odradjeno:
ComboFix 09-04-04.01 - Administrator 2009-04-07 21:01:07.1 - [color=red]
FAT32[/color]x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.269 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.
2009-04-07 16:52 . 2009-04-07 16:52 <DIR> d--hs---- C:\FOUND.015
2009-04-07 12:58 . 2009-04-07 13:12 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-04-07 12:58 . 2009-04-07 13:12 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-04-07 12:57 . 2009-04-07 12:57 <DIR> d-------- c:\program files\Kaspersky Lab
2009-04-07 12:57 . 2009-04-07 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-07 12:57 . 2009-04-07 21:03 933,888 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-04-07 12:57 . 2009-04-07 21:03 557,056 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-04-07 12:57 . 2009-04-07 21:03 5,348 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-04-07 12:57 . 2009-04-07 21:03 1,220 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-04-06 15:08 . 2009-04-06 15:08 <DIR> d-------- c:\program files\TechSmith
2009-04-06 15:07 . 2009-04-06 15:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-04-05 23:19 . 2009-04-05 23:19 <DIR> d--hs---- C:\FOUND.014
2009-04-05 21:55 . 2009-04-05 21:59 134 --a------ c:\windows\system32\
09wutili.sys
2009-04-05 21:51 . 2009-04-05 21:51 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-04-05 17:45 . 2009-04-05 17:45 <DIR> d--hs---- C:\FOUND.013
2009-04-05 13:57 . 2009-04-05 13:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BlogDesk
2009-04-05 13:56 . 2006-01-30 17:26 765,952 --a------ c:\windows\system32\PolarSpellChecker.dll
2009-04-05 13:56 . 2003-01-04 11:10 536,576 --a------ c:\windows\system32\SftTree_IX86_A_45.ocx
2009-04-05 13:56 . 2006-03-21 10:27 276,320 --a------ c:\windows\system32\csftpapi.dll
2009-04-05 13:56 . 2003-02-20 10:59 221,184 --a------ c:\windows\system32\TidyATL.dll
2009-04-05 13:56 . 2004-03-08 23:00 212,240 --a------ c:\windows\system32\Richtx32.ocx
2009-04-05 13:56 . 2006-03-21 10:27 202,576 --a------ c:\windows\system32\csncdapi.dll
2009-04-05 13:54 . 2009-04-05 13:54 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft
2009-04-03 18:59 . 2009-04-03 18:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Reallusion
2009-04-03 18:52 . 2009-04-03 18:52 <DIR> d--hs---- C:\FOUND.012
2009-03-31 17:38 . 2009-03-31 17:38 <DIR> d-------- c:\program files\Windows Defender
2009-03-31 12:30 . 2009-03-31 12:30 <DIR> d--hs---- C:\FOUND.011
2009-03-30 21:50 . 2009-03-30 21:50 <DIR> d--hs---- C:\FOUND.010
2009-03-29 20:51 . 2009-03-29 20:51 <DIR> d-------- c:\documents and settings\Administrator\dwhelper
2009-03-29 19:04 . 2009-03-29 19:04 <DIR> d--hs---- C:\FOUND.009
2009-03-28 18:45 . 2009-03-28 18:45 <DIR> d--hs---- C:\FOUND.008
2009-03-28 18:38 . 2009-03-28 18:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Uniblue
2009-03-28 18:38 . 2008-12-22 08:23 20,232 --a------ c:\windows\system32\AntiSpyNative64.exe
2009-03-28 18:38 . 2008-12-22 08:23 16,648 --a------ c:\windows\system32\AntiSpyNative32.exe
2009-03-28 18:34 . 2009-03-28 18:34 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-03-28 18:30 . 2009-03-28 18:30 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-28 18:18 . 2009-03-28 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-28 18:18 . 2009-03-28 18:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
2009-03-28 18:14 . 2009-03-28 18:14 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-03-28 16:39 . 2009-03-28 16:39 <DIR> d--hs---- C:\FOUND.007
2009-03-28 11:19 . 2009-03-28 11:19 <DIR> d--hs---- C:\FOUND.006
2009-03-27 17:14 . 2009-03-27 17:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TeamViewer
2009-03-27 17:13 . 2009-03-27 17:13 <DIR> d-------- c:\program files\TeamViewer
2009-03-27 17:12 . 2009-03-27 17:12 <DIR> d-------- c:\documents and settings\Administrator\temp
2009-03-26 18:38 . 2009-03-26 18:38 <DIR> d--hs---- C:\FOUND.005
2009-03-26 14:47 . 2009-03-26 14:47 <DIR> d-------- c:\program files\AskBarDis
2009-03-25 22:02 . 2008-04-14 05:42 3,558,912 --a------ c:\windows\system32\dllcache\moviemk.exe
2009-03-25 20:48 . 2009-03-25 20:48 <DIR> d-------- c:\program files\LSI SoftModem
2009-03-25 20:44 . 2004-05-20 10:11 172,032 --a------ c:\windows\system32\nvuaudio.exe
2009-03-25 20:44 . 2004-04-23 01:30 3,787 --a------ c:\windows\system32\nvaudio.nvu
