فدى الرسول
زيزوومى مبدع
غير متصل
السلام عليكم ورحمت الله وبركاتة
بعد ازالة OutpostProInstall
اريد ازالة هذا الخيار
تقرير كومبو فيكس
"omda" - 2009-03-21 11:29:32 Service Pack 2
ComboFix 07-05.27.BV - Running from: "F:\e\New Folder\mohammed\1-mem\Protect\"
((((((((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 ))))))))))))))))))))))))))))))))))
2009-03-21 02:17 4,847,383 --a------ C:\Documents and Settings\omda\mHpLbfO.exe
2009-03-21 02:17 4,847,383 --a------ C:\DOCUME~1\omda\mHpLbfO.exe
2009-03-21 00:11 <DIR> d-------- C:\islam
2009-03-20 22:33 60,928 --a------ C:\WINDOWS\unleap.exe
2009-03-20 22:33 <DIR> d-------- C:\Program Files\LeapFTP
2009-03-19 20:20 388,608 --a------ C:\WINDOWS\system32\CF30409.exe
2009-03-19 16:16 <DIR> d-------- C:\Program Files\uTorrent
2009-03-19 16:16 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\uTorrent
2009-03-19 12:57 <DIR> d-------- C:\Program Files\UltraISO
2009-03-19 12:57 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2009-03-19 09:08 1,364 --a------ C:\WINDOWS\system32\tmp.reg
2009-03-19 08:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2009-03-18 20:53 <DIR> d-------- C:\Deckard
2009-03-18 20:07 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-03-18 14:44 <DIR> d-------- C:\Program Files\Bit Che
2009-03-18 13:04 9,694 --a------ C:\WINDOWS\irunin.dat
2009-03-18 13:04 36,864 --a------ C:\WINDOWS\chgtype.exe
2009-03-18 13:04 2,048 --a-s---- C:\WINDOWS\bootstet.dat
2009-03-18 13:03 720,896 --a------ C:\WINDOWS\iun6002.exe
2009-03-18 12:55 <DIR> d-------- C:\My Drivers
2009-03-18 11:57 <DIR> d--hs---- C:\RECYCLER
2009-03-17 12:12 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\inSpeak
2009-03-17 12:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\inSpeak
2009-03-16 17:48 <DIR> d-------- C:\WINDOWS\system32\YingInstall
2009-03-16 17:48 <DIR> d-------- C:\Program Files\GxUpdate
2009-03-15 22:01 <DIR> d-------- C:\Program Files\ffdshow
2009-03-15 22:00 <DIR> d-------- C:\Program Files\Easy RealMedia Tools
2009-03-15 22:00 <DIR> d-------- C:\Program Files\AviSynth 2.5
2009-03-15 22:00 <DIR> d-------- C:\Program Files\AC3Filter
2009-03-15 21:48 799,056 --a------ C:\WINDOWS\system32\D3D10WARP_beta.dll
2009-03-15 21:48 799,056 --a------ C:\WINDOWS\system32\D3D10WARP.dll
2009-03-15 21:48 728,858 --a------ C:\WINDOWS\system32\unins000.exe
2009-03-15 21:48 513,360 --a------ C:\WINDOWS\system32\D3D11_beta.dll
2009-03-15 21:48 513,360 --a------ C:\WINDOWS\system32\D3D11.dll
2009-03-15 21:48 496,464 --a------ C:\WINDOWS\system32\D3DX10d_40.dll
2009-03-15 21:48 496,464 --a------ C:\WINDOWS\system32\D3DX10d.dll
2009-03-15 21:48 484,176 --a------ C:\WINDOWS\system32\DXGI_beta.dll
2009-03-15 21:48 480,592 --a------ C:\WINDOWS\system32\D3D11Ref.dll
2009-03-15 21:48 471,888 --a------ C:\WINDOWS\system32\D3D10Level9_beta.dll
2009-03-15 21:48 471,888 --a------ C:\WINDOWS\system32\D3D10Level9.dll
2009-03-15 21:48 462,672 --a------ C:\WINDOWS\system32\D3D11SDKLayers.dll
2009-03-15 21:48 4,096 --a------ C:\WINDOWS\system32\MyProg.exe
2009-03-15 21:48 234,320 --a------ C:\WINDOWS\system32\D3DX11_40.dll
2009-03-15 21:48 208,896 --a------ C:\WINDOWS\system32\d3d10_1core.dll
2009-03-15 21:48 2,140 --a------ C:\WINDOWS\system32\unins000.dat
2009-03-15 21:48 159,744 --a------ C:\WINDOWS\system32\d3d10_1.dll
2009-03-15 11:34 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Talkback
2009-03-15 11:33 0 --a------ C:\WINDOWS\nsreg.dat
2009-03-13 21:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2009-03-13 20:51 <DIR> d--hs---- C:\System Volume Information
2009-03-13 19:11 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Desktopicon
2009-03-12 13:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Simply Super Software
2009-03-12 13:09 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2009-03-12 12:49 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2009-03-12 12:49 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2009-03-12 12:49 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2009-03-12 12:49 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2009-03-12 12:49 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2009-03-12 12:49 <DIR> d-------- C:\Program Files\Trojan Remover
