سم اخوي
عبودي هذا تقرير الكمبو في الوضع الآمن
ComboFix 09-05-16.01 - MATR!X 05/16/2009 22:59.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1023.782 [GMT 3:00]
Running from: c:\documents and settings\MATR!X\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.
2009-05-16 12:33 . 2009-05-16 12:33 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-15 00:04 . 2009-05-15 00:04 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-05-14 12:04 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-14 12:04 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-05-14 12:04 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-14 12:04 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-14 12:04 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-05-14 12:04 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-05-14 12:04 . 2009-01-07 18:14 60273 ----a-w c:\windows\system32\pthreadGC2.dll
2009-05-14 12:04 . 2009-04-02 13:21 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-14 12:04 . 2009-05-14 12:05 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-10 06:02 . 2009-05-10 06:02 -------- d-----w c:\documents and settings\MATR!X\Application Data\Desktopicon
2009-05-10 06:01 . 2009-05-10 06:01 -------- d-----w c:\program files\FormatFactory
2009-05-10 05:55 . 2009-05-10 05:55 -------- d-----w c:\program files\Common Files\Common Share
2009-05-04 01:42 . 2009-05-04 01:42 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-04 01:22 . 2009-05-04 01:22 -------- d-----w c:\program files\Bonjour
2009-05-04 01:08 . 2009-05-04 01:08 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-02 23:54 . 2009-05-03 00:29 -------- d-----w c:\documents and settings\MATR!X\Application Data\AOL
2009-05-02 10:11 . 2009-05-02 10:12 -------- d-----w c:\program files\Command & Conquer Tiberian sun Includ Firestorm
2009-05-02 09:49 . 2009-05-02 09:49 -------- d-----w c:\documents and settings\Limit.MATRIX\Application Data\ATI
2009-05-02 09:49 . 2009-05-02 09:49 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\ATI
2009-05-02 09:49 . 2009-05-02 09:49 135 ----a-w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\fusioncache.dat
2009-05-02 09:49 . 2009-05-02 10:08 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\ApplicationHistory
2009-05-01 20:06 . 2008-04-13 21:21 101120 -c--a-w c:\windows\system32\dllcache\bthpan.sys
2009-05-01 20:06 . 2008-04-13 21:21 101120 ----a-w c:\windows\system32\drivers\bthpan.sys
2009-05-01 20:06 . 2008-04-13 21:16 59136 -c--a-w c:\windows\system32\dllcache\rfcomm.sys
2009-05-01 20:06 . 2008-04-13 21:16 59136 ----a-w c:\windows\system32\drivers\rfcomm.sys
2009-05-01 20:06 . 2008-04-13 21:16 17024 -c--a-w c:\windows\system32\dllcache\bthenum.sys
2009-05-01 20:06 . 2008-04-13 21:16 17024 ----a-w c:\windows\system32\drivers\BthEnum.sys
2009-05-01 20:06 . 2008-04-14 02:41 28160 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-05-01 20:06 . 2008-04-14 02:41 28160 ----a-w c:\windows\system32\irmon.dll
2009-05-01 20:06 . 2008-04-14 02:42 151552 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-05-01 20:06 . 2008-04-14 02:42 151552 ----a-w c:\windows\system32\irftp.exe
2009-05-01 20:05 . 2008-04-14 02:42 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-05-01 20:05 . 2008-04-14 02:42 8192 ----a-w c:\windows\system32\wshirda.dll
2009-05-01 20:05 . 2008-04-13 21:16 18944 -c--a-w c:\windows\system32\dllcache\bthusb.sys
2009-05-01 20:05 . 2008-04-13 21:16 18944 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2009-05-01 09:38 . 2009-05-01 09:38 -------- d-----w c:\documents and settings\MATR!X\Local Settings\Application Data\AOL
2009-05-01 06:09 . 2009-05-01 06:09 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\AOL
2009-04-30 21:28 . 2009-04-30 21:28 -------- d-----w c:\program files\Viewpoint
2009-04-30 21:27 . 2009-04-30 21:27 -------- d-----w c:\program files\Common Files\Nullsoft
2009-04-30 21:23 . 2009-04-30 21:23 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-30 21:23 . 2009-05-03 00:32 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-30 21:05 . 2009-04-30 21:05 -------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-04-30 00:14 . 2009-04-30 00:14 -------- d-----w c:\program files\Ashampoo
2009-04-27 11:44 . 2009-04-27 11:44 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-27 02:03 . 2009-04-27 02:03 -------- d-----w c:\documents and settings\Limit.MATRIX\Application Data\PC Suite
2009-04-26 16:25 . 2009-04-27 17:58 64512 ---ha-w c:\documents and settings\MATR!X\Application Data\dach100.dll
2009-04-25 14:09 . 2009-04-25 14:09 -------- d-----w c:\documents and settings\Limit.MATRIX\Application Data\Apple Computer
2009-04-25 14:08 . 2009-04-25 14:08 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\Apple Computer
2009-04-25 14:02 . 2009-04-25 14:02 -------- d-----w c:\documents and settings\Limit.MATRIX\Application Data\Winamp
2009-04-25 13:57 . 2009-04-25 13:57 -------- d-sh--w c:\documents and settings\Limit.MATRIX\PrivacIE
2009-04-25 13:55 . 2009-05-01 06:37 -------- d-----w c:\documents and settings\Limit.MATRIX\Contacts
2009-04-25 13:54 . 2009-05-14 14:07 470248 ----a-w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 13:32 . 2009-04-25 13:32 -------- d-----w c:\documents and settings\Limit.MATRIX\Local Settings\Application Data\Mozilla
2009-04-24 20:14 . 2009-04-24 20:14 -------- d-sh--w c:\documents and settings\Limit\IETldCache
2009-04-22 15:03 . 2009-04-22 15:07 -------- d-----w C:\Downloads
2009-04-22 11:48 . 2009-04-22 11:48 -------- d-----w c:\program files\vSoft
2009-04-21 12:04 . 2009-04-21 12:04 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-21 12:04 . 2009-04-21 12:07 -------- d-----w c:\program files\Google
2009-04-21 12:04 . 2009-04-21 12:08 -------- d-----w c:\documents and settings\MATR!X\Local Settings\Application Data\Google
2009-04-21 11:36 . 2009-04-21 11:36 -------- d-----w c:\documents and settings\MATR!X\Application Data\Nero
2009-04-20 18:23 . 2009-04-20 18:23 -------- d-----w c:\documents and settings\MATR!X\Application Data\Sofrayt
2009-04-20 18:23 . 2009-04-20 18:23 -------- d-----w c:\program files\GetSmile
2009-04-19 16:33 . 2006-03-17 11:49 368640 ----a-w c:\windows\system32\TwnLib4.dll
2009-04-19 16:33 . 2006-03-17 08:45 802816 ----a-w c:\windows\system32\imagXRA7.dll
2009-04-19 16:33 . 2006-03-17 08:45 258048 ----a-w c:\windows\system32\imagXR7.dll
2009-04-19 16:33 . 2006-03-17 08:45 497296 ----a-w c:\windows\system32\imagXpr7.dll
2009-04-19 16:33 . 2006-03-17 08:45 1757184 ----a-w c:\windows\system32\imagX7.dll
2009-04-19 16:33 . 2009-04-19 16:34 -------- d-----w c:\program files\Nero
2009-04-19 16:33 . 2009-04-19 16:33 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-04-19 16:33 . 2009-04-19 16:34 -------- d-----w c:\program files\Common Files\Nero
2009-04-19 16:32 . 2009-04-19 16:32 -------- d-----w C:\nero
2009-04-18 20:35 . 2009-05-14 14:01 -------- d-----w c:\program files\TheWorld 2.0
2009-04-17 20:32 . 2009-04-17 20:32 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-16 22:40 . 2009-04-16 22:40 -------- d-----w c:\program files\IObit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 19:54 . 2009-02-08 22:35 892960 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-16 19:54 . 2009-02-08 22:35 6228 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-16 19:54 . 2009-02-08 22:35 4802592 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-16 19:54 . 2009-02-08 22:35 40696 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-16 15:13 . 2009-02-08 23:07 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-14 13:54 . 2009-02-08 22:14 470248 ----a-w c:\documents and settings\MATR!X\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 04:32 . 2009-02-08 22:57 -------- d-----w c:\program files\PCBugDoctor
2009-05-09 08:30 . 2009-02-10 02:21 18599936 ----a-w c:\windows\system32\videoencode.dll
2009-05-09 08:30 . 2009-02-10 02:21 90112 ----a-w c:\windows\system32\ssvideo.dll
2009-05-09 08:30 . 2009-02-10 02:21 1128128 ----a-w c:\windows\system32\NMSDVDXU.dll
2009-05-09 08:30 . 2009-02-10 02:21 18595840 ----a-w c:\windows\system32\coredata.dll
2009-05-04 01:22 . 2009-02-08 21:56 -------- d-----w c:\program files\Common Files\Adobe
2009-04-30 21:05 . 2009-02-11 23:55 335 ----a-w c:\windows\nsreg.dat
2009-04-30 01:03 . 2009-03-20 10:25 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-04-27 17:58 . 2001-10-17 14:09 66 ----a-w c:\windows\anticrash.dat
2009-04-26 23:39 . 2009-04-08 02:31 225 ---ha-w c:\windows\winshell.dat
2009-04-15 12:54 . 2009-04-15 12:54 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-10 18:26 . 2009-04-10 18:26 -------- d-----w c:\program files\Common Files\TechSmith Shared
2009-04-10 18:26 . 2009-02-08 22:19 -------- d-----w c:\program files\TechSmith
2009-04-10 10:11 . 2009-04-10 10:11 -------- d-----w c:\program files\NextSecurity.NET
2009-04-10 10:11 . 2009-02-09 21:59 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 02:42 . 2009-04-08 02:41 918045 ---ha-w C:\DH Temp.tmp
2009-04-08 02:31 . 2009-04-08 02:31 -------- d-----w c:\program files\Dachshund Software
2009-04-08 02:15 . 2009-02-21 05:25 676224 ----a-w c:\windows\system32\ogacheckcontrol.dll
2009-04-07 06:09 . 2009-04-07 06:09 -------- d-----w c:\program files\CCleaner
2009-04-06 04:43 . 2009-04-06 04:43 -------- d-----w c:\program files\SeePassword
2009-04-05 22:13 . 2009-04-05 22:13 -------- d-----w c:\program files\HiYo
2009-04-03 15:31 . 2009-03-12 07:50 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-02 12:24 . 2009-02-08 22:18 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-29 22:34 . 2009-02-08 21:39 -------- d-----w c:\program files\Windows Live
2009-03-29 21:58 . 2009-03-29 21:58 129 ----a-w c:\documents and settings\MATR!X\Local Settings\Application Data\fusioncache.dat
2009-03-29 15:58 . 2009-03-29 15:58 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-29 15:49 . 2009-03-24 21:08 -------- d-----w c:\program files\VS Revo Group
2009-03-29 08:48 . 2009-03-29 08:48 -------- d-----w c:\program files\Perfect Uninstaller
2009-03-27 10:27 . 2009-02-10 07:30 -------- d-----w c:\program files\nLite
2009-03-26 13:49 . 2009-03-12 07:51 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 13:49 . 2009-03-12 07:51 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-20 23:39 . 2009-02-15 06:33 -------- d-----w c:\program files\MSBuild
2009-03-20 23:39 . 2009-03-20 23:39 -------- d-----w c:\program files\Reference Assemblies
2009-03-08 01:34 . 2008-04-14 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2008-04-14 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2008-04-14 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2008-04-14 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2008-04-14 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2008-04-14 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2008-04-14 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2008-04-14 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2008-04-14 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2008-04-14 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 23:16 . 2009-03-03 23:16 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-02-28 08:18 . 2009-02-28 08:18 0 ----a-r C:\logwmemory.bin
2009-02-26 11:38 . 2009-02-26 11:38 451072 ----a-w c:\windows\Radeon Omega Drivers v3.8.360 Uninstall.exe
2009-02-24 10:30 . 2009-02-24 10:30 618 ----a-w c:\windows\eReg.dat
2009-02-23 20:57 . 2009-02-23 20:57 298 ----a-w c:\windows\EReg072.dat
2009-02-22 10:16 . 2009-02-22 10:16 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-22 10:16 . 2009-02-22 10:16 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-16 14:57 . 2009-02-16 12:29 127443 ----a-w c:\windows\hpoins11.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-02-12 23:36 204248 ----a-w c:\program files\Hotspot Shield\HssIE\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\MATR!X\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MATR!X^Start Menu^Programs^Startup^AntiCrash.lnk]
path=c:\documents and settings\MATR!X\Start Menu\Programs\Startup\AntiCrash.lnk
backup=c:\windows\pss\AntiCrash.lnkStartup
[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^IDETool.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\IDETool.lnk
backup=c:\windows\pss\IDETool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12311:TCP"= 12311:TCP:uTorrent
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
S2 0016541234768723mcinstcleanup;0016541234768723mcinstcleanup; [x]
S2 gupdate1c9c279602173ea;Google Update Service (gupdate1c9c279602173ea);c:\program files\Google\Update\GoogleUpdate.exe [4/21/2009 3:04 PM 133104]
S2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2/6/2009 12:56 AM 117208]
S3 CX88VID;Conexant 2388x AvStream Video Capture;c:\windows\system32\drivers\cxavsvid.sys [7/17/2007 7:16 PM 301104]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [1/24/2009 2:46 PM 216232]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 12:04]
2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{7B4E0B7C-8B7B-4279-9372-1C0560B4AB36}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\MATR!X\Application Data\Mozilla\Firefox\Profiles\8vr18iw9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\MATR!X\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\MATR!X\Application Data\Mozilla\Firefox\Profiles\8vr18iw9.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\MATR!X\Application Data\Mozilla\Firefox\Profiles\8vr18iw9.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\MATR!X\Application Data\Mozilla\Firefox\Profiles\8vr18iw9.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-16 23:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a1,af,a9,08,f9,b3,97,1d,77,ee,f0,4d,23,6e,3c,59,8f,2f,44,55,d4,
78,f3,04,a5,39,a7,94,a9,eb,6b,f1,64,20,3b,a8,f3,0b,34,13,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9fff72c9-8cb9-475c-9adf-5e516a657e52}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006c
"Therad"=dword:0000000e
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,76,53,20,8d,e2,08,3c,85,49,f5,68,62,d0,c2,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1960)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-05-16 23:08
ComboFix-quarantined-files.txt 2009-05-16 20:07
ComboFix2.txt 2009-05-16 19:17
Pre-Run: 12,261,892,096 bytes free
Post-Run: 12,249,231,360 bytes free
295 --- E O F --- 2009-04-11 02:41
وهذا الهايجااك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:59 PM, on 5/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 0016541234768723mcinstcleanup - - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c279602173ea) (gupdate1c9c279602173ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7805 bytes
واسفين على الكلافة اخوي عبودي وماراح انسى جميلك وربي مستحي منك يالغالي
k:
