- بادئ الموضوع توووفي...
- تاريخ البدء
- 2,395
يعطيك الف عاااافيه على المجهود الرااااااااااااااااااااااااائع
الحمد لله تم حذف البرنامج ..والعمل الان ..
تأييد
0
عزيزي تفضل التقرير..
ComboFix 09-05-07.06 - user1 05/08/2009 5:57.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1022.572 [GMT 3:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
AV: Kaspersky Internet Security 6.0 *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security 6.0 *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.
2009-05-08 01:43 . 2009-05-08 01:43 -------- d-----w c:\documents and settings\user1\Application Data\URSoft
2009-05-08 01:43 . 2009-05-08 01:47 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-07 19:48 . 2009-05-07 19:48 -------- d-----w c:\documents and settings\user1\Application Data\CyberScrub
2009-05-07 19:45 . 2009-05-07 19:45 -------- d-----w c:\documents and settings\user1\Application Data\cleaner
2009-05-07 18:08 . 2009-05-08 01:03 -------- d-----w c:\documents and settings\user1\Application Data\HPAppData
2009-05-07 18:05 . 2009-05-07 18:05 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-05-07 17:57 . 2009-05-07 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-05-07 17:57 . 2007-10-30 09:25 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-05-07 17:57 . 2007-10-30 09:25 49920 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-05-07 17:56 . 2009-05-07 17:56 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-07 17:56 . 2007-10-20 15:25 117760 ----a-w c:\windows\system32\hpzll5mu.dll
2009-05-07 17:56 . 2007-10-30 09:25 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-05-07 17:55 . 2007-10-30 09:25 309760 ----a-r c:\windows\system32\difxapi.dll
2009-05-07 17:55 . 2007-10-30 09:25 372736 ----a-r c:\windows\system32\hppldcoi.dll
2009-05-07 17:55 . 2007-10-30 09:11 303104 ----a-r c:\windows\system32\hpovst15.dll
2009-05-07 17:55 . 2007-10-30 09:11 581632 ----a-r c:\windows\system32\hpotscl6.dll
2009-05-07 17:55 . 2007-10-30 09:11 729088 ----a-r c:\windows\system32\hpowiax7.dll
2009-05-07 17:55 . 2008-04-13 21:15 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-05-07 17:55 . 2008-04-13 21:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-05-07 17:50 . 2009-05-07 18:05 173523 ----a-w c:\windows\hpoins27.dat
2009-05-07 17:50 . 2008-01-18 15:56 932 ------w c:\windows\hpomdl27.dat
2009-05-07 17:39 . 2009-05-07 17:39 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-05-07 17:38 . 2009-05-07 17:39 -------- d-----w c:\windows\system32\URTTemp
2009-05-07 17:31 . 2009-05-07 17:37 68882 ----a-w c:\windows\hpoins05.dat
2009-05-07 17:31 . 2004-12-14 16:07 19696 ------w c:\windows\hpomdl05.dat
2009-05-07 17:02 . 2009-05-07 17:29 143217 ----a-w c:\windows\HPHins13.dat
2009-05-07 17:02 . 2007-01-22 16:05 2977 ------w c:\windows\hphmdl13.dat
2009-05-06 05:27 . 2009-05-06 05:32 -------- d-----w c:\documents and settings\user1\Application Data\HP
2009-05-06 05:21 . 2009-05-07 17:43 -------- d-----w c:\program files\Common Files\HP
2009-05-06 05:15 . 2006-06-03 18:29 48640 ----a-w c:\windows\system32\hpzll4pi.dll
2009-05-06 05:14 . 2006-03-03 18:03 69632 ------w c:\windows\system32\HPZipm12.exe
2009-05-06 05:14 . 2006-03-03 18:03 65536 ------w c:\windows\system32\HPZinw12.exe
2009-05-06 05:14 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-06 05:08 . 2008-04-13 21:17 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-06 05:08 . 2008-04-13 21:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-06 05:07 . 2009-05-06 05:29 135216 ----a-w c:\windows\HPHins12.dat
2009-05-06 05:07 . 2006-06-12 22:21 14916 ------w c:\windows\hphmdl12.dat
2009-05-04 23:44 . 2009-05-08 02:58 6544416 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-04 23:44 . 2009-05-08 02:59 83744 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-01 18:15 . 2006-05-29 05:26 13312 ----a-w c:\windows\system32\drivers\nmwcdcj.sys
2009-05-01 18:15 . 2006-05-29 05:26 13312 ----a-w c:\windows\system32\drivers\nmwcdcm.sys
2009-05-01 18:15 . 2006-05-29 05:26 8704 ----a-w c:\windows\system32\drivers\nmwcdc.sys
2009-05-01 18:15 . 2006-05-29 05:26 30720 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-05-01 18:15 . 2006-05-29 05:26 4608 ----a-w c:\windows\system32\nmwcdlog.dll
