Combo Fix

ComboFix 10-09-20.02 - Administrator 09/21/2010 2:01.3.
2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.351 [GMT 9:00]
Running from: F:\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-
4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
C:\dfinstall.log
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Expl
orer\Quick Launch\Total PC Defender.lnk
c:\documents and settings\Administrator\Start Menu\Total PC Defender
c:\documents and settings\Administrator\Start Menu\Total PC Defender\Total PC De
fender.lnk
c:\windows\system\WINSPOOL.DRV
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))
))))))))))))))))))))))))
.
2011-07-13 15:09 . 2010-07-29 21:01 97549 ----a-w- c:\windows\syste
m32\drivers\klick.dat
m32\drivers\klin.dat
2011-07-13 15:07 . 2011-07-13 15:07 -------- d-----w- c:\progr
am files\Kaspersky Lab
2011-07-13 15:07 . 2010-09-20 17:11 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Kaspersky Lab
2011-07-13 13:36 . 2011-07-13 15:02 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-06-25 13:19 . 2011-06-25 13:19 501936 ----a-w- c:\documents and
settings\All Users\Application Data\Google\Google Toolbar\Update\gtbDE.tmp.exe
2011-05-10 10:28 . 2011-05-10 10:28 -------- d-----w- c:\docum
ents and settings\Administrator\Local Settings\Application Data\WMTools Download
ed Files
2011-04-27 21:10 . 2011-04-27 21:10 56 ---ha-w- c:\windows\syste
m32\ezsidmv.dat
2011-04-27 21:10 . 2010-09-20 16:03 -------- d-----w- c:\docum
ents and settings\Administrator\Application Data\skypePM
2011-04-27 21:07 . 2010-09-20 16:05 -------- d-----w- c:\docum
ents and settings\Administrator\Application Data\Skype
2011-04-27 21:02 . 2011-04-27 21:02 -------- d-----w- c:\progr
am files\Common Files\Skype
2011-04-27 21:02 . 2011-04-27 21:04 -------- d-----r- c:\progr
am files\Skype
2011-04-27 21:01 . 2011-04-27 21:02 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Skype
2011-04-21 22:50 . 2011-05-16 02:07 -------- d-----w- C:\Downl
oads
2011-04-09 10:35 . 2011-04-09 10:35 -------- d-----w- C:\updfi
les
settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary
Files\rollback\patch\AutoPatches\kav11\11.0.0.232\updater.dll
Files\rollback\patch\AutoPatches\kav11\11.0.0.232\libola.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\updater.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2011-07-13 15:04 . 2009-09-03 00:22 -------- d-----w- c:\progr
am files\AVG
2011-07-13 15:04 . 2010-02-02 18:04 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\avg8
2011-07-13 13:32 . 2010-02-01 17:23 -------- d-----w- c:\progr
am files\ESET
2011-07-13 12:09 . 2009-09-03 02:43 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Nero
2011-07-13 12:09 . 2009-09-03 02:43 -------- d-----w- c:\progr
am files\Common Files\Nero
2011-05-20 19:12 . 2009-09-03 01:33 -------- d-----w- c:\progr
am files\FlashGet
2011-04-27 21:14 . 2009-09-03 01:33 -------- d-----w- c:\progr
am files\Google
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\libola.dll
settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-01 00:59 . 2010-07-23 05:02 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\CanonIJPLM
2010-08-30 01:09 . 2010-07-23 05:07 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\CanonIJ
2010-08-26 23:34 . 2010-02-01 11:27 -------- d-----w- c:\progr
am files\Smadav
settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.
dll
Files\temporaryFolder\bases\sco\i386\win\sys_critical_obj.dll
2010-08-10 14:06 . 2009-09-03 00:50 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Microsoft Help
2010-08-04 04:12 . 2010-09-23 00:19 5311 ----a-w- C:\huadio.tmp
2010-08-03 06:10 . 2010-08-03 06:10 -------- d-----w- c:\docum
ents and settings\Administrator\Application Data\ArcSoft
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\shellex.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\sbstart.exe
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtblc.dll
2010-07-23 05:09 . 2010-07-23 05:06 -------- d-----w- c:\docum
ents and settings\Administrator\Application Data\Canon
2010-07-23 05:09 . 2010-07-23 05:09 -------- d--h--w- c:\docum
ents and settings\All Users\Application Data\CanonIJScan
2010-07-23 05:04 . 2010-07-23 05:04 -------- d--h--w- c:\docum
ents and settings\All Users\Application Data\CanonIJEGV
2010-07-23 05:04 . 2010-07-23 05:04 -------- d--h--w- c:\docum
ents and settings\All Users\Application Data\CanonIJSolutionMenu
2010-07-23 05:02 . 2010-07-23 04:56 -------- d-----w- c:\progr
am files\Canon
2010-07-23 05:01 . 2010-07-23 05:01 -------- d-----w- c:\progr
am files\ArcSoft
2010-07-23 05:01 . 2009-09-02 23:53 -------- d--h--w- c:\progr
am files\InstallShield Installation Information
2010-07-23 05:01 . 2009-09-02 23:52 -------- d-----w- c:\progr
am files\Common Files\InstallShield
2010-07-23 05:00 . 2010-07-23 05:00 -------- d-----w- c:\progr
am files\Common Files\CANON
2010-07-23 04:58 . 2010-07-23 04:58 -------- d--h--w- c:\progr
am files\CanonBJ
settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\ksn_client.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtbbho.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\esmgr.dll
Files\temporaryFolder\bases\sw2\klavasyswatch.dll
m32\schannel.dll
m32\wininet.dll
m32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[2010-01-03 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-05 26102056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 141848]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 298311
68]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-2
0 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.
exe" [2007-12-14 50472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [
2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.ex
e" [2006-01-30 98304]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-
11 689488]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
[2010-05-07 344736]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office
\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Flashget"="c:\program files\FlashGet\FlashGet.exe" /min
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
l.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiV
irus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys
[9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/
2/2009 8:27 PM 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system
32\drivers\viahduaa.sys [9/3/2009 8:59 AM 238080]
S1 kl2;Kl2;c:\windows\system32\drivers\kl2.sys [5/7/2010 12:19 AM 132184]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\Google
Update.exe [1/28/2010 6:47 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:34]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 09:47]
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 09:47]
2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{1C2846D2-D259-466E-AFFA-A
73E75E37DE7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\Google
ToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Total PC Defender - c:\program files\Total PC Defender\Total PC Defende
r.exe
HKLM-Run-Stask - c:\windows\irundll32.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-09-21 02:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1?????????????????
???????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1275210071-1801674531-500\Software\Microsoft\Int
ernet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,55,43,d0,37,95,e2,42,aa,42,5f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,55,43,d0,37,95,e2,42,aa,42,5f,\
[HKEY_USERS\S-1-5-21-2052111302-1275210071-1801674531-500\Software\Microsoft\Win
dows\CurrentVersion\Explorer\FileExts\.**-*"\OpenWithList]
@Class="Shell"
dows\CurrentVersion\Explorer\FileExts\.*Ñ*Ü*§ \OpenWithList]
@Class="Shell"
dows\CurrentVersion\Explorer\FileExts\.*X%
%*]
@Class="Shell"
dows\CurrentVersion\Explorer\FileExts\.*X%
%*\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(624)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b1
28700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS
ervice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-21 02:18:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 17:18
Pre-Run: 29,310,525,440 bytes free
Post-Run: 31,687,778,304 bytes free
- - End Of File - - 5313113DE231E73A30CFABEB0A09A031

Combo Fix

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Combo Fix

Загружено:

Авторское право:

Доступные форматы

ComboFix 10-09-20.02 - Administrator 09/21/2010 2:01.3.

Вам также может понравиться