- بادئ الموضوع saa33aad
- تاريخ البدء
- 1,305
KoNaMi
زيزوومى فضى
غير متصل
اوكي يالغلا الحين استخدم اداة الكموفكس
هذا رابط اخر للاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : KoNaMi
تأييد
0
ComboFix 09-04-29.01 - Acer 04/30/2009 5:16.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1022.439 [GMT 3:00]
Running from: c:\documents and settings\Acer\My Documents\Programs\ComboFix.exe
AV: G DATA InternetSecurity 2009 *On-access scanning enabled* (Updated)
FW: G DATA Personal Firewall *enabled*
FW: Outpost Firewall Pro *enabled*
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.
2009-04-30 00:18 . 2009-04-30 00:18 -------- d-----w c:\documents and settings\Acer\Application Data\Malwarebytes
2009-04-30 00:16 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 00:16 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 00:16 . 2009-04-30 00:16 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 00:16 . 2009-04-30 00:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 23:14 . 2009-04-29 23:14 -------- d-----w C:\Temp
2009-04-29 19:57 . 2009-04-29 19:57 -------- d-----w c:\windows\system32\LogFiles
2009-04-29 19:49 . 2009-04-29 19:49 -------- d-sh--w C:\FOUND.001
2009-04-29 19:46 . 2009-04-29 19:46 -------- d-sh--w C:\FOUND.000
2009-04-29 04:19 . 2009-04-29 04:19 -------- d-----w c:\program files\Basta Computing
2009-04-29 04:17 . 2009-04-29 04:17 -------- d-----w c:\documents and settings\Acer\Application Data\Basta Computing
2009-04-29 03:31 . 2009-04-29 03:31 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\G DATA
2009-04-28 20:37 . 2003-11-04 12:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-04-28 20:36 . 2004-01-11 23:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-04-28 19:54 . 2007-03-08 04:20 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-28 19:54 . 2007-03-08 04:20 49920 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-28 19:53 . 2009-04-28 19:53 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-28 19:53 . 2007-05-02 10:03 267864 ----a-r c:\windows\system32\hpzids01.dll
2009-04-28 18:28 . 2009-04-28 18:28 -------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-04-28 18:25 . 2009-04-28 18:25 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-28 18:25 . 2009-04-28 18:25 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-28 18:24 . 2009-04-28 18:24 -------- d-----w c:\program files\Common Files\HP
2009-04-28 18:24 . 2009-04-28 18:24 -------- d-----w c:\program files\Hewlett-Packard
2009-04-28 18:23 . 2009-04-28 18:23 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-28 18:21 . 2009-04-28 18:21 -------- d-----w c:\program files\HP
2009-04-28 18:21 . 2004-08-04 02:00 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-28 18:21 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-28 18:19 . 2009-04-28 19:55 162980 ----a-w c:\windows\hpoins21.dat
2009-04-28 18:19 . 2007-05-15 10:10 8138 ------w c:\windows\hpomdl21.dat
2009-04-28 13:02 . 2009-04-28 13:02 -------- d-----w c:\program files\MSBuild
2009-04-28 02:17 . 2009-04-28 02:17 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-28 01:40 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-28 01:38 . 2009-04-28 01:38 -------- d-----w c:\program files\Microsoft Works
2009-04-28 01:32 . 2009-04-28 01:32 -------- d-----w c:\windows\SHELLNEW
2009-04-28 01:31 . 2009-04-28 01:31 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\Microsoft Help
2009-04-28 01:31 . 2009-04-28 01:31 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-28 01:30 . 2009-04-28 01:30 -------- d--h--r C:\MSOCache
2009-04-28 01:29 . 2009-04-28 01:29 -------- d-sh--w C:\Recycled
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\program files\Common Files\COWON
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\program files\JetAudio
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\documents and settings\Acer\Application Data\InstallShield
