لازالت المشكلة موجودة
طيب شباب في فلاش كان زي كذا واتصلح من حاله مدري كيف المهم انا فحصت باداة
كومبوفيكس والتقرية هذا بس المشكلة فيه لسع
ComboFix 09-07-09.08 - user 07/10/2009 19:44.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.446.186 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\samir\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.
2009-07-10 14:09 . 2009-07-10 14:09 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-10 14:09 . 2009-07-10 14:09 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-10 14:09 . 2009-07-10 14:09 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-10 14:09 . 2009-07-10 14:09 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-10 14:09 . 2009-07-10 14:09 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-10 13:56 . 2009-07-10 13:56 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-10 13:53 . 2009-07-10 13:53 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-10 13:53 . 2009-07-10 13:53 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-10 13:50 . 2009-07-10 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-10 13:50 . 2009-07-10 13:50 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-10 10:45 . 2009-07-10 10:46 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Kaspersky_Reg
2009-07-10 10:45 . 2009-07-10 10:45 -------- d-----w- c:\program files\Kaspersky_Reg
2009-07-09 16:52 . 2009-01-09 09:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-07-09 16:52 . 2009-01-09 09:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-07-09 16:52 . 2009-07-09 16:52 -------- d-----w- c:\program files\Ashampoo
2009-07-09 11:14 . 2009-07-09 11:14 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-08 20:17 . 2009-07-09 13:09 -------- d-----w- c:\program files\ClickZap
2009-07-08 20:17 . 2009-07-08 20:17 -------- d-----w- c:\windows\system32\Scripts
2009-07-08 20:17 . 2002-11-14 11:55 57344 ----a-w- c:\windows\system32\CZDrv.dll
2009-07-08 19:48 . 2009-07-08 19:48 -------- d-----w- c:\program files\WinSysClean 2008 ! SHandidy !
2009-07-06 19:07 . 2009-07-10 16:55 -------- d-----w- c:\documents and settings\user\Tracing
2009-07-06 18:59 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-07-06 18:58 . 2009-07-06 18:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-06 18:53 . 2009-07-06 18:53 -------- d-----w- c:\program files\Microsoft
2009-07-06 18:52 . 2009-07-06 18:52 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-06 18:28 . 2009-07-06 18:28 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-06 13:21 . 1999-01-20 02:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL
2009-07-06 13:20 . 2009-07-06 13:27 -------- d-----w- c:\program files\ZebHelpProcess
2009-07-05 15:06 . 2009-07-05 15:06 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-04 15:15 . 2009-07-04 15:14 45399 ----a-w- C:\irunin.dat
2009-07-04 15:14 . 2009-07-04 15:14 -------- d-----w- C:\Balot.org
2009-07-03 12:48 . 2009-07-03 12:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 12:45 . 2009-07-03 12:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-07-03 12:10 . 2009-07-03 12:10 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe
2009-06-21 13:59 . 2009-06-21 13:59 390664 ----a-w- c:\documents and settings\user\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-15 20:19 . 2009-06-15 20:19 -------- d-----w- C:\TechSmith
2009-06-15 20:16 . 2009-06-15 20:16 -------- d-----w- c:\program files\Bit Lord 1.1
2009-06-15 18:59 . 2009-06-15 18:59 -------- d--h--w- c:\windows\PIF
2009-06-15 18:58 . 2009-06-15 18:58 -------- d-----w- c:\documents and settings\user\Application Data\Thinstall
2009-06-15 11:01 . 2009-06-15 11:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-06-15 08:08 . 2009-06-15 08:08 -------- d-----w- c:\documents and settings\user\Application Data\ThumbsPlus
2009-06-15 08:07 . 2009-06-18 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ThumbsPlus
2009-06-15 08:07 . 2009-06-15 08:08 -------- d-----w- c:\program files\Thumbs7
2009-06-14 21:03 . 2009-06-15 11:46 -------- d-----w- c:\program files\BT Engine
2009-06-14 17:16 . 2009-06-14 17:16 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\CometNetwork
2009-06-14 17:16 . 2009-06-14 17:16 -------- d-----w- c:\documents and settings\user\Application Data\CometNetwork
2009-06-14 17:15 . 2009-06-16 09:47 -------- d-----w- c:\program files\CometBird
2009-06-14 17:11 . 2009-06-14 17:19 -------- d-----w- C:\Downloads
2009-06-14 17:11 . 2009-06-14 17:11 1048576 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\063yh8l7.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2009-06-14 17:10 . 2009-07-10 16:47 -------- d-----w- c:\program files\BitComet
2009-06-14 16:54 . 2009-06-16 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Zoom Player
2009-06-14 16:54 . 2009-06-14 16:54 -------- d-----w- c:\program files\Zoom Player
2009-06-14 16:30 . 2009-06-14 16:36 -------- d-----w- c:\program files\AskBarDis
2009-06-14 16:28 . 2009-06-14 17:09 -------- d-----w- c:\documents and settings\user\Application Data\uTorrent
2009-06-13 19:57 . 2009-06-13 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-06-13 19:57 . 2009-06-13 19:57 -------- d-----w- c:\program files\TechSmith
2009-06-13 19:57 . 2009-06-13 19:57 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\TechSmith
2009-06-13 19:13 . 2009-06-13 19:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-12 17:35 . 2009-06-12 17:35 -------- d-----w- c:\program files\محرر الرياضيات3
2009-06-12 17:23 . 2009-06-12 17:23 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Help
2009-06-12 17:22 . 2009-06-12 17:22 -------- d-----w- c:\documents and settings\user\Application Data\Design Science
2009-06-12 17:22 . 2009-07-09 13:12 -------- d-----w- c:\program files\MathType
2009-06-11 16:44 . 2003-11-04 12:11 159744 ----a-w- c:\windows\system32\lfpng13n.dll
2009-06-11 16:44 . 2003-11-04 12:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-11 16:44 . 2004-05-14 13:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-06-11 16:44 . 2004-05-14 13:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-06-11 16:44 . 2004-05-14 13:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-06-11 16:44 . 2004-05-14 13:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-06-11 16:44 . 2004-05-14 13:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-11 16:44 . 2004-05-14 13:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-06-11 16:44 . 2004-01-11 23:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-06-11 14:21 . 2009-06-11 14:21 -------- d-----w- c:\documents and settings\user\Application Data\FastStone
2009-06-11 14:20 . 2009-06-11 14:23 -------- d-----w- c:\program files\FastStone Capture
2009-06-11 13:37 . 2009-06-11 13:37 198064 ----a-w- c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 16:58 . 2001-09-19 12:00 58722 ----a-w- c:\windows\system32\perfc001.dat
2009-07-10 16:58 . 2001-09-19 12:00 328418 ----a-w- c:\windows\system32\perfh001.dat
2009-07-10 16:57 . 2009-06-05 13:42 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-07-10 13:58 . 2009-03-03 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-09 18:13 . 2009-03-03 21:10 557088 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-09 18:13 . 2009-03-03 21:10 4032 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-09 18:13 . 2009-03-03 21:10 2143264 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-09 18:13 . 2009-03-03 21:10 19920 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-09 11:14 . 2009-03-03 15:30 -------- d-----w- c:\program files\Windows Live
2009-07-08 20:50 . 2009-06-09 19:17 10 ----a-w- c:\windows\popcinfo.dat
2009-07-06 18:55 . 2009-03-03 15:15 -------- d-----w- c:\program files\MSN Messenger
2009-07-04 15:56 . 2009-03-03 14:55 139784 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-04 15:14 . 2009-06-03 15:46 286720 ----a-w- c:\windows\iun506.exe
2009-06-16 11:05 . 2009-06-06 18:37 843 ----a-w- C:\ChangeWinXPKey.vbs
2009-06-14 14:00 . 2009-06-14 13:57 -------- d-----w- c:\program files\QuickWiz
2009-06-14 13:57 . 2009-06-14 13:57 -------- d-----w- c:\program files\Common Files\Accent Shared
2009-06-14 13:57 . 2009-06-14 13:57 -------- d-----w- c:\program files\Common Files\GuruNet Shared
2009-06-11 14:25 . 2009-06-05 13:42 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-06-11 13:35 . 2009-06-05 13:42 -------- d-----w- c:\program files\Internet Download Manager
2009-06-10 22:15 . 2009-03-03 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 18:49 . 2009-06-09 18:49 -------- d-----w- c:\program files\PopCap Games
2009-06-09 18:48 . 2009-06-09 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2009-06-09 18:48 . 2009-06-09 18:48 -------- d-----w- c:\documents and settings\user\Application Data\GameHouse
2009-06-09 18:47 . 2009-06-09 18:47 -------- d-----w- c:\program files\GameHouse
2009-06-07 16:48 . 2004-08-03 21:56 501248 ----a-w- c:\windows\system32\winlogon.exe
2009-06-07 16:44 . 2009-06-07 16:47 32574 ----a-w- c:\windows\CRACK_safe_mod.exe
2009-06-07 15:09 . 2009-06-07 15:09 99496 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 16:36 . 2009-06-05 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-06-05 10:41 . 2009-06-05 10:41 -------- d-----w- c:\program files\Topos
2009-06-04 10:25 . 2009-06-04 10:25 -------- d-----w- c:\program files\Realtek AC97
2009-06-04 10:25 . 2009-06-04 10:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 10:24 . 2009-06-04 10:24 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-30 10:36 . 2009-03-04 10:51 -------- d-----w- c:\program files\Google
2009-05-29 13:59 . 2009-05-29 13:59 -------- d-----w- c:\program files\Conduit
2009-05-29 13:19 . 2009-05-29 13:19 -------- d-----w- c:\program files\tsonamy
2009-05-24 10:17 . 2009-05-24 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-23 14:15 . 2009-03-03 15:18 -------- d-----w- c:\program files\Yahoo!
