هذا المكتوب في المفكرة
ComboFix 09-07-25.08 - Administrator 07/25/2009 20:55.4.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.502.200 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-22 18:27 . 2009-07-22 18:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-18 18:26 . 2009-07-18 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-15 11:51 . 2009-07-15 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2009-07-15 11:51 . 2009-07-15 11:51 -------- d-----w- c:\program files\SpeedBit Video Downloader
2009-07-15 11:43 . 2009-07-15 11:43 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2009-07-13 19:36 . 2009-07-13 19:36 -------- d-----w- c:\windows\نظام معارف
2009-07-08 21:06 . 2009-07-08 21:06 -------- d-sh--w- C:\FOUND.000
2009-07-08 18:20 . 2009-07-08 18:20 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-07 18:07 . 2009-07-07 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-03 18:10 . 2009-07-03 18:10 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-02 18:11 . 2009-07-02 18:11 1535 ----a-w- c:\documents and settings\Administrator\Application Data\iolo\restore.bat
2009-07-02 18:00 . 2009-07-02 18:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-07-02 17:51 . 2009-07-02 17:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2009-07-02 17:51 . 2009-05-29 12:40 940896 ----a-w- c:\windows\system32\Incinerator.dll
2009-07-02 17:51 . 2009-02-17 08:31 28672 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-07-02 17:51 . 2009-02-17 08:26 8192 ----a-w- c:\windows\system32\smrgdf.exe
2009-07-02 17:51 . 2009-07-02 17:51 -------- d-----w- c:\program files\iolo
2009-07-02 17:50 . 2009-07-02 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-07-02 17:50 . 2009-07-02 17:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\iolo
2009-06-30 17:32 . 2009-06-30 17:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-06-30 17:27 . 2009-06-30 17:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2009-06-30 17:27 . 2009-06-30 17:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-29 17:38 . 2009-06-29 17:38 -------- d-----w- C:\My Music
2009-06-29 17:33 . 2009-06-29 17:33 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-25 18:16 . 2009-06-25 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 17:40 . 2009-04-11 16:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-13 19:36 . 2009-03-25 18:14 286720 ------w- c:\windows\Setup1.exe
2009-06-29 17:32 . 2006-07-11 15:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-29 17:32 . 2006-07-11 15:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-17 12:21 . 2009-06-17 12:20 172 ----a-w- C:\curr_ver.tmp
2009-06-16 14:36 . 2004-08-03 21:55 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-09-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-09 18:19 . 2006-04-22 07:34 121040 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 19:10 . 2004-08-03 21:55 1289216 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 18:35 . 2009-05-28 18:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2009-05-28 18:35 . 2009-05-28 18:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-28 18:34 . 2009-05-28 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-27 18:47 . 2009-05-27 18:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-05-27 18:46 . 2009-05-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-27 18:46 . 2009-05-27 18:46 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-20 17:46 . 2001-09-19 12:00 43424 ----a-w- c:\windows\system32\perfc001.dat
2009-05-20 17:46 . 2001-09-19 12:00 258594 ----a-w- c:\windows\system32\perfh001.dat
2009-05-17 17:31 . 2006-04-22 08:20 73216 ------w- c:\windows\ST6UNST.EXE
2009-05-13 05:02 . 2004-08-03 21:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 21:55 345600 ----a-w- c:\windows\system32\localspl.dll
2007-01-13 18:21 . 2007-01-14 20:26 1554600 ----a-w- c:\program files\mfnt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-11-19 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-11-19 18:17 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-05-23 3100672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-11 150776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1764864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 176218]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 761946]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2004-07-23 229376]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 389120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 215832]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-10 262144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-13 147456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-29 267792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 121712]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-07-15 1717864]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-5-25 741437]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-22 187392]
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-9-8 4639232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MPKrnl"=rundll32 "c:\windows\MPKrnl.dll",KrnlMsgProc
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"= c:\\Program Files\\Messenger\\msmsgs.exe
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe"= c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\WINDOWS\\system32\\restore\\rstrui.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\Launch Manager\\QtZgAcer.EXE"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\MSE7.EXE"=
"c:\\Program Files\\Option\\GlobeTrotter Connect\\GlobeTrotter Connect.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Golden Al-Wafi Translator\\Golden Al-Wafi Translator.exe"=
"c:\\Program Files\\Google\\Update\\1.2.183.7\\GoogleCrashHandler.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\Program Files\\iolo\\System Mechanic\\SysMech.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP

xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP

xpsp2res.dll,-22016
"500:UDP"= 500:UDP

xpsp2res.dll,-22017
R2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2008-04-30 200704]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-07-02 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-07-02 600944]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\smjnl.sys --> c:\windows\system32\drivers\smjnl.sys [?]
S2 BulkUsb;Genius ColorPage USB Scanner;c:\windows\system32\drivers\usbscan.sys [2006-06-24 15104]
S2 gupdate;خدمة تحديث Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 206832]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-02-18 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-02-08 59648]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-03-30 8064]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 17:27]
2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 17:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nesnas.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
DPF: Microsoft XML Parser for Java -
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-25 20:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\SOFTWARE\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,cd,03,7e,2d,ce,cf,4d,99,09,52,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,cd,03,7e,2d,ce,cf,4d,99,09,52,\
[HKEY_USERS\S-1-5-21-1417001333-562591055-839522115-500\SOFTWARE\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,9d,c3,27,dd,41,0c,4c,83,c7,f1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,9d,c3,27,dd,41,0c,4c,83,c7,f1,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(856)
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
- - - - - - - > 'explorer.exe'(232)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
.
Completion time: 2009-07-25 21:00
ComboFix-quarantined-files.txt 2009-07-25 18:00
ComboFix2.txt 2009-07-25 17:44
ComboFix3.txt 2009-07-09 13:50
ComboFix4.txt 2009-07-03 19:01
ComboFix5.txt 2009-07-25 17:54
Pre-Run: 15,770,796,032 bytes free
Post-Run: 15,754,952,704 bytes free
244 --- E O F --- 2009-07-14 18:26