ComboFix 09-05-28.07 - same7 2009/06/02 1:36.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.958.499 [GMT -7:00]
Running from: e:\firus\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
D:\ntde1ect.com
E:\ntde1ect.com
F:\ntde1ect.com
.
((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.
Ok.
2009-06-02 02:02 . 2009-06-02 02:02 -------- d-----w c:\documents and settings\same7\Local Settings\Application Data\Mozilla
2009-06-02 02:00 . 2009-06-02 02:00 -------- d-sh--w c:\documents and settings\same7\PrivacIE
2009-06-02 01:55 . 2009-06-02 01:55 -------- d-----w c:\documents and settings\same7\Tracing
2009-06-02 01:54 . 2009-06-02 01:54 -------- d-----w c:\documents and settings\same7\Local Settings\Application Data\Yahoo
2009-06-02 01:53 . 2009-06-02 01:53 -------- d-----w c:\documents and settings\same7\Application Data\Paltalk
2009-06-02 01:52 . 2009-06-02 01:52 -------- d-----w c:\documents and settings\same7\Application Data\Orbit
2009-06-01 08:10 . 2009-06-01 08:10 117760 ----a-w c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-01 08:07 . 2009-06-01 08:07 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-01 08:07 . 2009-06-01 08:07 -------- d-----w c:\program files\SUPERAntiSpyware
2009-06-01 08:07 . 2009-06-01 08:07 -------- d-----w c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2009-06-01 08:06 . 2009-06-01 08:06 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-06-01 07:57 . 2009-06-01 07:58 96559 ----a-w c:\windows\system32\drivers\klin.dat
2009-06-01 07:57 . 2009-06-01 07:58 87855 ----a-w c:\windows\system32\drivers\klick.dat
2009-06-01 07:57 . 2009-06-01 08:48 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-06-01 07:57 . 2009-06-01 08:48 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-06-01 07:57 . 2009-06-01 07:57 -------- d-----w c:\program files\Kaspersky Lab
2009-06-01 07:57 . 2009-06-01 07:57 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-01 06:12 . 2009-06-01 06:12 -------- d-----w c:\documents and settings\Admin\Application Data\Paltalk
2009-06-01 06:12 . 2009-06-01 06:12 -------- d-----w c:\windows\PaltalkScene
2009-06-01 06:12 . 2009-06-01 06:12 -------- d-----w c:\program files\Paltalk Messenger
2009-06-01 06:07 . 2009-06-01 06:07 -------- d-----w c:\documents and settings\Admin\Local Settings\Application Data\Yahoo
2009-06-01 06:05 . 2009-06-01 06:05 -------- d-sh--w C:\FOUND.000
2009-06-01 04:18 . 2009-06-01 04:18 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-01 04:18 . 2009-05-27 02:50 677104 ----a-w c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-01 04:18 . 2009-06-01 04:18 -------- d-----w c:\program files\Yahoo!