2009-03-12 12:49 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Simply Super Software
2009-03-12 12:07 <DIR> d-------- C:\Program Files\FLV Player
2009-03-12 11:56 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\CyberScrub
2009-03-12 11:56 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\cleaner
2009-03-12 11:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2009-03-12 11:11 388,608 --a------ C:\WINDOWS\system32\CF12151.exe
2009-03-12 11:01 0 --a------ C:\WINDOWS\system32\WinWare.sys
2009-03-11 14:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2009-03-11 13:51 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\TMP
2009-03-11 13:01 <DIR> d-------- C:\Program Files\Catalencoder
2009-03-11 12:34 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Download Manager
2009-03-10 12:51 26 --a------ C:\WINDOWS\system32\kakle.dll
2009-03-10 12:50 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2009-03-10 12:50 90,112 --a------ C:\WINDOWS\system32\agsaami.dll
2009-03-10 12:50 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll
2009-03-10 12:50 53,760 --a------ C:\WINDOWS\system\ppacklib.dll
2009-03-10 12:50 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll
2009-03-10 12:50 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2009-03-10 12:50 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll
2009-03-10 12:50 196,608 --a------ C:\WINDOWS\system32\maag.dll
2009-03-10 12:50 1,986,560 --a------ C:\WINDOWS\system32\akll.dll
2009-03-10 12:50 1,245,184 --a------ C:\WINDOWS\system32\bkll.dll
2009-03-10 12:50 1,212,416 --a------ C:\WINDOWS\system32\ckll.dll
2009-03-10 12:50 <DIR> d-------- C:\WINDOWS\system32\RMBin
2009-03-10 12:50 <DIR> d-------- C:\Program Files\Real_SC
2009-03-09 15:46 <DIR> d-------- C:\Program Files\SatFile Filter
2009-03-09 15:46 <DIR> d-------- C:\Program Files\Common Files\Marwan Programs
2009-03-08 20:34 <DIR> d-------- C:\Program Files\inSpeak
2009-03-08 13:45 <DIR> d-------- C:\Program Files\algam3 v1.2
2009-03-07 22:39 <DIR> d-------- C:\WINDOWS\PaltalkScene
2009-03-07 22:39 <DIR> d-------- C:\Program Files\Paltalk Messenger
2009-03-07 22:39 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Paltalk
2009-03-06 21:44 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\GRETECH
2009-03-06 21:43 <DIR> d-------- C:\Program Files\GRETECH
2009-03-06 20:34 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2009-03-06 13:28 <DIR> d-------- C:\Program Files\Media Player Classic
2009-03-05 20:07 <DIR> d-------- C:\Program Files\Windows Live
2009-03-05 20:05 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2009-03-03 15:39 <DIR> d-------- C:\Program Files\netcut
2009-03-01 17:28 <DIR> d-------- C:\Program Files\Any Audio Converter
2009-02-28 11:59 <DIR> d-------- C:\Program Files\RaizeMedia
2009-02-26 13:28 <DIR> d-------- C:\Program Files\URUSoft
2009-02-26 12:11 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2009-02-26 12:11 6,550 --a------ C:\WINDOWS\jautoexp.dat
2009-02-26 12:11 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2009-02-26 12:11 46,352 --a------ C:\WINDOWS\setdebug.exe
2009-02-26 12:11 404,752 --a------ C:\WINDOWS\system32\javart.dll
2009-02-26 12:11 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2009-02-26 12:11 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2009-02-26 12:11 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2009-02-26 12:11 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2009-02-26 12:11 172,304 --a------ C:\WINDOWS\system32\jview.exe
2009-02-26 12:11 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2009-02-26 12:11 171,280 --a------ C:\WINDOWS\system32\jit.dll
2009-02-26 12:11 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2009-02-26 12:11 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2009-02-26 12:11 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2009-02-26 12:11 113 --a------ C:\WINDOWS\system32\zonedon.reg
2009-02-26 12:11 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2009-02-25 12:28 <DIR> d-------- C:\Documents and Settings\omda\Tracing
2009-02-25 12:28 <DIR> d-------- C:\DOCUME~1\omda\Tracing
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-03-21 09:07:57 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\DMCache
