مهاوي وبس
زيزوومى محترف
غير متصل
- بادئ الموضوع مهاوي وبس
- تاريخ البدء
- 1,331
مهاوي وبس
زيزوومى محترف
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:36 ص, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\DOCUME~1\nc\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9285 bytes
Scan saved at 12:54:36 ص, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\DOCUME~1\nc\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9285 bytes
توقيع : مهاوي وبس
تأييد
0
البارون
زيزوومى فضى
- إنضم
- 1 مارس 2008
- المشاركات
- 13,588
- مستوى التفاعل
- 506
- النقاط
- 920
غير متصل
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
توقيع : البارون
تأييد
0
مهاوي وبس
زيزوومى محترف
غير متصل
ComboFix 09-07-14.08 - nc 07/18/2009 2:20.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.502.243 [GMT 3:00]
Running from: c:\documents and settings\nc\سطح المكتب\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090717-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\10b1dd6.msp
c:\windows\Installer\10fd6d.msp
c:\windows\Installer\16e861.msp
c:\windows\Installer\19b55c.msp
c:\windows\Installer\20cc7.msp
c:\windows\Installer\20ce7f.msp
c:\windows\Installer\20ee408.msp
c:\windows\Installer\247fc.msp
c:\windows\Installer\249f0.msp
c:\windows\Installer\254bd.msp
c:\windows\Installer\27ebb.msp
c:\windows\Installer\28cf4.msp
c:\windows\Installer\28e0d.msp
c:\windows\Installer\2989c.msp
c:\windows\Installer\2d19e.msp
c:\windows\Installer\2d9a22.msp
c:\windows\Installer\2e47a.msp
c:\windows\Installer\303ca2.msp
c:\windows\Installer\30a31c.msp
c:\windows\Installer\35e3e.msp
c:\windows\Installer\367ce9.msp
c:\windows\Installer\3aed5a.msp
c:\windows\Installer\4f2faa.msp
c:\windows\Installer\54894b.msp
c:\windows\Installer\59979b.msp
c:\windows\Installer\6004cf.msp
c:\windows\Installer\6488ff.msp
c:\windows\Installer\6be21a.msp
c:\windows\Installer\c406ec.msp
----- BITS: Possible infected sites -----
hxxp://91.121.25.60
.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.
2009-07-16 03:39 . 2009-07-16 03:39 -------- d-----w- c:\documents and settings\nc\Application Data\CyberScrub
2009-07-16 02:36 . 2009-07-16 02:36 -------- d-----w- c:\program files\Trend Micro
2009-07-15 19:59 . 2009-07-15 19:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-15 19:52 . 2009-07-15 19:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-15 19:51 . 2009-07-15 19:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-15 19:23 . 2009-07-15 19:23 3584 ----a-r- c:\documents and settings\nc\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-15 19:23 . 2009-07-15 19:23 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-15 17:41 . 2009-07-15 17:41 -------- d-----w- c:\documents and settings\nc\DoctorWeb
2009-07-15 17:34 . 2009-07-15 17:34 -------- d-----w- c:\program files\MSECACHE
2009-07-15 17:30 . 2009-07-15 17:30 -------- d-----w- c:\documents and settings\nc\Application Data\URSoft
2009-07-15 17:30 . 2009-07-15 19:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 17:30 . 2009-07-15 18:36 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-07-15 17:25 . 2009-07-15 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Estsoft
2009-07-15 17:24 . 2009-07-15 17:41 -------- d-----w- c:\documents and settings\nc\Application Data\ESTsoft
2009-07-15 17:24 . 2009-07-15 17:41 -------- d-----w- c:\program files\ESTsoft
2009-07-15 16:34 . 2009-07-15 16:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-15 16:32 . 2009-07-15 16:32 152576 ----a-w- c:\documents and settings\nc\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-13 20:26 . 2009-07-13 20:26 -------- d-----w- c:\documents and settings\nc\Bluetooth Software
2009-07-13 20:26 . 2006-11-06 07:13 80176 ----a-r- c:\windows\system32\drivers\btwavdt.sys
2009-07-13 20:26 . 2006-11-06 09:37 78128 ----a-r- c:\windows\system32\drivers\btwaudio.sys
2009-07-13 20:15 . 2009-07-13 20:15 -------- d-----w- c:\program files\WIDCOMM
