التقرير الاول
ComboFix 08-07-05.1 - akram 07/16/2008 9:02:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1039 [GMT 3:00]
Running from: C:\Documents and Settings\akram\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 06:08 --------- d-----w C:\Documents and Settings\akram\Application Data\DMCache
2008-07-16 06:04 5,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-16 06:04 409,632 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-16 06:04 12,565,536 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-16 06:04 102,392 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-16 05:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-16 05:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-16 05:46 --------- d-----w C:\Documents and Settings\akram\Application Data\cleaner
2008-07-14 05:49 --------- d-----w C:\Program Files\MultiTranse
2008-07-12 17:47 --------- d-----w C:\Documents and Settings\akram\Application Data\AvaFind Data
2008-07-12 17:44 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-12 17:44 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-12 16:00 --------- d-----w C:\Program Files\SweetIM
2008-07-12 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM
2008-07-12 14:41 --------- d-----w C:\Program Files\Lexico
2008-07-08 17:05 --------- d-----w C:\Program Files\Google
2008-07-08 14:14 --------- d-----w C:\Program Files\3D Flash Animator 4.9.8.7
2008-07-08 07:19 --------- d-----w C:\Documents and Settings\akram\Application Data\Danware Data
2008-07-08 06:53 --------- d-----w C:\Program Files\Network LookOut Administrator Pro
2008-07-08 06:32 --------- d-----w C:\Documents and Settings\akram\Application Data\3DFA
2008-07-07 15:30 --------- d-----w C:\Program Files\Common Files\EPSON
2008-07-07 15:29 --------- d-----w C:\Program Files\Elaborate Bytes
2008-07-07 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Danware Data
2008-07-07 08:34 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-07 08:07 --------- d-----w C:\Program Files\Danware Data
2008-07-07 07:01 --------- d-----w C:\Documents and Settings\akram\Application Data\IDM
2008-07-06 16:29 --------- d-----w C:\Program Files\FlashGet
2008-07-06 16:01 --------- d-----w C:\Program Files\DVDVideoSoft
2008-07-06 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-06 12:12 --------- d-----w C:\Program Files\Net Control 2
2008-07-06 06:41 --------- d-----w C:\Program Files\Avira
2008-07-05 05:56 --------- d-----w C:\Documents and Settings\akram\Application Data\CyberScrub
2008-07-02 18:41 --------- d-----w C:\Program Files\Yahoo!
2008-07-02 17:38 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-02 15:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-02 13:23 --------- d-----w C:\Documents and Settings\akram\Application Data\Yahoo!
2008-07-02 10:33 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-07-02 05:48 --------- d-----w C:\Program Files\telephone directory
2008-07-02 05:48 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-02 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-02 05:36 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-07-02 05:29 20,352 ----a-w C:\WINDOWS\system32\drivers\INFCACHE.1
2008-07-01 17:34 --------- d-----w C:\Program Files\AvaFind
2008-07-01 16:56 9,388 ----a-w C:\WINDOWS\system32\drivers\iaStor.PNF
2008-07-01 16:56 7,280 ----a-w C:\WINDOWS\system32\drivers\viamraid.PNF
2008-07-01 16:56 63,240 ----a-w C:\WINDOWS\system32\drivers\Si3112r.PNF
2008-07-01 16:56 6,984 ----a-w C:\WINDOWS\system32\drivers\SiSRaid.PNF
2008-07-01 16:56 12,432 ----a-w C:\WINDOWS\system32\drivers\adpu320.PNF
2008-07-01 16:56 12,204 ----a-w C:\WINDOWS\system32\drivers\nvraid.PNF
2008-07-01 16:56 10,828 ----a-w C:\WINDOWS\system32\drivers\iaAHCI.PNF
2008-07-01 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-01 08:39 --------- d-----w C:\Program Files\BitDefender
2008-07-01 05:55 --------- d-----w C:\Documents and Settings\akram\Application Data\Pointstone
2008-06-30 09:16 --------- d-----w C:\Program Files\IEPro
2008-06-30 09:16 --------- d-----w C:\Documents and Settings\akram\Application Data\IEPro
2008-06-30 08:41 98,304 ----a-w C:\WINDOWS\system32\viscomtran.dll
2008-06-30 08:41 86,016 ----a-w C:\WINDOWS\system32\viscomframe.dll
2008-06-30 08:41 81,920 ----a-w C:\WINDOWS\system32\viscomwave.dll
2008-06-30 08:41 602,112 ----a-w C:\WINDOWS\system32\viscomqtde.dll
2008-06-30 08:41 48,640 ----a-w C:\WINDOWS\system32\viscomsamplerate.dll
2008-06-30 08:41 147,456 ----a-w C:\WINDOWS\system32\viscomqtenc.dll
2008-06-30 08:41 118,784 ----a-w C:\WINDOWS\system32\viscomrmenc.dll
2008-06-30 08:41 118,784 ----a-w C:\WINDOWS\system32\viscomflvdec.dll