2009-05-01 18:15 . 2006-05-29 05:26 127488 ----a-w c:\windows\system32\drivers\nmwcd.sys
2009-05-01 18:15 . 2006-05-29 05:26 50688 ----a-w c:\windows\system32\nmwcdcls.dll
2009-05-01 18:15 . 2009-05-04 23:06 -------- d-----w c:\program files\Nokia
2009-04-29 04:00 . 2009-04-29 04:00 720896 ----a-w c:\windows\iun6002.exe
2009-04-29 04:00 . 2009-04-29 04:00 -------- d-----w c:\program files\Abadisoft
2009-04-28 12:34 . 2009-04-28 12:34 -------- d-----w c:\documents and settings\user1\Application Data\vlc
2009-04-27 01:50 . 2009-04-27 02:35 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-27 01:50 . 2009-04-27 02:35 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-27 01:49 . 2009-04-27 13:46 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-26 19:50 . 2009-05-04 23:44 -------- d-----w c:\program files\Kaspersky Lab
2009-04-26 18:09 . 2009-04-27 01:49 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-25 19:03 . 2009-04-25 19:03 -------- d-----w c:\documents and settings\user1\Application Data\EA
2009-04-24 21:36 . 2009-04-25 19:03 29 ----a-w c:\windows\popcinfo.dat
2009-04-21 13:36 . 2009-04-21 13:36 -------- d-s---w c:\documents and settings\user1\UserData
2009-04-21 13:03 . 2009-04-21 13:03 -------- d-----w c:\documents and settings\user1\Contacts
2009-04-21 11:04 . 2009-04-21 11:04 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-04-21 08:51 . 2009-04-21 08:51 -------- d-----w c:\documents and settings\user1\Bluetooth Software
2009-04-21 08:49 . 2009-04-21 08:49 -------- d-----w c:\program files\WIDCOMM
2009-04-21 08:47 . 2009-04-21 11:04 -------- d-----w c:\windows\nview
2009-04-21 08:40 . 2006-07-20 20:21 208896 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-21 08:37 . 2009-04-21 08:37 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-21 08:37 . 2009-05-07 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-21 08:37 . 2009-04-21 08:37 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-21 08:37 . 2006-07-11 18:55 1233920 ----a-w c:\windows\system32\msxml4.dll
2009-04-21 08:37 . 2006-07-11 18:55 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-21 08:37 . 2006-07-11 18:55 82432 ----a-w c:\windows\system32\msxml4r.dll
2009-04-21 08:36 . 2006-07-11 18:55 1047552 ------w c:\windows\system32\MFC71u.dll
2009-04-21 08:36 . 2006-07-11 18:55 1060864 ------w c:\windows\system32\MFC71.dll
2009-04-21 08:36 . 2006-07-11 18:55 89088 ------w c:\windows\system32\atl71.dll
2009-04-21 08:36 . 2009-05-07 18:02 -------- d-----w c:\program files\HP
2009-04-21 08:36 . 2006-06-17 05:55 69721 ----a-w c:\windows\system32\SynTPFcs.dll
2009-04-21 08:36 . 2006-06-17 06:00 81920 ----a-w c:\windows\system32\SynTPCo2.dll
2009-04-21 08:36 . 2006-06-17 05:24 94297 ----a-w c:\windows\system32\SynTPAPI.dll
2009-04-21 08:36 . 2006-06-17 05:10 193120 ----a-w c:\windows\system32\drivers\SynTP.sys
2009-04-21 08:36 . 2006-06-17 05:24 114688 ----a-w c:\windows\system32\SynCtrl.dll
2009-04-21 08:36 . 2006-06-17 05:23 82012 ----a-w c:\windows\system32\SynCOM.dll
2009-04-21 08:36 . 2009-04-21 08:36 -------- d-----w c:\program files\Synaptics
2009-04-21 08:35 . 2008-04-13 21:09 14592 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-04-21 08:35 . 2008-04-13 21:09 14592 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-21 08:35 . 2009-04-21 08:35 -------- d-----w c:\documents and settings\user1\Local Settings\Application Data\BVRP Software
2009-04-21 08:35 . 2005-09-19 11:24 5760 ----a-w c:\windows\system32\drivers\EabUsb.sys
2009-04-21 08:35 . 2005-09-19 11:23 7808 ----a-w c:\windows\system32\drivers\eabfiltr.sys
2009-04-21 08:35 . 2005-09-19 11:24 9344 ----a-w c:\windows\system32\drivers\CPQBttn.sys
2009-04-21 08:35 . 2009-04-28 12:35 -------- d-----w c:\program files\NetWaiting
2009-04-21 08:35 . 2006-06-19 10:28 999424 ----a-w c:\windows\system32\BttnCmns.dll
2009-04-21 08:35 . 2005-10-31 12:30 987136 ----a-w c:\windows\system32\BttnCmn.dll
2009-04-21 08:34 . 2009-05-01 18:16 -------- d-----w c:\program files\DIFX
2009-04-21 08:34 . 2006-06-27 15:31 102400 ----a-w c:\windows\HPWebcam.exe
2009-04-21 08:34 . 2006-07-06 07:28 47744 ----a-w c:\windows\system32\drivers\snp2uvc.sys
2009-04-21 08:34 . 2006-05-11 14:31 26880 ----a-w c:\windows\system32\drivers\sncduvc.sys
2009-04-21 08:34 . 2006-05-30 16:14 102400 ----a-w c:\windows\system32\vsnp2uvc.dll
2009-04-21 08:34 . 2009-05-07 18:02 -------- d-----w c:\program files\Hewlett-Packard
2009-04-21 08:34 . 2005-11-23 10:55 53248 ----a-w c:\windows\csnp2uvc.dll
2009-04-21 08:33 . 2006-11-14 21:16 32256 ----a-w c:\windows\system32\drivers\rimmptsk.sys
2009-04-21 08:33 . 2006-11-14 14:35 37376 ----a-w c:\windows\system32\drivers\rixdptsk.sys
2009-04-21 08:33 . 2005-05-06 16:06 16480 ----a-w c:\windows\system32\rixdicon.dll
2009-04-21 08:33 . 2006-11-14 16:42 43520 ----a-w c:\windows\system32\drivers\rimsptsk.sys
2009-04-21 08:33 . 2004-09-03 07:00 90112 ----a-w c:\windows\system32\snymsico.dll
2009-04-21 08:33 . 2009-04-21 08:33 -------- d-----w C:\dell
2009-04-21 08:32 . 2009-04-21 08:32 -------- d-----w c:\program files\HPQ
2009-04-21 08:21 . 2008-04-13 21:10 5504 -c--a-w c:\windows\system32\dllcache\intelide.sys
2009-04-21 08:21 . 2008-04-13 21:10 5504 ----a-w c:\windows\system32\drivers\intelide.sys
2009-04-21 08:20 . 2009-04-21 08:20 -------- d-----w c:\program files\Intel
2009-04-21 08:17 . 2009-04-21 08:35 -------- d-----w c:\program files\CONEXANT
2009-04-21 08:17 . 2008-04-13 21:49 146048 -c--a-w c:\windows\system32\dllcache\portcls.sys
2009-04-21 08:17 . 2008-04-13 21:49 146048 ----a-w c:\windows\system32\drivers\portcls.sys
2009-04-21 08:17 . 2008-04-13 21:15 60160 -c--a-w c:\windows\system32\dllcache\drmk.sys
2009-04-21 08:17 . 2008-04-13 21:15 60160 ----a-w c:\windows\system32\drivers\drmk.sys
2009-04-21 08:08 . 2009-04-21 08:08 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 00:56 . 2009-05-04 23:44 251120 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-08 00:56 . 2009-05-04 23:44 10460 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-04 23:06 . 2009-05-04 23:06 -------- d-----w c:\program files\Common Files\Nokia
2009-05-04 23:06 . 2009-05-01 18:16 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-04 23:05 . 2009-05-02 22:29 -------- d-----w c:\program files\FreeMind
2009-04-28 18:40 . 2009-04-20 16:57 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-28 12:35 . 2009-04-20 16:55 -------- d-----w c:\program files\DivX
2009-04-27 02:35 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-21 11:04 . 2009-04-20 16:41 96328 ----a-w c:\documents and settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 08:36 . 2009-04-20 17:02 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 08:33 . 2009-04-20 17:01 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-20 17:18 . 2009-04-20 17:18 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-20 17:18 . 2009-04-20 17:18 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-20 17:17 . 2009-04-20 17:17 -------- d-----w c:\program files\Common Files\Adobe
2009-04-20 17:17 . 2009-04-20 17:16 -------- d-----w c:\program files\Java
2009-04-20 17:16 . 2009-04-20 17:16 -------- d-----w c:\program files\Quran Flash
2009-04-20 17:16 . 2009-04-20 16:57 -------- d-----w c:\program files\Google
2009-04-20 17:16 . 2009-04-20 17:16 -------- d-----w c:\program files\The KMPlayer
2009-04-20 17:16 . 2009-04-20 17:16 -------- d-----w c:\program files\Common Files\Java
2009-04-20 17:15 . 2009-04-20 17:13 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-20 17:15 . 2009-04-20 17:13 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-20 17:15 . 2009-04-20 17:13 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-20 17:15 . 2009-04-20 17:13 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-20 17:15 . 2009-04-20 17:13 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-20 17:15 . 2009-04-20 17:13 196608 ----a-w c:\windows\system32\maag.dll
2009-04-20 17:15 . 2009-04-20 17:13 1245184 ----a-w c:\windows\system32\bkll.dll
2009-04-20 17:15 . 2009-04-20 17:13 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-20 17:15 . 2009-04-20 17:12 -------- d-----w c:\program files\Real_SC
2009-04-20 17:13 . 2009-04-20 17:13 -------- d-----w c:\program files\Typing Arabic
2009-04-20 17:03 . 2009-04-20 17:03 -------- d-----w c:\program files\Common Files\xing shared
2009-04-20 17:03 . 2009-04-20 17:02 -------- d-----w c:\program files\Common Files\Real
2009-04-20 17:03 . 2009-04-20 17:02 -------- d-----w c:\program files\CyberLink
2009-04-20 17:03 . 2009-04-20 17:02 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-20 17:03 . 2009-04-20 17:02 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-20 17:02 . 2009-04-20 17:02 -------- d-----w c:\program files\Real
2009-04-20 17:02 . 2009-04-20 17:02 -------- d-----w c:\program files\VideoLAN
2009-04-20 17:02 . 2009-04-20 16:21 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-20 17:00 . 2009-04-20 17:00 -------- d-----w c:\program files\Nero
2009-04-20 17:00 . 2009-04-20 17:00 -------- d-----w c:\program files\Circle Developement
2009-04-20 16:59 . 2009-04-20 16:59 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-20 16:58 . 2009-04-20 16:58 -------- d-----w c:\program files\Windows Live
2009-04-20 16:58 . 2009-04-20 16:50 -------- d-----w c:\program files\GameHouse Games Collection
2009-04-20 16:56 . 2009-04-20 16:56 -------- d-----w c:\program files\iTunes
2009-04-20 16:56 . 2009-04-20 16:56 -------- d-----w c:\program files\iPod
2009-04-20 16:56 . 2009-04-20 16:56 -------- d-----w c:\program files\Bonjour
2009-04-20 16:56 . 2009-04-20 16:55 -------- d-----w c:\program files\QuickTime
2009-04-20 16:55 . 2009-04-20 16:55 -------- d-----w c:\program files\Webteh
2009-04-20 16:55 . 2009-04-20 16:55 -------- d-----w c:\program files\Apple Software Update
2009-04-20 16:54 . 2009-04-20 16:54 172032 ------w c:\windows\Setup1.exe
2009-04-20 16:54 . 2009-04-20 16:54 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-20 16:54 . 2009-04-20 16:54 -------- d-----w c:\program files\Common Files\Apple
2009-04-20 16:54 . 2009-04-20 16:54 -------- d-----w c:\program files\Lavasoft
2009-04-20 16:52 . 2009-04-20 16:52 -------- d-----w c:\program files\Microsoft.NET
2009-04-20 16:51 . 2009-04-20 16:51 -------- d-----w c:\program files\Microsoft Works
2009-04-20 16:22 . 2009-04-20 16:22 -------- d-----w c:\program files\microsoft frontpage
2009-04-20 16:22 . 2008-04-14 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-20 16:18 . 2009-04-20 16:18 21640 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5728112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-20 185896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"kis"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-02-15 135271]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-23 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2009-4-21 102400]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-20 389120]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;ESET Service; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e2adf1a-38c3-11de-a5f8-001641867abd}]
\Shell\AutoRun\command - F:\hl80c6b1.com
\Shell\open\Command - F:\hl80c6b1.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fbbf809-3805-11de-a5f5-001641867abd}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fae61c2b-3418-11de-a5ea-001641867abd}]
\Shell\AutoRun\command - F:\bo1dhu.bat
\Shell\explore\Command - F:\bo1dhu.bat
\Shell\open\Command - F:\bo1dhu.bat
.
Contents of the 'Scheduled Tasks' folder
2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
2009-05-07 c:\windows\Tasks\WebReg HP Deskjet F2200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 17:40]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext =
uInternet Settings,ProxyOverride = *.local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-08 05:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(524)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-08 6:00
ComboFix-quarantined-files.txt 2009-05-08 03:00
Pre-Run: 37,271,576,576 bytes free
Post-Run: 37,298,343,936 bytes free
309
ComboFix 09-05-07.06 - user1 05/08/2009 5:57.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1022.572 [GMT 3:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
AV: Kaspersky Internet Security 6.0 *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security 6.0 *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.
