اخواني الزوووميون اسعد الله اوقاتكم بكل خير
لدي تقريرين للجهاز من الهاي جاك والكمبو فيكس يحتاجون للقراءة والتحليل
وبصراحة انا لاااجيد التحليل :i:
والهمة الهمة الهمة ودمتم بحفظ الله
Scan saved at 18:44:41, on 17/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Unlocker\Unlocker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB09257 - {F8C564CD-2FA0-4534-AF8D-52F3D054C0EF} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O3 - Toolbar: AmanLinks_Beta_0.0.4 - {0C55A48A-97DC-4003-8729-7D0B159B40D3} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
--
End of file - 5233 bytes
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1014.667 [GMT 2:00]
Running from: c:\documents and settings\Free User\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: Doctor Web Anti-Virus *On-access scanning disabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Twister AntiTrojanVirus *On-access scanning enabled* (Updated) {FBD70C7C-71BD-4591-96BD-863C6980BE65}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tmp.reg
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.
2009-08-17 15:49 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\57363897.sys
2009-08-17 15:46 . 2009-08-17 16:27 2213920 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-17 15:46 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\01185842.sys
2009-08-17 11:46 . 2009-08-17 11:48 -------- d-----w- c:\documents and settings\Free User\Application Data\Wireshark
2009-08-16 17:15 . 2009-08-16 17:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-16 13:24 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2009-08-16 13:24 . 2009-08-16 13:24 -------- d-----w- c:\program files\Ashampoo
2009-08-16 13:21 . 2009-08-16 13:21 -------- d-----w- c:\documents and settings\Free User\Application Data\Ashampoo
2009-08-16 13:16 . 2009-08-16 13:16 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\Help
2009-08-16 12:44 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-16 12:44 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-08-16 12:44 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-08-16 12:44 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-08-16 12:44 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-16 12:44 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-08-16 12:44 . 2009-08-16 12:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-16 12:42 . 2009-08-16 12:45 -------- d-----w- c:\documents and settings\Free User\Application Data\Media Player Classic
2009-08-14 21:36 . 2009-08-14 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-08-14 21:35 . 2009-08-14 21:35 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\1Click DVD Copy Pro
2009-08-14 21:33 . 2009-08-16 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-08-14 21:32 . 2009-08-16 21:12 -------- d-----w- c:\documents and settings\Free User\Application Data\Vso
2009-08-14 21:32 . 2009-08-16 21:12 47360 ----a-w- c:\documents and settings\Free User\Application Data\pcouffin.sys
2009-08-14 21:32 . 2009-08-14 21:32 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\WinAVI
2009-08-14 19:31 . 2009-08-14 19:31 -------- d-----w- c:\windows\WinAVI Video Converter 9.0
2009-08-12 07:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 17:40 . 2009-08-08 17:46 2183024 ----a-w- c:\documents and settings\Free User\Application Data\IDM\DwnlData\Free User\SETUP_375\SETUP.EXE
2009-08-08 17:38 . 2009-08-08 17:38 -------- d-----w- C:\mcafeee
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 18:07 . 2009-07-30 18:13 -------- d-----w- c:\program files\USB Disk Security
2009-07-28 03:17 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 03:17 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-23 04:13 . 2009-07-23 04:13 -------- d-----w- c:\documents and settings\Free User\Application Data\Avira
2009-07-23 04:00 . 2009-05-08 12:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-23 04:00 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-23 04:00 . 2009-02-24 11:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-23 04:00 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-23 04:00 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-23 04:00 . 2009-07-23 04:00 -------- d-----w- c:\program files\Avira