2009-03-21 04:20:38 -------- d-----w C:\Program Files\Common Files\LogoManager
2009-03-21 00:33:57 -------- d-----w C:\Program Files\MobiMB Mobile Media Browser
2009-03-19 07:08:07 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\IDM
2009-03-19 06:29:27 -------- d-----w C:\Program Files\Internet Download Manager
2009-03-18 22:01:54 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Thinstall
2009-03-12 17:48:26 -------- d-----w C:\Program Files\Image2PDF OCR v3.2
2009-03-12 09:52:20 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\DNA
2009-03-12 09:49:33 -------- d-----w C:\Program Files\DNA
2009-03-08 20:24:24 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Real
2009-03-06 11:28:19 -------- d-----w C:\Program Files\Real Alternative
2009-03-06 11:27:41 -------- d-----w C:\Program Files\K-Lite Codec Pack
2009-03-01 11:55:13 -------- d-----w C:\Program Files\Nokia
2009-02-28 19:16:25 -------- d-----w C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)
2009-02-24 11:36:11 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-02-24 11:35:27 -------- d-----w C:\Program Files\Common Files\InstallShield
2009-02-22 17:53:12 -------- d-----w C:\Program Files\Winamp
2009-02-20 18:43:04 -------- d-----w C:\Program Files\My Video Converter
2009-02-20 18:13:45 -------- d-----w C:\Program Files\nLite
2009-02-20 15:08:11 -------- d-----w C:\Program Files\Alcohol Soft
2009-02-20 09:47:06 -------- d-----w C:\Program Files\Advanced IP Scanner
2009-02-19 14:33:41 -------- d-----w C:\Program Files\Xilisoft
2009-02-19 13:15:03 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Ulead Systems
2009-02-17 22:59:28 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Help
2009-02-16 17:06:17 -------- d-----w C:\Program Files\VMware
2009-02-16 13:44:20 -------- d-----w C:\Program Files\Apex
2009-02-16 07:35:02 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\IndigoRose
2009-02-16 07:28:41 -------- d-----w C:\Program Files\AutoPlay Media Studio 7.0
2009-02-16 07:26:58 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Downloaded Installations
2009-02-15 13:22:56 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Nokia
2009-02-13 22:40:37 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\ooVoo Details
2009-02-13 22:40:32 -------- d-----w C:\Program Files\ooVoo
2009-02-11 23:06:32 1,024 ----a-w C:\WINDOWS\system32\Image2PDF.dat
2009-02-07 09:45:16 -------- d-----w C:\Program Files\TechSmith
2009-02-07 09:44:37 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-02-07 09:21:29 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\PC Suite
2009-02-06 18:18:34 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\PlayFirst
2009-02-05 19:34:14 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\TravelerSafe+
2009-02-05 08:08:49 -------- d-----w C:\Program Files\DScaler5
2009-02-03 15:56:01 -------- d-----w C:\Program Files\Common Files\snpstd
2009-02-02 21:32:08 -------- d-----w C:\Program Files\Common Files\Nero
2009-02-02 21:29:50 -------- d-----w C:\Program Files\Ahead
2009-02-02 21:29:23 -------- d-----w C:\Program Files\Common Files\Ahead
2009-02-02 09:58:40 -------- d-----w C:\Program Files\Network LookOut
2009-02-02 07:25:02 -------- d-----w C:\Program Files\WinPcap
2009-02-01 16:45:48 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Kingston
2009-01-31 10:21:50 131,072 ----a-w C:\softcam.bin
2009-01-30 19:11:39 -------- d-----w C:\Program Files\Elaborate Bytes
2009-01-30 07:42:03 4,096 ----a-w C:\WINDOWS\d3dx.dat
2009-01-29 23:23:19 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Media Player Classic
2009-01-29 19:09:19 -------- d-----w C:\Program Files\Common Files\PCSuite
2009-01-29 19:09:17 -------- d-----w C:\Program Files\Common Files\Nokia
2009-01-29 19:09:04 -------- d-----w C:\Program Files\DIFX
2009-01-29 19:08:50 -------- d-----w C:\Program Files\PC Connectivity Solution
2009-01-29 16:15:28 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\mjusbsp
2009-01-29 07:10:19 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Danware Data
2009-01-29 07:09:01 -------- d-----w C:\Program Files\Danware Data
2009-01-28 23:14:10 -------- d-----w C:\Program Files\Yahoo!
