ok i will try ,but i want to thx you ,i can't find virus with avast,my windows is perfect now,but i will try to do scan on kaspersky ,THANKS KATANA
ok i will try ,but i want to thx you ,i can't find virus with avast,my windows is perfect now,but i will try to do scan on kaspersky ,THANKS KATANA
It may seem as if the machine is clean, but there will still be traces of the infection left.
Custom CFScript
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06b29fd3-1db4-11db-bfd6-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09fdd8f8-1c8f-11db-ad05-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09fdd8f9-1c8f-11db-ad05-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9b3d5c-843d-11db-94ae-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d88e402-5391-11db-89a0-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fc63043-f880-11da-a36c-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{115a6136-61c0-11db-ba62-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1407af90-e818-11db-bed4-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15a85c6b-2477-11db-b3d9-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cf0c3b7-314e-11db-afb6-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cf0c3b8-314e-11db-afb6-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cf0c3b9-314e-11db-afb6-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e61c96a-9284-11db-bbd2-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21625153-1f39-11db-b4e3-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25cf27b6-e9b3-11db-bf03-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{283a0679-1d6d-11db-9a2f-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad31e43-09ae-11db-b07e-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3268b536-f701-11db-a4e9-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32a631dc-4f17-11db-aaa5-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35597886-94d5-11db-b6c5-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37065c43-10cf-11db-b6e1-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42d38890-3755-11db-aee6-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43084710-c977-11db-9bfc-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c11a9d-fa23-11da-abfc-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467169d2-f7ec-11da-a697-adfaa39dba8b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4832dcc3-14c4-11db-9104-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4832dcc5-14c4-11db-9104-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4832dcc6-14c4-11db-9104-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4de4593f-a720-11dc-8ab7-b4b8026ac03f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{525da15c-52ed-11db-954e-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52b35e90-940f-11db-b39f-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5859915c-3eab-11db-86d0-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{595ade36-d85b-11db-a517-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f0beec3-135f-11db-a3dd-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f0beec5-135f-11db-a3dd-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61e8b136-4247-11db-a301-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6362c043-fc6a-11da-8dca-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{637be710-60e3-11db-b542-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bf4286a-fbcc-11db-afe1-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d3c81ea-deb7-11db-a86d-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dfea443-0950-11db-b714-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7197dbe8-1a9a-11db-a584-82a0fe1011cb}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{750441b6-c8b8-11db-8515-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{753a3adc-b909-11db-8cb3-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75fef743-fd47-11da-923e-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77c77390-8692-11db-a81a-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a951390-b697-11db-92a5-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b671bc2-1112-11db-a19e-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b671bc3-1112-11db-a19e-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c7e12c2-18a1-11db-ae1f-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f785b36-38d6-11db-8a12-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83fb4836-82f9-11db-988c-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8552c7b6-8774-11db-a00c-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b9065b6-672b-11db-8860-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dae3b37-89de-11db-b93c-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dcc5390-680b-11db-9c10-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{929d8b90-97eb-11db-826e-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92c3828e-054d-11db-b341-841311d8bdea}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93e4c0c3-1726-11db-9d38-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1969a8-c431-11dc-8afa-000c765fda06}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e26c936-4a20-11db-b4c8-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e57719f-226b-11db-9524-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53333c3-0678-11db-a4d9-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af310143-0df3-11db-98ef-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04f9dea-b9ba-11db-a35f-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1e1e9d3-2483-11db-bb13-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b20a8336-ed02-11db-9f95-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3b61636-dfa2-11db-9852-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6ff9636-890e-11db-903b-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baae2179-2142-11db-829d-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baff5dc3-08f1-11db-92cc-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc41939e-2b01-11db-b3cc-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd98325c-4fd2-11db-9b4b-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf203c6a-98b5-11db-a6fb-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12a9bc2-f93c-11da-a152-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12a9bc3-f93c-11da-a152-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c14b0102-3832-11db-8644-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c219fb1f-1aa6-11db-ae19-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e60bc2-0a71-11db-a77d-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e60bc3-0a71-11db-a77d-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4007490-d7a6-11db-94fe-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7499a6a-020c-11dc-8608-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c815e4c3-f9f6-11da-800f-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8c12f7a-1f01-11db-b695-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c925259f-1b07-11db-8af6-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d360ad00-c9ee-11dc-8b13-8b66f7537dd7}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d46aacf9-1a4e-11db-a581-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ded153c3-0612-11db-ba35-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0f85536-dac6-11db-a43f-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f1a5fb-2c48-11db-8c34-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4ab73c3-1265-11db-b9f1-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f83a23-fa14-11da-b62d-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eed9e66a-c9c3-11db-bc5c-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f085265c-518a-11db-a2ad-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2510736-39a6-11db-aab7-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f43fce10-8064-11db-b020-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f43fce11-8064-11db-b020-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdf7a000-141e-11db-a3df-cd5be6804acc}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffd175c3-1010-11db-8b14-806d6172696f}]- Save this as CFScript.txt and place it on your desktop.
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
ok here is my log
ComboFix 08-02-25.3 - Viktor Salonski 2008-02-26 2:07:47.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.434 [GMT 1:00]
Running from: C:\Documents and Settings\Viktor Salonski\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Viktor Salonski\Desktop\CFScript.txt
* Created a new restore point.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-25 17:55 . 2008-02-25 17:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-25 16:59 . 2008-02-25 15:14 <DIR> d-------- C:\SDFix
2008-02-24 22:58 . 2006-04-24 10:30 59,392 --a------ C:\windows.pif
2008-02-24 22:54 . 2008-02-24 22:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-24 22:20 . 2008-02-24 22:20 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-24 22:20 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-24 22:20 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-24 22:20 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-24 22:20 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-24 22:20 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-24 22:20 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-24 22:20 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-24 22:20 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-24 19:42 . 2008-02-24 19:42 <DIR> d--hs---- C:\FOUND.037
2008-02-22 20:57 . 2008-02-22 20:57 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-02-22 14:12 . 2008-02-22 14:12 28,672 --a------ C:\WINDOWS\system32\klfv.exe
2008-02-22 14:07 . 2008-02-22 14:07 <DIR> d-------- C:\Program Files\FolderVault
2008-02-22 14:07 . 2008-02-22 14:07 921,654 --a------ C:\WINDOWS\stones6865E094.bmp
2008-02-22 14:07 . 2008-02-22 14:07 135,168 --a------ C:\WINDOWS\system32\Lock.dll
2008-02-22 14:07 . 2008-02-22 14:11 1,940 --a------ C:\WINDOWS\system32\fv2.lic
2008-02-22 14:07 . 2008-02-22 14:07 19 --a------ C:\WINDOWS\CTDChannels_Version.6865E094.cdf
2008-02-22 13:50 . 2008-02-22 13:50 <DIR> d-------- C:\Program Files\Folder Lock
2008-02-22 13:50 . 2007-12-02 19:54 79,920 --a------ C:\WINDOWS\system32\FLKill.exe
2008-02-22 13:50 . 2008-02-22 14:20 20 --a------ C:\sccfg.sys
2008-02-21 19:54 . 2008-02-21 19:54 <DIR> d--hs---- C:\FOUND.036
2008-02-20 21:38 . 2008-02-20 21:38 <DIR> d-------- C:\Program Files\RipCast 1.9
2008-02-19 17:40 . 2008-02-19 17:40 <DIR> d--hs---- C:\FOUND.035
2008-02-18 20:00 . 2008-02-18 20:00 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-02-18 20:00 . 2008-02-18 20:00 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\Audacity
2008-02-18 19:56 . 2008-02-18 19:56 220 --a------ C:\WINDOWS\system32\test.aok
2008-02-18 19:55 . 2008-02-18 19:55 <DIR> d-------- C:\Program Files\Ultra Video Converter
2008-02-18 19:55 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-02-18 19:55 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-02-18 14:18 . 2008-02-18 14:18 <DIR> d--hs---- C:\FOUND.034
2008-02-16 14:04 . 2008-02-16 14:04 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\ViStart
2008-02-16 13:58 . 2008-02-16 13:58 78,942 --a------ C:\WINDOWS\Icon_2.ico
2008-02-16 13:50 . 2008-02-16 13:50 <DIR> d-------- C:\Program Files\WinFlip
2008-02-16 13:50 . 2008-02-16 13:50 <DIR> d-------- C:\Program Files\TrueTransparency
2008-02-16 13:50 . 2008-02-16 13:50 <DIR> d-------- C:\Program Files\Styler
2008-02-16 13:50 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
2008-02-16 13:47 . 2008-02-16 13:47 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-02-16 13:46 . 2008-02-16 13:46 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-02-16 13:19 . 2008-02-16 13:19 <DIR> d-------- C:\Program Files\Safarp
2008-02-16 03:36 . 2008-02-16 03:36 <DIR> d-------- C:\k
2008-02-15 22:21 . 2007-12-12 16:11 851 --a------ C:\ma477.bin
2008-02-15 19:19 . 2008-02-15 19:19 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-15 19:19 . 2008-02-15 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-15 15:24 . 2008-02-15 15:24 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-15 14:24 . 2008-02-15 14:24 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\Styler
2008-02-15 14:23 . 2008-02-15 14:23 <DIR> d-------- C:\VTPFiles
2008-02-15 14:23 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-02-15 14:23 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-02-15 14:23 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-02-15 14:21 . 2008-02-15 14:21 <DIR> d-------- C:\Vista Transformation Pack 8.0.1
2008-02-15 14:20 . 2008-02-15 14:20 <DIR> d-------- C:\MediaCoder 0.6.1 Build 4031
2008-02-15 14:20 . 2008-02-15 14:21 <DIR> d-------- C:\Audacity 1.3.4 Beta
2008-02-14 21:35 . 2008-02-14 21:35 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\Ulead Systems
2008-02-14 21:33 . 2008-02-14 21:33 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-02-14 21:26 . 2008-02-14 21:26 <DIR> d-------- C:\Program Files\Bad CD DVD Reader
2008-02-14 21:18 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-02-14 21:18 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-02-14 21:16 . 2008-02-14 21:16 <DIR> d-------- C:\Winamp 5 Full 5.5
2008-02-14 21:13 . 2008-02-14 21:13 <DIR> d-------- C:\Ulead PhotoImpact X3
