- بادئ الموضوع sneekr
- تاريخ البدء
- 1,311
فارس الملاك
زيزوومى محترف
غير متصل
عزيزي الصورة معناها ان جهاز الي تحاول تشبكه فيه مشكله وماقدر الكمبيوتر يتعرف عليه
او منفذ usb فيه مشكله
ياليت تذكر لنا نوع جهاز usb
وجرب تشكبه في منفذ ثاني
او منفذ usb فيه مشكله
ياليت تذكر لنا نوع جهاز usb
وجرب تشكبه في منفذ ثاني
توقيع : فارس الملاك
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
حمل هذا البرنامج
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:47 PM, on 9/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\acer\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\svchost.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MagnifyingGlass] C:\Documents and Settings\acer\Desktop\copy95\E?C?? E?????E\Magnifying Glass.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [pathn] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchst] C:\WINDOWS\system\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: &???E ??CE?? UC???E - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ??? ??C??? C???C?? (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5B5E294-6A51-4C4B-8DEC-1B8267700EF2}: NameServer = 10.40.155.33 10.40.155.34
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 5272 bytes
Scan saved at 3:04:47 PM, on 9/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\acer\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\svchost.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MagnifyingGlass] C:\Documents and Settings\acer\Desktop\copy95\E?C?? E?????E\Magnifying Glass.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [pathn] C:\WINDOWS\system\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchst] C:\WINDOWS\system\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: &???E ??CE?? UC???E - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ??? ??C??? C???C?? (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5B5E294-6A51-4C4B-8DEC-1B8267700EF2}: NameServer = 10.40.155.33 10.40.155.34
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 5272 bytes
توقيع : sneekr
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
حمل هذا البرنامج
ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير
وبعد انتهاء الفحص اعمل التالي
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبعد انتهاء الفحص اعمل التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد
0
ComboFix 09-09-07.05 - acer 09/08/2009 15:37.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.965.1033.18.502.225 [GMT 3:00]
Running from: c:\documents and settings\acer\Desktop\ComboFix.exe
AV: برنامج Kaspersky لأمان الإنترنت *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: برنامج Kaspersky لأمان الإنترنت *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\svchost.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.
2009-09-08 11:35 . 2008-08-26 13:17 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-09-08 11:35 . 2008-07-24 09:02 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-09-08 11:35 . 2008-04-14 06:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-09-08 11:35 . 2007-08-09 01:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-09-08 11:30 . 2004-06-28 09:08 42752 ------w- c:\windows\system32\drivers\ser2pl.sys
2009-09-08 11:13 . 2007-09-23 21:00 37456 ----a-w- c:\windows\system32\drivers\USBSER34.SYS
2009-09-08 11:13 . 2009-09-08 11:13 -------- d-----w- C:\WCH
2009-09-07 22:14 . 2009-09-07 22:14 -------- d-----w- C:\MosUPPSP
2009-09-07 22:07 . 2004-09-17 09:15 18240 ----a-w- c:\windows\system32\drivers\DbgMsg.sys
2009-09-07 10:03 . 2009-09-08 11:12 -------- d-----w- C:\WCH.CN
2009-09-07 10:03 . 2006-06-04 21:00 35824 ----a-w- c:\windows\system32\drivers\CH341SER.SYS
2009-09-07 10:03 . 2005-07-29 21:00 6712 ----a-w- c:\windows\system32\CH341PT.DLL
2009-09-04 20:27 . 2009-09-04 20:27 -------- d-----w- c:\program files\Pcsx2
2009-08-30 12:28 . 2009-08-30 12:28 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-08-30 12:24 . 2009-08-30 12:24 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-30 12:24 . 2009-08-30 12:24 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-30 12:23 . 2009-09-08 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-30 12:23 . 2009-08-30 12:23 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-28 15:09 . 2009-08-28 15:09 -------- d-----w- c:\windows\usbbin
2009-08-28 15:09 . 2001-08-17 19:36 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll
2009-08-28 15:09 . 2001-08-17 19:36 61440 ----a-w- c:\windows\system32\AcerScaD.dll
2009-08-28 15:09 . 2004-08-03 19:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-28 15:09 . 2004-08-03 19:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-23 20:57 . 2009-08-23 20:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-23 20:56 . 2009-08-23 20:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-23 20:56 . 2009-08-23 20:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-22 22:56 . 2009-08-22 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-22 22:56 . 2009-08-22 22:56 -------- d-----w- c:\program files\Circle Developement
2009-08-22 22:56 . 2009-08-22 22:56 -------- d-----w- c:\program files\Windows Live
2009-08-22 22:56 . 2009-08-22 22:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-20 20:40 . 2009-08-20 20:40 63 ----a-w- c:\windows\AlfaStart.CMD
2009-08-20 20:39 . 2009-08-20 20:39 -------- d-----w- c:\program files\Alfa Autorun Killer 2
2009-08-20 08:30 . 2002-08-29 16:00 1703936 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-20 08:30 . 2009-08-20 08:30 -------- d-----w- c:\program files\PIXresizer
2009-08-20 08:30 . 2000-05-01 20:02 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2009-08-19 14:24 . 2009-08-30 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-18 06:10 . 2009-08-18 06:10 0 ----a-w- c:\windows\nsreg.dat
2009-08-18 06:09 . 2009-08-18 06:09 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\Mozilla
2009-08-13 10:01 . 2009-09-08 11:24 -------- d-----w- c:\program files\USB Disk Security
2009-08-13 09:47 . 2009-08-13 09:47 -------- d-----w- c:\program files\Teorex
2009-08-13 07:23 . 2009-08-13 07:23 -------- d-----w- c:\program files\Save Flash
2009-08-13 06:31 . 2009-08-19 16:01 -------- d-----w- c:\program files\Amiglobe 2001
2009-08-12 09:24 . 2009-08-12 09:24 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2009-08-12 07:29 . 2003-04-29 18:07 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-12 06:17 . 2009-09-05 14:08 -------- d-----w- c:\documents and settings\acer\Contacts
2009-08-12 06:01 . 2009-09-08 12:43 -------- d-----w- c:\documents and settings\acer\Application Data\DMCache
2009-08-12 06:01 . 2009-08-23 21:50 -------- d-----w- c:\documents and settings\acer\Application Data\IDM
2009-08-12 06:00 . 2009-08-12 06:00 -------- d-----w- c:\windows\system32\cftmon
2009-08-12 06:00 . 2009-08-12 06:03 -------- d-----w- c:\program files\Internet Download Manager
2009-08-11 21:45 . 2009-08-11 21:45 -------- d-----w- c:\documents and settings\acer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-08-11 21:36 . 2009-08-11 21:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-11 21:36 . 2009-08-11 21:36 -------- d-----w- c:\documents and settings\acer\Application Data\NCH Swift Sound
2009-08-11 21:35 . 2009-08-20 19:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-11 21:32 . 2009-08-12 07:10 -------- d-----w- c:\documents and settings\acer\Application Data\Crystal Player
2009-08-11 21:31 . 2009-08-11 21:31 -------- d-----w- c:\documents and settings\acer\Application Data\FairStars Audio Converter
2009-08-11 21:30 . 2009-08-12 21:47 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\Adobe
2009-08-11 21:30 . 2009-08-11 21:30 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\ESET
2009-08-11 21:06 . 2009-08-11 21:06 4096 ----a-w- c:\windows\d3dx.dat
2009-08-11 15:15 . 2009-08-11 15:38 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\Temp
2009-08-11 15:15 . 2009-08-18 06:20 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\Google
2009-08-11 15:05 . 2001-08-17 10:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-08-11 15:05 . 2001-08-17 10:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-08-11 15:04 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-08-11 15:04 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-08-11 09:45 . 2009-08-11 09:45 -------- d-s---w- c:\documents and settings\acer\UserData
2009-08-11 09:29 . 2009-08-11 09:29 -------- d-----w- c:\program files\Zain e-GO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 11:30 . 2009-08-10 17:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 20:56 . 2009-08-10 17:16 -------- d-----w- c:\program files\Common Files\Real
2009-08-22 22:56 . 2009-08-10 17:06 -------- d-----w- c:\program files\MSN Messenger
2009-08-19 17:28 . 2009-08-10 17:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-19 06:33 . 2009-08-12 05:45 4 ----a-w- C:\timeStmp.tmp
2009-08-15 16:01 . 2009-08-10 16:59 95024 ----a-w- c:\documents and settings\acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 23:47 . 2009-08-10 17:18 -------- d-----w- c:\documents and settings\acer\Application Data\Paltalk
2009-08-11 21:26 . 2009-08-10 17:03 -------- d-----w- c:\program files\GRETECH
2009-08-10 17:30 . 2009-08-10 17:30 -------- d-----w- c:\documents and settings\acer\Application Data\ESET
2009-08-10 17:29 . 2009-08-10 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-10 17:25 . 2009-08-10 17:25 -------- d-----w- c:\program files\Intel
2009-08-10 17:23 . 2009-08-10 17:23 -------- d-----w- c:\program files\CONEXANT
2009-08-10 17:18 . 2009-08-10 17:18 -------- d-----w- c:\program files\Total Video Converter
2009-08-10 17:17 . 2009-08-10 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-08-10 17:16 . 2009-08-10 17:16 -------- d-----w- c:\program files\CyberLink
2009-08-10 17:16 . 2009-08-10 17:15 -------- d-----w- c:\program files\Real
2009-08-10 17:14 . 2009-08-10 17:13 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-08-10 17:12 . 2009-08-10 17:12 172032 ------w- c:\windows\Setup1.exe
2009-08-10 17:12 . 2009-08-10 17:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-08-10 17:07 . 2009-08-10 17:07 -------- d-----w- c:\program files\Microsoft.NET
2009-08-10 17:06 . 2009-08-10 17:06 -------- d-----w- c:\program files\Microsoft Works
2009-08-10 16:54 . 2009-08-10 16:54 -------- d-----w- c:\program files\microsoft frontpage
2009-08-10 16:50 . 2009-08-10 16:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-03 12:48 . 2009-07-03 12:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 12:45 . 2009-07-03 12:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-06-15 11:01 . 2009-06-15 11:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
.
------- Sigcheck -------
[-] 2007-11-22 . 0A874046BB7B547864811CFF0DD19724 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-08-12 3114416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-23 185896]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-20 113664]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S3 DBGMSG;DBGMSG;dbgmsg.sys --> dbgmsg.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{585f8106-9c6b-11de-b66a-001f3a2629ba}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MagnifyingGlass - c:\documents and settings\acer\Desktop\copy95\برامج تعليمية\Magnifying Glass.exe
HKLM-Explorer_Run-pathn - c:\windows\system\svchost.exe
HKLM-Explorer_Run-svchst - c:\windows\system\svchost.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.kw/
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: &تصدير إلى Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
DPF: Microsoft XML Parser for Java -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-09-08 15:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2492)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1025\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1025\OWCI11.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-08 15:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-08 12:45
Pre-Run: 38,813,769,728 bytes free
Post-Run: 39,351,730,176 bytes free
220
Microsoft Windows XP Professional 5.1.2600.2.1256.965.1033.18.502.225 [GMT 3:00]
Running from: c:\documents and settings\acer\Desktop\ComboFix.exe
AV: برنامج Kaspersky لأمان الإنترنت *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: برنامج Kaspersky لأمان الإنترنت *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\svchost.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.