2008-06-30 08:41 1,470,464 ----a-w C:\WINDOWS\system32\viscomm4aenc.dll
2008-06-30 08:41 1,470,464 ----a-w C:\WINDOWS\system32\viscomdata3.dll
2008-06-30 08:41 1,462,272 ----a-w C:\WINDOWS\system32\viscomflvenc.dll
2008-06-30 08:41 1,454,080 ----a-w C:\WINDOWS\system32\viscomdata2.dll
2008-06-25 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-25 06:04 --------- d-----w C:\Documents and Settings\akram\Application Data\Orbit
2008-06-23 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-22 09:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 07:05 --------- d-----w C:\Documents and Settings\akram\Application Data\U3
2008-06-15 06:07 --------- d-----w C:\Documents and Settings\akram\Application Data\Autodesk
2008-06-15 06:05 --------- d-----w C:\Program Files\Autodesk
2008-06-14 13:50 --------- d-----w C:\Program Files\Common Files\Vbox
2008-06-14 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 13:49 --------- d-----w C:\Program Files\Macromedia
2008-06-11 17:33 --------- d-----w C:\Documents and Settings\akram\Application Data\Ceedo
2008-06-11 09:10 --------- d-----w C:\Documents and Settings\akram\Application Data\GrabPro
2008-06-11 08:14 --------- d-----w C:\Documents and Settings\akram\Application Data\Apple Computer
2008-06-09 08:51 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-06-08 08:29 --------- d-----w C:\Program Files\AskPBar
2008-06-03 06:55 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-06-03 05:41 --------- d-----w C:\Program Files\TEXTware
2008-06-03 05:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-03 05:41 --------- d-----w C:\Documents and Settings\akram\Application Data\oess
2008-06-03 05:40 --------- d-----w C:\Program Files\Oxford
2008-06-02 08:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-02 07:46 --------- d-----w C:\Program Files\Java
2008-06-02 07:08 --------- d-----w C:\Program Files\SWiSH Studio2
2008-06-01 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-06-01 05:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-01 05:45 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-06-01 05:44 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
2008-06-01 05:44 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-05-29 06:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-05-26 06:32 --------- d-----w C:\Program Files\SWiSHmax
2008-05-26 06:26 --------- d-----w C:\Program Files\Selteco
2008-05-25 08:45 271,632 ----a-w C:\WINDOWS\system32\MSVCRT10.DLL
2008-05-25 06:02 --------- d-----w C:\Program Files\Pronunciation Power
.
(((((((((((((((((((((((((((((
snapshot@Tue 07-08-2008_10.06.29.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 05:30:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-16 06:06:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-07-12 16:00:25 10,134 ----a-r C:\WINDOWS\Installer\{59971D79-8111-42C2-9E40-883A0C277E78}\ARPPRODUCTICON.exe
+ 2008-07-12 16:00:21 10,134 ----a-r C:\WINDOWS\Installer\{C3576005-01B0-4C25-AA5F-40134CC78C42}\ARPPRODUCTICON.exe
+ 2008-05-23 15:21:42 81,920 ----a-w C:\WINDOWS\system32\404Fix.exe
- 2008-07-06 07:38:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
+ 2008-07-16 05:18:27 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
- 2008-07-06 07:38:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-16 05:18:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-06 07:38:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-07-16 05:18:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-04-16 11:23:44 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-01-29 15:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-07-12 12:32:51 187,408 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-25 15:21:06 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2006-01-26 05:00:00 90,896 ----a-w C:\WINDOWS\system32\drivers\NHOSTNT1.SYS
+ 2006-01-26 05:00:00 3,216 ----a-w C:\WINDOWS\system32\drivers\NHOSTNT3.SYS
- 2008-07-08 06:00:20 215,144 ----a-w C:\WINDOWS\system32\inetsrv\Base.bin
+ 2008-07-16 06:06:36 215,158 ----a-w C:\WINDOWS\system32\inetsrv\Base.bin
+ 2008-04-25 15:22:24 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
+ 2006-01-26 05:00:00 2,480 ----a-w C:\WINDOWS\system32\NHOSTNT4.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{EEE6C35C-6118-11DC-9C72-001320C79847}]
03/27/2008 02:12 PM 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/06/2008 08:15 PM 2594224]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07/08/2008 08:05 PM 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [08/20/2004 01:28 PM 45056]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [06/15/2008 01:40 PM 111928]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/12/2008 09:54 AM 180269]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CleverKeys.lnk - C:\Program Files\Lexico\CleverKeys\CK.exe [2008-07-12 17:41:52 561664]
EPSON Status Monitor 3 Environment Check(2).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-05-05 18:30:20 131584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^akram^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^akram^Start Menu^Programs^Startup^PalNetaware.lnk]
backup=C:\WINDOWS\pss\PalNetaware.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(2).lnk]
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvaFind]
--a------ 06/01/2004 12:48 PM 295936 C:\Program Files\AvaFind\AvaFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 11/02/2002 09:33 AM 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 12/02/2002 05:17 PM 73728 C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 03:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 10/06/2006 11:13 PM 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Network Registry Agent]
--------- 10/26/2000 04:21 PM 49152 C:\WINDOWS\system32\hpnra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 07/06/2008 08:15 PM 2594224 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 10/06/2006 11:11 PM 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 10/06/2006 11:10 PM 94208 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 06/03/2008 08:42 AM 155648 C:\Program Files\Ringz Studio\Storm Codec\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 07/03/2001 09:11 AM 57344 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 02/07/2005 05:04 AM 94037 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 11/10/2005 01:03 PM 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 05/12/2008 09:54 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 03/30/2006 04:45 PM 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 08/20/2004 01:28 PM 45056 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 05/27/2008 09:58 PM 4269296 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 05/04/2005 05:43 AM 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 05/05/2006 03:26 AM 2808832 C:\WINDOWS\alcwzrd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 01/07/2005 05:07 PM 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 06/29/2006 01:54 AM 16248320 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 05/17/2006 05:04 AM 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 05/05/2006 03:22 AM 86016 C:\WINDOWS\SoundMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Danware Data\\NetOp School\\TEACHER\\Ntchw32.exe"=
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [11/28/2002 01:43 PM]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R1 NHostNT1;NetOp Driver 1 ver. 8.00 (2006026);C:\WINDOWS\system32\Drivers\NHOSTNT1.SYS [01/26/2006 08:00 AM]
R2 NetOp Host for NT Service;NetOp Helper ver. 8.00 (2006026);C:\Program Files\Danware Data\NetOp School\TEACHER\NHOSTSVC.EXE [01/26/2006 08:00 AM]
R3 BCMTPM;BCMTPM;C:\WINDOWS\system32\DRIVERS\btpmw32.sys [07/17/2006 02:07 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
R3 NHOSTNT3;NetOp Driver 3 ver. 8.00 (2006026) (NHOSTNT3);C:\WINDOWS\system32\Drivers\NHOSTNT3.SYS [01/26/2006 08:00 AM]
S2 CZ Print Job Tracker;CZ Print Job Tracker;C:\Program Files\CZ Solution\CZ Print Job Tracker\srvany.exe [02/18/2005 06:19 AM]
S3 dwVSCD;NetOp Virtual Smart Card Driver;C:\WINDOWS\system32\DRIVERS\dwvscd.sys [04/16/2008 09:10 AM]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [08/03/2004 11:01 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69d335bd-3d1b-11dd-9158-001999022195}]
\Shell\AutoRun\command - ffojc.com
\Shell\explore\Command - ffojc.com
\Shell\open\Command - ffojc.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9f18f8e-199f-11dd-928c-001999022195}]
\Shell\AutoRun\command - I:\qxbx9blb.com
\Shell\explore\Command - I:\qxbx9blb.com
\Shell\open\Command - I:\qxbx9blb.com
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Messenger (Yahoo!) - ~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-07-16 09:06:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ntdll.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\ntdll.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\WINDOWS\system32\ntdll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 07/16/2008 9:10:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 06:10:01
ComboFix2.txt 2008-07-08 07:06:55
ComboFix3.txt 2008-07-01 14:57:59
Pre-Run: 3,159,044,096 bytes free
Post-Run: 3,447,017,472 bytes free
316
.png)
.png)
k:
