اولا شكراا لك اخي فارس الملاك على الرد السريع وهذا التقرير الا ول
ComboFix 08-10-14.03 - jws 10/14/2008 23:19:35.1 -
FAT32x86
Running from: C:\Documents and Settings\jws\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\jws\Application Data\FunWebProducts
C:\Documents and Settings\jws\Application Data\FunWebProducts\Data\jws\avatar.dat
C:\Documents and Settings\jws\Application Data\FunWebProducts\Data\jws\zbucks.dat
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
D:\Autorun.inf
E:\Program Files\FunWebProducts
E:\Program Files\FunWebProducts\ScreenSaver\Images\
01C1AE2A.urr
E:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
E:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
E:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
E:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
E:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
E:\Program Files\MyWebSearch
E:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
E:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
E:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
E:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
E:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
E:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
E:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
E:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
E:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
E:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
E:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
E:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
E:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
E:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
E:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
E:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
E:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
E:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
E:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
E:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
E:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
E:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
E:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
E:\Program Files\MyWebSearch\bar\Avatar\COMMON\ico
E:\Program Files\MyWebSearch\bar\Cache\
0030791E
E:\Program Files\MyWebSearch\bar\Cache\
00C3CFCE.bin
E:\Program Files\MyWebSearch\bar\Cache\
00C3D31A.bin
E:\Program Files\MyWebSearch\bar\Cache\
00C3D443.bin
E:\Program Files\MyWebSearch\bar\Cache\
00C3D9B2.bin
E:\Program Files\MyWebSearch\bar\Cache\
00C3DB19.bin
E:\Program Files\MyWebSearch\bar\Cache\
00CE6C2D.bin
E:\Program Files\MyWebSearch\bar\Cache\
00CE6D75.bin
E:\Program Files\MyWebSearch\bar\Cache\
00CE70C1.bin
E:\Program Files\MyWebSearch\bar\Cache\
00CE73DE.bin
E:\Program Files\MyWebSearch\bar\Cache\
00CE763F.bin
E:\Program Files\MyWebSearch\bar\Cache\
00CE77D5
E:\Program Files\MyWebSearch\bar\Cache\files.ini
E:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
E:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
E:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
E:\Program Files\MyWebSearch\bar\History\search3
E:\Program Files\MyWebSearch\bar\icons\CM.ICO
E:\Program Files\MyWebSearch\bar\icons\MFC.ICO
E:\Program Files\MyWebSearch\bar\icons\PSS.ICO
E:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
E:\Program Files\MyWebSearch\bar\icons\WB.ICO
E:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
E:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
E:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
E:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
E:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
E:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
E:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
E:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
E:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
E:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
E:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
E:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
E:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
E:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
E:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 20:22 540,672 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-14 20:22 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-14 20:22 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-14 20:22 2,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-12 22:11 235,520 ----a-w C:\WINDOWS\system32\zegij.exe
2008-10-12 22:11 235,520 ----a-w C:\WINDOWS\system32\boupom.exe
2008-10-11 17:38 --------- d-----w E:\Program Files\CEDP Stealer 6.0 for Messenger
2008-10-10 05:51 --------- d-----w E:\Program Files\MouseAround
2008-09-17 23:07 --------- d-----w E:\Program Files\Microsoft Windows OneCare Live
2008-08-31 20:05 --------- d-----w E:\Program Files\KingoOo_Upload
2008-08-31 10:55 --------- d-----w E:\Program Files\SweetIM
2008-08-31 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM
2008-08-30 18:32 --------- d-----w C:\Documents and Settings\jws\Application Data\IDM
2008-08-28 10:02 --------- d-----w E:\Program Files\GetData
2008-08-28 08:22 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-28 08:13 993,360 ----a-w C:\WINDOWS\Don't Touch My Computer 2.scr
2008-08-28 08:13 45,056 ----a-w C:\WINDOWS\NCUNINST.EXe
2008-08-28 08:13 40,960 ----a-w C:\WINDOWS\NCLAUNCH.EXe
2008-08-28 08:13 --------- d-----w E:\Program Files\NCBuy
2008-08-28 05:19 --------- d-----w E:\Program Files\UberIcon
2008-08-27 22:26 --------- d-----w E:\Program Files\Flash Banner Creator
2008-08-26 12:18 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-08-26 12:18 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-08-26 12:18 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2008-08-26 12:18 551,424 ----a-w C:\WINDOWS\system32\agsaame.dll
2008-08-26 12:18 544,256 ----a-w C:\WINDOWS\system32\agsaamd.dll
2008-08-26 12:18 538,624 ----a-w C:\WINDOWS\system32\agsaamb.dll
2008-08-26 12:18 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-08-26 12:18 331,776 ----a-w C:\WINDOWS\system32\agsaama.dll
2008-08-26 12:18 2,846,720 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-08-26 12:16 94,208 ----a-w C:\WINDOWS\system32\viscomaudiodata.dll
2008-08-25 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-25 08:47 --------- d-----w E:\Program Files\Wise Disk Cleaner 3 Pro
2008-08-25 01:11 --------- d-----w E:\Program Files\RocketDock
2008-08-24 21:08 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-24 21:04 --------- d-----w C:\Documents and Settings\jws\Application Data\TuneUp Software
2008-08-24 21:03 --------- d-----w E:\Program Files\TuneUp Utilities 2008
2008-08-24 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-24 21:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 15:26 --------- d-----w E:\Program Files\Steganos Internet Trace Destructor 7
2008-08-22 13:41 --------- d-----w C:\Documents and Settings\jws\Application Data\PhotoFrameShow
2008-08-22 07:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-22 07:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-22 07:45 --------- d-----w E:\Program Files\Real
2008-08-22 07:45 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-17 10:57 --------- d-----w E:\Program Files\Windows Media Connect 2
2008-08-17 05:04 --------- d-----w E:\Program Files\Sketch Master
2008-08-17 04:57 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-08-17 04:30 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-08-17 04:30 --------- d-----w E:\Program Files\Xara
2008-08-17 04:30 --------- d-----w E:\Program Files\Common Files
2008-08-16 04:52 --------- d-----w E:\Program Files\System
2008-08-16 02:38 --------- d-----w E:\Program Files\AutoPlay Media Studio 7.0
2008-08-16 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\IndigoRose
2008-08-03 20:57 59,569 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-03 20:57 5,388 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-03 20:57 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-30 15:03 78,848 ----a-w C:\WINDOWS\system32\VBA332ME.DLL
2008-07-30 15:03 49,152 ----a-w C:\WINDOWS\ATA Live Update.exe
2008-07-30 15:03 147,456 ----a-w C:\WINDOWS\ataLiveUpdate.dll
2008-07-30 15:02 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-30 15:02 172,032 ------w C:\WINDOWS\Setup1.exe
2008-07-30 14:59 286,720 ----a-w C:\WINDOWS\iun506.exe
2008-07-30 14:49 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-02-09 18:25 11,001,856 ----a-w E:\Program Files\Windows7.msstyles
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [07/06/2008 12:44 PM 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{EEE6C35C-6118-11DC-9C72-001320C79847}]
07/06/2008 12:44 PM 1164600 --a------ E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [07/06/2008 12:44 PM 1164600]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [07/06/2008 12:44 PM 1164600]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [08/28/2008 11:13 AM 40960]
"IDMan"="E:\Program Files\Internet Download Manager\IDMan.exe" [08/30/2008 09:30 PM 932864]
"RocketDock"="E:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM 495616]
"UberIcon"="E:\Program Files\UberIcon\UberIcon Manager.exe" [08/17/2007 07:10 PM 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 04:03 AM 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 03:59 AM 126976]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [11/03/2007 04:50 AM 6731312]
"UnlockerAssistant"="E:\Program Files\Unlocker\UnlockerAssistant.exe" [05/02/2008 07:15 AM 15872]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/22/2008 10:45 AM 185896]
"SweetIM"="E:\Program Files\SweetIM\Messenger\SweetIM.exe" [07/06/2008 12:32 PM 111928]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"towou"="C:\WINDOWS\system32\zegij.exe" [10/13/2008 01:11 AM 235520]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"SoundMan"="SOUNDMAN.EXE" [07/22/2005 10:00 AM 81920 C:\WINDOWS\SOUNDMAN.EXE]
"SMSERIAL"="sm56hlpr.exe" [06/06/2005 12:40 PM 544768 C:\WINDOWS\sm56hlpr.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"towou"="C:\WINDOWS\system32\zegij.exe" [10/13/2008 01:11 AM 235520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ITD7"="E:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" [05/02/2005 10:31 AM 274432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"=E:\Program Files\Internet Download Manager\IDMan.exe /onboot
"MsnMsgr"="E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"ITD7"="E:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -boot
"RocketDock"="E:\Program Files\RocketDock\RocketDock.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\JetAudio\\JcServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"E:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [04/14/2008 07:00 PM 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
S2 euyaew0pyztql99p;Websense CPM Report Scheduler;C:\WINDOWS\system32\boupom.exe [10/13/2008 01:11 AM 235520]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [07/23/2006 12:44 PM 27136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [08/25/2008 12:08 AM 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
2008-10-14 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- E:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [09/27/2006 05:39 PM]
2008-10-14 C:\WINDOWS\Tasks\1-Click Maintenance.job
- E:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2008-10-14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{44EDB6F0-4394-4A6C-AB83-BC5FCEC40B6D}.job
- C:\WINDOWS\system32\msfeedssync.exe [08/13/2007 06:36 PM]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MyWebSearch Plugin - E:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - E:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
O8 -: &Search -
O8 -: &Windows Live Search - E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 -: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: سأ±بجط¾«ءéدآشط(&B)
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-14 23:24:03
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> E:\Program Files\RocketDock\RocketDock.dll
-> E:\Program Files\Unlocker\UnlockerHook.dll
-> E:\Program Files\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 10/14/2008 23:28:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 20:28:02
Pre-Run: 19,115,261,952 bytes free
Post-Run: 19,072,663,552 bytes free
334 --- E O F --- 2008-09-12 12:10:49