2009-07-21 20:31 . 2009-07-21 20:31 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-21 19:16 . 2009-07-21 19:29 -------- d-----w- c:\program files\Common Files\Filseclab
2009-07-21 19:16 . 2009-07-21 19:16 -------- d-----w- c:\program files\Filseclab
2009-07-21 19:16 . 2009-07-21 19:16 -------- d-----w- c:\documents and settings\Free User\Application Data\InstallShield
2009-07-21 09:46 . 2009-07-23 03:16 -------- d-----w- c:\program files\Windows Doctor
2009-07-19 21:14 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\Ashampoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 16:27 . 2009-06-05 00:07 -------- d-----w- c:\documents and settings\Free User\Application Data\DMCache
2009-08-17 16:25 . 2009-08-17 15:46 28220 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-17 16:12 . 2009-06-30 22:36 -------- d-----w- c:\documents and settings\Free User\Application Data\IDM
2009-08-17 15:23 . 2009-06-05 00:04 -------- d-----w- c:\documents and settings\Free User\Application Data\Skype
2009-08-17 14:51 . 2009-06-05 02:08 -------- d-----w- c:\documents and settings\Free User\Application Data\skypePM
2009-08-16 21:13 . 2009-06-18 03:52 -------- d-----w- c:\documents and settings\Free User\Application Data\cleaner
2009-08-16 12:43 . 2009-06-04 19:54 -------- d-----w- c:\program files\Common Files\Real
2009-08-16 12:43 . 2009-06-04 19:54 -------- d-----w- c:\program files\Real
2009-08-05 09:01 . 2002-12-31 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 22:14 . 2009-06-19 07:50 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-24 12:06 . 2009-06-19 00:58 -------- d-----w- c:\program files\Paltalk Messenger
2009-07-24 11:46 . 2009-06-04 20:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-23 04:00 . 2009-06-19 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-23 03:46 . 2009-06-23 19:36 0 ----a-w- C:\osy3.sys
2009-07-21 20:31 . 2009-06-18 04:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 19:16 . 2009-06-04 19:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 19:01 . 2002-12-31 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2002-12-31 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 11:36 . 2009-06-18 04:53 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-06-18 04:53 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 17:09 . 2002-12-31 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 08:48 . 2009-06-04 19:39 58464 ----a-w- c:\documents and settings\Free User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 22:37 . 2009-06-30 22:37 165296 ----a-w- c:\documents and settings\Free User\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-26 06:49 . 2009-08-17 16:12 2191110 ----a-w- c:\documents and settings\Free User\Application Data\IDM\SmitfraudFix\SmitfraudFix.cmd
2009-06-25 08:25 . 2002-12-31 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-12-31 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-12-31 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-12-31 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-12-31 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-12-31 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-12-31 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 15:54 . 2009-06-23 15:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-23 09:01 . 2009-06-05 02:14 -------- d-----w- c:\documents and settings\Free User\Application Data\Desktopicon
2009-06-22 07:28 . 2009-06-22 07:28 -------- d-----w- c:\program files\SeaStorm 3D Screensaver
2009-06-22 04:57 . 2009-06-22 04:57 -------- d-----w- c:\documents and settings\Free User\Application Data\NCH Swift Sound
2009-06-22 04:57 . 2009-06-22 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-22 04:51 . 2009-06-22 04:51 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-22 04:26 . 2009-06-22 04:26 0 ----a-w- c:\windows\nsreg.dat
2009-06-20 16:53 . 2009-06-20 13:58 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2009-06-19 20:41 . 2009-06-13 05:39 0 ----a-w- c:\documents and settings\Free User\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-06-19 10:31 . 2009-06-19 10:31 -------- d-----w- c:\program files\AmanLinks_Beta_0.0.4
2009-06-19 09:05 . 2009-06-19 09:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-19 00:58 . 2009-06-04 20:32 -------- d-----w- c:\documents and settings\Free User\Application Data\Paltalk
2009-06-18 06:26 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-16 14:36 . 2002-12-31 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-12-31 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-12-31 11:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2002-12-31 11:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-12-31 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2009-06-04 19:30 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2002-12-31 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 09:24 . 2009-06-04 19:34 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 02:08 . 2009-06-05 02:08 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-06-04 21:12 . 2009-06-04 21:12 315392 ----a-w- c:\windows\HideWin.exe
2009-06-04 20:40 . 2009-06-04 20:40 172032 ------w- c:\windows\Setup1.exe
2009-06-04 20:40 . 2009-06-04 20:40 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-04 20:30 . 2009-06-04 20:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 19:57 . 2009-06-04 19:57 2232 ----a-w- c:\windows\java\Packages\Data\9Z1BHVVH.DAT
2009-06-04 19:57 . 2009-06-04 19:57 155995 ----a-w- c:\windows\java\Packages\XZ3PZFL3.ZIP
2009-06-04 19:57 . 2009-06-04 19:57 2678 ----a-w- c:\windows\java\Packages\Data\LVTFHJ9Z.DAT
2009-06-04 19:56 . 2009-06-04 19:56 2678 ----a-w- c:\windows\java\Packages\Data\UOPV971V.DAT
2009-06-04 19:56 . 2009-06-04 19:56 2678 ----a-w- c:\windows\java\Packages\Data\R1BZ9BD3.DAT
2009-06-04 19:56 . 2009-06-04 19:56 2678 ----a-w- c:\windows\java\Packages\Data\KNZ73LNL.DAT
2009-06-04 19:56 . 2009-06-04 19:56 2678 ----a-w- c:\windows\java\Packages\Data\FRP379BD.DAT
2009-06-04 19:54 . 2009-06-04 19:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-04 19:54 . 2009-06-04 19:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-04 19:50 . 2009-06-04 19:50 47104 ------w- c:\windows\AKDeInstall.exe
2009-06-04 19:31 . 2009-06-04 19:31 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-03 19:09 . 2002-12-31 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 09:17 . 2009-08-17 16:12 75776 ----a-w- c:\documents and settings\Free User\Application Data\IDM\SmitfraudFix\WS2Fix.exe
2009-05-29 21:37 . 2009-06-19 12:48 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-06-19 12:48 881664 ----a-w- c:\windows\system32\xvidcore.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-14_13.14.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 16:26 . 2009-08-17 16:26 16384 c:\windows\temp\Perflib_Perfdata_59c.dat
+ 2009-08-17 13:05 . 2006-09-25 15:58 14640 c:\windows\system32\spmsg.dll
+ 2002-12-31 11:00 . 2009-08-17 15:55 40326 c:\windows\system32\perfc009.dat
- 2002-12-31 11:00 . 2009-08-14 11:12 40326 c:\windows\system32\perfc009.dat
+ 2009-08-16 12:44 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll
- 2009-06-04 19:54 . 2009-06-04 19:54 5632 c:\windows\system32\pndx5032.dll
- 2009-06-04 19:54 . 2009-06-04 19:54 6656 c:\windows\system32\pndx5016.dll
+ 2009-08-16 12:44 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll
+ 2009-08-17 16:25 . 2009-08-17 16:25 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-17 16:25 . 2009-08-17 16:25 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-14 19:31 . 2009-08-14 19:31 451072 c:\windows\WinAVI Video Converter 9.0\uninstall.exe
+ 2009-06-04 19:50 . 2008-09-16 19:23 168448 c:\windows\system32\unrar.dll
+ 2009-08-16 12:44 . 2008-09-10 18:56 185920 c:\windows\system32\rmoc3260.dll
+ 2009-06-23 21:14 . 2009-08-16 17:15 263848 c:\windows\system32\Restore\rstrlog.dat
+ 2009-08-16 12:44 . 2001-06-22 23:31 278528 c:\windows\system32\pncrt.dll
- 2009-06-04 19:54 . 2009-06-04 19:54 278528 c:\windows\system32\pncrt.dll
+ 2002-12-31 11:00 . 2009-08-17 15:55 311938 c:\windows\system32\perfh009.dat
- 2002-12-31 11:00 . 2009-08-14 11:12 311938 c:\windows\system32\perfh009.dat
+ 2009-08-17 16:25 . 2009-08-17 16:25 253952 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-17 16:25 . 2009-08-17 16:25 233472 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-17 16:25 . 2009-08-17 16:25 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-17 16:25 . 2009-08-17 16:25 4358144 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8C564CD-2FA0-4534-AF8D-52F3D054C0EF}]
2007-11-15 12:36 2293760 ----a-w- c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [2007-11-15 2293760]
[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [2007-11-15 2293760]
[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-25 935856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [23/07/2009 06:00 ص 97608]
R1 filar;Filseclab Dynamic Defense System Driver;c:\progra~1\COMMON~1\filseclab\filar.sys [21/07/2009 09:16 م 10896]
R1 is-3TEC8drv;is-3TEC8drv;c:\windows\system32\drivers\57363897.sys [17/08/2009 05:49 م 148496]
R1 is-O33K3drv;is-O33K3drv;c:\windows\system32\drivers\01185842.sys [17/08/2009 05:46 م 148496]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [23/07/2009 06:00 ص 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23/07/2009 06:00 ص 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/07/2009 06:00 ص 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [23/07/2009 06:00 ص 434945]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [23/07/2009 06:00 ص 69632]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S3 filpp;filpp;c:\progra~1\COMMON~1\Filseclab\filpp.sys [21/07/2009 09:16 م 9776]
S3 IMMDRV;IMMDRV;c:\progra~1\Filseclab\Twister\immdrv.sys [21/07/2009 09:16 م 152144]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\l3re1lrt.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Free User\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-08-17 18:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(252)
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-17 18:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-17 16:29
ComboFix2.txt 2009-08-17 12:07
ComboFix3.txt 2009-08-17 12:03
ComboFix4.txt 2009-08-16 17:46
ComboFix5.txt 2009-08-17 16:22
Pre-Run: 40,544,874,496 bytes free
Post-Run: 40,434,806,784 bytes free
336 --- E O F --- 2009-08-13 22:31
لدي تقريرين للجهاز من الهاي جاك والكمبو فيكس يحتاجون للقراءة والتحليل
وبصراحة انا لاااجيد التحليل :i:
والهمة الهمة الهمة ودمتم بحفظ الله
Scan saved at 18:44:41, on 17/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Unlocker\Unlocker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB09257 - {F8C564CD-2FA0-4534-AF8D-52F3D054C0EF} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O3 - Toolbar: AmanLinks_Beta_0.0.4 - {0C55A48A-97DC-4003-8729-7D0B159B40D3} - C:\Program Files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
--
End of file - 5233 bytes
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1014.667 [GMT 2:00]
Running from: c:\documents and settings\Free User\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: Doctor Web Anti-Virus *On-access scanning disabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Twister AntiTrojanVirus *On-access scanning enabled* (Updated) {FBD70C7C-71BD-4591-96BD-863C6980BE65}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tmp.reg
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.
2009-08-17 15:49 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\57363897.sys
2009-08-17 15:46 . 2009-08-17 16:27 2213920 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-17 15:46 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\01185842.sys
2009-08-17 11:46 . 2009-08-17 11:48 -------- d-----w- c:\documents and settings\Free User\Application Data\Wireshark
2009-08-16 17:15 . 2009-08-16 17:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-16 13:24 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2009-08-16 13:24 . 2009-08-16 13:24 -------- d-----w- c:\program files\Ashampoo
2009-08-16 13:21 . 2009-08-16 13:21 -------- d-----w- c:\documents and settings\Free User\Application Data\Ashampoo
2009-08-16 13:16 . 2009-08-16 13:16 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\Help
2009-08-16 12:44 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-16 12:44 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-08-16 12:44 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-08-16 12:44 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-08-16 12:44 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-16 12:44 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-08-16 12:44 . 2009-08-16 12:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-16 12:42 . 2009-08-16 12:45 -------- d-----w- c:\documents and settings\Free User\Application Data\Media Player Classic
2009-08-14 21:36 . 2009-08-14 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-08-14 21:35 . 2009-08-14 21:35 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\1Click DVD Copy Pro
2009-08-14 21:33 . 2009-08-16 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy Pro
2009-08-14 21:32 . 2009-08-16 21:12 -------- d-----w- c:\documents and settings\Free User\Application Data\Vso
2009-08-14 21:32 . 2009-08-16 21:12 47360 ----a-w- c:\documents and settings\Free User\Application Data\pcouffin.sys
2009-08-14 21:32 . 2009-08-14 21:32 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-14 19:47 . 2009-08-14 19:47 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\WinAVI
2009-08-14 19:31 . 2009-08-14 19:31 -------- d-----w- c:\windows\WinAVI Video Converter 9.0
2009-08-12 07:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 17:40 . 2009-08-08 17:46 2183024 ----a-w- c:\documents and settings\Free User\Application Data\IDM\DwnlData\Free User\SETUP_375\SETUP.EXE
2009-08-08 17:38 . 2009-08-08 17:38 -------- d-----w- C:\mcafeee
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 18:07 . 2009-07-30 18:13 -------- d-----w- c:\program files\USB Disk Security
2009-07-28 03:17 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 03:17 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-23 04:13 . 2009-07-23 04:13 -------- d-----w- c:\documents and settings\Free User\Application Data\Avira
2009-07-23 04:00 . 2009-05-08 12:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-23 04:00 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-23 04:00 . 2009-02-24 11:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-23 04:00 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-23 04:00 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-23 04:00 . 2009-07-23 04:00 -------- d-----w- c:\program files\Avira
2009-07-21 20:31 . 2009-07-21 20:31 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-21 19:16 . 2009-07-21 19:29 -------- d-----w- c:\program files\Common Files\Filseclab
2009-07-21 19:16 . 2009-07-21 19:16 -------- d-----w- c:\program files\Filseclab
2009-07-21 19:16 . 2009-07-21 19:16 -------- d-----w- c:\documents and settings\Free User\Application Data\InstallShield
2009-07-21 09:46 . 2009-07-23 03:16 -------- d-----w- c:\program files\Windows Doctor
2009-07-19 21:14 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\Free User\Local Settings\Application Data\Ashampoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 16:27 . 2009-06-05 00:07 -------- d-----w- c:\documents and settings\Free User\Application Data\DMCache
2009-08-17 16:25 . 2009-08-17 15:46 28220 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-17 16:12 . 2009-06-30 22:36 -------- d-----w- c:\documents and settings\Free User\Application Data\IDM
2009-08-17 15:23 . 2009-06-05 00:04 -------- d-----w- c:\documents and settings\Free User\Application Data\Skype
2009-08-17 14:51 . 2009-06-05 02:08 -------- d-----w- c:\documents and settings\Free User\Application Data\skypePM
2009-08-16 21:13 . 2009-06-18 03:52 -------- d-----w- c:\documents and settings\Free User\Application Data\cleaner
2009-08-16 12:43 . 2009-06-04 19:54 -------- d-----w- c:\program files\Common Files\Real
2009-08-16 12:43 . 2009-06-04 19:54 -------- d-----w- c:\program files\Real
2009-08-05 09:01 . 2002-12-31 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 22:14 . 2009-06-19 07:50 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-24 12:06 . 2009-06-19 00:58 -------- d-----w- c:\program files\Paltalk Messenger
2009-07-24 11:46 . 2009-06-04 20:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-23 04:00 . 2009-06-19 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-23 03:46 . 2009-06-23 19:36 0 ----a-w- C:\osy3.sys
2009-07-21 20:31 . 2009-06-18 04:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 19:16 . 2009-06-04 19:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 19:01 . 2002-12-31 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2002-12-31 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 11:36 . 2009-06-18 04:53 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-06-18 04:53 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 17:09 . 2002-12-31 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 08:48 . 2009-06-04 19:39 58464 ----a-w- c:\documents and settings\Free User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-30 22:37 . 2009-06-30 22:37 165296 ----a-w- c:\documents and settings\Free User\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-26 06:49 . 2009-08-17 16:12 2191110 ----a-w- c:\documents and settings\Free User\Application Data\IDM\SmitfraudFix\SmitfraudFix.cmd
2009-06-25 08:25 . 2002-12-31 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-12-31 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-12-31 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-12-31 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-12-31 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-12-31 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-12-31 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 15:54 . 2009-06-23 15:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-23 09:01 . 2009-06-05 02:14 -------- d-----w- c:\documents and settings\Free User\Application Data\Desktopicon
2009-06-22 07:28 . 2009-06-22 07:28 -------- d-----w- c:\program files\SeaStorm 3D Screensaver
2009-06-22 04:57 . 2009-06-22 04:57 -------- d-----w- c:\documents and settings\Free User\Application Data\NCH Swift Sound
2009-06-22 04:57 . 2009-06-22 04:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-06-22 04:51 . 2009-06-22 04:51 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-22 04:26 . 2009-06-22 04:26 0 ----a-w- c:\windows\nsreg.dat
2009-06-20 16:53 . 2009-06-20 13:58 77824 ----atw- c:\windows\system32\DRWEBSP.DLL
2009-06-19 20:41 . 2009-06-13 05:39 0 ----a-w- c:\documents and settings\Free User\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-06-19 10:31 . 2009-06-19 10:31 -------- d-----w- c:\program files\AmanLinks_Beta_0.0.4
2009-06-19 09:05 . 2009-06-19 09:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-19 00:58 . 2009-06-04 20:32 -------- d-----w- c:\documents and settings\Free User\Application Data\Paltalk
2009-06-18 06:26 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-16 14:36 . 2002-12-31 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-12-31 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2002-12-31 11:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2002-12-31 11:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2002-12-31 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2009-06-04 19:30 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2002-12-31 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 09:24 . 2009-06-04 19:34 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-05 02:08 . 2009-06-05 02:08 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-06-04 21:12 . 2009-06-04 21:12 315392 ----a-w- c:\windows\HideWin.exe
2009-06-04 20:40 . 2009-06-04 20:40 172032 ------w- c:\windows\Setup1.exe
2009-06-04 20:40 . 2009-06-04 20:40 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-04 20:30 . 2009-06-04 20:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 19:57 . 2009-06-04 19:57 2232 ----a-w- c:\windows\java\Packages\Data\9Z1BHVVH.DAT
2009-06-04 19:57 . 2009-06-04 19:57 155995 ----a-w- c:\windows\java\Packages\XZ3PZFL3.ZIP
2009-06-04 19:57 . 2009-06-04 19:57 2678 ----a-w- c:\windows\java\Packages\Data\LVTFHJ9Z.DAT
2009-06-04 19:56 . 2009-06-04 19:56 2678 ----a-w- c:\windows\java\Packages\Data\UOPV971V.DAT
2009-06-04 19:56 . 2009-06-04 19:56 2678 ----a-w- c:\windows\java\Packages\Data\R1BZ9BD3.DAT
2009-06-04 19:56 . 2009-06-04 19:56 2678 ----a-w- c:\windows\java\Packages\Data\KNZ73LNL.DAT
2009-06-04 19:56 . 2009-06-04 19:56 2678 ----a-w- c:\windows\java\Packages\Data\FRP379BD.DAT
2009-06-04 19:54 . 2009-06-04 19:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-04 19:54 . 2009-06-04 19:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-04 19:50 . 2009-06-04 19:50 47104 ------w- c:\windows\AKDeInstall.exe
2009-06-04 19:31 . 2009-06-04 19:31 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-03 19:09 . 2002-12-31 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 09:17 . 2009-08-17 16:12 75776 ----a-w- c:\documents and settings\Free User\Application Data\IDM\SmitfraudFix\WS2Fix.exe
2009-05-29 21:37 . 2009-06-19 12:48 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-06-19 12:48 881664 ----a-w- c:\windows\system32\xvidcore.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-14_13.14.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 16:26 . 2009-08-17 16:26 16384 c:\windows\temp\Perflib_Perfdata_59c.dat
+ 2009-08-17 13:05 . 2006-09-25 15:58 14640 c:\windows\system32\spmsg.dll
+ 2002-12-31 11:00 . 2009-08-17 15:55 40326 c:\windows\system32\perfc009.dat
- 2002-12-31 11:00 . 2009-08-14 11:12 40326 c:\windows\system32\perfc009.dat
+ 2009-08-16 12:44 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll
- 2009-06-04 19:54 . 2009-06-04 19:54 5632 c:\windows\system32\pndx5032.dll
- 2009-06-04 19:54 . 2009-06-04 19:54 6656 c:\windows\system32\pndx5016.dll
+ 2009-08-16 12:44 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll
+ 2009-08-17 16:25 . 2009-08-17 16:25 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-17 16:25 . 2009-08-17 16:25 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-14 19:31 . 2009-08-14 19:31 451072 c:\windows\WinAVI Video Converter 9.0\uninstall.exe
+ 2009-06-04 19:50 . 2008-09-16 19:23 168448 c:\windows\system32\unrar.dll
+ 2009-08-16 12:44 . 2008-09-10 18:56 185920 c:\windows\system32\rmoc3260.dll
+ 2009-06-23 21:14 . 2009-08-16 17:15 263848 c:\windows\system32\Restore\rstrlog.dat
+ 2009-08-16 12:44 . 2001-06-22 23:31 278528 c:\windows\system32\pncrt.dll
- 2009-06-04 19:54 . 2009-06-04 19:54 278528 c:\windows\system32\pncrt.dll
+ 2002-12-31 11:00 . 2009-08-17 15:55 311938 c:\windows\system32\perfh009.dat
- 2002-12-31 11:00 . 2009-08-14 11:12 311938 c:\windows\system32\perfh009.dat
+ 2009-08-17 16:25 . 2009-08-17 16:25 253952 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-17 16:25 . 2009-08-17 16:25 233472 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-17 16:25 . 2009-08-17 16:25 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-17 16:25 . 2009-08-17 16:25 4358144 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8C564CD-2FA0-4534-AF8D-52F3D054C0EF}]
2007-11-15 12:36 2293760 ----a-w- c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [2007-11-15 2293760]
[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0C55A48A-97DC-4003-8729-7D0B159B40D3}"= "c:\program files\AmanLinks_Beta_0.0.4\AmanLinks_Beta_0.0.4_Lite\untitled.dll" [2007-11-15 2293760]
[HKEY_CLASSES_ROOT\clsid\{0c55a48a-97dc-4003-8729-7d0b159b40d3}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09257.TBSB09257]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-25 935856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [23/07/2009 06:00 ص 97608]
R1 filar;Filseclab Dynamic Defense System Driver;c:\progra~1\COMMON~1\filseclab\filar.sys [21/07/2009 09:16 م 10896]
R1 is-3TEC8drv;is-3TEC8drv;c:\windows\system32\drivers\57363897.sys [17/08/2009 05:49 م 148496]
R1 is-O33K3drv;is-O33K3drv;c:\windows\system32\drivers\01185842.sys [17/08/2009 05:46 م 148496]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [23/07/2009 06:00 ص 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23/07/2009 06:00 ص 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/07/2009 06:00 ص 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [23/07/2009 06:00 ص 434945]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [23/07/2009 06:00 ص 69632]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 06:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 05:06 م 24592]
S3 filpp;filpp;c:\progra~1\COMMON~1\Filseclab\filpp.sys [21/07/2009 09:16 م 9776]
S3 IMMDRV;IMMDRV;c:\progra~1\Filseclab\Twister\immdrv.sys [21/07/2009 09:16 م 152144]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Free User\Application Data\Mozilla\Firefox\Profiles\l3re1lrt.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Free User\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-08-17 18:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(252)
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-17 18:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-17 16:29
ComboFix2.txt 2009-08-17 12:07
ComboFix3.txt 2009-08-17 12:03
ComboFix4.txt 2009-08-16 17:46
ComboFix5.txt 2009-08-17 16:22
Pre-Run: 40,544,874,496 bytes free
Post-Run: 40,434,806,784 bytes free
336 --- E O F --- 2009-08-13 22:31