2009-03-25 20:30 . 2009-01-09 19:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-25 20:19 . 2009-03-25 20:19 0 --a------ c:\windows\ativpsrm.bin
2009-03-25 12:26 . 2009-03-25 12:26 <DIR> d-------- c:\program files\Common Files\Nikon
2009-03-25 12:19 . 2009-03-25 12:19 <DIR> d-------- c:\windows\system32\URTTEMP
2009-03-25 12:02 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-03-25 12:02 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-03-25 02:01 . 2009-03-25 02:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DivX
2009-03-25 01:27 . 2009-03-25 01:27 <DIR> d--hs---- C:\FOUND.004
2009-03-25 00:55 . 2009-01-27 01:35 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-03-25 00:55 . 2009-01-27 01:35 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-03-25 00:53 . 2009-03-25 00:53 <DIR> d-------- c:\program files\Common Files\DivX Shared
2009-03-25 00:45 . 2009-03-25 00:45 <DIR> d-------- c:\windows\system32\windows media
2009-03-25 00:44 . 2009-03-25 00:44 <DIR> d--h----- c:\windows\msdownld.tmp
2009-03-25 00:44 . 2009-03-25 00:44 <DIR> d-------- c:\program files\Windows Media Components
2009-03-25 00:30 . 2009-03-25 00:30 22,024 --a------ c:\windows\system32\emptyregdb.dat
2009-03-25 00:30 . 2009-03-25 00:30 37 --a------ c:\windows\vbaddin.ini
2009-03-25 00:30 . 2009-03-25 00:30 36 --a------ c:\windows\vb.ini
2009-03-24 12:27 . 2008-04-25 19:41 218,624 --a------ c:\windows\system32\dllcache\uxtheme.dll
2009-03-23 12:52 . 2009-03-23 12:52 <DIR> d--hs---- C:\FOUND.003
2009-03-21 11:37 . 2009-03-21 11:37 <DIR> d-------- c:\program files\SiteAdvisor
2009-03-21 11:37 . 2009-03-21 11:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SiteAdvisor
2009-03-21 11:37 . 2009-03-21 11:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SiteAdvisor
2009-03-21 10:57 . 2009-03-21 10:57 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-21 10:54 . 2009-03-21 10:54 <DIR> d--h----- c:\windows\ie8
2009-03-20 11:37 . 2009-03-20 11:37 <DIR> d-------- c:\program files\Google
2009-03-20 00:32 . 2009-03-20 00:32 <DIR> d--hs---- C:\FOUND.002
2009-03-19 22:02 . 2009-03-19 22:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Witty
2009-03-19 21:43 . 2009-03-19 21:43 <DIR> d-------- c:\documents and settings\Administrator\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2009-03-19 21:41 . 2009-03-19 21:41 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-19 15:58 . 2009-03-19 15:58 <DIR> d--hs---- C:\FOUND.001
2009-03-18 18:49 . 2009-03-18 18:49 <DIR> d--hs---- c:\documents and settings\Administrator\IECompatCache
2009-03-18 18:48 . 2009-03-18 18:48 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2009-03-18 18:48 . 2009-03-18 18:48 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-03-18 18:43 . 2009-03-18 18:43 <DIR> d-------- c:\windows\ie8updates
2009-03-18 18:34 . 2009-02-28 04:55 105,984 --a------ c:\windows\system32\dllcache\iecompat.dll
2009-03-14 23:12 . 2009-03-14 23:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Notepad++
2009-03-14 23:01 . 2009-03-14 23:01 <DIR> d-------- c:\program files\Skype
2009-03-14 21:48 . 2009-03-14 21:48 <DIR> d--hs---- C:\FOUND.000
2009-03-10 22:18 . 2009-03-10 22:18 934,792 --------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 . 2009-03-10 22:18 239,496 --------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-09 10:15 . 2009-03-09 10:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit
2009-03-09 10:08 . 2009-03-09 10:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Artweaver
2009-03-08 14:22 . 2009-03-08 14:22 1,241,088 --------- c:\windows\system32\ieframe.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 10,240 --------- c:\windows\system32\advpack.dll.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 14:09 . 2009-03-08 14:09 638,816 --------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 . 2009-03-08 14:09 391,536 --------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 13:53 . 2009-03-08 13:53 <DIR> d-------- c:\windows\system32\Adobe
2009-03-08 04:34 . 2009-03-08 04:34 1,469,440 --------- c:\windows\system32\dllcache\inetcpl.cpl
