طلال الساهر
زيزوومي جديد
غير متصل
امس فرمت الجهاز عشان الفايروسات 
ونزلت التقرير وياليت مايكون فيه فايروسات
ComboFix 09-04-17.05 - xp 04/19/2009 19:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.446.219 [GMT 3:00]
Running from: c:\documents and settings\xp\سطح المكتب\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-19 15:56 . 2005-02-25 03:34 22752 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-19 15:56 . 2009-04-19 16:06 -------- d--h--w c:\windows\$hf_mig$
2009-04-19 15:51 . 2008-10-16 11:08 23576 ----a-w c:\windows\system32\wuapi.dll.mui
2009-04-19 15:13 . 2009-04-19 15:13 -------- d-----w c:\documents and settings\xp\Application Data\Media Player Classic
2009-04-19 14:26 . 2001-08-17 19:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2009-04-19 14:26 . 2001-08-17 19:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-19 14:26 . 2001-08-17 19:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-04-19 14:26 . 2001-08-17 19:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-19 14:26 . 2001-08-17 11:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
2009-04-19 14:26 . 2001-08-17 11:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-19 13:30 . 2009-04-19 13:30 -------- d-----w c:\documents and settings\xp\Local Settings\Application Data\Google
2009-04-19 10:26 . 2009-04-19 10:26 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-19 10:13 . 2009-04-19 10:13 -------- d-s---w c:\documents and settings\xp\UserData
2009-04-19 03:23 . 2009-04-19 03:23 -------- d-----w c:\windows\Sun
2009-04-18 22:45 . 2009-04-19 09:49 -------- d-----w c:\documents and settings\xp\Application Data\WIPE
2009-04-18 22:45 . 2007-06-22 00:08 139776 ----a-w c:\windows\system32\dhSQLite.dll
2009-04-18 22:45 . 2007-06-18 15:57 219136 ----a-w c:\windows\sqlite3_engine.dll
2009-04-18 22:45 . 2004-03-08 21:00 609824 ----a-w c:\windows\system32\Comctl32.ocx
2009-04-18 22:22 . 2009-04-18 22:22 -------- d-----w c:\windows\system32\AppData
2009-04-18 22:21 . 2006-03-14 11:00 544833 ----a-w c:\windows\system32\wbocx.ocx
2009-04-18 22:21 . 2004-12-07 07:11 258352 ----a-w c:\windows\system32\unicows.dll
2009-04-18 22:21 . 2002-03-01 14:58 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-04-18 22:21 . 2002-03-01 14:58 28160 ----a-w c:\windows\system32\anim.dll
2009-04-18 21:14 . 2009-04-18 21:15 -------- d-----w c:\documents and settings\xp\Contacts
2009-04-18 21:12 . 2009-04-18 21:12 -------- dc----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-18 21:04 . 2004-08-03 21:55 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-18 21:04 . 2004-08-03 21:55 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-18 21:04 . 2004-08-03 21:45 14720 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-04-18 21:04 . 2004-08-03 21:45 14720 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-18 21:03 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-18 21:03 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 16:15 . 2001-09-19 11:00 40118 ----a-w c:\windows\system32\perfc001.dat
2009-04-19 16:15 . 2001-09-19 11:00 251674 ----a-w c:\windows\system32\perfh001.dat
2009-04-19 15:45 . 2009-04-18 17:17 -------- d-----w c:\program files\mpegable
2009-04-19 12:00 . 2009-04-19 12:00 -------- d-----w c:\program files\Common Files\xing shared
2009-04-19 12:00 . 2009-04-18 17:20 -------- d-----w c:\program files\Common Files\Real
2009-04-19 11:59 . 2009-04-18 17:18 -------- d-----w c:\program files\Google
2009-04-19 11:45 . 2009-04-18 16:40 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-18 22:45 . 2009-04-18 22:45 -------- d-----w c:\program files\Wipe
2009-04-18 22:05 . 2009-04-18 17:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 22:01 . 2009-04-18 17:03 -------- d-----w c:\program files\Common Files\ACD Systems
2009-04-18 17:24 . 2009-04-18 17:17 -------- d-----w c:\documents and settings\xp\Application Data\uTorrent
2009-04-18 17:20 . 2009-04-18 17:20 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-18 17:20 . 2009-04-18 17:19 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-18 17:20 . 2009-04-18 17:20 -------- d-----w c:\program files\Real
2009-04-18 17:19 . 2009-04-18 17:19 -------- d-----w c:\program files\Crystal Player
2009-04-18 17:19 . 2009-04-18 17:19 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-18 17:18 . 2009-04-18 17:18 -------- d-----w c:\program files\VideoLAN
2009-04-18 17:17 . 2009-04-18 17:17 47104 ------w c:\windows\AKDeInstall.exe
2009-04-18 17:17 . 2009-04-18 17:17 -------- d-----w c:\program files\uTorrent
2009-04-18 17:16 . 2009-04-18 17:16 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-18 17:15 . 2009-04-18 16:48 73208 ----a-w c:\documents and settings\xp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 17:14 . 2009-04-18 17:14 -------- d-----w c:\program files\Windows Live
2009-04-18 17:14 . 2009-04-18 17:09 -------- d-----w c:\program files\Ares