2009-07-11 22:38 . 2009-07-11 22:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-11 22:19 . 2009-07-11 22:19 -------- d-----w- c:\documents and settings\nc\Local Settings\Application Data\Windows Live Writer
2009-07-08 18:13 . 2009-07-11 22:38 -------- d-----w- c:\program files\Mobily Connect Card
2009-07-08 18:13 . 2009-07-11 21:59 -------- d-----w- c:\windows\system32\SupportAppXL
2009-07-05 10:59 . 2009-07-05 10:59 1467616 ----a-w- c:\documents and settings\jjgyfd\عندما عبروا حدود الظلام.zip
2009-07-05 10:58 . 2009-07-05 10:58 142972 ----a-w- c:\documents and settings\jjgyfd\إلى هنا وبس.zip
2009-07-05 10:58 . 2009-07-05 10:58 118752 ----a-w- c:\documents and settings\jjgyfd\تنحط عالجرح يبرى.zip
2009-07-05 10:53 . 2009-07-05 10:53 19725 ----a-w- c:\documents and settings\jjgyfd\عبدالله و شوق.zip
2009-07-05 10:52 . 2009-07-05 10:52 129777 ----a-w- c:\documents and settings\jjgyfd\حبني احسن لك.zip
2009-07-05 10:50 . 2009-07-05 10:50 283068 ----a-w- c:\documents and settings\jjgyfd\في صمتي كلام.zip
2009-07-05 10:13 . 2009-07-15 21:20 -------- d-----w- c:\documents and settings\jjgyfd
2009-06-30 19:10 . 2009-06-30 19:12 -------- d-----w- c:\documents and settings\nc\Local Settings\Application Data\Temp
2009-06-23 13:05 . 2009-06-23 13:05 390664 ----a-w- c:\documents and settings\nc\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 22:26 . 2001-09-19 18:00 68594 ----a-w- c:\windows\system32\perfc001.dat
2009-07-17 22:26 . 2001-09-19 18:00 369798 ----a-w- c:\windows\system32\perfh001.dat
2009-07-16 03:38 . 2009-07-16 03:38 -------- d-----w- c:\documents and settings\nc\Application Data\cleaner
2009-07-15 19:59 . 2009-05-24 20:34 -------- d-----w- c:\program files\Windows Live
2009-07-15 18:36 . 2009-05-24 18:53 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-15 16:33 . 2009-05-24 20:59 -------- d-----w- c:\program files\Java
2009-07-14 17:41 . 2009-06-02 12:24 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-10 12:01 . 2009-05-24 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-07-08 18:13 . 2009-05-24 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 16:41 . 2009-05-24 20:24 -------- d-----w- c:\program files\Internet Download Manager
2009-06-28 16:40 . 2009-05-24 20:24 -------- d-----w- c:\documents and settings\nc\Application Data\IDM
2009-06-28 16:39 . 2009-05-24 20:24 -------- d-----w- c:\documents and settings\nc\Application Data\DMCache
2009-06-27 15:28 . 2009-05-24 20:41 -------- d-----w- c:\program files\mpegable
2009-06-16 14:36 . 2008-04-14 21:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-04-14 21:29 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 01:41 . 2009-06-01 14:52 -------- d-----w- c:\program files\MessengerPlus! 3
2009-06-11 01:26 . 2009-06-11 01:26 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-11 01:26 . 2009-05-24 20:30 -------- d-----w- c:\program files\Common Files\Real
2009-06-11 01:21 . 2009-06-11 01:21 390664 ----a-w- c:\documents and settings\nc\Application Data\Real\RealPlayer\setup\AU_setup.exe
2009-06-11 00:36 . 2009-06-11 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-11 00:35 . 2009-05-24 19:01 95216 ----a-w- c:\documents and settings\nc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 23:41 . 2009-06-10 23:41 -------- d-----w- c:\program files\CCleaner
2009-06-10 22:58 . 2009-06-02 12:16 -------- d-----w- c:\documents and settings\nc\Application Data\HPAppData
2009-06-10 22:49 . 2009-06-10 22:49 -------- d-----w- c:\program files\Alwil Software
2009-06-10 22:48 . 2009-05-25 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 16:31 . 2009-05-24 20:27 -------- d-----w- c:\documents and settings\nc\Application Data\PC Suite
2009-06-03 19:10 . 2008-04-14 21:29 1289216 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 14:09 . 2009-06-02 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-02 15:25 . 2009-05-24 18:51 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-02 12:26 . 2009-06-02 12:26 -------- d-----w- c:\program files\Circle Developement
