اشكر اخوي : سلاطين2: على تغيير العنوان
وبالنسبة للتقارير :
تقرير البرنامج الثاني
ComboFix 09-04-04.01 - ahmed 04/07/2009 19:51:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.447.125 [GMT 2:00]
Running from: c:\documents and settings\ahmed\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\agsaame.dll
c:\windows\system32\ALOAudioFile2.dll
c:\windows\system32\ALOAVIFile.dll
c:\windows\system32\ALOQuickTimeFile.dll
c:\windows\system32\ALOVideoCoreM.dll
c:\windows\system32\ALOWMAFile2.dll
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 19:15 --------- d-----w c:\documents and settings\ahmed\Application Data\PC Suite
2009-04-20 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-20 00:38 --------- d-----w c:\program files\SweetIM
2009-04-19 23:02 --------- d-----w c:\documents and settings\ahmed\Application Data\Winamp
2009-04-19 18:54 --------- d-----w c:\program files\Messenger Plus! Live
2009-04-18 22:03 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-18 15:44 --------- d-----w c:\program files\Ozone
2009-04-17 21:00 --------- d-----w c:\program files\IObit
2009-04-17 14:14 --------- d-----w c:\program files\My Lockbox
2009-04-17 11:16 --------- d-----w c:\documents and settings\Guest\Application Data\PC Suite
2009-04-17 11:16 --------- d-----w c:\documents and settings\Guest\Application Data\Nokia
2009-04-16 18:56 --------- d-----w c:\documents and settings\ahmed\Application Data\Media Player Classic
2009-04-16 18:13 --------- d-----w c:\program files\QuickTime
2009-04-16 18:13 --------- d-----w c:\program files\PC Connectivity Solution
2009-04-16 18:05 --------- d-----w c:\program files\Apple Software Update
2009-04-16 13:35 --------- d-----w c:\documents and settings\ahmed\Application Data\Apple Computer
2009-04-15 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-15 20:56 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-04-15 20:34 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-15 12:56 --------- d-----w c:\documents and settings\ahmed\Application Data\Windows Live Writer
2009-04-14 18:04 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-14 18:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-14 18:04 --------- d-----w c:\documents and settings\ahmed\Application Data\Nokia
2009-04-14 07:49 --------- d-----w c:\program files\VIA
2009-04-14 07:49 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-14 07:27 --------- d-----w c:\program files\Realtek
2009-04-14 07:27 --------- d-----w c:\documents and settings\ahmed\Application Data\InstallShield
2009-04-07 17:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-07 15:00 --------- d-----w c:\program files\Magic Karaoke Maker
2009-04-07 11:43 --------- d-----w c:\program files\NSS
2009-04-07 05:56 --------- d-----w c:\documents and settings\ahmed\Application Data\IDM
2009-04-07 05:55 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-07 05:55 --------- d-----w c:\documents and settings\ahmed\Application Data\DMCache
2009-04-07 05:54 9,704 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-07 05:54 319,520 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-07 05:54 2,172 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-07 05:54 1,103,904 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-06 21:09 --------- d-----w c:\program files\UxTheme Multipatcher Fr
2009-04-06 20:53 --------- d-----w c:\program files\IE Accelerator
2009-04-06 20:50 --------- d-----w c:\program files\Hotspot Shield
2009-04-03 12:08 --------- d-----w c:\documents and settings\Guest\Application Data\Winamp
2009-04-03 12:08 --------- d-----w c:\documents and settings\Guest\Application Data\DivX
2009-04-02 19:09 --------- d-----w c:\program files\Common Files\xing shared
2009-04-02 19:09 --------- d-----w c:\program files\Common Files\Real
2009-04-02 19:08 --------- d-----w c:\program files\Real
2009-04-02 19:05 --------- d-----w c:\program files\XP Codec Pack
2009-04-02 19:04 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-01 20:47 --------- d-----w c:\program files\Google
2009-04-01 15:31 --------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-04-01 13:39 --------- d-----w c:\program files\AstroAvenger DEMO
2009-04-01 11:55 --------- d-----w c:\program files\TweakMASTER
2009-03-31 15:15 --------- d-----w c:\program files\DAP
2009-03-31 12:27 --------- d-----w c:\program files\Ela-Salaty
2009-03-30 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2009-03-30 12:08 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-28 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-26 21:57 --------- d-----w c:\program files\Opera
2009-03-26 15:22 --------- d-----w c:\program files\Internet Download Manager
2009-03-25 23:51 --------- d-----w c:\program files\DU Meter
2009-03-25 18:13 --------- d-----w c:\program files\Windows Live
2009-03-25 18:12 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-25 18:12 --------- d-----w c:\program files\Microsoft
2009-03-25 18:06 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-25 18:06 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-25 18:06 --------- d-----w c:\program files\Kaspersky Lab
2009-03-25 16:03 --------- d-----w c:\program files\ObjectRescue Pro
2009-03-25 16:03 --------- d-----w c:\program files\Mozilla Firefox(2)
2009-03-25 16:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 16:02 --------- d-----w c:\program files\SuperCleaner
2009-03-25 16:02 --------- d-----w c:\program files\Saree Files Recover
2009-03-25 13:06 315,392 ----a-w c:\windows\HideWin.exe
2009-03-23 22:09 --------- d-----w c:\documents and settings\Guest\Application Data\Media Player Classic
2009-03-23 13:42 --------- d-----w c:\program files\FinalData
2009-03-22 20:36 --------- d-----w c:\documents and settings\ahmed\Application Data\Almeza MultiSet
2009-03-31 15:13 251,392 ----a-w c:\program files\opera\program\plugins\dapop.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [10/08/2008 12:22 PM 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
10/08/2008 12:22 PM 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8C564CD-2FA0-4534-AF8D-52F3D054C0EF}]
11/15/2007 02:36 PM 2293760 --a------ c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [11/15/2007 02:36 PM 2293760]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [10/08/2008 12:22 PM 1172792]
[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [11/15/2007 02:36 PM 2293760]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [10/08/2008 12:22 PM 1172792]
[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 03:00 PM 15360]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [06/09/2008 12:13 AM 2645528]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [10/02/2008 07:00 AM 1124352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [03/26/2009 04:17 PM 2745776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [11/11/2008 07:59 PM 206088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [04/02/2009 09:09 PM 185896]
"IE Accelerator"="c:\progra~1\IEACCE~1\IEAccelerator.exe" [03/30/2009 11:44 AM 284672]
"SoundMan"="SOUNDMAN.EXE" [05/17/2005 12:48 PM 77824 c:\windows\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [03/07/2005 09:33 PM 53248 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [03/11/2005 11:33 AM 147456 c:\windows\system32\VTTrayp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 03:00 PM 15360]
c:\documents and settings\ahmed\Start Menu\Programs\Startup\
TempClean.lnk - c:\program files\TempClean\TempClean.exe [25/01/2009 11:45:58 ê 356352]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - c:\program files\Google\Web Accelerator\GoogleWebAccWarden.exe [09/07/2007 10:24:38 ê 1134592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 06/12/2008 11:38 AM 29184 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 04/14/2008 03:00 PM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 03/31/2009 05:13 PM 4568576 c:\program files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 03/26/2009 04:17 PM 2745776 c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 01/08/2009 07:38 PM 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 02/06/2009 06:53 PM 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 06/17/2008 04:00 PM 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 10/02/2008 07:00 AM 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 09/06/2008 03:09 PM 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 01/26/2009 09:09 AM 131072 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 04/02/2009 09:09 PM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakMASTER]
--a------ 11/27/2006 03:25 PM 283168 c:\program files\TweakMASTER\TMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 08/04/2008 01:02 AM 36352 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclMSBTSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 05:29:38 م 32784]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [17/04/2009 04:14:33 م 17264]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [14/04/2009 09:25:00 ص 13696]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [26/03/2009 01:51:27 ص 1386008]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02:46 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06:48 م 24592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 07:31:34 م 42000]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [02/04/2009 08:04:09 م 32377]
.
Contents of the 'Scheduled Tasks' folder
2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [07/30/2008 12:34 PM]
2009-04-22 c:\windows\Tasks\User_Feed_Synchronization-{C263DDE9-D0D5-460F-8C72-6F2608BD0F20}.job
- c:\windows\system32\msfeedssync.exe []
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
MSConfigStartUp-amva - c:\windows\system32\amvo.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gogle.com/
mStart Page = hxxp://home.sweetim.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {8DD21EB0-8D65-4666-AC81-0BE0C57B2735} = 84.23.102.172 84.23.101.84
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\ahmed\Application Data\Mozilla\Firefox\Profiles\980gyzhf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\ahmed\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-07 07:56:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bb,73,25,03,52,a7,c3,04,f1,1b,56,7b,75,c2,14,87,89,7d,e7,07,c5,
5b,1d,db,47,7c,f3,b3,a7,98,f2,65,61,54,08,97,2c,43,5e,5b,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fff13c61-6bc5-4498-a9fe-c6d792cdca98}]
@Denied: (Full) (Everyone)
"Model"=dword:00000053
"Therad"=dword:00000001
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,a6,cc,f7,99,c0,1e,5f,3c,6b,18,1a,83,67,4b,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Google\Web Accelerator\GoogleWebAccClient.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\WudfHost.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 04/07/2009 7:59:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-07 05:59:48
Pre-Run: 13,344,710,656 bytes free
Post-Run: 13,227,159,552 bytes free
290
وتقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:11:29 ص, on 07/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\IEACCE~1\IEAccelerator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\ahmed\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: TBSB09257 - {F8C564CD-2FA0-4534-AF8D-52F3D054C0EF} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O3 - Toolbar: AmanLinks_Beta_0.0.4 - {0C55A48A-97DC-4003-8729-7D0B159B40D3} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IE Accelerator] C:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TempClean.lnk = C:\Program Files\TempClean\TempClean.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DD21EB0-8D65-4666-AC81-0BE0C57B2735}: NameServer = 84.23.102.172 84.23.101.84
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8154 bytes
ولكم الشكر مقدماً,,,,,,,,,,,,,,
