جهاز بطى يوجد تقرير

anascoo · 28 أكتوبر 2008

ComboFix 08-10-10.09 - anas 10/28/2008 9:23:47.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.189 [GMT 3:00]
Running from: C:\Downloads\Software\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-28 06:16 --------- d-----w C:\Program Files\Yahoo!
2008-10-27 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-27 07:40 565,248 ----a-w C:\WINDOWS\uninstal.exe
2008-10-27 07:24 6,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-27 07:24 540,672 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-27 07:24 --------- d-----w C:\Program Files\Teletext
2008-10-27 07:01 --------- d-----w C:\Program Files\MSI
2008-10-27 06:56 --------- d-----w C:\Program Files\Application
2008-10-26 03:57 155,995 ----a-w C:\WINDOWS\java\Packages\WKW9ZTFJ.ZIP
2008-10-15 22:02 1,527 ----a-w C:\WINDOWS\unappsrv.bat
2008-10-15 16:34 337,408 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 11:04 --------- d-----w C:\Program Files\Common Files\Nero
2008-10-15 11:03 --------- d-----w C:\Program Files\Common Files\Ahead
2008-10-15 11:03 --------- d-----w C:\Program Files\Ahead
2008-10-15 10:50 --------- d-----w C:\Program Files\UltraISO
2008-10-15 10:50 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-10-14 21:25 --------- d-----w C:\Program Files\phpDesigner 2008
2008-10-14 21:25 --------- d-----w C:\Documents and Settings\anas\Application Data\phpDesigner 2008
2008-10-14 18:17 --------- d-----w C:\Program Files\LeapFTP
2008-10-14 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-14 10:51 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 10:51 --------- d-----w C:\Documents and Settings\anas\Application Data\Malwarebytes
2008-10-14 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 18:34 --------- d-----w C:\Program Files\Opera
2008-10-13 13:41 --------- d-----w C:\Program Files\DivX
2008-10-13 11:52 --------- d-----w C:\Program Files\PicLensIE
2008-10-13 11:48 --------- d-----w C:\Program Files\Browse3D
2008-10-12 18:01 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-10-11 16:16 --------- d-----w C:\Program Files\Ford4film
2008-10-11 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-11 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\File dvd base road
2008-10-11 14:55 --------- d-----w C:\Documents and Settings\anas\Application Data\Ford4film
2008-10-11 14:53 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-11 14:53 --------- d-----w C:\Program Files\Circle Developement
2008-10-11 14:12 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-11 14:12 --------- d-----w C:\Program Files\Windows Live
2008-10-11 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-11 14:06 --------- d-----w C:\Documents and Settings\anas\Application Data\CyberScrub
2008-10-11 14:05 --------- d-----w C:\Documents and Settings\anas\Application Data\cleaner
2008-10-11 10:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-11 08:37 --------- d-----w C:\Program Files\Hotspot_Shield
2008-10-11 08:18 --------- d-----w C:\Program Files\Free Download Manager
2008-10-11 08:18 --------- d-----w C:\Documents and Settings\anas\Application Data\Free Download Manager
2008-10-11 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-10-11 07:41 --------- d-----w C:\Program Files\Zamalek
2008-10-11 07:41 --------- d-----w C:\Program Files\Conduit
2008-10-11 06:40 --------- d-----w C:\Program Files\mDSL
2008-10-11 06:40 --------- d-----w C:\Documents and Settings\anas\Application Data\ZTEEVDO
2008-10-09 10:34 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-09 10:34 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-09 10:34 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-10-09 10:34 --------- d-----w C:\Program Files\AVG
2008-10-09 10:34 --------- d-----w C:\Documents and Settings\anas\Application Data\AVGTOOLBAR
2008-10-09 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-09 07:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-08 19:35 --------- d-----w C:\Program Files\SWiSH v2.01
2008-10-08 19:27 --------- d-----w C:\Program Files\SWiSH v2.0
2008-10-08 18:22 --------- d-----w C:\Documents and Settings\anas\Application Data\Talkback
2008-10-08 17:37 --------- d-----w C:\Program Files\SWiSHE.NET
2008-10-08 13:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 13:30 --------- d-----w C:\Program Files\Zain USB-Connect
2008-10-08 13:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-08 12:59 --------- d-----w C:\Documents and Settings\anas\Application Data\Media Player Classic
2008-10-08 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-08 12:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-08 11:29 --------- d-----w C:\Program Files\Microsoft WSE
2008-10-08 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-08 11:28 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-08 11:28 --------- d-----w C:\Program Files\MSXML 6.0
2008-10-08 11:28 --------- d-----w C:\Program Files\MSBuild
2008-10-08 11:27 --------- d-----w C:\Documents and Settings\anas\Application Data\Styler
2008-10-08 11:22 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Desktopicon
2008-10-08 11:22 --------- d-----w C:\Program Files\Unlocker
2008-10-08 11:22 --------- d-----w C:\Program Files\PowerCmd
2008-10-08 11:22 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-08 11:22 --------- d-----w C:\Program Files\Hunt Virus Utilities
2008-10-08 11:22 --------- d-----w C:\Program Files\HashTab Shell Extension
2008-10-08 11:22 --------- d-----w C:\Program Files\Common Files\Stardock
2008-10-08 11:22 --------- d-----w C:\Documents and Settings\Default User\Application Data\Desktopicon
2008-10-08 11:22 --------- d-----w C:\Documents and Settings\anas\Application Data\Desktopicon
2008-10-08 11:21 --------- d-----w C:\Program Files\Sysinternals
2008-10-08 11:21 --------- d-----w C:\Program Files\IZArc
2008-10-08 11:21 --------- d-----w C:\Program Files\Alky for Applications
2008-10-08 11:15 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\uTorrent
2008-10-08 11:15 --------- d-----w C:\Program Files\uTorrent
2008-10-08 11:15 --------- d-----w C:\Documents and Settings\Default User\Application Data\uTorrent
2008-10-08 11:15 --------- d-----w C:\Documents and Settings\anas\Application Data\uTorrent
2008-10-08 11:14 --------- d-----w C:\Program Files\VistaExperience.org
2008-10-08 11:12 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-08 11:12 --------- d-----w C:\Program Files\Styler
2008-10-08 11:12 --------- d-----w C:\Program Files\CCleaner
2008-10-08 11:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-08 11:11 --------- d-----w C:\Program Files\System
2008-10-08 11:11 --------- d-----w C:\Program Files\Stanimir Stoyanov
2008-10-08 11:11 --------- d-----w C:\Program Files\Desktop
2008-10-08 11:11 --------- d-----w C:\Program Files\7-Zip
2008-10-03 17:26 6,068,224 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.
((((((((((((((((((((((((((((( snapshot_Sun 10-19-2008_ 8.09.31.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-15 16:25:54 339,456 ------w C:\WINDOWS\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:52 17,272 ------w C:\WINDOWS\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:52 231,288 ------w C:\WINDOWS\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:52 26,488 ------w C:\WINDOWS\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:52 755,576 ------w C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:52 382,840 ------w C:\WINDOWS\$hf_mig$\KB958644\update\updspapi.dll
+ 2008-04-14 09:00:00 337,408 ------w C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:18:52 231,288 ------w C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:18:52 382,840 ------w C:\WINDOWS\$NtUninstallKB958644$\spuninst\updspapi.dll
+ 2002-02-18 04:35:32 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2008-10-26 03:57:44 2,678 ----a-w C:\WINDOWS\java\Packages\Data\79JRZ3DN.DAT
+ 2008-10-26 03:57:48 2,678 ----a-w C:\WINDOWS\java\Packages\Data\8GH7BTRR.DAT
+ 2008-10-26 03:57:44 2,678 ----a-w C:\WINDOWS\java\Packages\Data\9BJ3TV1B.DAT
+ 2008-10-26 03:57:44 2,678 ----a-w C:\WINDOWS\java\Packages\Data\G75R9RXV.DAT
+ 2008-10-26 03:57:44 2,678 ----a-w C:\WINDOWS\java\Packages\Data\O7BTVDJB.DAT
+ 2008-10-26 03:57:52 2,232 ----a-w C:\WINDOWS\java\Packages\Data\Z7TVT793.DAT
+ 2002-02-18 07:23:10 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2002-02-18 07:23:06 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2003-06-28 11:34:20 69,707 ----a-w C:\WINDOWS\system32\DISP_OPT1.dll
+ 2008-04-13 20:17:38 25,856 ----a-w C:\WINDOWS\system32\dllcache\usbprint.sys
+ 2008-07-08 11:54:02 148,496 ----a-w C:\WINDOWS\system32\drivers\22266309.sys
+ 2007-04-12 09:46:14 16,288 ----a-w C:\WINDOWS\system32\drivers\hpfxbulk.sys
+ 2007-04-12 09:46:14 23,968 ----a-w C:\WINDOWS\system32\drivers\hpfxgen.sys
+ 2008-04-13 20:17:38 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
+ 2002-02-18 04:34:48 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
+ 2006-08-30 10:32:44 49,152 ----a-w C:\WINDOWS\system32\FXCompChannel.dll
+ 2007-11-03 14:58:54 278,528 ----a-w C:\WINDOWS\system32\GTTunerCard.dll
+ 2007-11-07 12:19:08 65,536 ----a-w C:\WINDOWS\system32\GTWST.dll
+ 2006-08-21 12:45:40 241,664 ----a-w C:\WINDOWS\system32\hppapr04.dll
+ 2007-02-14 15:23:04 188,416 ----a-w C:\WINDOWS\system32\hppcew04.dll
+ 2007-02-22 09:53:10 331,776 ----a-w C:\WINDOWS\system32\hppepr04.dll
+ 2002-02-18 07:22:56 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2002-02-18 07:22:56 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
