الازرق الجنوبي
زيزوومى فعال
غير متصل
تقريرcoboFIX
ComboFix 08-09-25.07 - Free User 09/26/2008 19:51:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.192 [GMT 3:00]
Running from: C:\Documents and Settings\Free User\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Free User\Application Data\.#
C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOWMAFile2.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 06:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\IEPro
2008-09-25 17:28 --------- d-----w C:\Documents and Settings\Free User\Application Data\IEPro
2008-09-25 17:02 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-25 17:02 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-25 17:02 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-25 17:02 --------- d-----w C:\Program Files\Common Files\Real
2008-09-24 07:57 --------- d-----w C:\Program Files\VS Revo Group
2008-09-24 07:45 --------- d-----w C:\Program Files\Folder Lock
2008-09-24 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-24 06:27 --------- d-----w C:\Program Files\GRETECH
2008-09-24 06:27 --------- d-----w C:\Documents and Settings\Free User\Application Data\GRETECH
2008-09-24 05:20 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-09-24 05:20 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-09-24 05:20 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2008-09-24 05:20 215,552 ----a-w C:\WINDOWS\system32\ALOWMVFile.dll
2008-09-24 05:20 2,846,720 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-09-24 05:20 188,416 ----a-w C:\WINDOWS\system32\ALOVideoFile.dll
2008-09-24 05:20 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-09-24 05:19 90,112 ----a-w C:\WINDOWS\system32\ALOAudioFormatSettings3.dll
2008-09-24 05:19 877,568 ----a-w C:\WINDOWS\system32\ALOAudioFile2.dll
2008-09-24 05:19 780,288 ----a-w C:\WINDOWS\system32\ALOVideoCompress.dll
2008-09-24 05:19 778,240 ----a-w C:\WINDOWS\system32\ALOAudioCompress2.dll
2008-09-24 05:19 551,424 ----a-w C:\WINDOWS\system32\agsaame.dll
2008-09-24 05:19 544,256 ----a-w C:\WINDOWS\system32\agsaamd.dll
2008-09-24 05:19 538,624 ----a-w C:\WINDOWS\system32\agsaamb.dll
2008-09-24 05:19 382,464 ----a-w C:\WINDOWS\system32\ALOAVIFile.dll
2008-09-24 05:19 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-09-24 05:19 331,776 ----a-w C:\WINDOWS\system32\agsaama.dll
2008-09-24 05:19 249,856 ----a-w C:\WINDOWS\system32\ALOQuickTimeFile.dll
2008-09-24 05:19 2,846,720 ----a-w C:\WINDOWS\system32\ALOAudioCompress3.dll
2008-09-23 22:18 --------- d-----w C:\Program Files\ma-config.com
2008-09-23 22:18 --------- d-----w C:\Documents and Settings\Free User\Application Data\ma-config.com
2008-09-23 01:11 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys
2008-09-22 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 17:16 --------- d-----w C:\Program Files\VIA
2008-09-22 17:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-22 17:10 --------- d-----w C:\Program Files\NSS
2008-09-22 17:08 --------- d-----w C:\Program Files\Fajr Caller
2008-09-22 17:04 --------- d-----w C:\Program Files\Common Files\delet
2008-09-22 17:03 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2008-09-22 17:03 --------- d-----w C:\Program Files\DIFX
2008-09-22 17:03 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-09-22 17:03 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-22 17:03 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-22 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-22 17:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-22 17:01 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-22 17:01 --------- d-----w C:\Program Files\Nokia
2008-09-22 17:01 --------- d-----w C:\Documents and Settings\Free User\Application Data\Nokia
2008-09-22 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-22 16:59 --------- d-----w C:\Program Files\Error Repair Professional
2008-09-22 06:40 817,184 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-22 06:40 5,228 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-19 04:13 --------- d-----w C:\Program Files\IObit
2008-09-18 07:38 --------- d-----w C:\Program Files\IEPro
2008-09-16 03:45 --------- d-----w C:\Documents and Settings\Free User\Application Data\PC Suite
2008-09-16 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-16 03:28 --------- d-----w C:\Program Files\AIMP MMC PRO
2008-09-10 05:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-05 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-05 21:53 --------- d-----w C:\Program Files\Uniblue
2008-09-05 21:53 --------- d-----w C:\Documents and Settings\Free User\Application Data\Uniblue
2008-09-01 05:19 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-09-01 04:10 --------- d-----w C:\Program Files\Windows Defender
2008-08-31 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-31 21:42 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-30 21:44 662,488 ----a-w C:\WINDOWS\system32\360x180° Mekan.scr
2008-08-28 12:46 --------- d-----w C:\Documents and Settings\Free User\Application Data\Windows Search
2008-08-25 15:58 --------- d-----w C:\Program Files\SEO Studio
2008-08-25 04:05 --------- d-----w C:\Program Files\CyberLink
2008-08-25 02:02 --------- d-----w C:\Documents and Settings\Free User\Application Data\Folder Guard
2008-08-25 00:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-24 23:38 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-08-24 23:38 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-24 23:38 --------- d-----w C:\Documents and Settings\Free User\Application Data\cleaner
2008-08-24 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-23 02:37 --------- d-----w C:\Documents and Settings\Free User\Application Data\Windows Desktop Search
2008-08-23 02:36 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-23 02:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-23 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-23 00:07 --------- d-----w C:\Program Files\Windows Updates Downloader
2008-08-23 00:05 --------- d-----w C:\Program Files\Cracklock
2008-08-17 11:22 --------- d-----w C:\Documents and Settings\Free User\Application Data\Sony
2008-08-17 11:21 --------- d-----w C:\Program Files\Sony Setup
2008-08-17 11:21 --------- d-----w C:\Program Files\Sony
2008-08-10 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-06 16:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-05 19:44 --------- d-----w C:\Program Files\ESET
2008-08-02 04:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-01 02:20 --------- d-----w C:\Program Files\Broadcom
2008-08-01 02:16 --------- d-----w C:\Program Files\Intel
2008-08-01 01:44 --------- d-----w C:\Documents and Settings\Free User\Application Data\Thinstall
2008-07-30 22:47 --------- d-----w C:\Program Files\iVocalize Web Conference 4
2008-07-27 18:34 --------- d-----w C:\Documents and Settings\Free User\Application Data\ESET
2008-07-27 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-07-26 19:14 --------- d-----w C:\Program Files\Real
2008-07-23 22:06 413,760 ----a-w C:\WINDOWS\system32\mpg4c32.dll
2008-07-22 22:37 0 ----a-w C:\osy3.sys
2008-07-19 15:24 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-07-19 15:24 196,608 ----a-w C:\WINDOWS\system32\maag.dll
.
((((((((((((((((((((((((((((( snapshot_Wed 09-24-2008_ 4.51.05.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-22 20:54:00 268,600 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-26 06:22:54 280,536 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-30 01:02:54 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
+ 2003-08-07 13:01:50 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
- 2008-09-24 01:49:21 68,286 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-26 16:00:55 68,286 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-24 01:49:21 418,620 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-26 16:00:55 418,620 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-28 00:19:52 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-09-25 17:02:20 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-07-28 00:20:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-09-25 17:02:27 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-07-28 00:20:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-09-25 17:02:27 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-07-28 00:20:10 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-09-25 17:02:40 185,920 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:42 AM 15360]
"ares"="C:\Program Files\Ares\Ares.exe" [04/12/2007 02:50 AM 947200]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [07/23/2008 01:59 AM 0]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [02/26/2008 07:45 PM 1430784]
"Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [12/13/2007 04:56 PM 2653976]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [08/09/2007 03:48 PM 528384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2008 08:02 PM 185872]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 06:42 AM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:42 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 11:19 PM 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/23/2006 12:49 AM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Free User^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=C:\Documents and Settings\Free User\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=C:\WINDOWS\pss\Adobe Media Player.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 11:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 12/22/2003 09:38 AM 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 08/04/2003 06:28 PM 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 12:50 PM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 06/17/2008 04:00 PM 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 08/11/2008 08:31 AM 1124352 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RRT-Auto]
--a------ 09/07/2008 08:15 PM 140288 C:\Documents and Settings\Free User\My Documents\My Downloads\RRT\RRT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09/25/2008 08:02 PM 185872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [08/17/2001 04:57 PM 6784]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [09/01/2008 08:18 AM 34304]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [04/14/2008 01:06 AM 16000]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM 27136]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [09/02/2008 04:14 PM 191656]
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Free User\Application Data\Mozilla\Firefox\Profiles\nk6xggw7.default\
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-26 19:54:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 09/26/2008 19:54:52
ComboFix-quarantined-files.txt 2008-09-26 16:54:48
ComboFix2.txt 2008-09-24 01:51:29
ComboFix3.txt 2008-07-22 21:46:53
Pre-Run: 27,423,711,232 bytes free
Post-Run: 27,425,185,792 bytes free
236 --- E O F --- 2008-09-13 23:08:06
وهذا تقري الهاي جاك.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:46 م, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Free User\Desktop\Zyzoom_HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" /startup
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
--
End of file - 6167 bytes
ComboFix 08-09-25.07 - Free User 09/26/2008 19:51:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.192 [GMT 3:00]
Running from: C:\Documents and Settings\Free User\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Free User\Application Data\.#
C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOWMAFile2.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 06:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\IEPro
2008-09-25 17:28 --------- d-----w C:\Documents and Settings\Free User\Application Data\IEPro
2008-09-25 17:02 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-25 17:02 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-25 17:02 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-25 17:02 --------- d-----w C:\Program Files\Common Files\Real
2008-09-24 07:57 --------- d-----w C:\Program Files\VS Revo Group
2008-09-24 07:45 --------- d-----w C:\Program Files\Folder Lock
2008-09-24 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-24 06:27 --------- d-----w C:\Program Files\GRETECH
2008-09-24 06:27 --------- d-----w C:\Documents and Settings\Free User\Application Data\GRETECH
2008-09-24 05:20 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-09-24 05:20 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-09-24 05:20 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2008-09-24 05:20 215,552 ----a-w C:\WINDOWS\system32\ALOWMVFile.dll
2008-09-24 05:20 2,846,720 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-09-24 05:20 188,416 ----a-w C:\WINDOWS\system32\ALOVideoFile.dll
2008-09-24 05:20 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-09-24 05:19 90,112 ----a-w C:\WINDOWS\system32\ALOAudioFormatSettings3.dll
2008-09-24 05:19 877,568 ----a-w C:\WINDOWS\system32\ALOAudioFile2.dll
2008-09-24 05:19 780,288 ----a-w C:\WINDOWS\system32\ALOVideoCompress.dll
2008-09-24 05:19 778,240 ----a-w C:\WINDOWS\system32\ALOAudioCompress2.dll
2008-09-24 05:19 551,424 ----a-w C:\WINDOWS\system32\agsaame.dll
2008-09-24 05:19 544,256 ----a-w C:\WINDOWS\system32\agsaamd.dll
2008-09-24 05:19 538,624 ----a-w C:\WINDOWS\system32\agsaamb.dll
2008-09-24 05:19 382,464 ----a-w C:\WINDOWS\system32\ALOAVIFile.dll
2008-09-24 05:19 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-09-24 05:19 331,776 ----a-w C:\WINDOWS\system32\agsaama.dll
2008-09-24 05:19 249,856 ----a-w C:\WINDOWS\system32\ALOQuickTimeFile.dll
2008-09-24 05:19 2,846,720 ----a-w C:\WINDOWS\system32\ALOAudioCompress3.dll
2008-09-23 22:18 --------- d-----w C:\Program Files\ma-config.com
2008-09-23 22:18 --------- d-----w C:\Documents and Settings\Free User\Application Data\ma-config.com
2008-09-23 01:11 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys
2008-09-22 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 17:16 --------- d-----w C:\Program Files\VIA
2008-09-22 17:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-22 17:10 --------- d-----w C:\Program Files\NSS
2008-09-22 17:08 --------- d-----w C:\Program Files\Fajr Caller
2008-09-22 17:04 --------- d-----w C:\Program Files\Common Files\delet
2008-09-22 17:03 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2008-09-22 17:03 --------- d-----w C:\Program Files\DIFX
2008-09-22 17:03 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-09-22 17:03 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-22 17:03 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-22 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-22 17:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-22 17:01 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-22 17:01 --------- d-----w C:\Program Files\Nokia
2008-09-22 17:01 --------- d-----w C:\Documents and Settings\Free User\Application Data\Nokia
2008-09-22 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-22 16:59 --------- d-----w C:\Program Files\Error Repair Professional
2008-09-22 06:40 817,184 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-22 06:40 5,228 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-19 04:13 --------- d-----w C:\Program Files\IObit
2008-09-18 07:38 --------- d-----w C:\Program Files\IEPro
2008-09-16 03:45 --------- d-----w C:\Documents and Settings\Free User\Application Data\PC Suite
2008-09-16 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-16 03:28 --------- d-----w C:\Program Files\AIMP MMC PRO
2008-09-10 05:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-05 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-09-05 21:53 --------- d-----w C:\Program Files\Uniblue
2008-09-05 21:53 --------- d-----w C:\Documents and Settings\Free User\Application Data\Uniblue
2008-09-01 05:19 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-09-01 04:10 --------- d-----w C:\Program Files\Windows Defender
2008-08-31 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-31 21:42 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-30 21:44 662,488 ----a-w C:\WINDOWS\system32\360x180° Mekan.scr
2008-08-28 12:46 --------- d-----w C:\Documents and Settings\Free User\Application Data\Windows Search
2008-08-25 15:58 --------- d-----w C:\Program Files\SEO Studio
2008-08-25 04:05 --------- d-----w C:\Program Files\CyberLink
2008-08-25 02:02 --------- d-----w C:\Documents and Settings\Free User\Application Data\Folder Guard
2008-08-25 00:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-24 23:38 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-08-24 23:38 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-24 23:38 --------- d-----w C:\Documents and Settings\Free User\Application Data\cleaner
2008-08-24 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2008-08-23 02:37 --------- d-----w C:\Documents and Settings\Free User\Application Data\Windows Desktop Search
2008-08-23 02:36 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-23 02:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-23 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-23 00:07 --------- d-----w C:\Program Files\Windows Updates Downloader
2008-08-23 00:05 --------- d-----w C:\Program Files\Cracklock
2008-08-17 11:22 --------- d-----w C:\Documents and Settings\Free User\Application Data\Sony
2008-08-17 11:21 --------- d-----w C:\Program Files\Sony Setup
2008-08-17 11:21 --------- d-----w C:\Program Files\Sony
2008-08-10 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-06 16:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-05 19:44 --------- d-----w C:\Program Files\ESET
2008-08-02 04:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-01 02:20 --------- d-----w C:\Program Files\Broadcom
2008-08-01 02:16 --------- d-----w C:\Program Files\Intel
2008-08-01 01:44 --------- d-----w C:\Documents and Settings\Free User\Application Data\Thinstall
2008-07-30 22:47 --------- d-----w C:\Program Files\iVocalize Web Conference 4
2008-07-27 18:34 --------- d-----w C:\Documents and Settings\Free User\Application Data\ESET
2008-07-27 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-07-26 19:14 --------- d-----w C:\Program Files\Real
2008-07-23 22:06 413,760 ----a-w C:\WINDOWS\system32\mpg4c32.dll
2008-07-22 22:37 0 ----a-w C:\osy3.sys
2008-07-19 15:24 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-07-19 15:24 196,608 ----a-w C:\WINDOWS\system32\maag.dll
.
((((((((((((((((((((((((((((( snapshot_Wed 09-24-2008_ 4.51.05.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-22 20:54:00 268,600 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-26 06:22:54 280,536 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-30 01:02:54 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
+ 2003-08-07 13:01:50 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
- 2008-09-24 01:49:21 68,286 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-26 16:00:55 68,286 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-24 01:49:21 418,620 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-26 16:00:55 418,620 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-28 00:19:52 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-09-25 17:02:20 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-07-28 00:20:00 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-09-25 17:02:27 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-07-28 00:20:00 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-09-25 17:02:27 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-07-28 00:20:10 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-09-25 17:02:40 185,920 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:42 AM 15360]
"ares"="C:\Program Files\Ares\Ares.exe" [04/12/2007 02:50 AM 947200]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [07/23/2008 01:59 AM 0]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [02/26/2008 07:45 PM 1430784]
"Advanced WindowsCare V2 Personal"="C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" [12/13/2007 04:56 PM 2653976]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [08/09/2007 03:48 PM 528384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2008 08:02 PM 185872]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 06:42 AM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:42 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 11:19 PM 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/23/2006 12:49 AM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Free User^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=C:\Documents and Settings\Free User\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=C:\WINDOWS\pss\Adobe Media Player.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 11:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 12/22/2003 09:38 AM 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 08/04/2003 06:28 PM 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 12:50 PM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 06/17/2008 04:00 PM 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 08/11/2008 08:31 AM 1124352 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RRT-Auto]
--a------ 09/07/2008 08:15 PM 140288 C:\Documents and Settings\Free User\My Documents\My Downloads\RRT\RRT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09/25/2008 08:02 PM 185872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [08/17/2001 04:57 PM 6784]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [09/01/2008 08:18 AM 34304]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [04/14/2008 01:06 AM 16000]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM 27136]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [09/02/2008 04:14 PM 191656]
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Free User\Application Data\Mozilla\Firefox\Profiles\nk6xggw7.default\
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-09-26 19:54:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 09/26/2008 19:54:52
ComboFix-quarantined-files.txt 2008-09-26 16:54:48
ComboFix2.txt 2008-09-24 01:51:29
ComboFix3.txt 2008-07-22 21:46:53
Pre-Run: 27,423,711,232 bytes free
Post-Run: 27,425,185,792 bytes free
236 --- E O F --- 2008-09-13 23:08:06
وهذا تقري الهاي جاك.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:46 م, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Free User\Desktop\Zyzoom_HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Personal] "C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe" /startup
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
--
End of file - 6167 bytes