2009-06-01 04:05 . 2009-06-01 04:05 -------- d-----w c:\windows\Sun
2009-06-01 04:02 . 2009-06-01 04:02 -------- d-----w c:\windows\Ela-Salaty
2009-06-01 04:02 . 2009-06-01 04:02 -------- d-----w c:\program files\Ela-Salaty
2009-06-01 04:01 . 2009-06-01 04:01 0 ----a-w c:\windows\nsreg.dat
2009-06-01 04:01 . 2009-06-01 04:01 -------- d-----w c:\program files\Microsoft
2009-06-01 04:01 . 2009-06-01 04:01 -------- d-----w c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2009-06-01 04:01 . 2009-06-01 04:01 -------- d-----w c:\program files\Windows Live SkyDrive
2009-06-01 04:01 . 2009-06-01 04:01 -------- d-----w c:\program files\Windows Live
2009-06-01 04:00 . 2009-06-01 04:00 -------- d-----w c:\program files\Common Files\Windows Live
2009-06-01 04:00 . 2009-06-01 04:00 29736 ----a-w c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-01 08:48 . 2009-06-01 07:57 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-06-01 08:48 . 2009-06-01 07:57 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-06-01 04:03 . 2009-06-01 04:03 1212416 ----a-w c:\windows\system32\ckll.dll
2009-06-01 04:03 . 2009-06-01 04:03 90112 ----a-w c:\windows\system32\agsaami.dll
2009-06-01 04:03 . 2009-06-01 04:03 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-06-01 04:03 . 2009-06-01 04:03 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-06-01 04:03 . 2009-06-01 04:03 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-06-01 04:03 . 2009-06-01 04:03 1986560 ----a-w c:\windows\system32\akll.dll
2009-06-01 04:03 . 2009-06-01 04:03 1245184 ----a-w c:\windows\system32\bkll.dll
2009-06-01 04:03 . 2009-06-01 04:03 -------- d-----w c:\program files\Real_SC
2009-06-01 04:03 . 2009-06-01 04:02 -------- d-----w c:\program files\K-Lite Codec Pack
2009-06-01 03:59 . 2009-06-01 03:59 -------- d-----w c:\documents and settings\Admin\Application Data\GrabPro
2009-06-01 03:59 . 2009-06-01 03:59 -------- d-----w c:\documents and settings\Admin\Application Data\Orbit
2009-06-01 03:59 . 2009-06-01 03:59 -------- d-----w c:\program files\Orbitdownloader
2009-06-01 03:28 . 2009-06-01 03:28 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-06-01 03:22 . 2009-06-01 03:22 68200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-01 03:22 . 2009-06-01 03:22 -------- d-----w c:\program files\MSBuild
2009-06-01 03:22 . 2009-06-01 03:22 -------- d-----w c:\program files\Reference Assemblies
2009-06-01 03:19 . 2009-06-01 03:19 -------- d-----w c:\program files\Microsoft Silverlight
2009-06-01 03:19 . 2009-06-01 03:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-06-01 03:19 . 2009-06-01 03:19 -------- d-----w c:\program files\Java
2009-06-01 03:18 . 2009-06-01 03:18 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-06-01 03:18 . 2009-06-01 03:18 2156 ----a-w c:\windows\system32\unins000.dat
2009-06-01 03:18 . 2009-06-01 03:18 635337 ----a-w c:\windows\system32\unins000.exe
2009-06-01 03:18 . 2009-06-01 03:18 -------- d-----w c:\program files\Alky for Applications
2009-06-01 03:17 . 2009-06-01 03:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-01 03:16 . 2009-06-01 03:16 -------- d-----w c:\program files\Windows Media Connect 2
2009-06-01 03:15 . 2009-06-01 03:15 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-06-01 03:13 . 2009-06-01 03:13 -------- d-----w c:\program files\VistaExperience.org
2009-06-01 03:12 . 2009-06-01 03:12 -------- d-----w c:\program files\Windows Sidebar
2009-06-01 03:11 . 2009-06-01 03:11 -------- d-----w c:\program files\MSXML 4.0
2009-04-18 19:44 . 2009-04-18 19:44 2560 ----a-w c:\windows\system32\xpsp4res.dll
2009-04-18 19:17 . 2009-04-18 19:17 2708480 ----a-w c:\windows\system32\winntbbu.dll
2009-04-18 19:06 . 2009-04-18 19:06 2308608 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-18 19:01 . 2009-04-18 19:00 1503744 ----a-w c:\windows\system32\quartz.dll
2009-04-18 06:18 . 2009-04-18 06:18 6094848 ----a-w c:\windows\system32\logonui.exe
2009-04-18 00:13 . 2009-06-01 03:11 434176 ----a-w c:\windows\system32\sndvol32.exe
2009-04-15 09:44 . 2009-04-15 09:35 44544 ----a-w c:\windows\system32\setup.exe
2009-04-15 09:44 . 2009-04-15 09:44 3186 ----a-w c:\windows\system32\presetup.cmd
2009-04-15 09:41 . 2009-04-15 09:41 1847552 ----a-w c:\windows\system32\win32k.sys
2009-04-15 09:35 . 2009-04-15 09:35 28672 ----a-w c:\windows\system32\setupold.exe
2009-04-15 09:14 . 2009-04-15 09:14 502272 ----a-w c:\windows\system32\usp10.dll
2009-04-15 09:07 . 2009-04-15 09:07 4789248 ----a-w c:\windows\system32\xpsp2res.dll
2009-04-15 09:05 . 2009-04-15 09:05 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-15 09:04 . 2009-04-15 09:04 793088 ----a-w c:\windows\system32\shdoclc.dll
2009-04-15 09:03 . 2009-06-01 03:04 66048 ----a-w c:\windows\NOTEPAD.EXE
2009-04-15 09:02 . 2009-04-15 09:02 32256 ----a-w c:\windows\system32\midimap.dll
2009-04-15 09:01 . 2009-04-15 09:01 548864 ----a-w c:\windows\system32\dsuiext.dll
2009-04-15 06:35 . 2009-04-15 06:35 4569 ----a-w c:\windows\system32\secupd.dat
2009-04-15 06:35 . 2009-04-15 06:35 16384 ----a-w c:\windows\system32\lcid.exe
2009-04-15 06:03 . 2009-04-15 06:03 2696192 ----a-w c:\windows\system32\msgina.dll
2009-04-15 05:35 . 2009-04-15 05:35 361600 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-15 02:06 . 2009-06-01 03:16 199704 ----a-w c:\windows\system32\wuweb.dll
2009-04-15 02:06 . 2009-06-01 03:16 317976 ----a-w c:\windows\system32\wucltui.dll
2009-04-15 02:06 . 2009-06-01 03:16 343000 ----a-w c:\windows\system32\wuauclt1.exe
2009-04-15 02:06 . 2009-06-01 03:16 191448 ----a-w c:\windows\system32\wuaueng1.dll
2009-04-15 02:06 . 2009-06-01 03:16 555544 ----a-w c:\windows\system32\wuapi.dll
2009-04-15 02:06 . 2009-06-01 03:11 31232 ----a-w c:\windows\system32\write.exe
2009-04-15 02:06 . 2009-06-01 03:11 100864 ----a-w c:\windows\system32\winchat.exe
2009-04-15 02:05 . 2009-06-01 03:16 75264 ----a-w c:\windows\system32\srclient.dll
2009-04-15 02:05 . 2009-06-01 03:16 581632 ----a-w c:\windows\system32\srrstr.dll
2009-04-15 02:05 . 2009-06-01 03:11 155136 ----a-w c:\windows\system32\sndrec32.exe
2009-04-15 02:04 . 2009-06-01 03:11 136704 ----a-w c:\windows\system32\servdeps.dll
2009-04-15 02:04 . 2009-06-01 03:11 104448 ----a-w c:\windows\system32\remotepg.dll
2009-04-15 02:03 . 2009-06-01 03:16 43008 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
2009-04-15 02:03 . 2009-06-01 03:11 206184 ----a-w c:\windows\system32\muweb.dll
2009-04-15 02:03 . 2009-06-01 03:11 263016 ----a-w c:\windows\system32\mucltui.dll
2009-04-15 02:03 . 2009-06-01 03:16 379392 ----a-w c:\windows\system32\mstask.dll
2009-04-15 02:03 . 2009-06-01 03:11 506368 ----a-w c:\windows\system32\mspaint.exe
2009-04-15 02:03 . 2009-06-01 03:16 191488 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-15 02:03 . 2009-06-01 03:16 94208 ----a-w c:\windows\system32\msconf.dll
2009-04-15 02:03 . 2009-06-01 03:11 27648 ----a-w c:\windows\system32\msdtc.exe
2009-04-15 02:03 . 2009-06-01 03:11 259584 ----a-w c:\windows\system32\mplay32.exe
2009-04-15 02:03 . 2009-06-01 03:16 53248 ----a-w c:\windows\system32\mnmsrvc.exe
2009-04-15 02:02 . 2009-06-01 03:16 147456 ----a-w c:\windows\system32\isign32.dll
2009-04-15 02:02 . 2009-06-01 03:16 139776 ----a-w c:\windows\system32\inetres.dll
2009-04-15 02:02 . 2009-06-01 03:16 925696 ----a-w c:\windows\system32\inetcfg.dll
2009-04-15 02:02 . 2009-06-01 03:16 118784 ----a-w c:\windows\system32\icwdial.dll
2009-04-15 02:02 . 2009-06-01 03:11 43520 ----a-w c:\windows\system32\hticons.dll
2009-04-15 02:02 . 2009-06-01 03:16 761344 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-04-15 02:01 . 2009-06-01 03:11 292352 ----a-w c:\windows\system32\cmprops.dll
2009-04-15 02:01 . 2009-06-01 03:11 197632 ----a-w c:\windows\system32\clipbrd.exe
2009-04-15 02:01 . 2009-06-01 03:11 79360 ----a-w c:\windows\system32\charmap.exe