+ 2002-02-18 07:22:56 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
+ 2002-02-18 07:22:58 404,752 ----a-w C:\WINDOWS\system32\javart.dll
+ 2002-02-18 07:23:08 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
+ 2002-02-18 07:22:58 171,280 ----a-w C:\WINDOWS\system32\jit.dll
+ 2002-02-18 07:23:08 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2004-07-28 23:19:46 175,104 ----a-w C:\WINDOWS\system32\lame_enc.dll
+ 1998-06-17 15:44:04 929,844 ----a-w C:\WINDOWS\system32\MFC42D.DLL
+ 2004-01-02 14:29:04 339,968 ----a-w C:\WINDOWS\system32\mpeg2enc.dll
+ 2001-09-20 21:00:00 413,760 ----a-w C:\WINDOWS\system32\MPG4c32.dll
+ 2002-02-18 07:23:00 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
+ 2002-02-18 07:23:04 945,936 ----a-w C:\WINDOWS\system32\msjava.dll
+ 2002-02-18 07:23:04 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
+ 1998-06-16 21:00:00 385,100 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
+ 2002-02-07 08:41:12 1,229,312 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2002-02-07 08:35:08 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
- 2008-04-14 09:00:00 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2008-10-12 13:03:06 65,328 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-25 09:56:28 65,328 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-12 13:03:06 426,570 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-25 09:56:28 426,570 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2005-03-22 22:31:32 1,323,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpbcfgre.DLL
+ 2007-05-14 06:05:10 2,920,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpbcfgre.DLL
+ 2008-04-04 18:12:46 1,572,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpc6r5r1.dll
+ 2008-04-04 18:01:04 258,560 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcc35r1.DLL
- 2005-08-11 17:56:58 655,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2008-02-04 12:23:22 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcdmc32.DLL
+ 2008-04-04 18:07:22 496,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcev5r1.dll
+ 2008-04-04 18:11:28 1,612,288 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcls5r1.DLL
+ 2008-04-04 18:07:26 221,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcpe5r1.DLL
+ 2007-08-27 23:56:56 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcsat.dll
+ 2008-04-04 18:10:30 1,013,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcss5r1.DLL
+ 2008-04-04 18:00:16 8,873,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcst5r1.dll
+ 2008-04-04 18:06:56 3,240,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcui5r1.dll
+ 2008-04-04 18:13:10 3,607,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcur5r1.dll
+ 2008-04-04 15:56:36 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpmdp5r1.dll
+ 2007-03-13 06:49:02 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hppdvq01.dll
- 2004-07-10 10:56:00 169,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pclxl.DLL
+ 2007-03-09 07:04:04 207,872 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pclxl.dll
+ 2007-05-14 06:05:10 2,920,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpbcfgre.DLL
+ 2008-04-04 18:12:46 1,572,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpc6r5r1.dll
+ 2008-04-04 18:01:04 258,560 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcc35r1.DLL
+ 2008-02-04 12:23:22 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcdmc32.DLL
+ 2008-04-04 18:07:22 496,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcev5r1.dll
+ 2008-04-04 18:11:28 1,612,288 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcls5r1.DLL
+ 2008-04-04 18:07:26 221,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcpe5r1.DLL
+ 2007-08-27 23:56:56 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcsat.dll
+ 2008-04-04 18:10:30 1,013,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcss5r1.DLL
+ 2008-04-04 18:00:16 8,873,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcst5r1.dll
+ 2008-04-04 18:06:56 3,240,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcui5r1.dll
+ 2008-04-04 18:13:10 3,607,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpcur5r1.dll
+ 2008-04-04 15:56:36 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hpmdp5r1.DLL
+ 2007-03-13 06:49:02 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\hppdvq01.dll
+ 2007-03-09 07:04:04 207,872 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\pclxl.dll
+ 2007-03-09 07:03:52 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\UNIDRV.DLL
+ 2007-03-09 07:03:54 740,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\UNIDRVUI.DLL
+ 2007-03-09 07:03:58 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_laf552\UNIRES.DLL
+ 2008-04-04 18:01:40 272,896 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp5r1.dll
