هذا تقرير الاداه الاولى ::
ComboFix 08-06-20.4 - dell 06/24/2008 17:56:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.564 [GMT 3:00]
Running from: C:\Documents and Settings\dell\سطح المكتب\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\dell\Application Data\macromedia\Flash Player\#Shareds\XQL84LWH\iforex.com
C:\Documents and Settings\dell\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\Uninstall.exe
C:\WINDOWS\system32\_000110_.tmp.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\winser.exe
D:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_winser
-------\Service_winser
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 15:02 --------- d-----w C:\Documents and Settings\dell\Application Data\DMCache
2008-06-24 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-24 15:00 7,512 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-24 15:00 655,392 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-24 15:00 31,312 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-24 15:00 3,333,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-24 14:59 --------- d-----w C:\Documents and Settings\dell\Application Data\uTorrent
2008-06-24 14:59 --------- d-----w C:\Documents and Settings\dell\Application Data\DNA
2008-06-24 12:24 --------- d-----w C:\Documents and Settings\dell\Application Data\cleaner
2008-06-24 11:53 --------- d-----w C:\Documents and Settings\dell\Application Data\CyberScrub
2008-06-24 05:47 --------- d-----w C:\Documents and Settings\dell\Application Data\Folder Guard
2008-06-23 16:02 --------- d-----w C:\Program Files\Folder Lock
2008-06-20 06:25 --------- d-----w C:\Documents and Settings\dell\Application Data\ViStart
2008-06-20 02:00 --------- d-----w C:\Program Files\ViStart
2008-06-20 01:45 --------- d-----w C:\Program Files\Rainmeter
2008-06-20 01:21 --------- d-----w C:\Program Files\Vista Drive Icon
2008-06-19 23:36 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-19 23:36 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-19 23:25 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-19 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\zyz Kaspersky Lab setup files
2008-06-19 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-18 22:48 --------- d-----w C:\Documents and Settings\dell\Application Data\Thinstall
2008-06-17 22:59 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{F9AC68EC-7828-47BE-96E8-705EE2D1CF7D}
2008-06-17 22:54 --------- d-----w C:\Program Files\Download Direct
2008-06-17 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-06-17 22:45 --------- d-----w C:\Program Files\Ashampoo
2008-06-15 15:09 --------- d-----w C:\Program Files\MegaLeecher
2008-06-15 15:01 --------- d-----w C:\Program Files\RapidLeecher
2008-06-15 07:23 --------- d-----w C:\Documents and Settings\dell\Application Data\Grisoft
2008-06-15 07:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-15 05:29 --------- d-----w C:\Documents and Settings\dell\Application Data\Desktopicon
2008-06-15 05:00 --------- d-----w C:\Program Files\Unlocker
2008-06-15 04:44 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-06-14 17:31 271,616 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 04:11 0 ----a-w C:\WINDOWS\system32\drivers\UIUSys.sys
2008-06-14 04:08 --------- d-----w C:\Documents and Settings\dell\Application Data\Uniblue
2008-06-14 04:04 --------- d-----w C:\Program Files\Uniblue
2008-06-14 01:36 --------- d-----w C:\Program Files\Alfa Autorun Killer 2
2008-06-13 09:52 --------- d-----w C:\Program Files\Trend Micro
2008-06-13 09:39 --------- d-----w C:\Documents and Settings\dell\Application Data\CyberLink
2008-06-13 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-13 08:28 --------- d-----w C:\Documents and Settings\dell\Application Data\IObit
2008-06-13 08:07 --------- d-----w C:\Program Files\IObit
2008-06-13 03:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 03:17 --------- d-----w C:\Program Files\Cyberlink
2008-06-12 09:54 --------- d-----w C:\Documents and Settings\dell\Application Data\Media Player Classic
2008-06-12 07:35 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-12 04:20 --------- d-----w C:\Program Files\DivX
2008-06-11 19:12 --------- d-----w C:\Documents and Settings\dell\Application Data\vlc
2008-06-11 19:01 --------- d-----w C:\Program Files\VideoLAN
2008-06-09 23:54 --------- d-----w C:\Program Files\BitComet
2008-06-08 01:59 --------- d-----w C:\Program Files\uTorrent
2008-06-06 16:34 --------- d-----w C:\Documents and Settings\dell\Application Data\BitTorrent
2008-06-06 04:44 --------- d-----w C:\Program Files\DNA
2008-06-06 04:44 --------- d-----w C:\Program Files\BitTorrent
2008-06-04 21:51 --------- d-----w C:\Documents and Settings\dell\Application Data\Skype
2008-06-04 21:12 --------- d-----w C:\Documents and Settings\dell\Application Data\skypePM
2008-06-03 23:32 --------- d-----w C:\Program Files\SurfAnonymous
2008-06-02 17:01 --------- d-----w C:\Program Files\CuperUtilities StartUp Manager
2008-06-02 01:27 --------- d-----w C:\Documents and Settings\dell\Application Data\DivX
2008-06-01 18:20 --------- d-----w C:\Program Files\Kelk 2000
2008-05-31 18:39 --------- d--h--w C:\Program Files\GLF30.tmp
2008-05-31 18:39 --------- d-----w C:\Documents and Settings\dell\Application Data\IDM
2008-05-31 18:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 18:36 --------- d-----w C:\Documents and Settings\dell\Application Data\SlipStream
2008-05-31 18:36 --------- d-----w C:\Documents and Settings\dell\Application Data\Screenshot Sender
2008-05-31 18:36 --------- d-----w C:\Documents and Settings\dell\Application Data\ONSPEED_TOOLBAR
2008-05-31 18:36 --------- d-----w C:\Documents and Settings\dell\Application Data\IEPro
2008-05-29 20:07 --------- d-----w C:\Program Files\StuffPlug3
2008-05-27 13:59 --------- d-----w C:\Program Files\SuperScan
2008-05-27 13:35 --------- d-----w C:\Program Files\Steganos Internet Anonym VPN
2008-05-27 13:31 --------- d-----w C:\Documents and Settings\dell\Application Data\Steganos VPN
2008-05-27 13:11 --------- d-----w C:\Program Files\VMNetSrv
2008-05-24 21:15 --------- d-----w C:\Program Files\SEO Studio
2008-05-19 14:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 09:14 --------- d-----w C:\Program Files\Textsrch
2008-05-18 07:37 --------- d-----w C:\Program Files\SmartFormBuilder
2008-05-16 13:34 --------- d-----w C:\Documents and Settings\dell\Application Data\ACD Systems
2008-05-16 13:33 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-16 13:33 --------- d-----w C:\Program Files\ACD Systems
2008-05-16 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-14 10:56 --------- d-----w C:\Program Files\Ozone
2008-05-13 08:06 --------- d-----w C:\Documents and Settings\dell\Application Data\Notepad++
2008-05-13 08:05 --------- d-----w C:\Program Files\Notepad++
2008-05-13 05:34 --------- d-----w C:\Program Files\Google
2008-05-13 05:33 --------- d-----w C:\Program Files\Skype
2008-05-13 05:33 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-13 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-12 19:49 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-12 17:46 --------- d-----w C:\Program Files\zyzoom security center
2008-05-09 17:44 --------- d-----w C:\Documents and Settings\dell\Application Data\MiniDm
2008-05-09 17:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-09 17:26 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-05-09 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-09 16:52 --------- d-----w C:\Program Files\Real
2008-05-09 16:52 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-09 16:52 --------- d-----w C:\Program Files\Common Files\Real
.
------- Sigcheck -------
12/07/2007 04:41 AM 825344 c1448ab7a5567a905be41fb117c7d356 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
02/16/2008 12:30 PM 664576 3dee02d98e6729a99e510e50bca91051 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
03/01/2008 03:33 PM 827392 daa4f32cdbdb1267211b159d8442d2e6 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
04/23/2008 07:19 AM 827392 154282ae8e63d03a7add87e50d061836 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
08/04/2004 12:55 AM 654848 1e1cef80a11bdab92b2a83f885d214d5 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
02/16/2008 12:00 PM 657920 51c2baeb7bcd903d402b7d21c0000205 C:\WINDOWS\ie7\wininet.dll
08/13/2007 06:54 PM 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
12/07/2007 05:04 AM 824832 a5c9a185d3bc36e1d837795b581c1ec8 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
03/01/2008 03:53 PM 817152 b04629fab3468cf6ffebdadc2d218359 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
04/23/2008 07:16 AM 817152 5a859102666f8535e5dac4fdb0002386 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
03/01/2008 03:53 PM 826368 59cd4239ee0ac57d3cc95773d11ecac0 C:\WINDOWS\SoftwareDistribution\Download\4227e5b84bf238652fc31ee7bdc39e92\SP2GDR\wininet.dll
03/01/2008 03:33 PM 827392 daa4f32cdbdb1267211b159d8442d2e6 C:\WINDOWS\SoftwareDistribution\Download\4227e5b84bf238652fc31ee7bdc39e92\SP2QFE\wininet.dll
12/07/2007 05:04 AM 824832 a5c9a185d3bc36e1d837795b581c1ec8 C:\WINDOWS\SoftwareDistribution\Download\dad66cd1d098e9b562ebb1ff5f0c6663\SP2GDR\wininet.dll
12/07/2007 04:41 AM 825344 c1448ab7a5567a905be41fb117c7d356 C:\WINDOWS\SoftwareDistribution\Download\dad66cd1d098e9b562ebb1ff5f0c6663\SP2QFE\wininet.dll
04/23/2008 07:16 AM 817152 5a859102666f8535e5dac4fdb0002386 C:\WINDOWS\system32\wininet.dll
04/23/2008 07:16 AM 826368 565098f166f21e24874ebc8cf89c623c C:\WINDOWS\system32\dllcache\wininet.dll
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\explorer.exe
06/13/2007 04:10 PM 1030656 d0dc9258122f39129966649085f45880 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
06/13/2007 04:22 PM 974336 b9e4d85290e9ca0b404f6f137f8d8a0d C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
08/04/2004 12:56 AM 1029632 932f97b77f2625f7ff7dfc97552548f8 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
04/14/2008 06:59 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"IDMan"="F:\Internet Download Manager\IDMan.exe" [06/15/2008 05:31 AM 2594224]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [05/21/2006 10:43 AM 180224]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [06/06/2008 07:44 AM 289088]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [06/06/2008 07:21 AM 219952]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare 3 Beta\Sup_SmartRAM.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/17/2008 07:51 AM 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 05:44 PM 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 05:41 PM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 05:45 PM 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 08:48 PM 1392640]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48 PM 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [08/03/2006 06:51 PM 1032192]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM 405504]
"SDaemon"="C:\WINDOWS\sdaemon.exe" [08/02/2003 12:09 AM 96256]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [03/02/2007 05:55 PM 159744]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/02/2008 07:15 AM 15872]
"startIE"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [11/03/2007 04:50 AM 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/09/2008 07:52 PM 185896]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [07/04/2007 10:59 PM 45056]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14151:TCP"= 14151:TCP:BitComet 14151 TCP
"14151:UDP"= 14151:UDP:BitComet 14151 UDP
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R0 WINSEC;WINSEC;C:\WINDOWS\system32\drivers\WINSEC.SYS [08/02/2003 12:10 AM]
R2 AVPNStarter;Steganos Anonym VPN Starter Service;"C:\Program Files\Steganos Internet Anonym VPN\AVPNStarter.exe" [02/25/2008 12:52 PM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
R3 tapavpn;Steganos Anonym VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapavpn.sys [10/19/2007 11:50 AM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-06-24 18:02:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
"ImagePath"="\"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe\"\
00\
00\
00\
00\
00\
00\
00\
00\
002\
00\
00\
00\
00\
00p\
03pè\13\
00\
00\
00\
00\
00\
00é•|ً
[\1c\
00ےےےے=\
00–|x\
01\15\
00ہ…ں\
00\
00\
00\
00\
00ْ\1b€|\
00\
00رsYMƒ|"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
F:\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 06/24/2008 18:06:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-24 15:06:00
Pre-Run: 6,710,874,112 bytes free
Post-Run: 6,646,747,136 bytes free
273 --- E O F --- 2008-06-21 00:02:03
وهذا تقرير الاداه الثانيه ::
Logfile of HijackThis v1.99.1
Scan saved at 18:14:34, on 24/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Steganos Internet Anonym VPN\AVPNStarter.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Internet Download Manager\IDMan.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
F:\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\dell\سطح المكتب\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\Hotspot Shield\AnchorFree\ie\AFBho.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] F:\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - F:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - F:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - F:\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA35992A-5388-47E1-BF06-50205402CC3F}: NameServer = 212.19.48.14
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Steganos Anonym VPN Starter Service (AVPNStarter) - Unknown owner - C:\Program Files\Steganos Internet Anonym VPN\AVPNStarter.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
