Hi again
ComboFix 08-06-07.3 - gido 2008-06-08 14:56:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1253.1.1032.18.1513 [GMT 3:00]
Running from: C:\Documents and Settings\gido\Επιφάνεια εργασίας\ComboFix.exe
* Created a new restore point
.
ADS - explorer.exe: deleted 88 bytes in 2 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\Privacy Policy.url
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\Terms and Conditions.url
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Προγράμματα\MessengerSkinner\Website.url
C:\WINDOWS\BMb72ff9bf.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ayokunkp.ini
C:\WINDOWS\system32\BdgQBcdd.ini
C:\WINDOWS\system32\BdgQBcdd.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fccaYspM.dll
C:\WINDOWS\system32\gktgiajq.dll
C:\WINDOWS\system32\hhlomueh.ini
C:\WINDOWS\system32\hhvcsklp.ini
C:\WINDOWS\system32\isesqdwy.ini
C:\WINDOWS\system32\iuvptqif.ini
C:\WINDOWS\system32\iyshcqaf.ini
C:\WINDOWS\system32\jeqmujkg.ini
C:\WINDOWS\system32\kknUvGgh.ini
C:\WINDOWS\system32\kknUvGgh.ini2
C:\WINDOWS\system32\krymvrev.ini
C:\WINDOWS\system32\kUxGOqss.ini
C:\WINDOWS\system32\kUxGOqss.ini2
C:\WINDOWS\system32\kxldceeu.dll
C:\WINDOWS\system32\lwoggatw.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mpYbHRqr.ini
C:\WINDOWS\system32\mpYbHRqr.ini2
C:\WINDOWS\system32\MTwvvGgh.ini
C:\WINDOWS\system32\MTwvvGgh.ini2
C:\WINDOWS\system32\oadiifwp.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pcagnkyh.ini
C:\WINDOWS\system32\piluovle.ini
C:\WINDOWS\system32\QpAIOqss.ini
C:\WINDOWS\system32\QpAIOqss.ini2
C:\WINDOWS\system32\qyiufbyx.dll
C:\WINDOWS\system32\rmsgxqjc.ini
C:\WINDOWS\system32\RsBbaGgh.ini
C:\WINDOWS\system32\RsBbaGgh.ini2
C:\WINDOWS\system32\smklumdt.ini
C:\WINDOWS\system32\sssnuvkw.dll
C:\WINDOWS\system32\TEdNonnn.ini
C:\WINDOWS\system32\TEdNonnn.ini2
C:\WINDOWS\system32\tgcuwicw.ini
C:\WINDOWS\system32\tjdxpqsy.dll
C:\WINDOWS\system32\tthxekms.dll
C:\WINDOWS\system32\uicuhluo.ini
C:\WINDOWS\system32\uuakpqyq.ini
C:\WINDOWS\system32\vDdMlnpo.ini
C:\WINDOWS\system32\vDdMlnpo.ini2
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\WvEMnnnn.ini
C:\WINDOWS\system32\wvokwjas.dll
C:\WINDOWS\system32\xxwHNXbc.ini
C:\WINDOWS\system32\xxwHNXbc.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Documents and Settings\gido\Application Data\Malwarebytes
2008-06-06 23:47 . 2008-06-06 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 23:47 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 23:47 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 23:34 . 2008-06-06 23:34 <DIR> d-------- C:\Program Files\tools
2008-06-06 22:44 . 2008-06-06 22:44 <DIR> d-------- C:\Deckard
2008-06-06 17:42 . 2008-06-06 17:42 325 --a------ C:\WINDOWS\system32\mbcufwvs.exe
2008-06-06 17:04 . 2007-12-10 12:45 <DIR> d-------- C:\Documents and Settings\Administrator\’ β¨*α Ł¦¬
2008-06-06 17:04 . 2007-12-10 12:45 <DIR> d-------- C:\Documents and Settings\Administrator\„§ *α¤ ¨©ε
2008-06-06 17:04 . 2008-06-06 17:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-06 01:25 . 2008-06-06 01:25 <DIR> d-------- C:\Program Files\Real
2008-06-05 20:51 . 2008-06-05 20:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 16:12 . 2008-06-05 16:12 325 --a------ C:\WINDOWS\system32\sboqakfn.exe
2008-06-04 01:47 . 2008-06-04 01:47 325 --a------ C:\WINDOWS\system32\kucixgft.exe
2008-06-03 23:10 . 2008-06-03 23:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-03 23:10 . 2008-06-03 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-03 01:40 . 2008-06-03 01:40 325 --a------ C:\WINDOWS\system32\klwhylxd.exe
2008-06-02 23:42 . 2008-06-02 23:42 325 --a------ C:\WINDOWS\system32\jnmoyvvy.exe
2008-06-02 20:51 . 2008-06-02 20:51 325 --a------ C:\WINDOWS\system32\gcfiderm.exe
2008-06-01 20:47 . 2008-06-01 20:47 325 --a------ C:\WINDOWS\system32\dtyltpeg.exe
2008-06-01 11:19 . 2008-06-01 11:19 325 --a------ C:\WINDOWS\system32\sdgusoih.exe
2008-05-30 08:28 . 2008-05-30 08:28 325 --a------ C:\WINDOWS\system32\modblgnm.exe
2008-05-29 02:19 . 2008-05-29 02:19 325 --a------ C:\WINDOWS\system32\xjapdrvj.exe
2008-05-28 17:10 . 2008-05-28 17:10 <DIR> d-------- C:\WINDOWS\Supermarket Mania
2008-05-28 02:19 . 2008-05-28 02:19 325 --a------ C:\WINDOWS\system32\qnvhqjjs.exe
2008-05-25 13:38 . 2008-05-25 13:39 <DIR> d-------- C:\Documents and Settings\gido\Application Data\Media Player Classic
2008-05-24 23:14 . 2008-06-06 17:31 1,892 --a------ C:\WINDOWS\wininit.ini
2008-05-24 22:21 . 2008-05-24 22:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-24 22:21 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-24 22:21 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-05-24 22:21 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-05-24 22:21 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-24 22:21 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-24 22:21 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-05-24 22:21 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-24 22:21 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-24 22:21 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-05-24 01:34 . 2008-05-24 01:34 28 --a------ C:\WINDOWS\SIERRA.INI
2008-05-24 01:29 . 2008-05-24 01:29 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-24 00:16 . 2008-05-24 00:16 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-23 23:59 . 2008-05-23 23:59 <DIR> d-------- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-05-22 21:22 . 2008-05-24 14:59 <DIR> d-------- C:\Program Files\Download Direct
2008-05-22 21:12 . 2008-05-22 21:12 77 --a------ C:\WINDOWS\gvcasinos.ini
2008-05-20 19:50 . 2008-05-21 19:09 3,038 --ahs---- C:\WINDOWS\system32\pryxdrrf.ini
2008-05-19 19:44 . 2008-05-20 19:45 2,858 --ahs---- C:\WINDOWS\system32\gxuusyxu.ini
2008-05-18 19:44 . 2008-05-18 19:44 237 --a------ C:\WINDOWS\system32\itcjqkpc.exe
2008-05-18 19:42 . 2008-05-19 19:42 2,506 --ahs---- C:\WINDOWS\system32\qvarnqvg.ini
2008-05-18 00:36 . 2008-05-18 00:36 <DIR> d-------- C:\Program Files\Gabest
2008-05-18 00:36 . 2008-05-18 00:36 196,608 --a------ C:\WINDOWS\system32\avisynth.dll
2008-05-18 00:35 . 2008-05-18 00:36 <DIR> d-------- C:\Program Files\GordianKnot
2008-05-18 00:35 . 2008-05-18 00:35 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
2008-05-18 00:35 . 2008-05-18 00:35 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
2008-05-18 00:35 . 2008-05-18 00:35 291,408 --a------ C:\WINDOWS\system32\DivXa32.acm
2008-05-18 00:35 . 2008-05-18 00:35 240,400 --a------ C:\WINDOWS\system32\DivX_c32.ax
2008-05-18 00:35 . 2008-05-18 00:35 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
2008-05-17 20:38 . 2008-05-21 23:39 <DIR> d-------- C:\Documents and Settings\gido\Application Data\LimeWire
2008-05-17 19:48 . 2008-05-17 19:48 237 --a------ C:\WINDOWS\system32\ddkdsrfa.exe
2008-05-17 19:42 . 2008-05-18 18:15 2,326 --ahs---- C:\WINDOWS\system32\vkuhxswm.ini
2008-05-16 22:48 . 2008-06-08 01:31 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-05-16 22:43 . 2008-06-08 14:52 266,888 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-05-16 22:43 . 2008-06-08 15:01 1,204 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-05-16 22:41 . 2008-05-16 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-05-16 22:36 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-05-16 22:36 . 2008-05-16 22:36 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-05-16 22:35 . 2008-05-16 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-05-16 22:34 . 2008-05-16 22:34 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-05-16 22:34 . 2007-10-25 17:27 292,144 --a------ C:\WINDOWS\system32\PavSHook.dll
