هذا التقرير حق ال COMBOFIX
ComboFix 09-04-04.01 - Kareem 04/06/2009 18:04:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1022.643 [GMT 2:00]
Running from: c:\documents and settings\Kareem\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Kareem\Application Data\.#
c:\documents and settings\Kareem\Application Data\.#\MBX@164@384160.###
c:\documents and settings\Kareem\Application Data\.#\MBX@164@384190.###
c:\documents and settings\Kareem\Application Data\.#\MBX@164@3841C0.###
c:\documents and settings\Kareem\Application Data\.#\MBX@420@384160.###
c:\documents and settings\Kareem\Application Data\.#\MBX@420@384190.###
c:\documents and settings\Kareem\Application Data\.#\MBX@420@3841C0.###
c:\documents and settings\Kareem\Application Data\.#\MBX@DF8@384160.###
c:\documents and settings\Kareem\Application Data\.#\MBX@DF8@384190.###
c:\documents and settings\Kareem\Application Data\.#\MBX@DF8@3841C0.###
c:\documents and settings\Kareem\Application Data\.#\MBX@F04@384150.###
c:\documents and settings\Kareem\Application Data\.#\MBX@F04@384180.###
c:\documents and settings\Kareem\Application Data\.#\MBX@F04@3841B0.###
c:\documents and settings\Kareem\Application Data\.#\MBX@FE0@384160.###
c:\documents and settings\Kareem\Application Data\.#\MBX@FE0@384190.###
c:\documents and settings\Kareem\Application Data\.#\MBX@FE0@3841C0.###
c:\documents and settings\Kareem\Application Data\addon.dat
c:\windows\system32\agsaame.dll
c:\windows\system32\ALOAudioFile2.dll
c:\windows\system32\ALOAVIFile.dll
c:\windows\system32\ALOQuickTimeFile.dll
c:\windows\system32\ALOVideoCoreM.dll
c:\windows\system32\ALOWMAFile2.dll
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 16:09 --------- d-----w c:\documents and settings\Kareem\Application Data\DMCache
2009-04-06 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-06 16:07 991,264 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-06 16:07 8,660 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-06 16:07 8,379,424 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-06 16:07 78,072 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-05 21:29 --------- d-----w c:\program files\YouTring
2009-04-05 21:26 --------- d-----w c:\program files\Common Files\Apple
2009-04-05 19:55 --------- d-----w c:\documents and settings\Kareem\Application Data\Skype
2009-04-05 19:04 --------- d-----w c:\documents and settings\Kareem\Application Data\skypePM
2009-04-05 06:04 --------- d-----w c:\documents and settings\Kareem\Application Data\Sierra Entertainment
2009-04-05 05:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-05 05:52 --------- d-----w c:\program files\AGEIA Technologies
2009-04-05 05:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 05:06 --------- d-----w c:\program files\netcut
2009-04-04 21:10 --------- d-----w c:\documents and settings\Kareem\Application Data\vmntoolbar
2009-04-04 14:46 --------- d-----w c:\documents and settings\Kareem\Application Data\Shape games
2009-04-04 11:57 --------- d-----w c:\documents and settings\Kareem\Application Data\IDM
2009-04-02 15:31 --------- d-----w c:\program files\WinPcap
2009-03-30 05:04 --------- d-----w c:\program files\KYE
2009-03-30 05:04 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-29 12:49 --------- d-----w c:\program files\Internet Download Manager
2009-03-27 20:21 --------- d-----w c:\program files\MyPlayCity
2009-03-27 19:05 --------- d-----w c:\program files\Rowley Associates Limited
2009-03-27 18:16 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-27 16:12 --------- d-----w c:\documents and settings\Kareem\Application Data\SunRay Games
2009-03-27 10:27 --------- d-----w c:\documents and settings\Kareem\Application Data\Intenium
2009-03-27 05:23 --------- d-----w c:\program files\Algorithm Builder
2009-03-21 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\Gogii
2009-03-21 09:03 --------- d-----w c:\documents and settings\Kareem\Application Data\Ahead
2009-03-21 09:02 --------- d-----w c:\program files\Nero
2009-03-21 09:02 --------- d-----w c:\program files\Common Files\Ahead
2009-03-18 11:44 --------- d-----w c:\program files\Common Files\Nero
2009-03-17 17:12 --------- d-----w c:\documents and settings\Kareem\Application Data\Shockwave
2009-03-17 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\Shockwave
2009-03-17 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-03-16 17:56 --------- d-----w c:\program files\Common Files\Adobe
2009-03-15 23:51 --------- d-----w c:\program files\Resistor Color Coder
2009-03-15 18:41 --------- d-----w c:\program files\EDGE Diagrammer
2009-03-14 22:43 --------- d-----w c:\program files\PonyProg2000
2009-03-14 07:25 --------- d-----w c:\documents and settings\Kareem\Application Data\Thinstall
2009-03-13 20:25 --------- d-----w c:\program files\KGB Archiver
2009-03-13 15:09 --------- d-----w c:\program files\DLPortIO
2009-03-13 07:51 --------- d-----w c:\program files\OJOsoft
2009-03-13 07:51 --------- d-----w c:\program files\Common Files\Common Share
2009-03-13 07:46 --------- d-----w c:\program files\Aglare Mp4 to AVI Converter
2009-03-13 00:37 --------- d-----w c:\program files\AviSynth 2.5
2009-03-12 22:21 --------- d-----w c:\documents and settings\Kareem\Application Data\FairyTale
2009-03-11 18:40 --------- d-----w c:\documents and settings\Kareem\Application Data\Boolat Games
2009-03-07 11:08 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-03-05 20:14 --------- d--h--r c:\documents and settings\Kareem\Application Data\SecuROM
2009-03-04 17:31 --------- d-----w c:\documents and settings\Kareem\Application Data\PlayFirst
2009-03-04 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-02-27 08:59 --------- d-----w c:\documents and settings\Guest\Application Data\Yahoo!
2009-02-27 08:57 --------- d-----w c:\documents and settings\Guest\Application Data\VMNTOOLBAR
2009-02-27 08:57 --------- d-----w c:\documents and settings\Guest\Application Data\EmailNotifier
2009-02-26 11:05 --------- d-----w c:\documents and settings\Kareem\Application Data\EleFun Games
2009-02-25 17:20 --------- d-----w c:\documents and settings\Kareem\Application Data\ITTNord
2009-02-22 17:45 --------- d-----w c:\program files\Common Files\Skype
2009-02-22 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-22 17:45 --------- d-----r c:\program files\Skype
2009-02-21 22:04 --------- d-----w c:\documents and settings\Kareem\Application Data\eGames
2009-02-21 22:04 --------- d-----w c:\documents and settings\All Users\Application Data\eGames
2009-02-17 11:21 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2009-02-12 11:43 --------- d-----w c:\documents and settings\Kareem\Application Data\IMVU
2009-02-10 10:35 --------- d-----w c:\program files\CROME
2009-02-09 09:49 --------- d-----w c:\documents and settings\Kareem\Application Data\Download Manager
2009-02-08 20:51 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-08 20:12 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-02-08 20:12 --------- d-----w c:\program files\Business Objects
2009-02-08 20:06 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-08 20:03 --------- d-----w c:\program files\Microsoft.NET
2009-02-08 19:58 --------- d-----w c:\program files\Microsoft Device Emulator
2009-02-08 19:57 --------- d-----w c:\program files\Windows Mobile 5.0 SDK R2
2009-02-08 19:56 --------- d-----w c:\program files\Microsoft Synchronization Services
2009-02-08 19:56 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-02-08 19:39 --------- d-----w c:\program files\Common Files\Merge Modules
2009-02-08 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-02-08 19:35 --------- d-----w c:\program files\MSBuild
2009-02-08 19:35 --------- d-----w c:\program files\HTML Help Workshop
2009-02-08 19:33 --------- d-----w c:\program files\Microsoft SDKs
2009-02-08 19:33 --------- d-----w c:\program files\CE Remote Tools
2009-02-08 19:31 --------- d-----w c:\program files\Microsoft Web Designer Tools
2009-02-08 19:22 --------- d-----w c:\program files\Reference Assemblies
2009-02-07 19:54 --------- d-----w c:\program files\MSXML 6.0
.
------- Sigcheck -------
04/14/2008 02:12 AM 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\svchost.exe
08/04/2004 03:07 AM 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\svchost.exe
08/04/2004 03:07 AM 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\dllcache\svchost.exe
04/14/2008 02:12 AM 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\user32.dll
03/02/2005 08:09 PM 577024 de2db164bbb35db061af0997e4499054 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
03/02/2005 08:19 PM 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll
08/04/2004 03:07 AM 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\system32\user32.dll
08/04/2004 03:07 AM 577024 c72661f8552ace7c5c85e16a3cf505c4 c:\windows\system32\dllcache\user32.dll
04/14/2008 02:12 AM 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\ws2_32.dll
08/04/2004 03:07 AM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll
08/04/2004 03:07 AM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\dllcache\ws2_32.dll
04/13/2008 09:20 PM 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\tcpip.sys
06/20/2008 12:45 PM 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
06/20/2008 12:45 PM 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\drivers\tcpip.sys
04/14/2008 02:12 AM 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\winlogon.exe
08/04/2004 03:07 AM 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe
08/04/2004 03:07 AM 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\dllcache\winlogon.exe
04/13/2008 09:20 PM 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\ndis.sys
08/04/2004 03:07 AM 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
08/04/2004 03:07 AM 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys
04/13/2008 08:53 PM 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\ip6fw.sys
08/04/2004 03:07 AM 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
08/04/2004 03:07 AM 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys
08/14/2008 11:22 AM 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\Driver Cache\i386\ntkrnlpa.exe
04/13/2008 08:31 PM 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\ntkrnlpa.exe
03/02/2005 02:36 AM 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntkrnlpa.exe
08/14/2008 11:22 AM 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\system32\ntkrnlpa.exe
08/14/2008 11:22 AM 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\system32\dllcache\ntkrnlpa.exe
08/14/2008 12:00 PM 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\Driver Cache\i386\ntoskrnl.exe
04/13/2008 09:27 PM 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\ntoskrnl.exe
03/02/2005 03:04 AM 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntoskrnl.exe
08/14/2008 12:00 PM 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\system32\ntoskrnl.exe
08/14/2008 12:00 PM 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\system32\dllcache\ntoskrnl.exe
08/04/2004 03:07 AM 1032192 a0732187050030ae399b241436565e64 c:\windows\explorer.exe
04/14/2008 02:12 AM 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\explorer.exe
08/04/2004 03:07 AM 1032192 a0732187050030ae399b241436565e64 c:\windows\system32\dllcache\explorer.exe
04/14/2008 02:12 AM 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\services.exe
08/04/2004 03:07 AM 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe
08/04/2004 03:07 AM 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\dllcache\services.exe
04/14/2008 02:12 AM 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\lsass.exe
08/04/2004 03:07 AM 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe
08/04/2004 03:07 AM 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\dllcache\lsass.exe
04/14/2008 02:12 AM 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\ctfmon.exe
08/04/2004 03:07 AM 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\ctfmon.exe
08/04/2004 03:07 AM 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\dllcache\ctfmon.exe
04/14/2008 02:12 AM 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\spoolsv.exe
08/04/2004 03:07 AM 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\system32\spoolsv.exe
08/04/2004 03:07 AM 57856 7435b108b935e42ea92ca94f59c8e717 c:\windows\system32\dllcache\spoolsv.exe
04/14/2008 02:12 AM 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\userinit.exe
08/04/2004 03:07 AM 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe
08/04/2004 03:07 AM 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\dllcache\userinit.exe
04/14/2008 02:12 AM 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\termsrv.dll
08/04/2004 03:07 AM 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
08/04/2004 03:07 AM 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\dllcache\termsrv.dll
04/14/2008 02:11 AM 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\kernel32.dll
08/04/2004 03:07 AM 983552 888190e31455fad793312f8d087146eb c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
08/04/2004 03:07 AM 983552 888190e31455fad793312f8d087146eb c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
08/04/2004 03:07 AM 983552 888190e31455fad793312f8d087146eb c:\windows\system32\kernel32.dll
08/04/2004 03:07 AM 983552 888190e31455fad793312f8d087146eb c:\windows\system32\dllcache\kernel32.dll
04/14/2008 02:12 AM 17408 50a166237a0fa771261275a405646cc0 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\powrprof.dll
08/04/2004 03:07 AM 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\powrprof.dll
08/04/2004 03:07 AM 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\dllcache\powrprof.dll
04/14/2008 02:11 AM 110080 0da85218e92526972a821587e6a8bf8f c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\imm32.dll
08/04/2004 03:07 AM 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\system32\imm32.dll
08/04/2004 03:07 AM 110080 87ca7ce6469577f059297b9d6556d66d c:\windows\system32\dllcache\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [03/27/2009 10:22 PM 1883672]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
03/27/2009 10:22 PM 1883672 --a------ c:\program files\MyPlayCity\tbMyP1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
09/24/2007 04:26 PM 1966080 --a------ c:\progra~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\VMNTOO~1\VMNTOO~1.DLL" [09/24/2007 04:26 PM 1966080]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [03/27/2009 10:22 PM 1883672]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "c:\progra~1\VMNTOO~1\VMNTOO~1.DLL" [09/24/2007 04:26 PM 1966080]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [03/27/2009 10:22 PM 1883672]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 03:07 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [03/28/2009 10:41 AM 2745776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [02/05/2009 04:08 PM 201992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [04/12/2006 04:38 AM 7110656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [02/27/2009 05:10 PM 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 03:07 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Update Scheduler for Proteus Professional 7.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Update Scheduler for Proteus Professional 7.lnk
backup=c:\windows\pss\Update Scheduler for Proteus Professional 7.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinManager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinManager.lnk
backup=c:\windows\pss\WinManager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kareem^Start Menu^Programs^Startup^YouTring.lnk]
path=c:\documents and settings\Kareem\Start Menu\Programs\Startup\YouTring.lnk
backup=c:\windows\pss\YouTring.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 02/27/2009 05:10 PM 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 03:07 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVB-S for MCE]
--a------ 04/04/2006 10:55 AM 147456 c:\program files\DVBS4MCE\DVBS4MCE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 03/28/2009 10:41 AM 2745776 c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 08/25/2008 12:36 PM 1168264 c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 10/01/2008 06:57 PM 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 08/04/2004 01:06 AM 1667584 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 04/12/2006 04:38 AM 7110656 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 04/12/2006 04:38 AM 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 09/06/2008 03:09 PM 413696 c:\program files\Ringz Studio\Storm Codec\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 02/07/2005 04:04 AM 94037 c:\program files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 11/10/2008 05:43 AM 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 11/06/2007 07:51 PM 3810544 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r---c--- 05/03/2005 11:43 AM 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 04/12/2006 04:38 AM 1519616 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r---c--- 05/10/2007 11:08 AM 16342528 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 scio;scio;c:\windows\system32\drivers\scio.sys [2008-11-05 3072]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2008-11-01 3584]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2008-11-01 6144]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\Mach3.sys [2008-11-03 107168]
R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;c:\windows\system32\drivers\psxpad.sys [2009-02-09 12160]
R3 PsxPortEnumerator;Psx Port Enumerator;c:\windows\system32\drivers\psxenum.sys [2009-02-09 16896]
S0 878BDA;DVB-TV 878 BDA Driver;c:\windows\system32\Drivers\878BDA.sys --> c:\windows\system32\Drivers\878BDA.sys [?]
S2 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-03-27 33792]
S3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [2008-12-11 10330]
S3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [2008-12-11 25600]
S3 GNDHVF;Genius VideoCAM Smart300 V2;c:\windows\system32\drivers\gndhvf.sys [2009-03-30 225152]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-10-29 356920]
S3 VPNET;DTVNet Ethernet Controller;c:\windows\system32\drivers\DTVNet.sys [2008-12-11 19712]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-DTV-DVB MCE CI - c:\documents and settings\Kareem\MCECIConsole.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Kareem\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {3CDABD73-A41E-46FB-B14B-305AAA3F86AF} = 4.2.2.3,4.2.2.4
FF - ProfilePath - c:\documents and settings\Kareem\Application Data\Mozilla\Firefox\Profiles\llnrua3t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1392740&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - MyPlayCity Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.eg/
FF - component: c:\documents and settings\Kareem\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast, .
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-06 18:09:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{052dd5cd-3601-43b6-a799-e51b73c80381}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4457511a-b900-4fec-8a81-3c295c1988e1}]
@Denied: (Full) (Everyone)
"Model"=dword:00000046
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,f8,94,99,63,24,
84,10,51,05,98,32,02,34,2b,da,61,1f,61,db,46,43,07,46,cb,09,c9,c8,e9,6b,2b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):25,36,d7,17,32,47,72,39,15,a6,2b,3d,73,ff,b0,33,2e,e3,6d,cd,d2,
af,f0,ec,c4,cb,5a,41,dd,47,48,ea,b5,29,b5,cc,a1,11,bb,9a,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):51,0a,44,24,46,a1,0b,8c,2f,1e,90,26,a9,cd,81,38,75,d6,02,ae,d8,
d8,31,9f,01,75,66,b7,12,52,2b,eb,a5,f6,9b,43,7e,22,19,33,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cf1ff391-38ea-4364-b928-557d06367566}]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1228)
c:\windows\system32\klogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 04/06/2009 18:12:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-06 16:12:09
Pre-Run: 8,047,841,280 bytes free
Post-Run: 8,404,754,432 bytes free
385 --- E O F --- 2009-03-17 10:32:36
----------------------------
وهذا حق الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:41 م, on 06/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Progs\Zyzoom\Zyzoom\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kareem\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CDABD73-A41E-46FB-B14B-305AAA3F86AF}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CDABD73-A41E-46FB-B14B-305AAA3F86AF}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CDABD73-A41E-46FB-B14B-305AAA3F86AF}: NameServer = 4.2.2.3,4.2.2.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 6624 bytes
k:
