تقرير الاداة الاولى
ComboFix 09-06-13.09 - User 06/14/2009 12:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2038.1591 [GMT 3:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Microsoft Common
c:\windows\system32\3361
c:\windows\system32\drivers\e071bf8b.sys
c:\windows\TEMP\mta30595.dll
c:\documents and settings\User\Application Data\wiaserva.log
c:\documents and settings\User\Application Data\wiaservg.log
c:\program files\Microsoft Common\svchost.exe
c:\windows\system32\3361\mlog
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\dncyool32.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\isadisk.sys
c:\windows\system32\kr_done1
c:\windows\system32\msncache.dll
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wtukd32.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6to4
-------\Legacy_isadisk
-------\Legacy_msncache
-------\Legacy_sopidkc
-------\Service_6to4
-------\Service_e071bf8b
-------\Service_isadisk
-------\Service_msncache
-------\Service_sopidkc
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-13 17:58 . 2009-04-30 12:33 106868 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-06-13 17:58 . 2009-06-11 10:44 409978 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-06-13 17:58 . 2009-06-11 10:44 205174 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-06-13 17:58 . 2009-06-11 10:44 1786232 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-06-13 17:58 . 2009-06-09 11:00 348532 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-06-13 17:58 . 2009-05-27 15:10 401783 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-06-13 17:58 . 2009-05-15 13:20 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-06-13 17:58 . 2009-02-26 17:56 196987 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-06-13 17:58 . 2008-11-05 05:43 438645 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-06-13 17:58 . 2009-05-27 15:10 180599 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-06-13 17:58 . 2008-10-15 08:49 393588 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-06-13 17:58 . 2008-10-15 08:49 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\AVWIN.INIaebb.dll
2009-06-12 20:56 . 2009-06-12 20:56 -------- d-----w- c:\windows\Sun
2009-06-12 20:55 . 2009-06-12 20:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 20:55 . 2009-06-12 20:55 -------- d-----w- c:\program files\Java
2009-06-12 20:54 . 2009-06-12 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-12 20:54 . 2009-06-12 20:54 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-12 16:57 . 2009-06-12 16:57 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-06-12 16:57 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 16:57 . 2009-06-12 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-12 16:57 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 16:57 . 2009-06-12 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 20:30 . 2009-06-08 20:30 -------- d-----w- c:\program files\#1 ACE
2009-06-08 20:30 . 2009-06-09 15:33 286720 ------w- c:\windows\Setup1.exe
2009-06-08 20:30 . 2009-06-09 15:33 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-02 13:58 . 2009-06-02 13:58 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink
2009-06-02 13:57 . 2009-06-02 13:57 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2009-06-01 05:11 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-31 18:29 . 2009-05-31 18:29 390664 ----a-w- c:\documents and settings\User\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-27 11:45 . 2008-06-27 01:39 332928 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2009-05-25 19:04 . 2009-05-25 19:04 -------- d-----w- c:\documents and settings\User\Application Data\Ahead
2009-05-25 17:49 . 2009-06-12 16:33 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2009-05-25 17:21 . 2009-05-26 15:06 -------- d-----w- c:\program files\Google
2009-05-25 08:45 . 2009-05-25 08:45 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Yahoo
2009-05-25 08:45 . 2009-05-25 08:45 -------- d-----w- c:\program files\Yahoo!
2009-05-24 20:12 . 2009-05-24 20:12 198064 ----a-w- c:\documents and settings\User\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-24 20:12 . 2009-05-28 08:52 -------- d-----w- c:\documents and settings\User\Application Data\IDM
2009-05-24 20:12 . 2009-06-14 09:14 -------- d-----w- c:\documents and settings\User\Application Data\DMCache
2009-05-24 20:12 . 2009-06-09 15:03 -------- d-----w- c:\program files\Internet Download Manager
2009-05-24 20:02 . 2009-05-24 20:02 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2009-05-24 20:01 . 2009-05-24 20:01 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple Computer
2009-05-24 19:52 . 2009-06-10 10:40 -------- d-----w- c:\documents and settings\User\Contacts
2009-05-24 18:56 . 2009-05-24 18:56 -------- d-s---w- c:\documents and settings\User\UserData
2009-05-24 17:45 . 2009-05-24 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-24 16:58 . 2009-05-24 18:02 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-24 16:58 . 2009-05-24 18:02 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-24 16:58 . 2009-02-13 08:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-24 16:58 . 2009-02-13 08:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-24 16:58 . 2009-05-24 16:58 -------- d-----w- c:\program files\Avira
2009-05-24 16:58 . 2009-05-24 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-24 16:49 . 2009-05-24 16:49 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-24 16:46 . 2009-05-24 16:46 -------- d-----w- c:\program files\Windows Live
2009-05-24 15:33 . 2009-05-24 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-24 15:32 . 2001-03-08 15:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-05-24 15:31 . 2009-05-24 15:32 -------- d-----w- c:\program files\CyberLink
2009-05-24 15:10 . 2009-05-24 15:11 -------- d-----w- c:\program files\QuickTime
2009-05-24 15:09 . 2009-05-24 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-24 15:05 . 2009-05-24 15:05 -------- d-----w- c:\documents and settings\User\Application Data\Media Player Classic
2009-05-24 15:00 . 2009-05-24 15:00 -------- d-----w- c:\program files\mpegable
2009-05-24 15:00 . 2009-05-24 15:00 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-24 14:56 . 2009-05-24 14:56 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-24 14:55 . 2009-05-24 14:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-24 14:55 . 2009-05-24 14:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-24 14:55 . 2009-05-24 14:56 -------- d-----w- c:\program files\Common Files\Real
2009-05-24 14:55 . 2009-05-24 14:55 -------- d-----w- c:\program files\Real
2009-05-24 14:54 . 2009-05-24 14:54 -------- d-----w- c:\program files\VideoLAN
2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-24 14:50 . 2009-05-24 14:50 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Adobe
2009-05-24 14:49 . 2009-05-24 19:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-24 14:18 . 2009-05-25 19:04 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Ahead
2009-05-24 14:14 . 2009-05-24 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-05-24 14:12 . 2009-05-24 14:14 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-24 14:12 . 2009-05-24 14:12 -------- d-----w- c:\program files\Nero
2009-05-24 14:12 . 2009-05-24 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-24 13:45 . 2003-06-18 14:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-05-24 13:44 . 2009-05-24 13:44 -------- d-----w- c:\program files\Microsoft.NET
2009-05-24 13:44 . 2009-05-24 13:44 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-24 13:44 . 2009-05-24 13:44 -------- d-----w- c:\windows\SHELLNEW
2009-05-24 13:41 . 2009-05-24 13:41 -------- d--h--r- C:\MSOCache
2009-05-24 13:36 . 2009-05-24 13:36 -------- d-----w- c:\windows\system32\wbem\MUI
2009-05-24 13:34 . 2001-09-07 22:43 57344 ----a-w- c:\windows\system32\WMErrAra.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 19:02 . 2009-05-24 08:51 50616 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 13:30 . 2009-05-24 08:51 -------- d-----w- c:\program files\Dell
2009-05-24 19:37 . 2009-05-24 09:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-24 15:31 . 2009-05-24 09:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-24 15:01 . 2009-05-24 15:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-24 14:48 . 2009-05-24 14:48 2232 ----a-w- c:\windows\java\Packages\Data\VN35R9RV.DAT
2009-05-24 14:48 . 2009-05-24 14:48 155995 ----a-w- c:\windows\java\Packages\M7ZTRRZX.ZIP
2009-05-24 14:48 . 2009-05-24 14:48 2678 ----a-w- c:\windows\java\Packages\Data\TBDVHVTR.DAT
2009-05-24 14:48 . 2009-05-24 14:48 2678 ----a-w- c:\windows\java\Packages\Data\B7TVB7TZ.DAT
2009-05-24 14:48 . 2009-05-24 14:48 2678 ----a-w- c:\windows\java\Packages\Data\XZTJBLZ1.DAT
2009-05-24 14:48 . 2009-05-24 14:48 2678 ----a-w- c:\windows\java\Packages\Data\VZFRH7HJ.DAT
2009-05-24 14:48 . 2009-05-24 14:48 2678 ----a-w- c:\windows\java\Packages\Data\6DVF33ZP.DAT
2009-05-24 13:35 . 2009-05-24 08:38 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-24 09:54 . 2009-05-24 09:54 -------- d-----w- c:\program files\WIDCOMM
2009-05-24 09:53 . 2009-05-24 09:53 -------- d-----w- c:\program files\Sigmatel
2009-05-24 09:50 . 2009-05-24 09:50 -------- d-----w- c:\program files\CONEXANT
2009-05-24 09:37 . 2009-05-24 09:37 -------- d-----w- c:\program files\Marvell
2009-05-24 09:34 . 2009-05-24 09:34 -------- d-----w- c:\documents and settings\User\Application Data\TMP
2009-05-24 09:20 . 2009-05-24 09:20 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2009-05-24 08:57 . 2009-05-24 08:57 -------- d-----w- c:\program files\Intel
2009-05-24 08:51 . 2009-05-24 08:51 45056 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-05-24 08:51 . 2009-05-24 08:51 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-05-24 08:39 . 2009-05-24 08:39 -------- d-----w- c:\program files\microsoft frontpage
2009-05-24 08:36 . 2009-05-24 08:36 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-26 15:35 . 2009-05-19 10:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
2008-03-24 08:41 . 2009-06-11 15:20 107008 --sha-w- c:\windows\system32\usmt\mediaplayer.exe
2008-03-24 08:41 . 2009-06-11 15:20 107008 --sha-w- c:\windows\system32\usmt\vbb.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5728112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-29 2815408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-25 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-12-10 1228800]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-24 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ABUGCHECK"="c:\windows\system32\usmt\pos.bat" [2009-06-14 59]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]
"VBB"="c:\windows\system32\usmt\mediaplayer.exe" [2008-03-24 107008]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 405504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\User\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-24 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-24 389120]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)
"DisallowRun"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= msconfig.exe
"2"= gpedit.msc
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/05/2009 07:58 م 108289]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [24/05/2009 12:50 م 105984]
S3 mbamswissarmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/06/2009 07:57 م 40160]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [27/05/2009 02:45 م 332928]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-14 12:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\CF24201.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ping.exe
.
**************************************************************************
.
Completion time: 2009-06-14 12:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 09:16
Pre-Run: 72,338,608,128 bytes free
Post-Run: 72,495,931,392 bytes free
265
تقرير الاداة الثانية ( الهايجك )
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:46 م, on 14/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\Zyzoom.org_Tool_V_1.0.exe
C:\DOCUME~1\User\LOCALS~1\Temp\zyaoom Tool\Hijack.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ABUGCHECK] C:\WINDOWS\system32\usmt\pos.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 9056 bytes
، 