2009-05-21 13:56 . 2009-05-21 13:56 -------- d-----w- c:\program files\Photo Story 3 for Windows
2009-05-19 16:42 . 2009-03-03 15:30 -------- d-----w- c:\program files\Circle Developement
2009-05-19 16:42 . 2009-03-03 15:30 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-18 15:05 . 2009-05-18 15:05 -------- d-----w- c:\program files\SuperScan
2009-05-18 15:02 . 2009-05-18 15:02 -------- d-----w- c:\program files\RaccoonWorks
2009-05-18 15:02 . 2009-05-18 15:02 796672 ----a-w- c:\windows\GPInstall.exe
2009-05-17 16:52 . 2009-05-17 16:52 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-17 16:52 . 2009-05-17 16:52 -------- d-----w- c:\program files\Common Files\Real
2009-05-17 16:52 . 2009-05-17 16:52 -------- d-----w- c:\program files\Real
2009-05-17 10:28 . 2009-05-17 10:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 10:28 . 2009-03-03 15:14 -------- d-----w- c:\program files\Java
2009-05-17 10:27 . 2009-05-17 10:27 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 14:46 . 2009-05-13 14:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-05-07 15:42 . 2004-08-03 21:55 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:43 . 2004-08-03 21:55 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:42 . 2004-08-03 21:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-20 18:30 . 2009-04-20 18:30 8 ----a-w- c:\windows\system32\F73859.bin
2009-04-20 18:30 . 2009-04-20 18:30 8 ----a-w- c:\windows\system32\e9243f.bin
2009-04-19 20:08 . 2004-08-03 21:46 1846528 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:12 . 2004-08-03 21:55 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2008-04-14 16:00 506880 BCEDF9DCCBC807108CE34C9834074C34 c:\windows\SoftwareDistribution\Download\ad4c185af62f73c8a540c4d6a1d4ba15\winlogon.exe
[-] 2008-04-14 16:00 506880 BCEDF9DCCBC807108CE34C9834074C34 c:\windows\SoftwareDistribution\Download\b86141217825998609b93e71cc29eb6e\winlogon.exe
[-] 2009-06-07 16:48 501248 02B900D9E95E4D560B4EE224B0BAC0B6 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 09:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4d4770d-abd6-4a82-9e3a-6935c52a77d5}]
2009-07-02 07:18 2215960 ----a-w- c:\program files\Kaspersky_Reg\tbKasp.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-16 68856]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-06-11 2807216]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-05-18 2592056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-17 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-17 198160]
"cFosSpeed"="c:\program files\Topos\cFosSpeed\cFosSpeed.exe" [2009-02-10 876760]
"Ashampoo HDD Control Guard"="c:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2009-03-13 844288]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-06-13 16377344]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-05-28 1826816]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-12-28 544768]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-02-06 176128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\tools\\fixcodecs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Balot.org\\Balot\\Balot.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22028:TCP"= 22028:TCP:BitComet 22028 TCP
"22028:UDP"= 22028:UDP:BitComet 22028 UDP
"49777:TCP"= 49777:TCP:BitComet 49777 TCP
"49777:UDP"= 49777:UDP:BitComet 49777 UDP
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [03/03/2009 05:55 م 13696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [14/06/2009 07:31 م 234888]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [09/07/2009 07:52 م 410976]
.
Contents of the 'Scheduled Tasks' folder
2009-07-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-07-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ClickZap - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-10 19:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 948 bytes
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6
"LastWPAEventLogged"=hex:d5,07,05,00,06,00,07,00,0f,00,38,00,24,00,fd,02
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Topos\cFosSpeed\spd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\TechSmith\Snagit 9\TscHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\SnagitEditor.exe
.
**************************************************************************
.
Completion time: 2009-07-10 20:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 17:04
Pre-Run: 7,846,965,248 bytes free
Post-Run: 7,885,488,128 bytes free
268 --- E O F --- 2009-07-07 10:26
