ComboFix  (na platformy 2000/XP/Vista 32-bit)

Informacja !!!   Tu macie oficjalną  polską wersję "Instrukcja użycia programu ComboFix"

UWAGA!!!

Pamiętajcie o tym że to nie zabawka !!! należy się nim posługiwać pod nadzorem osoby która ma o tym pojęcie inaczej może się to źle skończyć!!!
Zalecana jest  przed zastosowaniem narzędzia instalacja na kompie Windows Recovery Console albo wykonanie sobie płytki  botującej z NTFS4Dos
Zawsze ściągajcie na pulpit najnowszą wersję, a po zastosowaniu i zakończeniu usuwania, należy go odinstalować, w tym celu wykonujecie:

Start>>>uruchom i w okienku wklepujecie  ComboFix /u  i naciskacie Enter. Nie wolno Wam o tym zapominać !!!

ComboFix 06.11.27 - Running from: "C:\Documents and Settings\xxxx\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{D992E285-BF9B-428B-9E14-6E7FDE3648C3}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D992E285-BF9B-428B-9E14-6E7FDE3648C3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{D992E285-BF9B-428B-9E14-6E7FDE3648C3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D992E285-BF9B-428B-9E14-6E7FDE3648C3}\InprocServer32]
@="C:\\WINDOWS\\system32\\sEfrcdlg.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\offun.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService.NT AUTHORITY.003\Application Data\NetMon
C:\Program Files\cmfibula
C:\Documents and Settings\All Users.WINDOWS\Documents\Settings
C:\Program Files\batty2
C:\Program Files\network monitor
C:\WINDOWS\SmFtYWwgTWFra291aw


((((((((((((((((((((((((((((((( Files Created from 2006-11-23 to 2006-12-23 ))))))))))))))))))))))))))))))))))

2006-12-19 22:06 235,026 -r--s---- C:\WINDOWS\SYSTEM32\dqrawex.dll
2006-12-19 21:45 236,081 -r--s---- C:\WINDOWS\SYSTEM32\irn0l55m1.dll
2006-12-19 18:45 236,771 -r--s---- C:\WINDOWS\SYSTEM32\ir4sl5h71.dll
2006-12-19 18:36 235,026 -r--s---- C:\WINDOWS\SYSTEM32\o4ns0e57eh.dll
2006-12-19 18:26 234,851 -r--s---- C:\WINDOWS\SYSTEM32\lvpq0975e.dll
2006-12-19 18:11 5,298 --a------ C:\WINDOWS\SYSTEM32\sachostc.exe
2006-12-19 18:11 4,786 --a------ C:\WINDOWS\SYSTEM32\sachosts.exe
2006-12-19 18:10 9,906 --a------ C:\WINDOWS\SYSTEM32\sachostp.exe
2006-12-19 18:06 167,695 --a------ C:\WINDOWS\cmfibula.exe
2006-12-19 18:01 236,724 --a------ C:\WINDOWS\batty2.exe
2006-12-19 17:57 2,368 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msgegh.sys
2006-12-19 15:41 234,272 -r--s---- C:\WINDOWS\SYSTEM32\mkdtctm.dll
2006-12-19 15:38 587,776 --a------ C:\WINDOWS\Dc34.exe
2006-12-19 12:22 91,973 --a------ C:\WINDOWS\SYSTEM32\install.exe
2006-12-19 10:40 235,702 -r--s---- C:\WINDOWS\SYSTEM32\j0l4la3q1d.dll
2006-12-19 09:47 236,319 -r--s---- C:\WINDOWS\SYSTEM32\lt4027hmg.dll
2006-12-18 20:49 918 --a------ C:\WINDOWS\SYSTEM32\winpfz32.sys
2006-12-18 20:46 36,608 --a------ C:\WINDOWS\nem220.dll
2006-12-18 20:44 29,696 --a------ C:\WINDOWS\SYSTEM32\w01436aa.dll
2006-12-18 20:28 234,272 -r--s---- C:\WINDOWS\SYSTEM32\mvyuv.dll
2006-12-18 20:27 234,272 -r--s---- C:\WINDOWS\SYSTEM32\myyuv.dll
2006-12-18 13:46 6,239 --a------ C:\WINDOWS\SYSTEM32\se.exe
2006-12-18 13:46 18,015 --a------ C:\WINDOWS\SYSTEM32\w.exe
2006-12-18 13:46 18,015 ---h----- C:\WINDOWS\SYSTEM32\syspools.exe
2006-12-18 13:46 128,607 --a------ C:\WINDOWS\SYSTEM32\ss.exe
2006-12-18 13:36 8,342 --a------ C:\WINDOWS\SYSTEM32\comdlg77.dll
2006-12-18 13:03 234,272 -r--s---- C:\WINDOWS\SYSTEM32\ifuv_32.dll
2006-12-18 12:48 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2006-12-18 12:48 <DIR> d-------- C:\Program Files\Trend Micro
2006-12-18 12:15 234,272 -r--s---- C:\WINDOWS\SYSTEM32\kvdcz.dll
2006-12-18 12:15 234,272 -r--s---- C:\WINDOWS\SYSTEM32\jldw400.dll
2006-12-07 17:35 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2006-12-07 17:35 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2006-12-07 17:35 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2006-12-07 17:35 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2006-12-06 18:46 27,808 --a------ C:\WINDOWS\SYSTEM32\gxbplug.dll
2006-12-01 20:09 53,248 --a------ C:\WINDOWS\SYSTEM32\winclean.exe
2006-12-01 11:16 381,440 --a------ C:\loadmsg.exe
2006-11-30 16:38 69,632 --a------ C:\WINDOWS\SYSTEM32\blfdkinm.dll
2006-11-25 17:25 <DIR> d--hs---- C:\WA6P
2006-11-25 17:24 8,704 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2006-11-25 16:02 11,264 --a------ C:\WINDOWS\SYSTEM32\v3.dll
2006-11-25 15:35 27,648 --a------ C:\WINDOWS\SYSTEM32\stcloader.exe
2006-11-25 14:33 214 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2006-11-23 14:38 72,192 --a------ C:\WINDOWS\SYSTEM32\zlib.dll
2006-11-23 14:38 25,088 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
2006-11-23 14:35 368,912 --a------ C:\WINDOWS\SYSTEM32\vbar332.dll
2006-11-23 13:41 89,088 --a------ C:\WINDOWS\SYSTEM32\atl71.dll
2006-11-23 13:41 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2006-11-23 13:41 348,160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll
2006-11-23 13:41 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-12-23 18:23 -------- d-a------ C:\Program Files\Common Files
2006-12-19 16:18 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-12-15 13:11 -------- d-------- C:\Program Files\Internet Explorer
2006-11-25 17:25 0 --a------ C:\Program Files\Common Files\err.log
2006-11-25 13:44 982 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-11-24 09:26 -------- d-------- C:\Program Files\Windows Media Player
2006-11-24 09:26 -------- d-------- C:\Program Files\MSN
2006-11-22 17:12 110612 --a------ C:\WINDOWS\SYSTEM32\uohlwjvd.exe
2006-11-21 21:59 -------- d-------- C:\Program Files\Online Services
2006-11-21 21:49 -------- d-------- C:\Program Files\Windows NT
2006-11-21 21:49 -------- d-------- C:\Program Files\Web Publish
2006-11-21 17:13 -------- d-------- C:\Program Files\Messenger
2006-11-21 17:12 126996 --a------ C:\WINDOWS\SYSTEM32\aapmigup.dll
2006-11-21 17:12 110612 --a------ C:\WINDOWS\SYSTEM32\fhrghpvo.exe
2006-11-21 17:08 -------- d-------- C:\Program Files\Accessories
2006-11-21 17:04 40973 ---hs---- C:\WINDOWS\SYSTEM32\iifcywu.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"CMIntex"="\"C:\\Program Files\\CMIntex\\CMIntex.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"xidvhxjA"="C:\\WINDOWS\\xidvhxjA.exe"
"yojefxvA"="C:\\WINDOWS\\yojefxvA.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-23 18:39:33.17
C:\ComboFix.txt ... 06-12-23 18:39

((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-28 ))))))))))))))))))))))))))))))))))


