [GMT 3:00]
Running from: C:\Users\azooz\Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
F:\Autorun.inf
H:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 05:03 319,520 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-09 05:03 --------- d-----w C:\Program Files\WinFlip
2008-10-09 05:03 --------- d-----w C:\Documents and Settings\azooz\Application Data\uTorrent
2008-10-09 05:03 --------- d-----w C:\Documents and Settings\azooz\Application Data\DMCache
2008-10-09 05:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-09 05:01 4,268 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-09 05:01 17,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-09 05:01 1,462,304 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-09 04:53 --------- d-----w C:\Documents and Settings\azooz\Application Data\Skype
2008-10-09 04:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-08 17:19 --------- d-----w C:\Program Files\VisualTaskTips
2008-10-08 17:19 --------- d-----w C:\Program Files\VistaDriveIcon
2008-10-08 17:18 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-10-08 17:18 --------- d-----w C:\Program Files\TrueTransparency
2008-10-08 17:18 --------- d-----w C:\Program Files\Styler
2008-10-08 17:18 --------- d-----w C:\Program Files\glass2k
2008-10-08 17:18 --------- d-----w C:\Program Files\Blaero Start Orb
2008-10-08 13:03 --------- d-----w C:\Documents and Settings\azooz\Application Data\skypePM
2008-10-08 12:35 --------- d-----w C:\Documents and Settings\azooz\Application Data\IDM
2008-10-08 12:30 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-07 14:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-07 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-10-07 14:49 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-10-07 14:46 --------- d-----w C:\Documents and Settings\azooz\Application Data\Thinstall
2008-10-07 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-07 14:30 --------- d-----w C:\Documents and Settings\azooz\Application Data\Avant Profiles
2008-10-07 14:16 --------- d-----w C:\Program Files\Google
2008-10-07 13:36 --------- d-----w C:\Program Files\Snagit
2008-10-07 13:35 --------- d-----w C:\Program Files\CCleaner
2008-10-07 12:06 --------- d-----w C:\Documents and Settings\azooz\Application Data\Media Player Classic
2008-10-07 12:05 --------- d-----w C:\Documents and Settings\azooz\Application Data\vlc
2008-10-07 10:34 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-10-07 09:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-07 09:45 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-10-07 09:43 354,560 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-10-07 09:43 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-07 09:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-07 09:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 09:43 --------- d-----w C:\Documents and Settings\azooz\Application Data\TuneUp Software
2008-10-07 09:43 --------- d-----w C:\Documents and Settings\azooz\Application Data\Ashampoo
2008-10-07 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-10-07 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-10-07 09:42 --------- d-----w C:\Program Files\VideoLAN
2008-10-07 09:42 --------- d-----w C:\Program Files\uTorrent
2008-10-07 09:42 --------- d-----w C:\Program Files\Skype
2008-10-07 09:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-07 09:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-07 09:42 --------- d-----w C:\Program Files\Common Files\Skype
2008-10-07 09:42 --------- d-----w C:\Program Files\Ashampoo
2008-10-07 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-10-07 09:41 --------- d-----w C:\Program Files\Windows Live
2008-10-07 09:41 --------- d-----w C:\Program Files\Opera
2008-10-07 09:41 --------- d-----w C:\Program Files\Hotspot Shield
2008-10-07 09:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-07 09:40 --------- d-----w C:\Program Files\VistaExperience.org
2008-10-07 09:40 --------- d-----w C:\Program Files\Avant Browser
2008-10-07 09:39 --------- d-----w C:\Program Files\Alky for Applications
2008-10-07 09:38 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-07 09:38 --------- d-----w C:\Program Files\MSBuild
2008-10-07 09:36 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-10-07 09:31 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-29 18:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 18:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 18:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 17:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 16:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 16:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 16:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 16:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 16:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 16:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 16:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-25 08:17 41,984 ----a-w C:\WINDOWS\system32\netfxperf.dll
2008-07-25 08:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 08:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 08:16 206,336 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-25 08:16 139,256 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 337,096 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
.
------- Sigcheck -------
04/14/2008 11:30 PM 546304 d0c650e78bc92afdcab03cc6457bcf6f C:\WINDOWS\system32\winlogon.exe
04/14/2008 11:30 PM 506880 bcedf9dccbc807108ce34c9834074c34 C:\WINDOWS\VistaMizer\old\winlogon.exe
04/14/2008 11:41 PM 2283008 f695aa09cd105a8e6d84cdab276521bb C:\WINDOWS\system32\ntkrnlpa.exe
04/14/2008 11:41 PM 2025472 732887e7fdc05bed5a79a5ec49fd7e8d C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe
04/14/2008 11:12 PM 2404352 8b90d0c24d78ce91a64fbaf91347750f C:\WINDOWS\system32\ntoskrnl.exe
04/14/2008 11:12 PM 2146816 1d8896827aaf26d44f6fea9498f296cf C:\WINDOWS\VistaMizer\old\ntoskrnl.exe
04/14/2008 11:29 PM 1551360 c23d6b80f28a9ad675272c6768c32d18 C:\WINDOWS\explorer.exe
04/14/2008 11:29 PM 1031168 ca3445dce9eb70a2ca2504e0af5c543f C:\WINDOWS\VistaMizer\old\explorer.exe
04/14/2008 11:29 PM 25088 fbee0fdb7d471cafa30b2cb55b0d9130 C:\WINDOWS\system32\ctfmon.exe
04/14/2008 11:29 PM 15360 252f972131eb23596c20b82ca190dc5c C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 11:29 PM 25088]
"AFProg"="C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [06/26/2006 05:26 AM 118784]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [11/07/2007 03:34 PM 3739672]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/29/2008 05:57 PM 21755688]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [08/19/2008 11:00 PM 219952]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [07/28/2007 04:53 PM 1230848]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/29/2008 05:18 PM 2610608]
"TrueTransparency"="C:\Program Files\TrueTransparency\TrueTransparency.exe" [05/27/2008 10:04 PM 371200]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [05/31/2008 01:50 PM 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/26/2007 06:18 PM 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/26/2007 06:18 PM 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [07/26/2007 06:18 PM 138008]
"Glass2k"="C:\Program Files\Glass2k\Glass2k.exe" [10/17/2007 02:04 AM 56325]
"DrvIcon"="C:\Program Files\VistaDriveIcon\DrvIcon.exe" [04/13/2008 03:39 PM 49152]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"RTHDCPL"="RTHDCPL.EXE" [07/26/2007 06:30 PM 16377344 C:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 11:29 PM 25088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\My Laptop\\Portable\\Yahoo! Messenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R0 ulsata2;ulsata2;C:\WINDOWS\system32\drivers\ulsata2.sys [05/07/2008 07:09 AM 124928]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [04/14/2008 11:30 PM 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [10/07/2008 12:43 PM 354560]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\lain19.ico
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\joojjojo.ico
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"C:\Program Files\Windows Sidebar\sidebar.exe" /RegServer
.
s of the 'Scheduled Tasks' folder
2008-10-09 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [04/16/2008 09:59 AM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O8 -: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-09 08:03:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 10/09/2008 8:05:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-09 05:05:52
Pre-Run: 82,596,425,728 bytes free
Post-Run: 82,746,306,560 bytes free
214 --- E O F --- 2008-10-09 04:50:03
تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:07:52 ص, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Glass2k\Glass2k.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Users\azooz\Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [VisualTaskTips] "C:\Program Files\VisualTaskTips\VisualTaskTips.exe" noTrayIcon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Blaero Start Orb.lnk = C:\Program Files\Blaero Start Orb\Blaero Start Orb 2.0.exe
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6717 bytes