+ 2007-01-15 09:18:54 28,672 ----a-w C:\WINDOWS\system32\TVAudio.dll
+ 2007-03-07 09:17:36 565,248 ----a-w C:\WINDOWS\system32\UNINSTAL.EXE
+ 2002-02-18 07:23:06 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
+ 2002-02-18 07:23:10 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
+ 2006-12-04 04:59:18 53,248 ----a-w C:\WINDOWS\system32\WSTDEC.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
06/24/2008 11:17 PM 1569304 --a------ C:\Program Files\Hotspot_Shield\tbHot0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "C:\Program Files\Hotspot_Shield\tbHot0.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "C:\Program Files\Hotspot_Shield\tbHot0.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM 495616]
"LClock"="C:\Program Files\LClock\LClock.exe" [09/19/2004 09:27 PM 65536]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [03/22/2008 10:18 PM 1271808]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 12:00 PM 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [12/16/2007 08:39 PM 2449455]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [07/29/2007 07:13 PM 253952]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [06/10/2007 06:02 PM 40960]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/17/2007 05:13 PM 3810544]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="C:\Documents and Settings\anas\Application Data\cleaner\CSPSeraser.exe" [11/20/2007 02:19 PM 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/02/2008 07:15 AM 15872]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/13/2007 04:47 AM 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/13/2007 04:47 AM 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [01/13/2007 04:46 AM 135168]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [10/11/2008 09:49 AM 1234712]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"IR Control"="C:\Program Files\Application\LW-UTVFM\Remote.exe" [10/23/2007 12:32 PM 241664]
"Schedule"="C:\Program Files\Application\LW-UTVFM\Schedule.exe" [01/17/2007 11:35 AM 102400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM 495616]
"LClock"="C:\Program Files\LClock\LClock.exe" [09/19/2004 09:27 PM 65536]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 12:00 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-09 113664]
TV Remote Control.lnk - C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe [2008-10-27 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
05/12/2008 10:49 AM 210168 C:\Program Files\Stardock\ Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [10/09/2008 01:34 PM 97928]
R1 is-C75FSdrv;is-C75FSdrv;C:\WINDOWS\system32\DRIVERS\22266309.sys [07/08/2008 02:54 PM 148496]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [10/09/2008 01:34 PM 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [10/09/2008 01:34 PM 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [10/09/2008 01:34 PM 76040]
R3 ev19x8mp;Creative SB AudioPCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\ev19x8mp.sys [11/24/2000 09:10 PM 522268]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\ZTEUsbser.sys [02/06/2007 10:21 AM 97920]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [10/16/2006 03:58 PM 472832]
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [04/12/2007 12:46 PM 16288]
S3 OracleClientCache80;OracleClientCache80;D:\orant\BIN\ONRSD80.EXE [10/28/2000 09:45 AM 101136]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM 27136]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [04/13/2008 11:17 PM 25856]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a1d38a-953a-11dd-9506-001e584b8aaa}]
\Shell\AutoRun\command - c9hehpa.bat
\Shell\explore\Command - c9hehpa.bat
\Shell\open\Command - c9hehpa.bat
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
s of the 'Scheduled Tasks' folder
2008-10-28 C:\WINDOWS\Tasks\AF3AD3D09195485C.job
- c:\docume~1\anas\applic~1\ford4f~1\greatgreypoll.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Remote - C:\Program Files\TVR\remote.exe
HKLM-Run-RecSche - C:\Program Files\TVR\RecSche.exe
HKLM-Run-WinDVRCtrl - C:\WINDOWS\WDVRCtrl.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\anas\Application Data\Mozilla\Firefox\Profiles\jvjkoyp1.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-28 09:24:15
Windows 5.1.2600 Service Pack 3, v.5657 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="C:\AppServ\mysql\bin\mysqld-nt --defaults-file=C:\WINDOWS\my.ini mysql"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
Completion time: 10/28/2008 9:25:30
ComboFix-quarantined-files.txt 2008-10-28 06:25:24
ComboFix3.txt 2008-10-11 10:23:46
ComboFix2.txt 2008-10-19 05:10:04
Pre-Run: 9,200,828,416 bytes free
Post-Run: 9,484,812,288 bytes free
334 --- E O F --- 2008-10-26 03:36:24