2008-05-16 22:34 . 2007-10-16 15:37 161,072 --a------ C:\WINDOWS\system32\TpUtil.dll
2008-05-16 22:34 . 2007-11-19 13:01 143,160 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2008-05-16 22:34 . 2007-02-08 10:53 107,568 --a------ C:\WINDOWS\system32\SYSTOOLS.DLL
2008-05-16 22:34 . 2007-02-28 17:04 63,024 --a------ C:\WINDOWS\system32\pavipc.dll
2008-05-16 22:34 . 2007-02-15 19:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-05-16 22:34 . 2007-06-08 07:44 24,760 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2008-05-16 22:34 . 2007-11-19 12:51 2,048 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2008-05-16 22:32 . 2008-05-16 22:34 <DIR> d-------- C:\Program Files\Panda Security
2008-05-16 22:21 . 2008-05-16 22:21 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-05-16 22:21 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-05-16 22:21 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-05-16 18:05 . 2008-05-17 19:40 2,026 --ahs---- C:\WINDOWS\system32\gspoknsh.ini
2008-05-15 18:02 . 2008-05-16 18:03 1,786 --ahs---- C:\WINDOWS\system32\mebeyukc.ini
2008-05-14 19:36 . 2008-05-14 19:36 <DIR> d-------- C:\Program Files\SiSoftware
2008-05-14 17:43 . 2008-05-15 18:00 1,606 --ahs---- C:\WINDOWS\system32\eejykwrt.ini
2008-05-13 16:58 . 2008-05-13 16:58 335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-12 21:28 . 2008-05-12 21:28 <DIR> d-------- C:\Program Files\CleanMyPC
2008-05-12 17:23 . 2008-06-08 12:46 <DIR> d-------- C:\Documents and Settings\gido\Application Data\Roxio
2008-05-12 17:19 . 2003-01-14 09:14 135,168 --a------ C:\WINDOWS\system32\l3codecx.acm
2008-05-12 17:10 . 2008-05-12 17:10 <DIR> d-------- C:\Program Files\Roxio
2008-05-12 16:47 . 2008-05-12 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-05-11 15:47 . 2008-05-11 15:47 <DIR> d-------- C:\Program Files\SCREENSAVERS
2008-05-11 15:47 . 2005-10-05 13:47 2,226,176 --a------ C:\WINDOWS\system32\3D Solar System.scr
2008-05-11 15:47 . 2006-07-09 12:54 291,776 --a------ C:\WINDOWS\system32\DealioKit97-stub-0.exe
2008-05-11 15:47 . 2008-05-11 22:53 1 --a------ C:\WINDOWS\system32\sav80231.sys
2008-05-10 22:55 . 2008-05-10 22:55 319 --a------ C:\WINDOWS\game.ini
2008-05-10 22:50 . 2008-05-10 22:50 <DIR> d-------- C:\Program Files\Activision
2008-05-10 22:03 . 2008-05-10 22:03 <DIR> d-------- C:\Program Files\Subtitle Workshop
2008-05-10 22:02 . 2008-05-10 22:02 <DIR> d-------- C:\Program Files\ApophysisScreenSaver
2008-05-10 22:02 . 2004-08-16 01:12 231,936 --a------ C:\WINDOWS\ApophysisScreenSaver.scr
2008-05-10 22:02 . 2008-05-10 22:02 60 --a------ C:\WINDOWS\ApophysisScreenSaver.ini
2008-05-09 01:30 . 2008-05-12 16:47 48 ---hs---- C:\WINDOWS\S3EED914A.tmp
2008-05-08 23:12 . 2008-05-08 23:12 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-05-08 23:12 . 2008-01-03 22:10 105,856 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 12:01 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-06-08 12:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 11:52 266,888 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-06-06 22:59 --------- d-----w C:\Documents and Settings\gido\Application Data\uTorrent
2008-06-06 22:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-06 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 13:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-05 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-05 22:24 --------- d-----w C:\Program Files\GAMES
2008-05-24 19:20 --------- d-----w C:\Program Files\DivX
2008-05-23 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-21 20:08 --------- d-----w C:\Program Files\uTorrent
2008-05-17 21:42 --------- d-----w C:\Program Files\CDex_170b2
2008-05-15 19:36 --------- d-----w C:\Program Files\tv
2008-05-13 14:27 --------- d-----w C:\Program Files\Yahoo!
2008-05-13 13:05 1,036,800 ----a-w C:\WINDOWS\explorer.exe
2008-05-12 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-11 13:52 --------- d-----w C:\Program Files\EA GAMES
2008-05-11 12:58 --------- d-----w C:\Program Files\nero6
2008-05-10 19:01 --------- d-----w C:\Program Files\UTILITIES
2008-05-08 22:29 --------- d-----w C:\Program Files\Elaborate Bytes
2008-05-08 20:12 --------- d-----w C:\Program Files\Realtek
2008-05-06 17:15 --------- d-----w C:\Program Files\Stardock
2008-05-06 16:11 --------- d-----w C:\Program Files\dream aquarium
2008-05-05 17:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-04 20:11 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-05-03 08:49 --------- d-----w C:\Documents and Settings\gido\Application Data\Talkback
2008-05-03 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-03 00:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-03 00:07 --------- d-----w C:\Documents and Settings\gido\Application Data\Yahoo!
2008-05-02 19:49 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-02 14:42 --------- d-----w C:\Documents and Settings\gido\Application Data\DivX
2008-05-01 23:11 --------- d-----w C:\Program Files\AnvSoft
2008-05-01 22:41 --------- d-----w C:\Program Files\VirtualDJ
2008-04-30 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-30 23:44 --------- d-----w C:\Program Files\Mahjong Escape - Ancient Japan
2008-04-30 23:44 --------- d-----w C:\Documents and Settings\gido\Application Data\SpinTop
2008-04-30 22:20 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-30 21:53 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-04-30 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-04-30 19:27 --------- d-----w C:\Program Files\Java
2008-04-30 19:26 --------- d-----w C:\Program Files\Common Files\Java
2008-04-30 16:17 --------- d-----w C:\Documents and Settings\gido\Application Data\.BitTornado
2008-04-28 12:02 --------- d-----w C:\Documents and Settings\gido\Application Data\TVU Networks
2008-04-27 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-27 21:00 --------- d-----w C:\Program Files\kaspersky
2008-04-27 19:39 --------- d-----w C:\Program Files\CyberDefender
2008-04-27 19:14 --------- d-----w C:\Program Files\BitTornado
2008-04-27 16:17 --------- d-----w C:\Documents and Settings\gido\Application Data\AVG7
2008-04-25 16:29 --------- d-----w C:\Program Files\GammonEmpire
2008-04-23 20:40 --------- d-----w C:\Program Files\Plus!
2008-04-23 20:24 --------- d-----w C:\Program Files\Acez.com Wallpaper
2008-04-23 20:14 --------- d-----w C:\Program Files\UselessCreations
2008-04-23 13:36 --------- d-----w C:\Program Files\obj
2008-04-22 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameTap
2008-04-22 18:21 --------- d-----w C:\Documents and Settings\gido\Application Data\InstallShield
2008-04-22 17:33 --------- d-----w C:\Program Files\HP
2008-04-19 22:38 21,848,170 ----a-w C:\WINDOWS\85500.exe
2006-02-28 09:42 94,208 ----a-w C:\Program Files\mdnsNSP.dll
1999-07-07 09:48 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-08 23:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-08 23:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-08 23:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-08 23:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-08 23:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
Code:
<pre>
----a-w 7,019,335 2008-03-31 21:03:36 C:\Documents and Settings\gido\Τα έγγραφά μου\TORRENT\torrent rest\DAP Premium Version 8.6.1.4 + working 100%\DAP Premium .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1C43F4B-9384-4DA6-9CC5-E1EB24C8546D}]
C:\WINDOWS\system32\nnnoNdET.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-04 06:45 15360]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-03-02 22:18 913664]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2003-04-14 19:30 1491216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 04:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 02:52 849280]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2003-12-26 01:37 32768]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-04 06:45 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVNGWQ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\dvacm.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Γρήγορη εκκίνηση HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Γρήγορη εκκίνηση HP Image Zone.lnk
backup=C:\WINDOWS\pss\Γρήγορη εκκίνηση HP Image Zone.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b41cca23]
C:\WINDOWS\system32\elvoulip.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bifmi]
c:\documents and settings\gido\local settings\application data\bifmi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb72ff9bf]
C:\WINDOWS\system32\kkrylsdr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 09:33 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2002-12-02 17:17 73728 C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-01-09 09:21 253952 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-01-13 10:19 757760 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-01-13 14:05 69632 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP2\\WNt500x86\\RpcSandraSrv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 13:43]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 13:05]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 08:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 17:48]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 10:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 08:50]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 08:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 08:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 07:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2\RpcAgentSrv.exe [2008-04-07 19:26]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 13:01]
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-05-01 00:53]
S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 18:17]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa718d5c-aad0-11dc-9245-fd3200b177df}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 09:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 15:01:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2008-06-08 15:03:52 - machine was rebooted [gido]
ComboFix-quarantined-files.txt 2008-06-08 12:03:48
10 Κατάλογοι 89,761,333,248 διαθέσιμα byte
14 ‰«αΆ¦¦ 89,665,110,016 › β© Ł byte
379