2009-04-15 02:01 . 2009-06-01 03:11 113664 ----a-w c:\windows\system32\calc.exe
2009-04-15 02:01 . 2009-06-01 03:11 361984 ----a-w c:\windows\system32\accwiz.exe
2009-04-15 02:01 . 2009-06-01 03:16 107520 ----a-w c:\windows\system32\acctres.dll
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-17 11:18 . 2008-04-15 10:00 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-17 11:18 . 2008-04-15 10:00 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-17 11:18 . 2008-04-15 10:00 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-17 11:18 . 2008-04-15 10:00 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-13 21:25 . 2009-04-25 03:55 25088 ----a-w c:\windows\system32\msxml3a.dll
2009-03-10 12:27 . 2009-03-10 12:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-10 12:27 . 2008-04-15 10:00 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-10 12:27 . 2008-04-15 10:00 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-09 01:34 . 2009-03-09 01:34 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-09 01:33 . 2009-03-09 01:33 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-09 01:33 . 2009-03-09 01:33 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-09 01:31 . 2009-03-09 01:31 34816 ----a-w c:\windows\system32\imgutil.dll
.
------- Sigcheck -------
[-] 2009-04-15 09:05 575488 99C1ACB1B8F0F2CECC56515E502B5120 c:\windows\system32\user32.dll
[-] 2009-04-15 09:06 960512 63E57AB48B5F51F848C2A00FD0CE8650 c:\windows\system32\wininet.dll
[-] 2009-04-15 05:35 361600 25A740D70E8007814A48D3FA1B34FA34 c:\windows\system32\drivers\tcpip.sys
[-] 2009-04-15 09:06 568832 DB3B9755F265C37319DF9AFF4FDDF717 c:\windows\system32\winlogon.exe
[-] 2009-04-15 09:08 2187264 B3EAD34770FC2C45AB994E60005FC5F7 c:\windows\system32\ntkrnlpa.exe
[-] 2009-04-18 19:06 2308608 2EF594F09CAE28D2650D648DA5DE3B5A c:\windows\system32\ntoskrnl.exe
[-] 2009-04-15 09:02 1440768 6DA7EDB6D1289B0B8A6DED512EBCB1AB c:\windows\explorer.exe
[-] 2009-04-15 09:01 37376 CBF5945651C96E471B3A004BBDC36864 c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-02-26 1555456]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-04-15 37376]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-02-06 176128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2009-04-15 37376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-09 128512]
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-3-4 5205504]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-4-24 11057664]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-31 1707208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\VTTimer.exe"=
"h:\\hxraoe.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Outlook Express\\setup50.exe"=
"c:\\WINDOWS\\system32\\shmgrate.exe"=
"c:\\Program Files\\Windows Sidebar\\sidebar.exe"=
"c:\\ComboFix\\regt.cfexe"=
"c:\\WINDOWS\\system32\\CF7028.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008/01/29 06:29 nm 32784]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009/05/26 10:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009/05/26 10:05 72944]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ jrgijl.sys --> c:\windows\system32\drivers\jrgijl.sys [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008/03/13 07:02 nm 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008/04/30 06:06 nm 24592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009/05/26 10:05 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\same7\Application Data\Mozilla\Firefox\Profiles\lmzvnm2i.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-02 01:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\SETUPAPI.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\MSVCP60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-02 1:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 08:43
Pre-Run: 11,135,295,488 bytes free
Post-Run: 11,219,402,752 bytes free
293
جزاكم الله خيرا وفى إنتظار الرد
...