anascoo · 28 أكتوبر 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:10 ص, on 28/10/2008
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache\bin\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\AppServ\Apache\bin\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Application\LW-UTVFM\Schedule.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\mDSL\bin\EV-DO.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\فلم الرعب\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IR Control] "C:\Program Files\Application\LW-UTVFM\Remote.exe"
O4 - HKLM\..\Run: [Schedule] "C:\Program Files\Application\LW-UTVFM\Schedule.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\anas\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\anas\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\MSI\TV@Anywhere Utilities\P3XRCtl.exe
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD1805A-78D0-4DE0-A223-92E53830D79C}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B641FB9B-CD70-497C-921E-E237F606EF87}: NameServer = 212.0.138.10 212.0.138.11
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe (file missing)
O23 - Service: Apache2 - Apache Software Foundation - C:\AppServ\Apache\bin\Apache.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: OracleClientCache80 - Unknown owner - D:\orant\BIN\ONRSD80.EXE
--
End of file - 7367 bytes

qa6ar · 28 أكتوبر 2008

احذف القيم التاليه

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\anas\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\anas\Application Data\CyberScrub\Privacy Suite"

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll

طريقة الحذف كالتالي

.
=-=-=
.
* الآن ستظهر لنا رسالة للتأكيد على الحذف فنضغط على نعم كما بالصورة ..
.

.
=-=-=
.
وياليت وبعد تنظيف هذه القيم تستخدم هالأدوات ,,
.
(.. شرح تنظيف أداة الخصوصية Cyberscrub_Privacy_Suite ..)
.
.
ننقر على الرابط لتحميل الأداة :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
* عند تحميل الأداة والنقر عليها دبل كلك سوف تظهر لنا هذه الواجهه وتبدأ في التنظيف :d:
.

.
=-=-=
.
* ننتظر إلى أن تنتهي بنا هذه الواجهه ومن ثم نضغط على كلمة Close وسوف يعيد تشغيل الجهاز وبعد التشغيل سوف يكمل تنظيفه وقد لا يستغرق أقل من ثانيتين :d:
.

.
=-=-=
.
(.. شرح أداة ATF-Cleaner ..)
.
نقوم بتحميل الأداة من :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
.
ملاحظة : نظام تشغيل الأداة على الأكس بي فقط ,,
.
* عند النقر دبل كلك على الأداة سوف تظهر لنا هذه الواجهه فنطبق كما بالصورة ..
.

جهاز بطى يوجد تقرير

anascoo

زيزوومى مميز

anascoo

زيزوومى مميز

qa6ar

زيزوومى محترف

توقيع : qa6ar

NTLite Business 2025.8.10552 X64