2009-05-08 01:43 . 2009-05-08 01:43 -------- d-----w c:\documents and settings\user1\Application Data\URSoft
2009-05-08 01:43 . 2009-05-08 01:47 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-07 19:48 . 2009-05-07 19:48 -------- d-----w c:\documents and settings\user1\Application Data\CyberScrub
2009-05-07 19:45 . 2009-05-07 19:45 -------- d-----w c:\documents and settings\user1\Application Data\cleaner
2009-05-07 18:08 . 2009-05-08 01:03 -------- d-----w c:\documents and settings\user1\Application Data\HPAppData
2009-05-07 18:05 . 2009-05-07 18:05 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-05-07 17:57 . 2009-05-07 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-05-07 17:57 . 2007-10-30 09:25 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys
2009-05-07 17:57 . 2007-10-30 09:25 49920 ----a-r c:\windows\system32\drivers\HPZid412.sys
2009-05-07 17:56 . 2009-05-07 17:56 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-07 17:56 . 2007-10-20 15:25 117760 ----a-w c:\windows\system32\hpzll5mu.dll
2009-05-07 17:56 . 2007-10-30 09:25 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys
2009-05-07 17:55 . 2007-10-30 09:25 309760 ----a-r c:\windows\system32\difxapi.dll
2009-05-07 17:55 . 2007-10-30 09:25 372736 ----a-r c:\windows\system32\hppldcoi.dll
2009-05-07 17:55 . 2007-10-30 09:11 303104 ----a-r c:\windows\system32\hpovst15.dll
2009-05-07 17:55 . 2007-10-30 09:11 581632 ----a-r c:\windows\system32\hpotscl6.dll
2009-05-07 17:55 . 2007-10-30 09:11 729088 ----a-r c:\windows\system32\hpowiax7.dll
2009-05-07 17:55 . 2008-04-13 21:15 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-05-07 17:55 . 2008-04-13 21:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-05-07 17:50 . 2009-05-07 18:05 173523 ----a-w c:\windows\hpoins27.dat
2009-05-07 17:50 . 2008-01-18 15:56 932 ------w c:\windows\hpomdl27.dat
2009-05-07 17:39 . 2009-05-07 17:39 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-05-07 17:38 . 2009-05-07 17:39 -------- d-----w c:\windows\system32\URTTemp
2009-05-07 17:31 . 2009-05-07 17:37 68882 ----a-w c:\windows\hpoins05.dat
2009-05-07 17:31 . 2004-12-14 16:07 19696 ------w c:\windows\hpomdl05.dat
2009-05-07 17:02 . 2009-05-07 17:29 143217 ----a-w c:\windows\HPHins13.dat
2009-05-07 17:02 . 2007-01-22 16:05 2977 ------w c:\windows\hphmdl13.dat
2009-05-06 05:27 . 2009-05-06 05:32 -------- d-----w c:\documents and settings\user1\Application Data\HP
2009-05-06 05:21 . 2009-05-07 17:43 -------- d-----w c:\program files\Common Files\HP
2009-05-06 05:15 . 2006-06-03 18:29 48640 ----a-w c:\windows\system32\hpzll4pi.dll
2009-05-06 05:14 . 2006-03-03 18:03 69632 ------w c:\windows\system32\HPZipm12.exe
2009-05-06 05:14 . 2006-03-03 18:03 65536 ------w c:\windows\system32\HPZinw12.exe
2009-05-06 05:14 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-06 05:08 . 2008-04-13 21:17 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-05-06 05:08 . 2008-04-13 21:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-05-06 05:07 . 2009-05-06 05:29 135216 ----a-w c:\windows\HPHins12.dat
2009-05-06 05:07 . 2006-06-12 22:21 14916 ------w c:\windows\hphmdl12.dat
2009-05-04 23:44 . 2009-05-08 02:58 6544416 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-04 23:44 . 2009-05-08 02:59 83744 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-01 18:15 . 2006-05-29 05:26 13312 ----a-w c:\windows\system32\drivers\nmwcdcj.sys
2009-05-01 18:15 . 2006-05-29 05:26 13312 ----a-w c:\windows\system32\drivers\nmwcdcm.sys
2009-05-01 18:15 . 2006-05-29 05:26 8704 ----a-w c:\windows\system32\drivers\nmwcdc.sys
2009-05-01 18:15 . 2006-05-29 05:26 30720 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-05-01 18:15 . 2006-05-29 05:26 4608 ----a-w c:\windows\system32\nmwcdlog.dll
2009-05-01 18:15 . 2006-05-29 05:26 127488 ----a-w c:\windows\system32\drivers\nmwcd.sys
2009-05-01 18:15 . 2006-05-29 05:26 50688 ----a-w c:\windows\system32\nmwcdcls.dll
2009-05-01 18:15 . 2009-05-04 23:06 -------- d-----w c:\program files\Nokia
2009-04-29 04:00 . 2009-04-29 04:00 720896 ----a-w c:\windows\iun6002.exe
2009-04-29 04:00 . 2009-04-29 04:00 -------- d-----w c:\program files\Abadisoft
2009-04-28 12:34 . 2009-04-28 12:34 -------- d-----w c:\documents and settings\user1\Application Data\vlc
2009-04-27 01:50 . 2009-04-27 02:35 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-27 01:50 . 2009-04-27 02:35 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-27 01:49 . 2009-04-27 13:46 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-26 19:50 . 2009-05-04 23:44 -------- d-----w c:\program files\Kaspersky Lab
2009-04-26 18:09 . 2009-04-27 01:49 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-25 19:03 . 2009-04-25 19:03 -------- d-----w c:\documents and settings\user1\Application Data\EA
2009-04-24 21:36 . 2009-04-25 19:03 29 ----a-w c:\windows\popcinfo.dat
2009-04-21 13:36 . 2009-04-21 13:36 -------- d-s---w c:\documents and settings\user1\UserData
2009-04-21 13:03 . 2009-04-21 13:03 -------- d-----w c:\documents and settings\user1\Contacts
2009-04-21 11:04 . 2009-04-21 11:04 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-04-21 08:51 . 2009-04-21 08:51 -------- d-----w c:\documents and settings\user1\Bluetooth Software
2009-04-21 08:49 . 2009-04-21 08:49 -------- d-----w c:\program files\WIDCOMM
2009-04-21 08:47 . 2009-04-21 11:04 -------- d-----w c:\windows\nview
2009-04-21 08:40 . 2006-07-20 20:21 208896 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-21 08:37 . 2009-04-21 08:37 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-21 08:37 . 2009-05-07 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-21 08:37 . 2009-04-21 08:37 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-21 08:37 . 2006-07-11 18:55 1233920 ----a-w c:\windows\system32\msxml4.dll
2009-04-21 08:37 . 2006-07-11 18:55 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-21 08:37 . 2006-07-11 18:55 82432 ----a-w c:\windows\system32\msxml4r.dll
2009-04-21 08:36 . 2006-07-11 18:55 1047552 ------w c:\windows\system32\MFC71u.dll
2009-04-21 08:36 . 2006-07-11 18:55 1060864 ------w c:\windows\system32\MFC71.dll
2009-04-21 08:36 . 2006-07-11 18:55 89088 ------w c:\windows\system32\atl71.dll
2009-04-21 08:36 . 2009-05-07 18:02 -------- d-----w c:\program files\HP
2009-04-21 08:36 . 2006-06-17 05:55 69721 ----a-w c:\windows\system32\SynTPFcs.dll
2009-04-21 08:36 . 2006-06-17 06:00 81920 ----a-w c:\windows\system32\SynTPCo2.dll
2009-04-21 08:36 . 2006-06-17 05:24 94297 ----a-w c:\windows\system32\SynTPAPI.dll
2009-04-21 08:36 . 2006-06-17 05:10 193120 ----a-w c:\windows\system32\drivers\SynTP.sys
2009-04-21 08:36 . 2006-06-17 05:24 114688 ----a-w c:\windows\system32\SynCtrl.dll
2009-04-21 08:36 . 2006-06-17 05:23 82012 ----a-w c:\windows\system32\SynCOM.dll
2009-04-21 08:36 . 2009-04-21 08:36 -------- d-----w c:\program files\Synaptics
2009-04-21 08:35 . 2008-04-13 21:09 14592 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-04-21 08:35 . 2008-04-13 21:09 14592 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-21 08:35 . 2009-04-21 08:35 -------- d-----w c:\documents and settings\user1\Local Settings\Application Data\BVRP Software
2009-04-21 08:35 . 2005-09-19 11:24 5760 ----a-w c:\windows\system32\drivers\EabUsb.sys
2009-04-21 08:35 . 2005-09-19 11:23 7808 ----a-w c:\windows\system32\drivers\eabfiltr.sys
2009-04-21 08:35 . 2005-09-19 11:24 9344 ----a-w c:\windows\system32\drivers\CPQBttn.sys
2009-04-21 08:35 . 2009-04-28 12:35 -------- d-----w c:\program files\NetWaiting
2009-04-21 08:35 . 2006-06-19 10:28 999424 ----a-w c:\windows\system32\BttnCmns.dll
2009-04-21 08:35 . 2005-10-31 12:30 987136 ----a-w c:\windows\system32\BttnCmn.dll
2009-04-21 08:34 . 2009-05-01 18:16 -------- d-----w c:\program files\DIFX
2009-04-21 08:34 . 2006-06-27 15:31 102400 ----a-w c:\windows\HPWebcam.exe
2009-04-21 08:34 . 2006-07-06 07:28 47744 ----a-w c:\windows\system32\drivers\snp2uvc.sys
2009-04-21 08:34 . 2006-05-11 14:31 26880 ----a-w c:\windows\system32\drivers\sncduvc.sys
2009-04-21 08:34 . 2006-05-30 16:14 102400 ----a-w c:\windows\system32\vsnp2uvc.dll
2009-04-21 08:34 . 2009-05-07 18:02 -------- d-----w c:\program files\Hewlett-Packard
2009-04-21 08:34 . 2005-11-23 10:55 53248 ----a-w c:\windows\csnp2uvc.dll
2009-04-21 08:33 . 2006-11-14 21:16 32256 ----a-w c:\windows\system32\drivers\rimmptsk.sys
2009-04-21 08:33 . 2006-11-14 14:35 37376 ----a-w c:\windows\system32\drivers\rixdptsk.sys
2009-04-21 08:33 . 2005-05-06 16:06 16480 ----a-w c:\windows\system32\rixdicon.dll
2009-04-21 08:33 . 2006-11-14 16:42 43520 ----a-w c:\windows\system32\drivers\rimsptsk.sys
2009-04-21 08:33 . 2004-09-03 07:00 90112 ----a-w c:\windows\system32\snymsico.dll
2009-04-21 08:33 . 2009-04-21 08:33 -------- d-----w C:\dell
2009-04-21 08:32 . 2009-04-21 08:32 -------- d-----w c:\program files\HPQ
2009-04-21 08:21 . 2008-04-13 21:10 5504 -c--a-w c:\windows\system32\dllcache\intelide.sys
2009-04-21 08:21 . 2008-04-13 21:10 5504 ----a-w c:\windows\system32\drivers\intelide.sys
2009-04-21 08:20 . 2009-04-21 08:20 -------- d-----w c:\program files\Intel
2009-04-21 08:17 . 2009-04-21 08:35 -------- d-----w c:\program files\CONEXANT
2009-04-21 08:17 . 2008-04-13 21:49 146048 -c--a-w c:\windows\system32\dllcache\portcls.sys
2009-04-21 08:17 . 2008-04-13 21:49 146048 ----a-w c:\windows\system32\drivers\portcls.sys
2009-04-21 08:17 . 2008-04-13 21:15 60160 -c--a-w c:\windows\system32\dllcache\drmk.sys
2009-04-21 08:17 . 2008-04-13 21:15 60160 ----a-w c:\windows\system32\drivers\drmk.sys
2009-04-21 08:08 . 2009-04-21 08:08 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 00:56 . 2009-05-04 23:44 251120 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-08 00:56 . 2009-05-04 23:44 10460 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-04 23:06 . 2009-05-04 23:06 -------- d-----w c:\program files\Common Files\Nokia
2009-05-04 23:06 . 2009-05-01 18:16 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-04 23:05 . 2009-05-02 22:29 -------- d-----w c:\program files\FreeMind
2009-04-28 18:40 . 2009-04-20 16:57 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-28 12:35 . 2009-04-20 16:55 -------- d-----w c:\program files\DivX
2009-04-27 02:35 . 2008-01-29 14:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-21 11:04 . 2009-04-20 16:41 96328 ----a-w c:\documents and settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 08:36 . 2009-04-20 17:02 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 08:33 . 2009-04-20 17:01 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-20 17:18 . 2009-04-20 17:18 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-20 17:18 . 2009-04-20 17:18 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-20 17:17 . 2009-04-20 17:17 -------- d-----w c:\program files\Common Files\Adobe
2009-04-20 17:17 . 2009-04-20 17:16 -------- d-----w c:\program files\Java
2009-04-20 17:16 . 2009-04-20 17:16 -------- d-----w c:\program files\Quran Flash
2009-04-20 17:16 . 2009-04-20 16:57 -------- d-----w c:\program files\Google
2009-04-20 17:16 . 2009-04-20 17:16 -------- d-----w c:\program files\The KMPlayer
2009-04-20 17:16 . 2009-04-20 17:16 -------- d-----w c:\program files\Common Files\Java
2009-04-20 17:15 . 2009-04-20 17:13 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-20 17:15 . 2009-04-20 17:13 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-20 17:15 . 2009-04-20 17:13 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-20 17:15 . 2009-04-20 17:13 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-20 17:15 . 2009-04-20 17:13 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-20 17:15 . 2009-04-20 17:13 196608 ----a-w c:\windows\system32\maag.dll
2009-04-20 17:15 . 2009-04-20 17:13 1245184 ----a-w c:\windows\system32\bkll.dll
2009-04-20 17:15 . 2009-04-20 17:13 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-20 17:15 . 2009-04-20 17:12 -------- d-----w c:\program files\Real_SC
2009-04-20 17:13 . 2009-04-20 17:13 -------- d-----w c:\program files\Typing Arabic
2009-04-20 17:03 . 2009-04-20 17:03 -------- d-----w c:\program files\Common Files\xing shared
2009-04-20 17:03 . 2009-04-20 17:02 -------- d-----w c:\program files\Common Files\Real
2009-04-20 17:03 . 2009-04-20 17:02 -------- d-----w c:\program files\CyberLink
2009-04-20 17:03 . 2009-04-20 17:02 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-20 17:03 . 2009-04-20 17:02 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-20 17:02 . 2009-04-20 17:02 -------- d-----w c:\program files\Real
2009-04-20 17:02 . 2009-04-20 17:02 -------- d-----w c:\program files\VideoLAN
2009-04-20 17:02 . 2009-04-20 16:21 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-20 17:00 . 2009-04-20 17:00 -------- d-----w c:\program files\Nero
2009-04-20 17:00 . 2009-04-20 17:00 -------- d-----w c:\program files\Circle Developement
2009-04-20 16:59 . 2009-04-20 16:59 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-20 16:58 . 2009-04-20 16:58 -------- d-----w c:\program files\Windows Live
2009-04-20 16:58 . 2009-04-20 16:50 -------- d-----w c:\program files\GameHouse Games Collection
2009-04-20 16:56 . 2009-04-20 16:56 -------- d-----w c:\program files\iTunes
