هـذا هو اخوي كومبآكـ
ComboFix 09-04-01.01 - abu.Nersian 04/02/2009 23:09:18.1 -
FAT32x86
Running from: c:\documents and settings\abu.Nersian\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\abu.Nersian\x.exe
c:\windows\IE4 Error Log.txt
c:\windows\regedit.com
c:\windows\system32\1.txt
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\taskmgr.com
F:\2.bat
F:\autorun.inf
F:\dkfo.pif
F:\dlyx.cmd
F:\duvo.pif
F:\e.cmd
F:\gvut.pif
F:\jfnaqe.pif
F:\minm.cmd
F:\tdgk.cmd
.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 18:50 --------- d-----w c:\documents and settings\abu.Nersian\Application Data\Media Player Classic
2009-04-02 18:48 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-02 18:09 --------- d-----w c:\program files\PC Sync Manager
2009-03-31 00:19 147,456 ----a-w C:\TaskManagerFix.exe
2009-03-30 16:39 --------- d-----w c:\program files\Your Uninstaller 2008
2009-03-30 16:39 --------- d-----w c:\documents and settings\abu.Nersian\Application Data\URSoft
2009-03-30 02:11 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-30 02:11 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-30 02:11 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-30 02:11 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-21 01:13 --------- d-----w c:\program files\Ela-Salaty
2009-03-17 01:14 --------- d-----w c:\documents and settings\abu.Nersian\Application Data\HiYo
2009-03-16 14:17 --------- d-----w c:\program files\Microsoft
2009-03-10 19:18 960,392 ------w c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 19:18 264,576 ------w c:\windows\system32\dllcache\wgaLogon.dll
2009-03-05 03:52 --------- d-----w c:\program files\Pure Codec
2009-02-25 22:45 --------- d-----w c:\program files\Abdullah AlZaid
2009-02-14 07:17 --------- d-----w c:\documents and settings\abu.Nersian\Application Data\skypePM
2009-02-14 07:11 --------- d-----w c:\documents and settings\abu.Nersian\Application Data\Skype
2009-02-14 07:10 --------- d-----w c:\program files\Common Files\Skype
2009-02-14 07:10 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-14 07:10 --------- d-----r c:\program files\Skype
2009-02-10 23:36 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-10 23:02 --------- d-----w c:\program files\NOS
2009-02-10 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:04 1,846,656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:04 1,846,656 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-08 10:30 --------- d-----w c:\documents and settings\abu.Nersian\Application Data\DivX
2009-02-08 08:11 --------- d-----w c:\program files\DivX
2009-02-05 02:57 --------- d-----w c:\program files\Dream Wallpaper
2009-02-04 16:47 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-03 21:43 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 21:43 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-03 03:06 --------- d-----w c:\program files\TechTracker
2009-02-03 03:06 --------- d-----w c:\documents and settings\abu.Nersian\Application Data\VersionTracker Pro
2009-01-16 18:01 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2008-07-31 00:53 57,376 ----a-w c:\program files\Uninstall.exe
2008-07-31 00:53 5,115 ----a-w c:\program files\Uninstall.ini
.
------- Sigcheck -------
04/15/2008 12:00 PM 84992 e1a2919bce1ca25af15ba16ed440650e c:\windows\system32\ctfmon.exe
04/15/2008 12:00 PM 15360 252f972131eb23596c20b82ca190dc5c c:\windows\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/15/2008 12:00 PM 84992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [10/26/2004 12:01 PM 4632576]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [04/29/2004 02:15 PM 159801]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/06/2008 09:32 AM 267792]
"nwiz"="nwiz.exe" [10/26/2004 12:01 PM 995328 c:\windows\system32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM 122880 c:\windows\BCMSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/15/2008 12:00 PM 84992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [08/03/2004 11:59 PM 44544]
"nltide_3"="advpack.dll" [12/21/2008 01:30 AM 124928 c:\windows\system32\advpack.dll]
c:\documents and settings\abu.Nersian\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Styler.lnk - c:\program files\Styler\Styler.exe [2009-04-02 307200]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
01/12/2004 06:55 AM 110592 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
06/13/2008 09:39 PM 45184 c:\windows\system32\fsp_lmwl.dll
[HKLM\~\startupfolder\C:^Documents and Settings^abu.Nersian^قائمة ابدأ^البرامج^بدء التشغيل^Styler.lnk]
path=c:\documents and settings\abu.Nersian\قائمة ابدأ\البرامج\بدء التشغيل\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 06/12/2008 02:38 AM 104304 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 10/07/2005 02:13 PM 249856 c:\program files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 04/15/2008 12:00 PM 84992 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 03/04/2004 08:59 PM 561152 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 08/24/2007 07:00 AM 111472 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 03/30/2008 10:36 AM 336680 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 04/14/2008 06:59 PM 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/18/2007 11:34 AM 5802008 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 06/17/2008 04:00 PM 1327104 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 10/02/2008 07:00 AM 1193984 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 05/28/2003 05:32 PM 155648 c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 05/27/2008 10:50 AM 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 02/04/2009 12:27 PM 23975720 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 12/15/2008 03:34 AM 210328 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 11/06/2008 09:32 AM 267792 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 04/15/2008 12:00 PM 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=2 (0x2)
"ERSvc"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"helpsvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"BCMSMMSG"=BCMSMMSG.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Microsoft Games\\Midtown Madness 2 Trial\\mm2trial.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\BandRich\\BandLuxe HSDPA Utility R11\\CManager.exe"=
"c:\\Program Files\\BandRich\\BandLuxe HSDPA Utility R11\\BRService.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtProc1.exe"=
"c:\\Documents and Settings\\abu.Nersian\\سطح المكتب\\IPPVR\\IPPVR.exe"=
"c:\\Documents and Settings\\abu.Nersian\\سطح المكتب\\chek_server\\chek server\\wsp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\LeapFTP 3.0\\LeapFTP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\abu.Nersian\\سطح المكتب\\metoovet-v1\\metoovet-xp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"=
"c:\\WINDOWS\\system32\\1XConfig.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [06/05/2006 12:00 AM 35824]
R3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\dm9usb.sys [03/20/2002 09:24 AM 26674]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [12/01/2008 10:59 AM 33752]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [02/01/2008 04:17 PM 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [02/01/2008 04:17 PM 8320]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [02/04/2009 07:47 PM 33808]
S1 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [07/29/2008 07:02 AM 2944]
S2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [05/12/2008 02:14 PM 160992]
S3 abp470n5;abp470n5; [x]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [05/15/2008 10:08 AM 104192]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [03/13/2008 06:02 PM 26640]
S3 LMPC4;LMPC4; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - abp470n5
*Deregistered* - AFD
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - BandLuxe_Service
*Deregistered* - bbcap
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IntelIde
*Deregistered* - IpFilterDriver
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - klbg
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDC8021X
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - OMCI
*Deregistered* - PartMgr
*Deregistered* - pcouffin
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - PQNTDrv
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RegSrvc
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - S24EventMonitor
*Deregistered* - s24trans
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f961613-d6d2-11dd-8324-0018e40a340d}]
\Shell\aUtoPLay\comMand - F:\duvo.pif
\Shell\AutoRun\command - F:\duvo.pif
\Shell\EXplORe\Command - F:\duvo.pif
\Shell\Open\cOMmAnd - F:\duvo.pif
.
Contents of the 'Scheduled Tasks' folder
2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [04/11/2008 05:57 PM]
2009-04-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2014-03-23 c:\windows\Tasks\User_Feed_Synchronization-{29BE3015-0A6B-4424-BD92-016BDCC6A1CB}.job
- c:\windows\system32\msfeedssync.exe [08/13/2007 06:36 PM]
2009-04-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-04-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-DLD - c:\program files\Download Direct\DLD.exe
MSConfigStartUp-IDMan - c:\program files\Internet Download Manager\IDMan.exe
MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - c:\program files\Active Whois\ieshow.exe
DPF: {DD18AE59-EA36-461E-ADD2-5CD79FD22833} - hxxp://nbk.net/quran.cab
FF - ProfilePath - c:\documents and settings\abu.Nersian\Application Data\Mozilla\Firefox\Profiles\6xlciwoj.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\documents and settings\abu.Nersian\Application Data\Mozilla\Firefox\Profiles\6xlciwoj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-02 23:23:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):81,32,52,ab,43,58,40,e6,3a,99,43,e9,8d,f6,a5,50,f6,25,cb,52,c8,
83,5d,41,73,96,3e,ba,d6,df,98,c6,0f,85,c0,f6,33,5a,3f,78,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ff,16,10,57,a9,31,29,64,a8,d4,cf,a5,fc,8d,ce,d1,54,b3,f6,59,74,
73,09,3b,f9,92,db,b2,48,5c,4e,82,6f,ac,b0,31,38,f3,24,10,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{975c3343-a2de-471b-aac4-fd09fc808ec9}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d2
"Therad"=dword:00000018
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e51ac803-038e-4114-961e-810c5d0bc9b0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000019
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,45,2b,09,de,f8,
b6,73,47,05,98,32,02,34,2b,da,61,17,39,fc,bf,ae,06,2d,f3,0e,4a,b4,22,a5,84,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\fsp_lmwl.dll
c:\windows\system32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\S24EVMON.EXE
c:\windows\SYSTEM32\ZCFGSVC.EXE
c:\program files\LOCK MY PC 4\LOCKPC.EXE
c:\windows\SYSTEM32\1XCONFIG.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\REGSRVC.EXE
.
**************************************************************************
.
Completion time: 04/02/2009 23:28:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-02 20:28:04
Pre-Run: 81,645,174,784 bytes free
Post-Run: 81,840,898,048 bytes free
414 --- E O F --- 2009-03-12 23:36:13