2009-04-18 17:10 . 2009-04-18 17:09 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-18 17:09 . 2009-04-18 17:09 -------- d-----w c:\program files\Java
2009-04-18 17:09 . 2009-04-18 17:09 -------- d-----w c:\program files\Common Files\Java
2009-04-18 17:09 . 2009-04-18 17:09 172032 ------w c:\windows\Setup1.exe
2009-04-18 17:09 . 2009-04-18 17:09 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-18 17:09 . 2009-04-18 17:09 -------- dc----w c:\documents and settings\All Users\Application Data\Avira
2009-04-18 17:09 . 2009-04-18 17:09 -------- d-----w c:\program files\Avira
2009-04-18 17:07 . 2009-04-18 17:05 -------- d-----w c:\program files\Common Files\Adobe
2009-04-18 16:59 . 2009-04-18 16:59 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-18 16:51 . 2009-04-18 16:51 -------- d-----w c:\program files\Microsoft.NET
2009-04-18 16:41 . 2009-04-18 16:41 -------- d-----w c:\program files\microsoft frontpage
2009-04-18 16:37 . 2009-04-18 16:37 22144 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-19 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\xp\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Wipe tray agent.lnk - c:\program files\Wipe\wipetray.exe [2009-4-19 191888]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VModes]
VModes AttachToDesktop [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2008-11-26 07:23 881664 ----a-w c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 20:56 15360 ----a-w c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-18 17:09 155648 ----a-w c:\program files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-19 12:00 198160 ----a-w c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-07 03:33 53248 ----a-r c:\windows\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-10-31 04:15 163840 ----a-r c:\windows\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\FTP\\LeapFTP1.exe"=
"f:\\All in one Cleaner\\SysCleaners4in1.exe"=
"f:\\All in one Cleaner\\ToolRegistryCleaner.exe"=
"c:\\Program Files\\Adobe\\Photoshop CS\\Photoshop.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\Documents and Settings\\xp\\سطح المكتب\\ComboFix.exe"=
"c:\\Program Files\\Wipe\\wipetray.exe"=
S3 abp470n5;abp470n5; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-19 19:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-19 19:30
ComboFix-quarantined-files.txt 2009-04-19 16:30
ComboFix2.txt 2009-04-19 16:17
Pre-Run: 15,000,166,400 bytes free
Post-Run: 15,060,123,648 bytes free
177 --- E O F --- 2009-04-19 16:06
ونزلت التقرير وياليت مايكون فيه فايروساتComboFix 09-04-17.05 - xp 04/19/2009 19:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.446.219 [GMT 3:00]
Running from: c:\documents and settings\xp\سطح المكتب\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-19 15:56 . 2005-02-25 03:34 22752 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-19 15:56 . 2009-04-19 16:06 -------- d--h--w c:\windows\$hf_mig$
2009-04-19 15:51 . 2008-10-16 11:08 23576 ----a-w c:\windows\system32\wuapi.dll.mui
2009-04-19 15:13 . 2009-04-19 15:13 -------- d-----w c:\documents and settings\xp\Application Data\Media Player Classic
2009-04-19 14:26 . 2001-08-17 19:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
2009-04-19 14:26 . 2001-08-17 19:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-19 14:26 . 2001-08-17 19:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
2009-04-19 14:26 . 2001-08-17 19:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-19 14:26 . 2001-08-17 11:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-19 14:26 . 2001-08-17 11:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
2009-04-19 14:26 . 2001-08-17 11:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-19 13:30 . 2009-04-19 13:30 -------- d-----w c:\documents and settings\xp\Local Settings\Application Data\Google
2009-04-19 10:26 . 2009-04-19 10:26 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-19 10:13 . 2009-04-19 10:13 -------- d-s---w c:\documents and settings\xp\UserData
2009-04-19 03:23 . 2009-04-19 03:23 -------- d-----w c:\windows\Sun
2009-04-18 22:45 . 2009-04-19 09:49 -------- d-----w c:\documents and settings\xp\Application Data\WIPE
2009-04-18 22:45 . 2007-06-22 00:08 139776 ----a-w c:\windows\system32\dhSQLite.dll
2009-04-18 22:45 . 2007-06-18 15:57 219136 ----a-w c:\windows\sqlite3_engine.dll
2009-04-18 22:45 . 2004-03-08 21:00 609824 ----a-w c:\windows\system32\Comctl32.ocx
2009-04-18 22:22 . 2009-04-18 22:22 -------- d-----w c:\windows\system32\AppData
2009-04-18 22:21 . 2006-03-14 11:00 544833 ----a-w c:\windows\system32\wbocx.ocx
2009-04-18 22:21 . 2004-12-07 07:11 258352 ----a-w c:\windows\system32\unicows.dll
2009-04-18 22:21 . 2002-03-01 14:58 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-04-18 22:21 . 2002-03-01 14:58 28160 ----a-w c:\windows\system32\anim.dll
2009-04-18 21:14 . 2009-04-18 21:15 -------- d-----w c:\documents and settings\xp\Contacts
2009-04-18 21:12 . 2009-04-18 21:12 -------- dc----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-18 21:04 . 2004-08-03 21:55 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-18 21:04 . 2004-08-03 21:55 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-18 21:04 . 2004-08-03 21:45 14720 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-04-18 21:04 . 2004-08-03 21:45 14720 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-18 21:03 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-18 21:03 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 16:15 . 2001-09-19 11:00 40118 ----a-w c:\windows\system32\perfc001.dat
2009-04-19 16:15 . 2001-09-19 11:00 251674 ----a-w c:\windows\system32\perfh001.dat
2009-04-19 15:45 . 2009-04-18 17:17 -------- d-----w c:\program files\mpegable
2009-04-19 12:00 . 2009-04-19 12:00 -------- d-----w c:\program files\Common Files\xing shared
2009-04-19 12:00 . 2009-04-18 17:20 -------- d-----w c:\program files\Common Files\Real
2009-04-19 11:59 . 2009-04-18 17:18 -------- d-----w c:\program files\Google
2009-04-19 11:45 . 2009-04-18 16:40 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-18 22:45 . 2009-04-18 22:45 -------- d-----w c:\program files\Wipe
2009-04-18 22:05 . 2009-04-18 17:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 22:01 . 2009-04-18 17:03 -------- d-----w c:\program files\Common Files\ACD Systems
2009-04-18 17:24 . 2009-04-18 17:17 -------- d-----w c:\documents and settings\xp\Application Data\uTorrent
2009-04-18 17:20 . 2009-04-18 17:20 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-18 17:20 . 2009-04-18 17:19 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-18 17:20 . 2009-04-18 17:20 -------- d-----w c:\program files\Real
2009-04-18 17:19 . 2009-04-18 17:19 -------- d-----w c:\program files\Crystal Player
2009-04-18 17:19 . 2009-04-18 17:19 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-18 17:18 . 2009-04-18 17:18 -------- d-----w c:\program files\VideoLAN
2009-04-18 17:17 . 2009-04-18 17:17 47104 ------w c:\windows\AKDeInstall.exe
2009-04-18 17:17 . 2009-04-18 17:17 -------- d-----w c:\program files\uTorrent
2009-04-18 17:16 . 2009-04-18 17:16 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-18 17:15 . 2009-04-18 16:48 73208 ----a-w c:\documents and settings\xp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 17:14 . 2009-04-18 17:14 -------- d-----w c:\program files\Windows Live
2009-04-18 17:14 . 2009-04-18 17:09 -------- d-----w c:\program files\Ares
2009-04-18 17:10 . 2009-04-18 17:09 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-18 17:09 . 2009-04-18 17:09 -------- d-----w c:\program files\Java
2009-04-18 17:09 . 2009-04-18 17:09 -------- d-----w c:\program files\Common Files\Java
2009-04-18 17:09 . 2009-04-18 17:09 172032 ------w c:\windows\Setup1.exe
2009-04-18 17:09 . 2009-04-18 17:09 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-18 17:09 . 2009-04-18 17:09 -------- dc----w c:\documents and settings\All Users\Application Data\Avira
2009-04-18 17:09 . 2009-04-18 17:09 -------- d-----w c:\program files\Avira
2009-04-18 17:07 . 2009-04-18 17:05 -------- d-----w c:\program files\Common Files\Adobe
2009-04-18 16:59 . 2009-04-18 16:59 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-18 16:51 . 2009-04-18 16:51 -------- d-----w c:\program files\Microsoft.NET
2009-04-18 16:41 . 2009-04-18 16:41 -------- d-----w c:\program files\microsoft frontpage
2009-04-18 16:37 . 2009-04-18 16:37 22144 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-19 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\xp\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Wipe tray agent.lnk - c:\program files\Wipe\wipetray.exe [2009-4-19 191888]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VModes]
VModes AttachToDesktop [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2008-11-26 07:23 881664 ----a-w c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 20:56 15360 ----a-w c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-18 17:09 155648 ----a-w c:\program files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-19 12:00 198160 ----a-w c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-07 03:33 53248 ----a-r c:\windows\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-10-31 04:15 163840 ----a-r c:\windows\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\FTP\\LeapFTP1.exe"=
"f:\\All in one Cleaner\\SysCleaners4in1.exe"=
"f:\\All in one Cleaner\\ToolRegistryCleaner.exe"=
"c:\\Program Files\\Adobe\\Photoshop CS\\Photoshop.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\Documents and Settings\\xp\\سطح المكتب\\ComboFix.exe"=
"c:\\Program Files\\Wipe\\wipetray.exe"=
S3 abp470n5;abp470n5; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-19 19:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-19 19:30
ComboFix-quarantined-files.txt 2009-04-19 16:30
ComboFix2.txt 2009-04-19 16:17
Pre-Run: 15,000,166,400 bytes free
Post-Run: 15,060,123,648 bytes free
177 --- E O F --- 2009-04-19 16:06