2009-03-08 04:34 . 2009-03-08 04:34 236,544 --------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 . 2009-03-08 04:34 193,536 --------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 . 2009-03-08 04:34 109,568 --------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:34 . 2009-03-08 04:34 105,984 --------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 . 2009-03-08 04:34 43,008 --------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:33 . 2009-03-08 04:33 759,296 --------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 . 2009-03-08 04:33 229,376 --------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 . 2009-03-08 04:33 125,952 --------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:33 . 2009-03-08 04:33 25,600 --------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:32 . 2009-03-08 04:32 611,840 --------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:32 . 2009-03-08 04:32 173,056 --------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 . 2009-03-08 04:32 163,840 --------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 . 2009-03-08 04:32 128,512 --------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 . 2009-03-08 04:32 94,720 --------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 . 2009-03-08 04:32 72,704 --------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 . 2009-03-08 04:32 71,680 --------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 . 2009-03-08 04:32 55,808 --------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:31 . 2009-03-08 04:31 1,638,912 --------- c:\windows\system32\dllcache\mshtml.tlb
2009-03-08 04:31 . 2009-03-08 04:31 348,160 --------- c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 04:31 . 2009-03-08 04:31 216,064 --------- c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 04:31 . 2009-03-08 04:31 183,808 --------- c:\windows\system32\dllcache\iepeers.dll
2009-03-08 04:31 . 2009-03-08 04:31 66,560 --------- c:\windows\system32\dllcache\mshtmled.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 12:12 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-08 03:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 03:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 03:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 03:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 03:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 03:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:09 --------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-03-06 13:22 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-05 14:04 --------- d-----w c:\documents and settings\Administrator\Application Data\Windows Live Writer
2009-03-03 14:15 --------- d-----w c:\program files\Common Files\xing shared
2009-03-03 14:14 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-03 14:14 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-02 14:20 --------- d-----w c:\documents and settings\Administrator\Application Data\RealWorld
2009-02-24 19:31 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-24 19:29 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-20 12:49 --------- d-----w c:\documents and settings\Administrator\Application Data\ZipGenius
2009-02-17 23:38 197 --sha-w c:\program files\Common Files\maxtreme.dat
2009-02-16 11:13 --------- d-----w c:\documents and settings\Administrator\Application Data\gtk-2.0
2009-02-16 10:59 --------- d-----w c:\program files\Outsim
2009-02-16 10:59 --------- d-----w c:\program files\Image-Line
2009-02-15 18:33 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-15 18:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-11 15:25 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-11 15:19 --------- d-----w c:\program files\Common Files\Macromedia
2009-02-11 10:24 --------- d-----w c:\documents and settings\NetworkService\Application Data\SACore
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 23:00 61,440 ----a-w c:\windows\xspeech.dll
2009-02-09 10:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-08 12:56 --------- d-----w c:\program files\MSXML 4.0
2009-02-08 12:46 --------- d-----w c:\documents and settings\Administrator\Application Data\Winamp
2009-02-07 15:32 --------- d-----w c:\documents and settings\Administrator\Application Data\HP
2009-02-07 15:31 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-02-07 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-02-07 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-02-07 15:27 --------- d-----w c:\documents and settings\Administrator\Application Data\HPAppData
2009-02-07 15:25 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 15:25 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-02-07 15:24 --------- d-----w c:\program files\Hewlett-Packard
2009-02-07 15:24 --------- d-----w c:\program files\Common Files\HP
2009-02-07 15:23 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-02-07 15:19 --------- d-----w c:\program files\HP
2009-02-06 18:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 17:45 60,416 ----a-w c:\windows\ALCFDRTM.EXE
2009-01-27 00:35 129,784 ------w c:\windows\system32\pxafs.dll
2009-01-27 00:34 90,112 ----a-w c:\windows\system32\dpl100.dll
2009-01-27 00:34 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-01-27 00:34 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2009-01-27 00:34 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-01-27 00:34 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2009-01-27 00:34 684,032 ----a-w c:\windows\system32\DivX.dll
2009-01-16 13:45 73,728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-01-07 17:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 17:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
2009-01-07 17:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 17:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 17:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 17:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-07 17:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll
2009-01-07 17:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll
2009-01-27 00:34 1,044,480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 00:34 200,704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-07 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= VfwECamC.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fsssvc"=2 (0x2)
"SiteAdvisor Service"=2 (0x2)
"WinDefend"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\soft.tools\\utorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"e:\\mail\\skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2009-02-05 16640]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\
000.fcl [2008-02-01 17:24:04 41456]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-24 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-06 210216]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c01e0dca-f3b2-11dd-8a06-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-07 c:\windows\Tasks\User_Feed_Synchronization-{F39BE08E-4A3B-4996-B184-4A083049EB59}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
2009-03-28 c:\windows\Tasks\Uniblue SpyEraser.job
- e:\clean\blue\SpyEraser\SpyEraser.exe [2008-12-22 09:23]
2009-04-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w7ow2qc3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w7ow2qc3.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w7ow2qc3.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\SiteAdvisor\6253\FF\components\FFHook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: e:\soft.tools\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\soft.tools\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\soft.tools\qqq\Plugins\npqtplugin.dll
FF - plugin: e:\soft.tools\qqq\Plugins\npqtplugin2.dll
FF - plugin: e:\soft.tools\qqq\Plugins\npqtplugin3.dll
FF - plugin: e:\soft.tools\qqq\Plugins\npqtplugin4.dll
FF - plugin: e:\soft.tools\qqq\Plugins\npqtplugin5.dll
FF - plugin: e:\soft.tools\qqq\Plugins\npqtplugin6.dll
FF - plugin: e:\soft.tools\qqq\Plugins\npqtplugin7.dll
FF - plugin: e:\soft.tools\rply\Netscape6\nppl3260.dll
FF - plugin: e:\soft.tools\rply\Netscape6\nprjplug.dll
FF - plugin: e:\soft.tools\rply\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-04-07 21:05:11
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\documents and settings\Administrator\Local Settings\Temp\RGI6.tmp 16384 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\
000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1757981266-1177238915-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,ef,b9,61,b9,63,a9,48,8b,ce,da,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,ef,b9,61,b9,63,a9,48,8b,ce,da,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\LSI SOFTMODEM\AGRSMSVC.EXE
e:\pc.tools\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2009-04-07 21:06:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-07 20:06:52
Pre-Run: 11,068,719,104 bytes free
Post-Run: 11,000,168,448 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
369 --- E O F --- 2009-03-25 01:01:07
Provera HijackThis loga