2009-04-20 16:56 . 2009-04-20 16:56 -------- d-----w c:\program files\iPod
2009-04-20 16:56 . 2009-04-20 16:56 -------- d-----w c:\program files\Bonjour
2009-04-20 16:56 . 2009-04-20 16:55 -------- d-----w c:\program files\QuickTime
2009-04-20 16:55 . 2009-04-20 16:55 -------- d-----w c:\program files\Webteh
2009-04-20 16:55 . 2009-04-20 16:55 -------- d-----w c:\program files\Apple Software Update
2009-04-20 16:54 . 2009-04-20 16:54 172032 ------w c:\windows\Setup1.exe
2009-04-20 16:54 . 2009-04-20 16:54 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-20 16:54 . 2009-04-20 16:54 -------- d-----w c:\program files\Common Files\Apple
2009-04-20 16:54 . 2009-04-20 16:54 -------- d-----w c:\program files\Lavasoft
2009-04-20 16:52 . 2009-04-20 16:52 -------- d-----w c:\program files\Microsoft.NET
2009-04-20 16:51 . 2009-04-20 16:51 -------- d-----w c:\program files\Microsoft Works
2009-04-20 16:22 . 2009-04-20 16:22 -------- d-----w c:\program files\microsoft frontpage
2009-04-20 16:22 . 2008-04-14 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-20 16:18 . 2009-04-20 16:18 21640 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5728112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-20 185896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"kis"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-02-15 135271]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-23 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2009-4-21 102400]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-20 389120]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;ESET Service; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e2adf1a-38c3-11de-a5f8-001641867abd}]
\Shell\AutoRun\command - F:\hl80c6b1.com
\Shell\open\Command - F:\hl80c6b1.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fbbf809-3805-11de-a5f5-001641867abd}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fae61c2b-3418-11de-a5ea-001641867abd}]
\Shell\AutoRun\command - F:\bo1dhu.bat
\Shell\explore\Command - F:\bo1dhu.bat
\Shell\open\Command - F:\bo1dhu.bat
.
Contents of the 'Scheduled Tasks' folder
2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
2009-05-07 c:\windows\Tasks\WebReg HP Deskjet F2200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 17:40]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-LanguageShortcut - c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
uInternet Settings,ProxyOverride = *.local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-08 05:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(524)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-08 6:00
ComboFix-quarantined-files.txt 2009-05-08 03:00
Pre-Run: 37,271,576,576 bytes free
Post-Run: 37,298,343,936 bytes free
309
تأييد
0
تفضل تقرير الهايجك..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:59:08 ص, on 08/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user1\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: URL شعار جديد للقناع (Kaspersky Internet Security 6.0) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - (no file)
O23 - Service: ESET Service (ekrn) - Unknown owner - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 9660 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:59:08 ص, on 08/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user1\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: URL شعار جديد للقناع (Kaspersky Internet Security 6.0) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - (no file)
O23 - Service: ESET Service (ekrn) - Unknown owner - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 9660 bytes
تأييد
0
KoNaMi
زيزوومى فضى
غير متصل
احذف التالي من التقرير
O23 - Service: ESET Service (ekrn) - Unknown owner - (no file)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - (no file)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
بعدين اعمل الاتي
O23 - Service: ESET Service (ekrn) - Unknown owner - (no file)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - (no file)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
طريقة الحذف للاكس بي
بعدين اعمل الاتي
حمل هذه الاداة من هنا
بعد تنزيل الاداة دبل كلك ستظهر لديك مثل هذه النافذة خذ صورة لها وارفقها بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد تنزيل الاداة دبل كلك ستظهر لديك مثل هذه النافذة خذ صورة لها وارفقها بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد
0