2009-01-28 21:29:08 -------- d-----w C:\Program Files\PC-TV
2009-01-28 21:08:45 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2009-01-28 20:37:06 94,636 ----a-w C:\WINDOWS\dropcpyr.dll
2009-01-28 20:37:06 73,728 ----a-w C:\WINDOWS\copyfstq.exe
2009-01-28 20:30:37 -------- d-----w C:\Program Files\Common Files\ODBC
2009-01-28 20:30:34 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2009-01-28 20:24:24 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Microsoft Web Folders
2009-01-28 19:37:10 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Mikrotik
2009-01-28 19:22:07 -------- d-----w C:\Program Files\Kaspersky Lab
2009-01-28 19:17:14 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2009-01-28 19:17:12 -------- d-----w C:\Program Files\TP-LINK
2009-01-28 19:15:25 -------- d-----w C:\Program Files\EasyTV
2009-01-28 19:04:44 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2009-01-28 19:04:25 155,405 ----a-w C:\WINDOWS\Uninstall.exe
2009-01-28 19:01:40 2,467 ----a-w C:\Program Files\Common Files\unins000.dat
2009-01-28 19:01:23 728,858 ----a-w C:\Program Files\Common Files\unins000.exe
2009-01-28 18:48:21 -------- d-----w C:\Program Files\microsoft frontpage
2009-01-28 18:47:55 0 --sha-r C:\IO.SYS
2009-01-28 18:47:55 0 ---h--w C:\MSDOS.SYS
2009-01-28 18:47:55 0 ----a-w C:\CONFIG.SYS
2009-01-28 18:47:55 0 ----a-w C:\AUTOEXEC.BAT
2009-01-28 18:46:13 -------- d--h--w C:\Program Files\WindowsUpdate
2009-01-28 18:46:10 -------- d-----w C:\Program Files\Online Services
2009-01-28 18:45:20 -------- d-----w C:\Program Files\Common Files\MSSoap
2009-01-28 18:45:10 -------- d-----w C:\Program Files\Movie Maker
2009-01-28 18:44:14 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2009-01-28 18:43:50 -------- d-----w C:\Program Files\Messenger
2009-01-28 18:43:45 -------- d-----w C:\Program Files\MSN Gaming Zone
2009-01-28 18:43:36 -------- d-----w C:\Program Files\Windows NT
2009-01-22 14:49:49 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0055C089-8582-441B-A0BF-17B458C2A3A8}=C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-03-19 08:29]
{00C6482D-C502-44C8-8409-FCE54AD9C208}=C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-02-16 18:41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVTray"="C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe" [2006-03-03 15:52]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2009-03-13 21:36]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"raVe"=
"Driver32"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoConfigPage"=0 (0x0)
"NoDevMgrPage"=0 (0x0)
"NoFileSysPage"=0 (0x0)
"NoVirtMemPage"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"NoFolderOptions"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoConfigPage"=0 (0x0)
"NoDevMgrPage"=0 (0x0)
"NoFileSysPage"=0 (0x0)
"NoVirtMemPage"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoFolderOptions"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\WinOldApp]
"Disabled"=0 (0x0)
"NoRealMode"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoFind"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\WinOldApp]
"Disabled"=0 (0x0)
"NoRealMode"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
Debugger=ntsd-d
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
"C:\Documents and Settings\omda\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Karen]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raVe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy]
copyfstq.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startIE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemInit]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTray]
C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
"C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win32BaseServiceMOD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer,
Rootkit scan 2009-03-21 11:31:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2009-03-21 11:32:26
C:\ComboFix-quarantined-files.txt ... 2009-03-21 11:32
C:\ComboFix2.txt ... 2009-03-19 08:29
--- E O F ---
تقرير هايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:58 ص, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
F:\e\New Folder\mohammed\1-mem\Protect\Reports\Zyzoom_HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{55461FCA-3D15-4651-B07B-FCDA898E1E5D}: NameServer = 192.168.10.1 217.52.47.130
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NetOp Helper ver. 8.00 (2006026) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp School\TEACHER\NHOSTSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 3321 bytes
ننتظر
بعد ازالة OutpostProInstall
اريد ازالة هذا الخيار
تقرير كومبو فيكس
"omda" - 2009-03-21 11:29:32 Service Pack 2
ComboFix 07-05.27.BV - Running from: "F:\e\New Folder\mohammed\1-mem\Protect\"
((((((((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 ))))))))))))))))))))))))))))))))))
2009-03-21 02:17 4,847,383 --a------ C:\Documents and Settings\omda\mHpLbfO.exe
2009-03-21 02:17 4,847,383 --a------ C:\DOCUME~1\omda\mHpLbfO.exe
2009-03-21 00:11 <DIR> d-------- C:\islam
2009-03-20 22:33 60,928 --a------ C:\WINDOWS\unleap.exe
2009-03-20 22:33 <DIR> d-------- C:\Program Files\LeapFTP
2009-03-19 20:20 388,608 --a------ C:\WINDOWS\system32\CF30409.exe
2009-03-19 16:16 <DIR> d-------- C:\Program Files\uTorrent
2009-03-19 16:16 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\uTorrent
2009-03-19 12:57 <DIR> d-------- C:\Program Files\UltraISO
2009-03-19 12:57 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2009-03-19 09:08 1,364 --a------ C:\WINDOWS\system32\tmp.reg
2009-03-19 08:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2009-03-18 20:53 <DIR> d-------- C:\Deckard
2009-03-18 20:07 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-03-18 14:44 <DIR> d-------- C:\Program Files\Bit Che
2009-03-18 13:04 9,694 --a------ C:\WINDOWS\irunin.dat
2009-03-18 13:04 36,864 --a------ C:\WINDOWS\chgtype.exe
2009-03-18 13:04 2,048 --a-s---- C:\WINDOWS\bootstet.dat
2009-03-18 13:03 720,896 --a------ C:\WINDOWS\iun6002.exe
2009-03-18 12:55 <DIR> d-------- C:\My Drivers
2009-03-18 11:57 <DIR> d--hs---- C:\RECYCLER
2009-03-17 12:12 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\inSpeak
2009-03-17 12:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\inSpeak
2009-03-16 17:48 <DIR> d-------- C:\WINDOWS\system32\YingInstall
2009-03-16 17:48 <DIR> d-------- C:\Program Files\GxUpdate
2009-03-15 22:01 <DIR> d-------- C:\Program Files\ffdshow
2009-03-15 22:00 <DIR> d-------- C:\Program Files\Easy RealMedia Tools
2009-03-15 22:00 <DIR> d-------- C:\Program Files\AviSynth 2.5
2009-03-15 22:00 <DIR> d-------- C:\Program Files\AC3Filter
2009-03-15 21:48 799,056 --a------ C:\WINDOWS\system32\D3D10WARP_beta.dll
2009-03-15 21:48 799,056 --a------ C:\WINDOWS\system32\D3D10WARP.dll
2009-03-15 21:48 728,858 --a------ C:\WINDOWS\system32\unins000.exe
2009-03-15 21:48 513,360 --a------ C:\WINDOWS\system32\D3D11_beta.dll
2009-03-15 21:48 513,360 --a------ C:\WINDOWS\system32\D3D11.dll
2009-03-15 21:48 496,464 --a------ C:\WINDOWS\system32\D3DX10d_40.dll
2009-03-15 21:48 496,464 --a------ C:\WINDOWS\system32\D3DX10d.dll
2009-03-15 21:48 484,176 --a------ C:\WINDOWS\system32\DXGI_beta.dll
2009-03-15 21:48 480,592 --a------ C:\WINDOWS\system32\D3D11Ref.dll
2009-03-15 21:48 471,888 --a------ C:\WINDOWS\system32\D3D10Level9_beta.dll
2009-03-15 21:48 471,888 --a------ C:\WINDOWS\system32\D3D10Level9.dll
2009-03-15 21:48 462,672 --a------ C:\WINDOWS\system32\D3D11SDKLayers.dll
2009-03-15 21:48 4,096 --a------ C:\WINDOWS\system32\MyProg.exe
2009-03-15 21:48 234,320 --a------ C:\WINDOWS\system32\D3DX11_40.dll
2009-03-15 21:48 208,896 --a------ C:\WINDOWS\system32\d3d10_1core.dll
2009-03-15 21:48 2,140 --a------ C:\WINDOWS\system32\unins000.dat
2009-03-15 21:48 159,744 --a------ C:\WINDOWS\system32\d3d10_1.dll
2009-03-15 11:34 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Talkback
2009-03-15 11:33 0 --a------ C:\WINDOWS\nsreg.dat
2009-03-13 21:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2009-03-13 20:51 <DIR> d--hs---- C:\System Volume Information
2009-03-13 19:11 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Desktopicon
2009-03-12 13:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Simply Super Software
2009-03-12 13:09 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2009-03-12 12:49 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2009-03-12 12:49 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2009-03-12 12:49 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2009-03-12 12:49 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2009-03-12 12:49 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2009-03-12 12:49 <DIR> d-------- C:\Program Files\Trojan Remover