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\program files\Google
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\program files\GRETECH
2009-04-28 01:21 . 2009-04-28 01:21 -------- d-----w c:\documents and settings\Acer\Application Data\Paltalk
2009-04-28 01:21 . 2009-04-28 01:21 -------- d-----w c:\windows\PaltalkScene
2009-04-28 01:21 . 2009-04-28 01:21 -------- d-----w c:\program files\Paltalk Messenger
2009-04-28 01:20 . 2009-04-28 01:20 -------- d-----w c:\documents and settings\Acer\Application Data\CyberScrub
2009-04-28 01:19 . 2009-04-28 01:20 -------- d-----w c:\documents and settings\Acer\Application Data\cleaner
2009-04-28 01:19 . 2009-02-26 07:27 704384 ----a-w c:\windows\system32\drivers\SandBox.sys
2009-04-28 01:19 . 2009-02-10 13:15 257432 ----a-w c:\windows\system32\drivers\afwcore.sys
2009-04-28 01:19 . 2008-06-20 06:45 30864 ----a-w c:\windows\system32\drivers\afw.sys
2009-04-28 01:18 . 2009-04-28 01:18 -------- d-----w c:\windows\system32\Filt
2009-04-28 01:18 . 2009-04-28 01:18 -------- d-----w c:\program files\Agnitum
2009-04-28 01:18 . 2009-04-28 01:18 -------- d-----w c:\documents and settings\All Users\Application Data\Agnitum
2009-04-28 01:18 . 2009-04-28 01:18 50888 ----a-w c:\windows\system32\drivers\MiniIcpt.sys
2009-04-28 01:18 . 2009-04-28 01:18 32200 ----a-w c:\windows\system32\drivers\HookCentre.sys
2009-04-28 01:17 . 2009-04-28 01:17 22272 ----a-w c:\windows\system32\drivers\GDNdisIc.sys
2009-04-28 01:17 . 2009-04-28 01:17 50888 ----a-w c:\windows\system32\drivers\GDTdiIcpt.sys
2009-04-28 01:17 . 2009-04-28 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\G DATA
2009-04-28 01:17 . 2009-04-28 01:17 -------- d-----w c:\program files\Common Files\G DATA
2009-04-28 01:17 . 2009-04-28 01:17 -------- d-----w c:\program files\G DATA
2009-04-28 01:15 . 2009-04-28 01:15 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\Downloaded Installations
2009-04-28 01:12 . 2009-04-28 13:24 90352 ----a-w c:\documents and settings\Acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 23:46 . 2009-04-27 23:46 -------- d-----w c:\program files\Common Files\xing shared
2009-04-27 23:46 . 2009-04-27 23:46 -------- d-----w c:\program files\Real
2009-04-27 23:46 . 2009-04-27 23:46 -------- d-----w c:\program files\Common Files\Real
2009-04-27 23:45 . 2009-04-27 23:45 -------- d-----w c:\program files\MessengerDiscovery
2009-04-27 22:40 . 2009-04-27 22:40 -------- d-sh--w c:\documents and settings\Acer\IECompatCache
2009-04-27 22:40 . 2009-04-27 22:40 -------- d-sh--w c:\documents and settings\Acer\PrivacIE
2009-04-27 22:37 . 2009-04-27 22:37 -------- d-sh--w c:\documents and settings\Acer\IETldCache
2009-04-27 22:35 . 2009-04-27 22:35 -------- d-----w c:\windows\ie8updates
2009-04-27 22:29 . 2009-04-27 22:29 -------- d--h--w c:\windows\ie8
2009-04-27 22:11 . 2009-04-27 22:11 -------- d-----w c:\documents and settings\Acer\Application Data\AdobeUM
2009-04-27 22:11 . 2009-04-27 22:11 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\Adobe
2009-04-27 22:11 . 2009-04-27 22:11 -------- d-----w c:\program files\Common Files\Adobe
2009-04-27 20:45 . 2009-04-27 20:45 -------- d-----w c:\documents and settings\Acer\Application Data\GRETECH
2009-04-27 20:23 . 2009-04-27 20:23 -------- d-----w c:\documents and settings\Acer\Application Data\COWON
2009-04-27 20:01 . 2009-04-27 20:01 -------- d-----w c:\documents and settings\Acer\Contacts
2009-04-27 18:19 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-27 17:04 . 2009-04-27 17:04 -------- d-----w c:\windows\system32\scripting
2009-04-27 17:04 . 2009-04-27 17:04 -------- d-----w c:\windows\l2schemas
2009-04-27 17:04 . 2009-04-27 17:04 -------- d-----w c:\windows\system32\en
2009-04-27 17:04 . 2009-04-27 17:04 -------- d-----w c:\windows\system32\bits
2009-04-27 16:58 . 2009-04-27 16:58 -------- d-----w c:\windows\ServicePackFiles
2009-04-27 16:56 . 2009-04-27 16:56 -------- d-----w c:\windows\system32\DRVSTORE
2009-04-27 16:55 . 2009-04-27 16:55 -------- d-----w c:\program files\MSN Messenger
2009-04-27 16:21 . 2004-08-03 19:29 104960 ------w c:\windows\system32\drivers\atinrvxx.sys
2009-04-27 16:21 . 2004-08-03 19:41 13240 ------w c:\windows\system32\drivers\slwdmsup.sys
2009-04-27 16:21 . 2004-08-03 19:29 36463 ------w c:\windows\system32\drivers\ati1tuxx.sys
2009-04-27 16:21 . 2004-08-03 19:29 11935 ------w c:\windows\system32\drivers\wadv11nt.sys
2009-04-27 16:21 . 2004-08-03 19:41 685056 ------w c:\windows\system32\drivers\hsfcxts2.sys
2009-04-27 16:21 . 2004-08-03 19:29 28672 ------w c:\windows\system32\drivers\atinsnxx.sys
2009-04-27 16:21 . 2004-08-03 19:41 11868 ------w c:\windows\system32\drivers\mdmxsdk.sys
2009-04-27 16:19 . 2004-08-03 19:29 21343 ------w c:\windows\system32\drivers\ati1ttxx.sys
2009-04-27 16:19 . 2004-08-03 19:29 63663 ------w c:\windows\system32\drivers\ati1rvxx.sys
2009-04-27 16:19 . 2004-08-03 19:41 1041536 ------w c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-27 16:19 . 2004-08-03 19:29 13824 ------w c:\windows\system32\drivers\atinmdxx.sys
2009-04-27 16:19 . 2004-08-03 19:29 26367 ------w c:\windows\system32\drivers\ati1snxx.sys
2009-04-27 16:19 . 2004-08-03 19:41 129535 ------w c:\windows\system32\drivers\slnt7554.sys
2009-04-27 16:19 . 2004-08-03 19:29 29455 ------w c:\windows\system32\drivers\ati1xbxx.sys
2009-04-27 16:19 . 2004-08-03 19:29 14336 ------w c:\windows\system32\drivers\atinpdxx.sys
2009-04-27 16:19 . 2004-08-03 19:29 11871 ------w c:\windows\system32\drivers\wadv09nt.sys
2009-04-27 16:19 . 2004-08-03 19:29 13824 ------w c:\windows\system32\drivers\atinttxx.sys
2009-04-27 15:58 . 2009-01-07 15:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-27 15:58 . 2009-04-27 15:58 -------- d--h--w c:\windows\$hf_mig$
2009-04-27 15:49 . 2009-04-27 15:49 -------- d-sh--w c:\documents and settings\Acer\UserData
2009-04-27 15:48 . 2009-04-27 15:48 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\Google
2009-04-27 15:46 . 2009-04-27 15:46 68296 ----a-w c:\windows\system32\drivers\GRD.sys
2009-04-26 21:33 . 2005-01-14 12:57 4010 ----a-w c:\windows\system32\drivers\osanbm.sys
2009-04-26 21:33 . 2005-06-30 13:58 7296 ----a-w c:\windows\system32\drivers\osaio.sys
2009-04-26 21:33 . 2009-04-26 21:33 -------- d-----w c:\windows\Downloaded Installations
2009-04-26 21:31 . 2005-10-28 13:55 258048 ----a-w c:\windows\system32\Uninstall_eRecovery.exe
2009-04-26 21:31 . 2009-04-26 21:31 -------- d-----w C:\Acer
2009-04-26 21:31 . 2009-04-26 21:31 -------- d-----w c:\windows\tiinst
2009-04-26 21:30 . 2009-04-26 21:30 -------- d-----w c:\documents and settings\Acer\Bluetooth Software
2009-04-26 21:25 . 2009-04-26 21:25 -------- d-----w c:\program files\WIDCOMM
2009-04-26 21:25 . 2009-04-26 21:25 -------- d-----w c:\program files\Launch Manager
2009-04-26 21:25 . 2004-12-10 08:49 147456 ----a-w c:\windows\UNINST32.EXE
2009-04-26 21:25 . 2002-12-19 12:58 49152 ----a-w c:\windows\system32\QtBtLib.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 02:19 . 2005-05-13 03:57 12 ----a-w c:\windows\bthservsdp.dat
2009-04-27 23:46 . 2003-03-18 17:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-27 23:46 . 2003-02-21 02:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-27 17:10 . 2005-05-13 02:56 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-26 11:13 . 2005-04-19 06:29 4197 ----a-w c:\windows\CLEANUP.CMD
2009-04-26 11:13 . 2004-06-25 14:13 227 ----a-w c:\windows\HotFix.bat
2009-03-08 01:34 . 2004-08-04 02:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2004-08-04 02:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2004-08-04 02:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2004-08-04 02:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2004-08-04 02:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2004-08-04 02:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2004-08-04 02:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2004-08-04 02:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2004-08-04 02:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2004-08-04 02:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 02:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2004-08-04 02:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 02:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 02:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 02:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 02:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 16:02 . 2004-08-04 02:00 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 02:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 02:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 02:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 02:00 56832 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"FerrariWallPaper"="c:\windows\FerrariWallPaper\FerrariWP.exe" [2005-01-23 45056]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2006-04-18 294912]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2008-09-22 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2008-09-22 993352]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-03-02 1225032]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-03-02 433480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-27 198160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-04-15 88202]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-22 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Acer\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Rasputin.lnk - c:\program files\Basta Computing\Rasputin\Rasputin.exe [2007-11-15 449224]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-8-16 577597]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-03-02 1267016]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-02-26 33888]
S0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-04-28 22272]
S1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-04-27 68296]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-02-26 704384]
S2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2008-09-22 650824]
S2 AVKService;G DATA Scheduler;c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe [2008-09-22 386120]
S2 AVKWCtl;AntiVirus Monitor;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2008-08-14 1185496]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-04-28 50888]
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2008-06-20 30864]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432]
S3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2008-08-15 1395616]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-04-28 50888]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-04-28 32200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-30 05:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1280)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\acer\EMANAGER\ANBMSERV.EXE
c:\program files\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
.
**************************************************************************
.
Completion time: 2009-04-30 5:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 02:24
Pre-Run: 19,703,431,168 bytes free
Post-Run: 19,722,698,752 bytes free
308 --- E O F --- 2009-04-28 01:26
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1022.439 [GMT 3:00]
Running from: c:\documents and settings\Acer\My Documents\Programs\ComboFix.exe
AV: G DATA InternetSecurity 2009 *On-access scanning enabled* (Updated)
FW: G DATA Personal Firewall *enabled*
FW: Outpost Firewall Pro *enabled*
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.
2009-04-30 00:18 . 2009-04-30 00:18 -------- d-----w c:\documents and settings\Acer\Application Data\Malwarebytes
2009-04-30 00:16 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 00:16 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 00:16 . 2009-04-30 00:16 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-30 00:16 . 2009-04-30 00:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 23:14 . 2009-04-29 23:14 -------- d-----w C:\Temp
2009-04-29 19:57 . 2009-04-29 19:57 -------- d-----w c:\windows\system32\LogFiles
2009-04-29 19:49 . 2009-04-29 19:49 -------- d-sh--w C:\FOUND.001
2009-04-29 19:46 . 2009-04-29 19:46 -------- d-sh--w C:\FOUND.000
2009-04-29 04:19 . 2009-04-29 04:19 -------- d-----w c:\program files\Basta Computing
2009-04-29 04:17 . 2009-04-29 04:17 -------- d-----w c:\documents and settings\Acer\Application Data\Basta Computing
2009-04-29 03:31 . 2009-04-29 03:31 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\G DATA
2009-04-28 20:37 . 2003-11-04 12:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-04-28 20:36 . 2004-01-11 23:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-04-28 20:36 . 2004-05-14 13:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-04-28 19:54 . 2007-03-08 04:20 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-28 19:54 . 2007-03-08 04:20 49920 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-28 19:53 . 2009-04-28 19:53 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-28 19:53 . 2007-05-02 10:03 267864 ----a-r c:\windows\system32\hpzids01.dll
2009-04-28 18:28 . 2009-04-28 18:28 -------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-04-28 18:25 . 2009-04-28 18:25 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-28 18:25 . 2009-04-28 18:25 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-28 18:24 . 2009-04-28 18:24 -------- d-----w c:\program files\Common Files\HP
2009-04-28 18:24 . 2009-04-28 18:24 -------- d-----w c:\program files\Hewlett-Packard
2009-04-28 18:23 . 2009-04-28 18:23 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-04-28 18:21 . 2009-04-28 18:21 -------- d-----w c:\program files\HP
2009-04-28 18:21 . 2004-08-04 02:00 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-28 18:21 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-28 18:19 . 2009-04-28 19:55 162980 ----a-w c:\windows\hpoins21.dat
2009-04-28 18:19 . 2007-05-15 10:10 8138 ------w c:\windows\hpomdl21.dat
2009-04-28 13:02 . 2009-04-28 13:02 -------- d-----w c:\program files\MSBuild
2009-04-28 02:17 . 2009-04-28 02:17 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-28 01:40 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-28 01:38 . 2009-04-28 01:38 -------- d-----w c:\program files\Microsoft Works
2009-04-28 01:32 . 2009-04-28 01:32 -------- d-----w c:\windows\SHELLNEW
2009-04-28 01:31 . 2009-04-28 01:31 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\Microsoft Help
2009-04-28 01:31 . 2009-04-28 01:31 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-28 01:30 . 2009-04-28 01:30 -------- d--h--r C:\MSOCache
2009-04-28 01:29 . 2009-04-28 01:29 -------- d-sh--w C:\Recycled
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\program files\Common Files\COWON
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\program files\JetAudio
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\documents and settings\Acer\Application Data\InstallShield
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\program files\Google
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\program files\GRETECH
2009-04-28 01:21 . 2009-04-28 01:21 -------- d-----w c:\documents and settings\Acer\Application Data\Paltalk
2009-04-28 01:21 . 2009-04-28 01:21 -------- d-----w c:\windows\PaltalkScene
2009-04-28 01:21 . 2009-04-28 01:21 -------- d-----w c:\program files\Paltalk Messenger
2009-04-28 01:20 . 2009-04-28 01:20 -------- d-----w c:\documents and settings\Acer\Application Data\CyberScrub
2009-04-28 01:19 . 2009-04-28 01:20 -------- d-----w c:\documents and settings\Acer\Application Data\cleaner
2009-04-28 01:19 . 2009-02-26 07:27 704384 ----a-w c:\windows\system32\drivers\SandBox.sys
2009-04-28 01:19 . 2009-02-10 13:15 257432 ----a-w c:\windows\system32\drivers\afwcore.sys
2009-04-28 01:19 . 2008-06-20 06:45 30864 ----a-w c:\windows\system32\drivers\afw.sys
2009-04-28 01:18 . 2009-04-28 01:18 -------- d-----w c:\windows\system32\Filt
2009-04-28 01:18 . 2009-04-28 01:18 -------- d-----w c:\program files\Agnitum
2009-04-28 01:18 . 2009-04-28 01:18 -------- d-----w c:\documents and settings\All Users\Application Data\Agnitum
2009-04-28 01:18 . 2009-04-28 01:18 50888 ----a-w c:\windows\system32\drivers\MiniIcpt.sys
2009-04-28 01:18 . 2009-04-28 01:18 32200 ----a-w c:\windows\system32\drivers\HookCentre.sys
2009-04-28 01:17 . 2009-04-28 01:17 22272 ----a-w c:\windows\system32\drivers\GDNdisIc.sys
2009-04-28 01:17 . 2009-04-28 01:17 50888 ----a-w c:\windows\system32\drivers\GDTdiIcpt.sys
2009-04-28 01:17 . 2009-04-28 01:17 -------- d-----w c:\documents and settings\All Users\Application Data\G DATA
2009-04-28 01:17 . 2009-04-28 01:17 -------- d-----w c:\program files\Common Files\G DATA
2009-04-28 01:17 . 2009-04-28 01:17 -------- d-----w c:\program files\G DATA
2009-04-28 01:15 . 2009-04-28 01:15 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\Downloaded Installations
2009-04-28 01:12 . 2009-04-28 13:24 90352 ----a-w c:\documents and settings\Acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 23:46 . 2009-04-27 23:46 -------- d-----w c:\program files\Common Files\xing shared
2009-04-27 23:46 . 2009-04-27 23:46 -------- d-----w c:\program files\Real
2009-04-27 23:46 . 2009-04-27 23:46 -------- d-----w c:\program files\Common Files\Real
2009-04-27 23:45 . 2009-04-27 23:45 -------- d-----w c:\program files\MessengerDiscovery
2009-04-27 22:40 . 2009-04-27 22:40 -------- d-sh--w c:\documents and settings\Acer\IECompatCache
2009-04-27 22:40 . 2009-04-27 22:40 -------- d-sh--w c:\documents and settings\Acer\PrivacIE
2009-04-27 22:37 . 2009-04-27 22:37 -------- d-sh--w c:\documents and settings\Acer\IETldCache
2009-04-27 22:35 . 2009-04-27 22:35 -------- d-----w c:\windows\ie8updates
2009-04-27 22:29 . 2009-04-27 22:29 -------- d--h--w c:\windows\ie8
2009-04-27 22:11 . 2009-04-27 22:11 -------- d-----w c:\documents and settings\Acer\Application Data\AdobeUM
2009-04-27 22:11 . 2009-04-27 22:11 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\Adobe
2009-04-27 22:11 . 2009-04-27 22:11 -------- d-----w c:\program files\Common Files\Adobe
2009-04-27 20:45 . 2009-04-27 20:45 -------- d-----w c:\documents and settings\Acer\Application Data\GRETECH
2009-04-27 20:23 . 2009-04-27 20:23 -------- d-----w c:\documents and settings\Acer\Application Data\COWON
2009-04-27 20:01 . 2009-04-27 20:01 -------- d-----w c:\documents and settings\Acer\Contacts
2009-04-27 18:19 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-27 17:04 . 2009-04-27 17:04 -------- d-----w c:\windows\system32\scripting
2009-04-27 17:04 . 2009-04-27 17:04 -------- d-----w c:\windows\l2schemas
2009-04-27 17:04 . 2009-04-27 17:04 -------- d-----w c:\windows\system32\en
2009-04-27 17:04 . 2009-04-27 17:04 -------- d-----w c:\windows\system32\bits
2009-04-27 16:58 . 2009-04-27 16:58 -------- d-----w c:\windows\ServicePackFiles
2009-04-27 16:56 . 2009-04-27 16:56 -------- d-----w c:\windows\system32\DRVSTORE
2009-04-27 16:55 . 2009-04-27 16:55 -------- d-----w c:\program files\MSN Messenger
2009-04-27 16:21 . 2004-08-03 19:29 104960 ------w c:\windows\system32\drivers\atinrvxx.sys
2009-04-27 16:21 . 2004-08-03 19:41 13240 ------w c:\windows\system32\drivers\slwdmsup.sys
2009-04-27 16:21 . 2004-08-03 19:29 36463 ------w c:\windows\system32\drivers\ati1tuxx.sys
2009-04-27 16:21 . 2004-08-03 19:29 11935 ------w c:\windows\system32\drivers\wadv11nt.sys
2009-04-27 16:21 . 2004-08-03 19:41 685056 ------w c:\windows\system32\drivers\hsfcxts2.sys
2009-04-27 16:21 . 2004-08-03 19:29 28672 ------w c:\windows\system32\drivers\atinsnxx.sys
2009-04-27 16:21 . 2004-08-03 19:41 11868 ------w c:\windows\system32\drivers\mdmxsdk.sys
2009-04-27 16:19 . 2004-08-03 19:29 21343 ------w c:\windows\system32\drivers\ati1ttxx.sys
2009-04-27 16:19 . 2004-08-03 19:29 63663 ------w c:\windows\system32\drivers\ati1rvxx.sys
2009-04-27 16:19 . 2004-08-03 19:41 1041536 ------w c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-27 16:19 . 2004-08-03 19:29 13824 ------w c:\windows\system32\drivers\atinmdxx.sys
2009-04-27 16:19 . 2004-08-03 19:29 26367 ------w c:\windows\system32\drivers\ati1snxx.sys
2009-04-27 16:19 . 2004-08-03 19:41 129535 ------w c:\windows\system32\drivers\slnt7554.sys
2009-04-27 16:19 . 2004-08-03 19:29 29455 ------w c:\windows\system32\drivers\ati1xbxx.sys
2009-04-27 16:19 . 2004-08-03 19:29 14336 ------w c:\windows\system32\drivers\atinpdxx.sys
2009-04-27 16:19 . 2004-08-03 19:29 11871 ------w c:\windows\system32\drivers\wadv09nt.sys
2009-04-27 16:19 . 2004-08-03 19:29 13824 ------w c:\windows\system32\drivers\atinttxx.sys
2009-04-27 15:58 . 2009-01-07 15:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-27 15:58 . 2009-04-27 15:58 -------- d--h--w c:\windows\$hf_mig$
2009-04-27 15:49 . 2009-04-27 15:49 -------- d-sh--w c:\documents and settings\Acer\UserData
2009-04-27 15:48 . 2009-04-27 15:48 -------- d-----w c:\documents and settings\Acer\Local Settings\Application Data\Google
2009-04-27 15:46 . 2009-04-27 15:46 68296 ----a-w c:\windows\system32\drivers\GRD.sys
2009-04-26 21:33 . 2005-01-14 12:57 4010 ----a-w c:\windows\system32\drivers\osanbm.sys
2009-04-26 21:33 . 2005-06-30 13:58 7296 ----a-w c:\windows\system32\drivers\osaio.sys
2009-04-26 21:33 . 2009-04-26 21:33 -------- d-----w c:\windows\Downloaded Installations
2009-04-26 21:31 . 2005-10-28 13:55 258048 ----a-w c:\windows\system32\Uninstall_eRecovery.exe
2009-04-26 21:31 . 2009-04-26 21:31 -------- d-----w C:\Acer
2009-04-26 21:31 . 2009-04-26 21:31 -------- d-----w c:\windows\tiinst
2009-04-26 21:30 . 2009-04-26 21:30 -------- d-----w c:\documents and settings\Acer\Bluetooth Software
2009-04-26 21:25 . 2009-04-26 21:25 -------- d-----w c:\program files\WIDCOMM
2009-04-26 21:25 . 2009-04-26 21:25 -------- d-----w c:\program files\Launch Manager
2009-04-26 21:25 . 2004-12-10 08:49 147456 ----a-w c:\windows\UNINST32.EXE
2009-04-26 21:25 . 2002-12-19 12:58 49152 ----a-w c:\windows\system32\QtBtLib.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 02:19 . 2005-05-13 03:57 12 ----a-w c:\windows\bthservsdp.dat
2009-04-27 23:46 . 2003-03-18 17:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-27 23:46 . 2003-02-21 02:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-27 17:10 . 2005-05-13 02:56 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-26 11:13 . 2005-04-19 06:29 4197 ----a-w c:\windows\CLEANUP.CMD
2009-04-26 11:13 . 2004-06-25 14:13 227 ----a-w c:\windows\HotFix.bat
2009-03-08 01:34 . 2004-08-04 02:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2004-08-04 02:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2004-08-04 02:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2004-08-04 02:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2004-08-04 02:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2004-08-04 02:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2004-08-04 02:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2004-08-04 02:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2004-08-04 02:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2004-08-04 02:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 02:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2004-08-04 02:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 02:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 02:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 02:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 02:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 16:02 . 