ComboFix 08-12-14.03 - Ïàøà 2008-12-17 0:23:36.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.1.1049.18.2046.1546 [GMT 2:00] Running from: e:\progs\Security\ComboFix\ComboFix.exe Command switches used :: e:\progs\Security\ComboFix\CFScript.txt.txt * Created a new restore point FILE :: c:\windows\QTFont.for c:\windows\QTFont.qfn c:\windows\system32\eop.e c:\windows\system32\kj.je c:\windows\system32\r33.es c:\windows\system32\v1.e2 c:\windows\system32\zed.pa . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\QTFont.for c:\windows\QTFont.qfn c:\windows\system32\eop.e c:\windows\system32\kj.je c:\windows\system32\r33.es c:\windows\system32\v1.e2 c:\windows\system32\zed.pa . ((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 ))))))))))))))))))))))))))))))) . 2008-12-15 21:37 . 2008-12-15 21:37 d----c--- c:\program files\microsoft frontpage 2008-12-15 21:32 . 2008-12-15 21:32 d----c--- c:\windows\ServicePackFiles 2008-12-15 21:31 . 2006-12-29 00:31 19,569 --a--c--- c:\windows\[u]0[/u]00001_.tmp 2008-12-15 11:54 . 2008-12-15 11:54 d----c--- c:\documents and settings\2\Application Data\Malwarebytes 2008-12-15 00:37 . 2008-12-15 00:37 d----c--- c:\windows\ERUNT 2008-12-14 22:39 . 2008-12-14 22:39 d----c--- c:\program files\Malwarebytes' Anti-Malware 2008-12-14 22:39 . 2008-12-14 22:39 d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-14 22:39 . 2008-12-14 22:39 d----c--- c:\documents and settings\Ïàøà\Application Data\Malwarebytes 2008-12-14 22:39 . 2008-12-14 22:38 410,984 --a--c--- c:\windows\system32\deploytk.dll 2008-12-14 22:39 . 2008-12-03 19:52 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-14 22:39 . 2008-12-03 19:52 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys 2008-12-13 13:06 . 2008-12-13 13:06 664 --a--c--- c:\windows\system32\d3d9caps.dat 2008-12-12 20:34 . 2008-04-15 14:00 33,280 --a--c--- c:\windows\system32\rundll32.exe 2008-12-12 16:26 . 2008-12-17 00:21 dr-h-c--- c:\documents and settings\Ïàøà\Recent 2008-12-12 16:26 . 2008-12-17 00:21 dr-h-c--- c:\documents and settings\Ïàøà\Recent 2008-12-12 14:32 . 2008-04-15 14:00 26,624 --a--c--- c:\windows\system32\rundll32 advpack.dll,launchinfsectionex ie7int.inf,afteruserstart,,4,n 2008-12-12 14:32 . 2008-04-15 14:00 26,624 --a--c--- c:\windows\system32\{22bf413b-c6d2-4d91-82a9-a0f997ba588c} 2008-12-10 08:10 . 2008-12-10 08:10 d----c--- c:\program files\Hanami 2008-12-09 22:58 . 2008-12-09 22:58 d----c--- c:\program files\Snow for Windows 2008-12-09 22:58 . 1999-12-17 10:13 86,016 --a--c--- c:\windows\unvise32.exe 2008-12-09 15:05 . 2008-12-09 15:10 d----c--- c:\program files\QIP Infium 2008-12-08 15:37 . 2008-12-08 15:38 d----c--- c:\program files\YouTube FLV to AVI converter Pro 2008-12-08 15:35 . 2008-12-08 17:50 237,568 --a--c--- c:\windows\system32\rmc_rtspdl.dll 2008-12-08 15:35 . 2008-12-08 17:50 156,672 --a--c--- c:\windows\system32\rmc_fixasf.exe 2008-12-08 15:33 . 2008-12-08 17:50 323,584 --a--c--- c:\windows\system32\AUDIOGENIE2.DLL 2008-12-08 15:31 . 2008-12-08 15:31 d----c--- c:\windows\Replay Media Catcher 2008-12-08 15:31 . 2008-12-08 17:57 d----c--- c:\program files\Replay Media Catcher 2008-12-07 15:25 . 2008-12-07 15:25 d----c--- c:\documents and settings\All Users\Application Data\USBSRService 2008-12-06 17:06 . 2008-12-06 17:06 d--h-c--- c:\windows\PIF 2008-12-06 15:13 . 2008-12-06 15:13 d----c--- c:\program files\CPU-Control 2008-12-06 15:13 . 2008-12-07 17:36 d----c--- c:\documents and settings\Ïàøà\Application Data\CPUControl 2008-12-05 18:00 . 2008-12-05 18:26 d----c--- c:\program files\DAEMON Tools Pro 2008-12-05 08:48 . 2008-12-05 18:28 107,888 --a--c--- c:\windows\system32\CmdLineExt.dll 2008-12-05 07:56 . 2008-12-05 07:56 d----c--- c:\program files\Rockstar Games 2008-12-03 13:03 . 2008-12-03 13:03 d----c--- c:\program files\Punto Switcher 2008-12-01 14:01 . 