2009-03-12 12:49 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Simply Super Software
2009-03-12 12:07 <DIR> d-------- C:\Program Files\FLV Player
2009-03-12 11:56 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\CyberScrub
2009-03-12 11:56 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\cleaner
2009-03-12 11:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2009-03-12 11:11 388,608 --a------ C:\WINDOWS\system32\CF12151.exe
2009-03-12 11:01 0 --a------ C:\WINDOWS\system32\WinWare.sys
2009-03-11 14:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2009-03-11 13:51 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\TMP
2009-03-11 13:01 <DIR> d-------- C:\Program Files\Catalencoder
2009-03-11 12:34 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Download Manager
2009-03-10 12:51 26 --a------ C:\WINDOWS\system32\kakle.dll
2009-03-10 12:50 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2009-03-10 12:50 90,112 --a------ C:\WINDOWS\system32\agsaami.dll
2009-03-10 12:50 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll
2009-03-10 12:50 53,760 --a------ C:\WINDOWS\system\ppacklib.dll
2009-03-10 12:50 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll
2009-03-10 12:50 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2009-03-10 12:50 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll
2009-03-10 12:50 196,608 --a------ C:\WINDOWS\system32\maag.dll
2009-03-10 12:50 1,986,560 --a------ C:\WINDOWS\system32\akll.dll
2009-03-10 12:50 1,245,184 --a------ C:\WINDOWS\system32\bkll.dll
2009-03-10 12:50 1,212,416 --a------ C:\WINDOWS\system32\ckll.dll
2009-03-10 12:50 <DIR> d-------- C:\WINDOWS\system32\RMBin
2009-03-10 12:50 <DIR> d-------- C:\Program Files\Real_SC
2009-03-09 15:46 <DIR> d-------- C:\Program Files\SatFile Filter
2009-03-09 15:46 <DIR> d-------- C:\Program Files\Common Files\Marwan Programs
2009-03-08 20:34 <DIR> d-------- C:\Program Files\inSpeak
2009-03-08 13:45 <DIR> d-------- C:\Program Files\algam3 v1.2
2009-03-07 22:39 <DIR> d-------- C:\WINDOWS\PaltalkScene
2009-03-07 22:39 <DIR> d-------- C:\Program Files\Paltalk Messenger
2009-03-07 22:39 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Paltalk
2009-03-06 21:44 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\GRETECH
2009-03-06 21:43 <DIR> d-------- C:\Program Files\GRETECH
2009-03-06 20:34 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2009-03-06 13:28 <DIR> d-------- C:\Program Files\Media Player Classic
2009-03-05 20:07 <DIR> d-------- C:\Program Files\Windows Live
2009-03-05 20:05 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2009-03-03 15:39 <DIR> d-------- C:\Program Files\netcut
2009-03-01 17:28 <DIR> d-------- C:\Program Files\Any Audio Converter
2009-02-28 11:59 <DIR> d-------- C:\Program Files\RaizeMedia
2009-02-26 13:28 <DIR> d-------- C:\Program Files\URUSoft
2009-02-26 12:11 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2009-02-26 12:11 6,550 --a------ C:\WINDOWS\jautoexp.dat
2009-02-26 12:11 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2009-02-26 12:11 46,352 --a------ C:\WINDOWS\setdebug.exe
2009-02-26 12:11 404,752 --a------ C:\WINDOWS\system32\javart.dll
2009-02-26 12:11 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2009-02-26 12:11 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2009-02-26 12:11 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2009-02-26 12:11 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2009-02-26 12:11 172,304 --a------ C:\WINDOWS\system32\jview.exe
2009-02-26 12:11 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2009-02-26 12:11 171,280 --a------ C:\WINDOWS\system32\jit.dll
2009-02-26 12:11 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2009-02-26 12:11 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2009-02-26 12:11 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2009-02-26 12:11 113 --a------ C:\WINDOWS\system32\zonedon.reg
2009-02-26 12:11 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2009-02-25 12:28 <DIR> d-------- C:\Documents and Settings\omda\Tracing
2009-02-25 12:28 <DIR> d-------- C:\DOCUME~1\omda\Tracing