2007-04-28 16:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-22 10:50 <DIR> d-------- C:\DOCUME~1\ANTHONY\Contacts
2007-04-22 10:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-06 10:59 55,000 --a------ C:\WINDOWS\system32\CloseAll.exe
2007-04-06 10:59 270,336 --a------ C:\WINDOWS\system32\CheckDll.dll
2007-04-06 08:08 123 --a------ C:\WINDOWS\system\SysSD.dll
2007-04-06 08:07 1,003,520 --a------ C:\WINDOWS\system32\VchReg.dll
2007-04-06 08:07 <DIR> d-------- C:\Program Files\SpywareDetector
2007-04-05 23:07 <DIR> d-------- C:\DOCUME~1\ANTHONY\APPLIC~1\SpywareRemover
2007-04-05 22:56 <DIR> d-------- C:\Program Files\Browser Hijack Recover
2007-04-05 22:46 218,112 --a------ C:\Program Files\HijackThis.exe
2007-04-05 19:11 <DIR> d-------- C:\Program Files\Geek Superhero
2007-04-05 18:55 <DIR> d-------- C:\Program Files\Browser Hijack Blaster
2007-04-05 17:12 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-04-05 16:39 <DIR> d-------- C:\Program Files\Zamaan's Software
2007-04-05 16:06 <DIR> d-------- C:\Program Files\backups
2007-04-05 06:54 <DIR> d-------- C:\Program Files\SpywareGuard


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver lzx32 is present. ... attempting disinfection
pe386 ...... driver unloaded successfully.

2007-04-27 21:11 -------- d-------- C:\Program Files\free registry fix
2007-04-22 10:45 -------- d-------- C:\Program Files\msn messenger
2007-04-08 15:46 -------- d-------- C:\Program Files\opera
2007-04-06 09:14 -------- d-------- C:\Program Files\netspy protector
2007-04-05 22:37 -------- d-------- C:\DOCUME~1\ANTHONY\APPLIC~1\idm
2007-04-05 19:21 -------- d-------- C:\Program Files\internet download manager
2007-04-05 18:20 -------- d-------- C:\Program Files\google
2007-04-05 16:04 10803 --a------ C:\Program Files\hijackthis.log
2007-04-03 20:17 1824 --a------ C:\DOCUME~1\ANTHONY\APPLIC~1\adobedlm.log
2007-03-30 22:37 -------- d-------- C:\Program Files\imtoo
2007-03-21 20:49 -------- d-------- C:\DOCUME~1\ANTHONY\APPLIC~1\virgin broadband
2007-03-21 20:48 -------- d-------- C:\Program Files\virgin broadband
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-19 15:53 202424 --a------ C:\WINDOWS\system32\idmmbc.dll
2007-02-19 15:53 202424 --a------ C:\WINDOWS\system32\idmmbc(2)(2)(3).dll
2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"="C:\Program Files\Internet Download Manager\IDMIECC.dll"
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{243B17DE-77C7-46BF-B94B-0B5F309A0E64}"="C:\Program Files\Microsoft Money\System\mnyside.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"SystemTraySD"="C:\\Program Files\\SpywareDetector\\SDSystemTray.exe -AUTO"
"SDAutoLiveupdate"="C:\\Program Files\\SpywareDetector\\LiveUpdateSD.exe -AUTO"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=dword:00000000
"NoToolbarCustomize"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=dword:00000000
"NoToolbarCustomize"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^pkyj.hta]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pkyj.hta"
"backup"="C:\\WINDOWS\\pss\\pkyj.htaCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pkyj.hta"
"item"="pkyj"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IWCTRL"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\INSTAN~1\\INSTAN~1\\IWCTRL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Auto-scheduled task of Free Registry Fix.job
C:\WINDOWS\tasks\XoftSpySE.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-28 21:30:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-28 21:33:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-28 21:33

File::
C:\WINNT\system\svchest.exe
C:\WINNT\system\svchest.reg
C:\WINNT\system32\xydzyh.exe
C:\WINNT\system\cscript.exe
C:\WINNT\system\Hd.vbs
C:\DUP2.EXE
C:\WINNT\system\gm.BAT

Folder::
C:\Program Files\Viewpoint

Driver::
Active HelpAssistants
Indexingbox
Indexingboxs
Office Source Engine Help

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xydzyh"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ffis]