2009-06-02 12:20 . 2009-06-02 12:20 -------- d-----w- c:\documents and settings\nc\Application Data\HP
2009-06-02 12:19 . 2009-06-02 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-06-02 12:19 . 2009-06-02 12:07 173336 ----a-w- c:\windows\hphins26.dat
2009-06-02 12:16 . 2009-06-02 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-02 12:14 . 2009-06-02 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-02 12:14 . 2009-06-02 12:11 -------- d-----w- c:\program files\HP
2009-06-02 12:13 . 2009-06-02 12:13 -------- d-----w- c:\program files\Common Files\HP
2009-06-02 12:12 . 2009-06-02 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-06-01 18:22 . 2009-05-24 20:27 -------- d-----w- c:\documents and settings\nc\Application Data\Nokia
2009-06-01 18:22 . 2009-06-01 18:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-06-01 18:22 . 2009-06-01 18:22 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-01 17:23 . 2009-06-01 17:23 -------- d-----w- c:\documents and settings\nc\Application Data\Media Player Classic
2009-05-28 08:35 . 2009-05-28 08:35 -------- d-----w- c:\program files\Microsoft
2009-05-26 18:11 . 2009-05-26 18:11 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 09:51 . 2009-05-26 17:53 12936 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys
2009-05-25 09:51 . 2009-05-26 17:53 10520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-05-25 09:51 . 2009-05-26 17:53 76040 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2009-05-25 09:51 . 2009-05-26 17:53 97928 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-05-25 09:51 . 2009-05-26 17:53 26824 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-05-25 09:51 . 2009-05-26 17:53 287000 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-25 09:51 . 2009-05-26 17:39 641304 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-05-25 09:51 . 2009-05-26 17:39 583960 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-25 09:51 . 2009-05-26 17:39 443672 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-05-25 09:51 . 2009-05-26 17:39 1083160 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-25 09:51 . 2009-05-25 09:51 -------- d-----w- c:\program files\AVG
2009-05-25 09:44 . 2009-05-25 09:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-24 21:13 . 2009-05-24 21:13 -------- d-----w- c:\program files\MSBuild
2009-05-24 21:13 . 2009-05-24 21:13 -------- d-----w- c:\program files\Reference Assemblies
2009-05-24 21:01 . 2009-05-24 21:01 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-24 21:00 . 2009-05-24 21:00 172032 ------w- c:\windows\Setup1.exe
2009-05-24 21:00 . 2009-05-24 21:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-24 20:59 . 2009-05-24 20:59 -------- d-----w- c:\program files\Common Files\Java
2009-05-24 20:53 . 2009-05-24 20:53 -------- d-----w- c:\documents and settings\nc\Application Data\Nero
2009-05-24 20:43 . 2009-05-24 19:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-24 20:43 . 2009-05-24 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-24 20:42 . 2009-05-24 20:42 -------- d-----w- c:\documents and settings\nc\Application Data\vlc
2009-05-24 20:42 . 2009-05-24 20:42 -------- d-----w- c:\program files\CyberLink
2009-05-24 20:41 . 2009-05-24 20:41 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-24 20:41 . 2009-05-24 20:41 -------- d-----w- c:\program files\VideoLAN
2009-05-24 20:40 . 2009-05-24 20:39 -------- d-----w- c:\documents and settings\nc\Application Data\BSplayer Pro
2009-05-24 20:39 . 2009-05-24 20:39 -------- d-----w- c:\program files\Webteh
2009-05-24 20:30 . 2009-05-24 20:30 -------- d-----w- c:\program files\Real
2009-05-24 20:30 . 2003-03-18 17:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-24 20:27 . 2009-05-24 20:26 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-24 20:26 . 2009-05-24 20:26 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-24 20:26 . 2009-05-24 20:26 -------- d-----w- c:\program files\Nokia
2009-05-24 20:26 . 2009-05-24 20:26 -------- d-----w- c:\program files\DIFX
2009-05-24 20:26 . 2009-05-24 20:26 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-24 20:25 . 2009-05-24 20:25 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-24 20:25 . 2009-05-24 20:25 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-24 20:25 . 2009-05-24 20:25 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-24 20:25 . 2009-05-24 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-24 20:23 . 2009-05-24 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-24 20:19 . 2009-05-24 20:17 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-24 19:59 . 2009-05-24 19:59 -------- d-----w- c:\program files\Microsoft.NET
2009-05-24 19:59 . 2009-05-24 19:59 -------- d-----w- c:\program files\Microsoft Works
2009-05-24 19:09 . 2009-05-24 19:09 -------- d-----w- c:\program files\Realtek
2009-05-24 18:48 . 2009-05-24 18:48 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 05:02 . 2008-05-07 05:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 21:29 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:42 . 2009-04-29 04:42 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-19 19:47 . 2008-04-14 21:07 1847040 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-15 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-11 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-19 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-07-19 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [07/05/2008 08:09 ص 124928]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/06/2009 03:39 ص 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/06/2009 03:39 ص 20560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-15 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-07-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.qa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-18 02:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1dae737b-6af4-40b1-9452-4037def3338f}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ad
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5e,af,14,59,c5,8d,86,20,28,0f,62,13,27,18,20,ee,f2,90,57,64,27,
44,fc,b1,aa,af,55,7d,32,33,b4,24,e5,d7,89,85,59,ab,9b,c7,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-07-17 2:26
ComboFix-quarantined-files.txt 2009-07-17 23:26
Pre-Run: 40,278,134,784 bytes free
Post-Run: 40,275,795,968 bytes free
268 --- E O F --- 2009-07-14 22:51
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.502.243 [GMT 3:00]
Running from: c:\documents and settings\nc\سطح المكتب\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090717-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\10b1dd6.msp
c:\windows\Installer\10fd6d.msp
c:\windows\Installer\16e861.msp
c:\windows\Installer\19b55c.msp
c:\windows\Installer\20cc7.msp
c:\windows\Installer\20ce7f.msp
c:\windows\Installer\20ee408.msp
c:\windows\Installer\247fc.msp
c:\windows\Installer\249f0.msp
c:\windows\Installer\254bd.msp
c:\windows\Installer\27ebb.msp
c:\windows\Installer\28cf4.msp
c:\windows\Installer\28e0d.msp
c:\windows\Installer\2989c.msp
c:\windows\Installer\2d19e.msp
c:\windows\Installer\2d9a22.msp
c:\windows\Installer\2e47a.msp
c:\windows\Installer\303ca2.msp
c:\windows\Installer\30a31c.msp
c:\windows\Installer\35e3e.msp
c:\windows\Installer\367ce9.msp
c:\windows\Installer\3aed5a.msp
c:\windows\Installer\4f2faa.msp
c:\windows\Installer\54894b.msp
c:\windows\Installer\59979b.msp
c:\windows\Installer\6004cf.msp
c:\windows\Installer\6488ff.msp
c:\windows\Installer\6be21a.msp
c:\windows\Installer\c406ec.msp
----- BITS: Possible infected sites -----
hxxp://91.121.25.60
.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.
2009-07-16 03:39 . 2009-07-16 03:39 -------- d-----w- c:\documents and settings\nc\Application Data\CyberScrub
2009-07-16 02:36 . 2009-07-16 02:36 -------- d-----w- c:\program files\Trend Micro
2009-07-15 19:59 . 2009-07-15 19:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-15 19:52 . 2009-07-15 19:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-15 19:51 . 2009-07-15 19:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-15 19:23 . 2009-07-15 19:23 3584 ----a-r- c:\documents and settings\nc\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-15 19:23 . 2009-07-15 19:23 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-15 17:41 . 2009-07-15 17:41 -------- d-----w- c:\documents and settings\nc\DoctorWeb
2009-07-15 17:34 . 2009-07-15 17:34 -------- d-----w- c:\program files\MSECACHE
2009-07-15 17:30 . 2009-07-15 17:30 -------- d-----w- c:\documents and settings\nc\Application Data\URSoft
2009-07-15 17:30 . 2009-07-15 19:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 17:30 . 2009-07-15 18:36 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-07-15 17:25 . 2009-07-15 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Estsoft
2009-07-15 17:24 . 2009-07-15 17:41 -------- d-----w- c:\documents and settings\nc\Application Data\ESTsoft
2009-07-15 17:24 . 2009-07-15 17:41 -------- d-----w- c:\program files\ESTsoft
2009-07-15 16:34 . 2009-07-15 16:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-15 16:32 . 2009-07-15 16:32 152576 ----a-w- c:\documents and settings\nc\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-13 20:26 . 2009-07-13 20:26 -------- d-----w- c:\documents and settings\nc\Bluetooth Software
2009-07-13 20:26 . 2006-11-06 07:13 80176 ----a-r- c:\windows\system32\drivers\btwavdt.sys
2009-07-13 20:26 . 2006-11-06 09:37 78128 ----a-r- c:\windows\system32\drivers\btwaudio.sys
2009-07-13 20:15 . 2009-07-13 20:15 -------- d-----w- c:\program files\WIDCOMM
2009-07-11 22:38 . 2009-07-11 22:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-11 22:19 . 2009-07-11 22:19 -------- d-----w- c:\documents and settings\nc\Local Settings\Application Data\Windows Live Writer
2009-07-08 18:13 . 2009-07-11 22:38 -------- d-----w- c:\program files\Mobily Connect Card
2009-07-08 18:13 . 2009-07-11 21:59 -------- d-----w- c:\windows\system32\SupportAppXL
2009-07-05 10:59 . 2009-07-05 10:59 1467616 ----a-w- c:\documents and settings\jjgyfd\عندما عبروا حدود الظلام.zip
2009-07-05 10:58 . 2009-07-05 10:58 142972 ----a-w- c:\documents and settings\jjgyfd\إلى هنا وبس.zip
2009-07-05 10:58 . 2009-07-05 10:58 118752 ----a-w- c:\documents and settings\jjgyfd\تنحط عالجرح يبرى.zip
2009-07-05 10:53 . 2009-07-05 10:53 19725 ----a-w- c:\documents and settings\jjgyfd\عبدالله و شوق.zip
2009-07-05 10:52 . 2009-07-05 10:52 129777 ----a-w- c:\documents and settings\jjgyfd\حبني احسن لك.zip
2009-07-05 10:50 . 2009-07-05 10:50 283068 ----a-w- c:\documents and settings\jjgyfd\في صمتي كلام.zip
2009-07-05 10:13 . 2009-07-15 21:20 -------- d-----w- c:\documents and settings\jjgyfd
2009-06-30 19:10 . 2009-06-30 19:12 -------- d-----w- c:\documents and settings\nc\Local Settings\Application Data\Temp
2009-06-23 13:05 . 2009-06-23 13:05 390664 ----a-w- c:\documents and settings\nc\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 22:26 . 2001-09-19 18:00 68594 ----a-w- c:\windows\system32\perfc001.dat
2009-07-17 22:26 . 2001-09-19 18:00 369798 ----a-w- c:\windows\system32\perfh001.dat
2009-07-16 03:38 . 2009-07-16 03:38 -------- d-----w- c:\documents and settings\nc\Application Data\cleaner
2009-07-15 19:59 . 2009-05-24 20:34 -------- d-----w- c:\program files\Windows Live
2009-07-15 18:36 . 2009-05-24 18:53 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-15 16:33 . 2009-05-24 20:59 -------- d-----w- c:\program files\Java
2009-07-14 17:41 . 2009-06-02 12:24 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-10 12:01 . 2009-05-24 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-07-08 18:13 . 2009-05-24 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 16:41 . 2009-05-24 20:24 -------- d-----w- c:\program files\Internet Download Manager
2009-06-28 16:40 . 2009-05-24 20:24 -------- d-----w- c:\documents and settings\nc\Application Data\IDM
2009-06-28 16:39 . 2009-05-24 20:24 -------- d-----w- c:\documents and settings\nc\Application Data\DMCache
2009-06-27 15:28 . 2009-05-24 20:41 -------- d-----w- c:\program files\mpegable
2009-06-16 14:36 . 2008-04-14 21:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-04-14 21:29 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 01:41 . 2009-06-01 14:52 -------- d-----w- c:\program files\MessengerPlus! 3
2009-06-11 01:26 . 2009-06-11 01:26 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-11 01:26 . 2009-05-24 20:30 -------- d-----w- c:\program files\Common Files\Real
2009-06-11 01:21 . 2009-06-11 01:21 390664 ----a-w- c:\documents and settings\nc\Application Data\Real\RealPlayer\setup\AU_setup.exe
2009-06-11 00:36 . 2009-06-11 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-11 00:35 . 2009-05-24 19:01 95216 ----a-w- c:\documents and settings\nc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 23:41 . 2009-06-10 23:41 -------- d-----w- c:\program files\CCleaner
2009-06-10 22:58 . 2009-06-02 12:16 -------- d-----w- c:\documents and settings\nc\Application Data\HPAppData
2009-06-10 22:49 . 2009-06-10 22:49 -------- d-----w- c:\program files\Alwil Software
2009-06-10 22:48 . 2009-05-25 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 16:31 . 2009-05-24 20:27 -------- d-----w- c:\documents and settings\nc\Application Data\PC Suite
2009-06-03 19:10 . 2008-04-14 21:29 1289216 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 14:09 . 2009-06-02 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-02 15:25 . 2009-05-24 18:51 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-02 12:26 . 2009-06-02 12:26 -------- d-----w- c:\program files\Circle Developement
2009-06-02 12:20 . 2009-06-02 12:20 -------- d-----w- c:\documents and settings\nc\Application Data\HP
2009-06-02 12:19 . 2009-06-02 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-06-02 12:19 . 2009-06-02 12:07 173336 ----a-w- c:\windows\hphins26.dat
2009-06-02 12:16 . 2009-06-02 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-02 12:14 . 2009-06-02 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-06-02 12:14 . 2009-06-02 12:11 -------- d-----w- c:\program files\HP
2009-06-02 12:13 . 2009-06-02 12:13 -------- d-----w- c:\program files\Common Files\HP
2009-06-02 12:12 . 2009-06-02 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-06-01 18:22 . 2009-05-24 20:27 -------- d-----w- c:\documents and settings\nc\Application Data\Nokia
2009-06-01 18:22 . 2009-06-01 18:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-06-01 18:22 . 2009-06-01 18:22 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-01 17:23 . 2009-06-01 17:23 -------- d-----w- c:\documents and settings\nc\Application Data\Media Player Classic
2009-05-28 08:35 . 2009-05-28 08:35 -------- d-----w- c:\program files\Microsoft
2009-05-26 18:11 . 2009-05-26 18:11 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-25 09:51 . 2009-05-26 17:53 12936 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys
2009-05-25 09:51 . 2009-05-26 17:53 10520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll
2009-05-25 09:51 . 2009-05-26 17:53 76040 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys
2009-05-25 09:51 . 2009-05-26 17:53 97928 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-05-25 09:51 . 2009-05-26 17:53 26824 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-05-25 09:51 . 2009-05-26 17:53 287000 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-25 09:51 . 2009-05-26 17:39 641304 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-05-25 09:51 . 2009-05-26 17:39 583960 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-25 09:51 . 2009-05-26 17:39 443672 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-05-25 09:51 . 2009-05-26 17:39 1083160 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-25 09:51 . 2009-05-25 09:51 -------- d-----w- c:\program files\AVG
2009-05-25 09:44 . 2009-05-25 09:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-24 21:13 . 2009-05-24 21:13 -------- d-----w- c:\program files\MSBuild
2009-05-24 21:13 . 2009-05-24 21:13 -------- d-----w- c:\program files\Reference Assemblies
2009-05-24 21:01 . 2009-05-24 21:01 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-24 21:00 . 2009-05-24 21:00 172032 ------w- c:\windows\Setup1.exe
2009-05-24 21:00 . 2009-05-24 21:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-24 20:59 . 2009-05-24 20:59 -------- d-----w- c:\program files\Common Files\Java
2009-05-24 20:53 . 2009-05-24 20:53 -------- d-----w- c:\documents and settings\nc\Application Data\Nero
2009-05-24 20:43 . 2009-05-24 19:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-24 20:43 . 2009-05-24 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-24 20:42 . 2009-05-24 20:42 -------- d-----w- c:\documents and settings\nc\Application Data\vlc
2009-05-24 20:42 . 2009-05-24 20:42 -------- d-----w- c:\program files\CyberLink
2009-05-24 20:41 . 2009-05-24 20:41 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-24 20:41 . 2009-05-24 20:41 -------- d-----w- c:\program files\VideoLAN
2009-05-24 20:40 . 2009-05-24 20:39 -------- d-----w- c:\documents and settings\nc\Application Data\BSplayer Pro
2009-05-24 20:39 . 2009-05-24 20:39 -------- d-----w- c:\program files\Webteh
2009-05-24 20:30 . 2009-05-24 20:30 -------- d-----w- c:\program files\Real
2009-05-24 20:30 . 2003-03-18 17:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-24 20:27 . 2009-05-24 20:26 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-24 20:26 . 2009-05-24 20:26 -------- d-----w- c:\program files\Common Files\PCSuite
2009-05-24 20:26 . 2009-05-24 20:26 -------- d-----w- c:\program files\Nokia
2009-05-24 20:26 . 2009-05-24 20:26 -------- d-----w- c:\program files\DIFX
2009-05-24 20:26 . 2009-05-24 20:26 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-24 20:25 . 2009-05-24 20:25 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-24 20:25 . 2009-05-24 20:25 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-24 20:25 . 2009-05-24 20:25 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-24 20:25 . 2009-05-24 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-24 20:23 . 2009-05-24 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-24 20:19 . 2009-05-24 20:17 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-24 19:59 . 2009-05-24 19:59 -------- d-----w- c:\program files\Microsoft.NET
2009-05-24 19:59 . 2009-05-24 19:59 -------- d-----w- c:\program files\Microsoft Works
2009-05-24 19:09 . 2009-05-24 19:09 -------- d-----w- c:\program files\Realtek
2009-05-24 18:48 . 2009-05-24 18:48 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 05:02 . 2008-05-07 05:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 21:29 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:42 . 2009-04-29 04:42 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-19 19:47 . 2008-04-14 21:07 1847040 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-15 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-11 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-19 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-07-19 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [07/05/2008 08:09 ص 124928]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/06/2009 03:39 ص 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/06/2009 03:39 ص 20560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-15 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-07-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.qa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-18 02:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1dae737b-6af4-40b1-9452-4037def3338f}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ad
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5e,af,14,59,c5,8d,86,20,28,0f,62,13,27,18,20,ee,f2,90,57,64,27,
44,fc,b1,aa,af,55,7d,32,33,b4,24,e5,d7,89,85,59,ab,9b,c7,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-07-17 2:26
ComboFix-quarantined-files.txt 2009-07-17 23:26
Pre-Run: 40,278,134,784 bytes free
Post-Run: 40,275,795,968 bytes free
268 --- E O F --- 2009-07-14 22:51
توقيع : مهاوي وبس
تأييد
0
- الحالة