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-03-21 09:07:57 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\DMCache
2009-03-21 04:20:38 -------- d-----w C:\Program Files\Common Files\LogoManager
2009-03-21 00:33:57 -------- d-----w C:\Program Files\MobiMB Mobile Media Browser
2009-03-19 07:08:07 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\IDM
2009-03-19 06:29:27 -------- d-----w C:\Program Files\Internet Download Manager
2009-03-18 22:01:54 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Thinstall
2009-03-12 17:48:26 -------- d-----w C:\Program Files\Image2PDF OCR v3.2
2009-03-12 09:52:20 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\DNA
2009-03-12 09:49:33 -------- d-----w C:\Program Files\DNA
2009-03-08 20:24:24 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Real
2009-03-06 11:28:19 -------- d-----w C:\Program Files\Real Alternative
2009-03-06 11:27:41 -------- d-----w C:\Program Files\K-Lite Codec Pack
2009-03-01 11:55:13 -------- d-----w C:\Program Files\Nokia
2009-02-28 19:16:25 -------- d-----w C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)
2009-02-24 11:36:11 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-02-24 11:35:27 -------- d-----w C:\Program Files\Common Files\InstallShield
2009-02-22 17:53:12 -------- d-----w C:\Program Files\Winamp
2009-02-20 18:43:04 -------- d-----w C:\Program Files\My Video Converter
2009-02-20 18:13:45 -------- d-----w C:\Program Files\nLite
2009-02-20 15:08:11 -------- d-----w C:\Program Files\Alcohol Soft
2009-02-20 09:47:06 -------- d-----w C:\Program Files\Advanced IP Scanner
2009-02-19 14:33:41 -------- d-----w C:\Program Files\Xilisoft
2009-02-19 13:15:03 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Ulead Systems
2009-02-17 22:59:28 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Help
2009-02-16 17:06:17 -------- d-----w C:\Program Files\VMware
2009-02-16 13:44:20 -------- d-----w C:\Program Files\Apex
2009-02-16 07:35:02 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\IndigoRose
2009-02-16 07:28:41 -------- d-----w C:\Program Files\AutoPlay Media Studio 7.0
2009-02-16 07:26:58 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Downloaded Installations
2009-02-15 13:22:56 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Nokia
2009-02-13 22:40:37 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\ooVoo Details
2009-02-13 22:40:32 -------- d-----w C:\Program Files\ooVoo
2009-02-11 23:06:32 1,024 ----a-w C:\WINDOWS\system32\Image2PDF.dat
2009-02-07 09:45:16 -------- d-----w C:\Program Files\TechSmith
2009-02-07 09:44:37 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-02-07 09:21:29 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\PC Suite
2009-02-06 18:18:34 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\PlayFirst
2009-02-05 19:34:14 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\TravelerSafe+
2009-02-05 08:08:49 -------- d-----w C:\Program Files\DScaler5
2009-02-03 15:56:01 -------- d-----w C:\Program Files\Common Files\snpstd
2009-02-02 21:32:08 -------- d-----w C:\Program Files\Common Files\Nero
2009-02-02 21:29:50 -------- d-----w C:\Program Files\Ahead
2009-02-02 21:29:23 -------- d-----w C:\Program Files\Common Files\Ahead
2009-02-02 09:58:40 -------- d-----w C:\Program Files\Network LookOut
2009-02-02 07:25:02 -------- d-----w C:\Program Files\WinPcap
2009-02-01 16:45:48 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Kingston
2009-01-31 10:21:50 131,072 ----a-w C:\softcam.bin
2009-01-30 19:11:39 -------- d-----w C:\Program Files\Elaborate Bytes
2009-01-30 07:42:03 4,096 ----a-w C:\WINDOWS\d3dx.dat
2009-01-29 23:23:19 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Media Player Classic
2009-01-29 19:09:19 -------- d-----w C:\Program Files\Common Files\PCSuite
2009-01-29 19:09:17 -------- d-----w C:\Program Files\Common Files\Nokia
2009-01-29 19:09:04 -------- d-----w C:\Program Files\DIFX
2009-01-29 19:08:50 -------- d-----w C:\Program Files\PC Connectivity Solution
2009-01-29 16:15:28 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\mjusbsp
2009-01-29 07:10:19 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Danware Data
2009-01-29 07:09:01 -------- d-----w C:\Program Files\Danware Data
2009-01-28 23:14:10 -------- d-----w C:\Program Files\Yahoo!
2009-01-28 21:29:08 -------- d-----w C:\Program Files\PC-TV
2009-01-28 21:08:45 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2009-01-28 20:37:06 94,636 ----a-w C:\WINDOWS\dropcpyr.dll
2009-01-28 20:37:06 73,728 ----a-w C:\WINDOWS\copyfstq.exe
2009-01-28 20:30:37 -------- d-----w C:\Program Files\Common Files\ODBC
2009-01-28 20:30:34 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2009-01-28 20:24:24 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Microsoft Web Folders
2009-01-28 19:37:10 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Mikrotik
2009-01-28 19:22:07 -------- d-----w C:\Program Files\Kaspersky Lab
2009-01-28 19:17:14 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2009-01-28 19:17:12 -------- d-----w C:\Program Files\TP-LINK
2009-01-28 19:15:25 -------- d-----w C:\Program Files\EasyTV
2009-01-28 19:04:44 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2009-01-28 19:04:25 155,405 ----a-w C:\WINDOWS\Uninstall.exe
2009-01-28 19:01:40 2,467 ----a-w C:\Program Files\Common Files\unins000.dat
2009-01-28 19:01:23 728,858 ----a-w C:\Program Files\Common Files\unins000.exe
2009-01-28 18:48:21 -------- d-----w C:\Program Files\microsoft frontpage
2009-01-28 18:47:55 0 --sha-r C:\IO.SYS
2009-01-28 18:47:55 0 ---h--w C:\MSDOS.SYS
2009-01-28 18:47:55 0 ----a-w C:\CONFIG.SYS
2009-01-28 18:47:55 0 ----a-w C:\AUTOEXEC.BAT
2009-01-28 18:46:13 -------- d--h--w C:\Program Files\WindowsUpdate
2009-01-28 18:46:10 -------- d-----w C:\Program Files\Online Services
2009-01-28 18:45:20 -------- d-----w C:\Program Files\Common Files\MSSoap
2009-01-28 18:45:10 -------- d-----w C:\Program Files\Movie Maker
2009-01-28 18:44:14 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2009-01-28 18:43:50 -------- d-----w C:\Program Files\Messenger
2009-01-28 18:43:45 -------- d-----w C:\Program Files\MSN Gaming Zone
2009-01-28 18:43:36 -------- d-----w C:\Program Files\Windows NT
2009-01-22 14:49:49 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0055C089-8582-441B-A0BF-17B458C2A3A8}=C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-03-19 08:29]
{00C6482D-C502-44C8-8409-FCE54AD9C208}=C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-02-16 18:41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVTray"="C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe" [2006-03-03 15:52]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2009-03-13 21:36]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"raVe"=
"Driver32"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoConfigPage"=0 (0x0)
"NoDevMgrPage"=0 (0x0)
"NoFileSysPage"=0 (0x0)
"NoVirtMemPage"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"NoFolderOptions"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoConfigPage"=0 (0x0)
"NoDevMgrPage"=0 (0x0)
"NoFileSysPage"=0 (0x0)
"NoVirtMemPage"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoFolderOptions"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\WinOldApp]
"Disabled"=0 (0x0)
"NoRealMode"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoFind"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\WinOldApp]
"Disabled"=0 (0x0)
"NoRealMode"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
Debugger=ntsd-d
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
"C:\Documents and Settings\omda\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Karen]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raVe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy]
copyfstq.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
C:\WINDOWS\vsnpstd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startIE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemInit]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTray]
C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
"C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win32BaseServiceMOD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-03-21 11:31:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2009-03-21 11:32:26
C:\ComboFix-quarantined-files.txt ... 2009-03-21 11:32
C:\ComboFix2.txt ... 2009-03-19 08:29
--- E O F ---
تقرير هايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:58 ص, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
F:\e\New Folder\mohammed\1-mem\Protect\Reports\Zyzoom_HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{55461FCA-3D15-4651-B07B-FCDA898E1E5D}: NameServer = 192.168.10.1 217.52.47.130
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NetOp Helper ver. 8.00 (2006026) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp School\TEACHER\NHOSTSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 3321 bytes
ننتظر