2004-08-04 02:00 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 02:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 02:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 02:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 02:00 56832 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-14 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"FerrariWallPaper"="c:\windows\FerrariWallPaper\FerrariWP.exe" [2005-01-23 45056]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2006-04-18 294912]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2008-09-22 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2008-09-22 993352]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-03-02 1225032]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-03-02 433480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-27 198160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-04-15 88202]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-22 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Acer\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Rasputin.lnk - c:\program files\Basta Computing\Rasputin\Rasputin.exe [2007-11-15 449224]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-8-16 577597]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-03-02 1267016]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-02-26 33888]
S0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-04-28 22272]
S1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-04-27 68296]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-02-26 704384]
S2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2008-09-22 650824]
S2 AVKService;G DATA Scheduler;c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe [2008-09-22 386120]
S2 AVKWCtl;AntiVirus Monitor;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2008-08-14 1185496]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-04-28 50888]
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2008-06-20 30864]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432]
S3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2008-08-15 1395616]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-04-28 50888]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-04-28 32200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-30 05:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1280)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\acer\EMANAGER\ANBMSERV.EXE
c:\program files\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
.
**************************************************************************
.
Completion time: 2009-04-30 5:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 02:24
Pre-Run: 19,703,431,168 bytes free
Post-Run: 19,722,698,752 bytes free
308 --- E O F --- 2009-04-28 01:26
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:49 AM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\FerrariWallPaper\FerrariWP.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Acer\My Documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [FerrariWallPaper] C:\WINDOWS\FerrariWallPaper\FerrariWP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump
s_startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Rasputin.lnk = C:\Program Files\Basta Computing\Rasputin\Rasputin.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus Monitor (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 9487 bytes
Scan saved at 5:37:49 AM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\FerrariWallPaper\FerrariWP.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Acer\My Documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [FerrariWallPaper] C:\WINDOWS\FerrariWallPaper\FerrariWP.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump
s_startupO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Rasputin.lnk = C:\Program Files\Basta Computing\Rasputin\Rasputin.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus Monitor (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 9487 bytes
تأييد
0
KoNaMi
زيزوومى فضى
غير متصل
اوكي يالغلا الحين احذف التالي
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
بعدين اعمل الاتي
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
طريقة الحذف للاكس بي
بعدين اعمل الاتي
حمل هذه الاداة من هنا
بعد تنزيل الاداة دبل كلك ستظهر لديك مثل هذه النافذة خذ صورة لها وارفقها بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد تنزيل الاداة دبل كلك ستظهر لديك مثل هذه النافذة خذ صورة لها وارفقها بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد
0
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
- الحالة