2008-12-01 14:01 d----c--- c:\documents and settings\Ïàøà\DoctorWeb 2008-12-01 14:01 . 2008-12-01 14:01 d----c--- c:\documents and settings\Ïàøà\DoctorWeb 2008-12-01 06:43 . 2008-12-01 06:43 d----c--- c:\program files\MSBuild 2008-12-01 06:41 . 2008-12-01 06:41 d----c--- c:\windows\system32\XPSViewer 2008-12-01 06:41 . 2008-12-01 06:41 d----c--- c:\program files\Reference Assemblies 2008-12-01 06:40 . 2006-06-29 13:07 14,048 -----c--- c:\windows\system32\spmsg2.dll 2008-11-28 20:25 . 2008-11-28 20:25 d----c--- c:\documents and settings\Ïàøà\Application Data\Trident Software 2008-11-28 15:48 . 2008-11-28 15:48 d----c--- c:\documents and settings\2\Application Data\YarmapUK 2008-11-25 19:58 . 2008-11-25 19:58 d----c--- c:\windows\naevius_yt_1 2008-11-25 19:58 . 2008-11-25 20:04 d----c--- c:\program files\Naevius YouTube Converter 2008-11-24 07:41 . 2008-11-24 07:41 d----c--- c:\program files\Steinberg 2008-11-23 22:23 . 2008-12-15 20:13 14 --a--c--- c:\windows\popcinfo.dat 2008-11-16 21:07 . 2008-11-16 21:07 d----c--- c:\windows\system32\AGEIA 2008-11-16 21:07 . 2008-11-16 21:07 d----c--- c:\program files\AGEIA Technologies 2008-11-16 21:06 . 2008-10-07 13:33 201,157 --a--c--- c:\windows\system32\nvapps.nvb 2008-11-16 05:27 . 2008-10-10 04:52 4,379,984 --a--c--- c:\windows\system32\D3DX9_40.dll 2008-11-16 05:27 . 2008-10-10 04:52 2,036,576 --a--c--- c:\windows\system32\D3DCompiler_40.dll 2008-11-16 05:27 . 2008-10-27 10:04 514,384 --a--c--- c:\windows\system32\XAudio2_3.dll 2008-11-16 05:27 . 2008-10-10 04:52 452,440 --a--c--- c:\windows\system32\d3dx10_40.dll 2008-11-16 05:27 . 2008-10-27 10:04 235,856 --a--c--- c:\windows\system32\xactengine3_3.dll 2008-11-16 05:27 . 2008-10-27 10:04 70,992 --a--c--- c:\windows\system32\XAPOFX1_2.dll 2008-11-16 05:27 . 2008-10-27 10:04 23,376 --a--c--- c:\windows\system32\X3DAudio1_5.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-16 22:24 35,117,856 -csha-w c:\windows\system32\drivers\fidbox.dat 2008-12-16 22:24 1,103,648 -csha-w c:\windows\system32\drivers\fidbox2.dat 2008-12-16 20:45 --------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-16 19:31 --------- dc----w c:\documents and settings\Ïàøà\Application Data\uTorrent 2008-12-16 16:55 486,668 -csha-w c:\windows\system32\drivers\fidbox.idx 2008-12-16 16:55 102,992 -csha-w c:\windows\system32\drivers\fidbox2.idx 2008-12-14 20:38 --------- dc--a-w c:\program files\Java 2008-12-12 19:17 --------- dc----w c:\program files\Common Files\Wise Installation Wizard 2008-12-12 16:41 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-10 15:19 --------- dc----w c:\documents and settings\2\Application Data\dvdcss 2008-12-09 17:42 --------- dc----w c:\program files\QIP 2008-12-09 12:44 --------- dc----w c:\documents and settings\Ïàøà\Application Data\dvdcss 2008-12-06 09:35 --------- dc----w c:\documents and settings\2\Application Data\uTorrent 2008-12-05 06:02 --------- dc-h--w c:\program files\InstallShield Installation Information 2008-11-29 17:24 --------- dc----w c:\program files\Eastegger 2008-11-29 14:16 --------- dc----w c:\program files\SUPER 2008-11-25 21:23 --------- dc----w c:\program files\The KMPlayer 2008-11-23 13:20 --------- dc----w c:\program files\Èãðû îò NevoSoft 2008-11-21 05:08 --------- dc----w c:\program files\VLC 2008-11-16 03:35 --------- dc----w c:\program files\CCleaner 2008-11-14 13:30 --------- dc----w c:\documents and settings\All Users\Application Data\Fugazo 2008-11-14 12:00 --------- dc----w c:\documents and settings\2\Application Data\My Games 2008-11-10 16:18 --------- dc----w c:\program files\Alawar.ru 2008-11-05 16:54 --------- dc----w c:\program files\Opera 2008-11-03 17:56 --------- dc--a-w c:\program files\Common Files\InstallShield 2008-11-03 17:29 --------- dc----w c:\program files\Trident Software 2008-11-03 17:29 --------- dc----w c:\documents and settings\2\Application Data\Trident Software 2008-11-01 15:04 --------- dc----w c:\documents and settings\Ïàøà\Application Data\Skype 2008-11-01 14:53 --------- dc----w c:\program files\Skype 2008-11-01 14:53 --------- dc----w c:\program files\Common Files\Skype 2008-11-01 14:53 --------- dc----w c:\documents and settings\All Users\Application Data\Skype 2008-10-29 17:40 --------- dc----w c:\documents and settings\Ïàøà\Application Data\teamspeak2 2008-10-28 15:41 14,303,392 -c--a-w c:\windows\system32\xlive.dll 2008-10-28 15:41 13,643,936 -c--a-w c:\windows\system32\xlivefnt.dll 2008-10-28 14:44 --------- dc----w c:\program files\DAEMON Tools Lite 2008-10-26 16:03 --------- dc----w c:\documents and settings\Ïàøà\Application Data\vlc 2008-10-25 08:49 --------- dc----w c:\program files\K-Lite Codec Pack 2008-10-25 08:47 98,304 -c--a-w c:\windows\system32\qttask.exe 2008-10-25 08:46 --------- dc----w c:\program files\ACE Mega CoDecS Pack 2008-10-24 18:07 --------- dc--a-w c:\program files\Analog Devices 2008-10-24 14:31 9,216 -c--a-w c:\windows\system32\drivers\FStarForce.sys 2008-10-20 08:44 --------- dc----w c:\documents and settings\Ïàøà\Application Data\AccurateRip 2008-10-20 08:43 --------- dc----w c:\program files\Exact Audio Copy 2008-10-18 14:55 --------- dc----w c:\documents and settings\2\Application Data\URSoft 2008-10-18 07:23 --------- dc----w c:\program files\WinTuning XP 2008-10-02 08:07 453,152 -c--a-w c:\windows\system32\nvuninst.exe 2008-09-27 11:52 306,432 -c--a-w c:\windows\system32\TuneUpDefragService.exe 2008-09-16 00:14 3,596,288 -c--a-w c:\windows\system32\qt-dx331.dll 2008-09-16 00:12 81,920 -c--a-w c:\windows\system32\dpl100.dll 2008-09-16 00:11 683,520 -c--a-w c:\windows\system32\divx.dll 2008-05-24 13:33 47,360 -c--a-w c:\documents and settings\Ïàøà\Application Data\pcouffin.sys 2006-05-03 09:06 163,328 -csh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 -csh--r c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Punto Switcher"="c:\program files\Punto Switcher\punto.exe" [2008-10-16 735016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "Tweak UI"="TWEAKUI.CPL" [2003-03-25 c:\windows\system32\tweakui.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IE7_011"="shell32" [X] "ZZZZ2_FirstLogonSetting"="advpack.dll" [2008-08-19 c:\windows\system32\advpack.dll] "IE7_012"="advpack.dll" [2008-08-19 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "MaxRecentDocs"= 20 (0x14) "NoCommonGroups"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoViewOnDrive"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "vidc.hfyu"= huffyuv.dll "msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm "msacm.divxa32"= divxa32.acm "vidc.iyuv"= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "vidc.i420"= i420vfw.dll "vidc.uyvy"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yuy2"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yvyu"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "UpdatesOverride"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Progs\\uTorrent\\utorrent.exe"= R3 FStarForce;FStarForce;c:\windows\system32\DRIVERS\FStarForce.sys [2008-10-28 9216] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-12-12 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\ [2008-12-15 00:48] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.punksoftware.com/download?project=RocketDock&ver=1.3.5 IE: &Åêñïîðò äî Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-17 00:24:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1020) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\klogon.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll c:\windows\system32\DNSAPI.dll - - - - - - - > 'lsass.exe'(1076) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll . Completion time: 2008-12-17 0:25:20 ComboFix-quarantined-files.txt 2008-12-16 22:25:18 Pre-Run: 14 701 613 056 áàéò ñâîáîäíî Post-Run: 14,685,138,944 áàéò ñâîáîäíî 240