2008-02-14 21:12 . 2008-02-14 21:13 <DIR> d-------- C:\SuperRam 5.1.14.2008e
2008-02-14 21:12 . 2008-02-14 21:12 <DIR> d-------- C:\BAD CDDVD Reader
2008-02-14 14:16 . 2008-02-14 14:16 <DIR> d-------- C:\Program Files\Nexus_Radio
2008-02-14 13:59 . 2008-02-14 13:59 <DIR> d-------- C:\Program Files\Nexus Radio
2008-02-14 13:55 . 2008-02-14 13:55 <DIR> d-------- C:\Program Files\JLC's Software
2008-02-14 13:55 . 2008-02-14 13:55 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\JLC's Software
2008-02-14 13:51 . 2008-02-14 13:51 <DIR> d-------- C:\Nexus Radio 2.1
2008-02-14 13:51 . 2008-02-14 13:51 <DIR> d-------- C:\JLC's Internet TV 1.1.0
2008-02-13 20:03 . 2008-02-13 20:03 <DIR> d-------- C:\Program Files\Ocean Technology
2008-02-13 20:03 . 2008-02-13 20:03 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\InstallShield
2008-02-13 20:03 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll
2008-02-11 20:24 . 2008-02-11 20:24 <DIR> d-------- C:\Program Files\GameHouse
2008-02-11 13:00 . 2008-02-11 13:00 <DIR> d--hs---- C:\FOUND.033
2008-02-10 20:50 . 2008-02-10 21:00 26 --a------ C:\WINDOWS\Zone.Identifier
2008-02-10 02:44 . 2008-02-10 02:44 45,056 --a------ C:\WINDOWS\system32\fsmgmt.dll
2008-02-09 15:29 . 2008-02-09 15:29 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-09 15:29 . 2008-02-09 15:29 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-09 15:28 . 2008-02-09 15:28 <DIR> d-------- C:\Program Files\Eclypse
2008-02-09 11:53 . 2008-02-25 18:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 11:53 . 2008-02-09 11:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-02 17:22 . 2008-02-02 17:22 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-01-28 17:32 . 2008-02-24 22:23 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-28 17:19 . 2008-01-28 17:19 <DIR> d--hs---- C:\FOUND.032
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 21:18 17,920 ----a-w C:\WINDOWS\system32\secpol.exe
2008-01-14 15:19 --------- d-----w C:\Program Files\Common Files\NSV
2008-01-12 21:18 --------- d-----w C:\Program Files\SpeedFan
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 12:00 --------- d-----w C:\Program Files\PATRICIAN
2008-01-08 21:18 --------- d-----w C:\Program Files\SourceTec
2007-12-26 15:34 --------- d-----w C:\Program Files\DFX
2007-12-26 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-06-29 18:45 17 ----a-w C:\Program Files\Sims2Pack Clean Installer.ini
2007-08-08 13:32 801 --sha-w C:\WINDOWS\system32\mmf.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]
2007-11-08 12:11 1502232 --a------ C:\Program Files\Nexus_Radio\tbNexu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{2462D2D8-B36E-44AB-84BF-C5A9383D2429}
[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= C:\Program Files\Nexus_Radio\tbNexu.dll [2007-11-08 12:11 1502232]
[HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 18:06 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20 6803456]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 15:23 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayItemsDisplay"= 00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt]
fsmgmt.dll 2008-02-10 02:44 45056 C:\WINDOWS\system32\fsmgmt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-04-13 11:09 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 22:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Icq\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\WINDOWS\\System32\\autmgr32.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealOne Player\\REALPLAY.EXE"=
"C:\\TOTALCMD\\totalcmd.exe"=
"C:\\Program Files\\ApexDC++\\ApexDC.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"D:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 22:56]
S2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe []
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys [2003-04-17 11:42]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-12-24 15:49]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-12-24 15:49]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-12-24 15:49]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-12-24 15:49]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-12-24 15:49]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-12-24 15:49]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-12-24 15:49]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-12-24 15:49]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-12-24 15:49]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-12-24 15:49]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 21:47:02 C:\WINDOWS\Tasks\{1C82364A-8B8D-40B7-A7BC-F7E694BE0141}_PRIVATE-B55B9C7_Viktor Salonski.job"
- C:\WINDOWS\system32\mobsync.exeT /Schedule=
"2008-02-22 16:16:10 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-22 12:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 02:10:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-26 2:11:12
ComboFix-quarantined-files.txt 2008-02-26 01:11:10
ComboFix2.txt 2008-02-25 16:30:34
.
2008-02-21 18:57:29 --- E O F ---
Any news on the Kaspersky scan yet ?
Microsoft MVP Consumer Security 2009 -2010
If we have helped, please consider a donation
THESE INSTRUCTIONS ARE FOR THIS USER ONLY
i will try to do that now