2009-09-08 11:35 . 2008-08-26 13:17 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-09-08 11:35 . 2008-07-24 09:02 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-09-08 11:35 . 2008-04-14 06:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-09-08 11:35 . 2007-08-09 01:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-09-08 11:30 . 2004-06-28 09:08 42752 ------w- c:\windows\system32\drivers\ser2pl.sys
2009-09-08 11:13 . 2007-09-23 21:00 37456 ----a-w- c:\windows\system32\drivers\USBSER34.SYS
2009-09-08 11:13 . 2009-09-08 11:13 -------- d-----w- C:\WCH
2009-09-07 22:14 . 2009-09-07 22:14 -------- d-----w- C:\MosUPPSP
2009-09-07 22:07 . 2004-09-17 09:15 18240 ----a-w- c:\windows\system32\drivers\DbgMsg.sys
2009-09-07 10:03 . 2009-09-08 11:12 -------- d-----w- C:\WCH.CN
2009-09-07 10:03 . 2006-06-04 21:00 35824 ----a-w- c:\windows\system32\drivers\CH341SER.SYS
2009-09-07 10:03 . 2005-07-29 21:00 6712 ----a-w- c:\windows\system32\CH341PT.DLL
2009-09-04 20:27 . 2009-09-04 20:27 -------- d-----w- c:\program files\Pcsx2
2009-08-30 12:28 . 2009-08-30 12:28 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-08-30 12:24 . 2009-08-30 12:24 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-30 12:24 . 2009-08-30 12:24 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-30 12:23 . 2009-09-08 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-30 12:23 . 2009-08-30 12:23 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-28 15:09 . 2009-08-28 15:09 -------- d-----w- c:\windows\usbbin
2009-08-28 15:09 . 2001-08-17 19:36 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll
2009-08-28 15:09 . 2001-08-17 19:36 61440 ----a-w- c:\windows\system32\AcerScaD.dll
2009-08-28 15:09 . 2004-08-03 19:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-28 15:09 . 2004-08-03 19:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-23 20:57 . 2009-08-23 20:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-23 20:56 . 2009-08-23 20:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-23 20:56 . 2009-08-23 20:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-22 22:56 . 2009-08-22 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-22 22:56 . 2009-08-22 22:56 -------- d-----w- c:\program files\Circle Developement
2009-08-22 22:56 . 2009-08-22 22:56 -------- d-----w- c:\program files\Windows Live
2009-08-22 22:56 . 2009-08-22 22:56 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-20 20:40 . 2009-08-20 20:40 63 ----a-w- c:\windows\AlfaStart.CMD
2009-08-20 20:39 . 2009-08-20 20:39 -------- d-----w- c:\program files\Alfa Autorun Killer 2
2009-08-20 08:30 . 2002-08-29 16:00 1703936 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-20 08:30 . 2009-08-20 08:30 -------- d-----w- c:\program files\PIXresizer
2009-08-20 08:30 . 2000-05-01 20:02 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2009-08-19 14:24 . 2009-08-30 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-18 06:10 . 2009-08-18 06:10 0 ----a-w- c:\windows\nsreg.dat
2009-08-18 06:09 . 2009-08-18 06:09 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\Mozilla
2009-08-13 10:01 . 2009-09-08 11:24 -------- d-----w- c:\program files\USB Disk Security
2009-08-13 09:47 . 2009-08-13 09:47 -------- d-----w- c:\program files\Teorex
2009-08-13 07:23 . 2009-08-13 07:23 -------- d-----w- c:\program files\Save Flash
2009-08-13 06:31 . 2009-08-19 16:01 -------- d-----w- c:\program files\Amiglobe 2001
2009-08-12 09:24 . 2009-08-12 09:24 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2009-08-12 07:29 . 2003-04-29 18:07 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-12 06:17 . 2009-09-05 14:08 -------- d-----w- c:\documents and settings\acer\Contacts
2009-08-12 06:01 . 2009-09-08 12:43 -------- d-----w- c:\documents and settings\acer\Application Data\DMCache
2009-08-12 06:01 . 2009-08-23 21:50 -------- d-----w- c:\documents and settings\acer\Application Data\IDM
2009-08-12 06:00 . 2009-08-12 06:00 -------- d-----w- c:\windows\system32\cftmon
2009-08-12 06:00 . 2009-08-12 06:03 -------- d-----w- c:\program files\Internet Download Manager
2009-08-11 21:45 . 2009-08-11 21:45 -------- d-----w- c:\documents and settings\acer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-08-11 21:36 . 2009-08-11 21:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-11 21:36 . 2009-08-11 21:36 -------- d-----w- c:\documents and settings\acer\Application Data\NCH Swift Sound
2009-08-11 21:35 . 2009-08-20 19:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-11 21:32 . 2009-08-12 07:10 -------- d-----w- c:\documents and settings\acer\Application Data\Crystal Player
2009-08-11 21:31 . 2009-08-11 21:31 -------- d-----w- c:\documents and settings\acer\Application Data\FairStars Audio Converter
2009-08-11 21:30 . 2009-08-12 21:47 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\Adobe
2009-08-11 21:30 . 2009-08-11 21:30 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\ESET
2009-08-11 21:06 . 2009-08-11 21:06 4096 ----a-w- c:\windows\d3dx.dat
2009-08-11 15:15 . 2009-08-11 15:38 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\Temp
2009-08-11 15:15 . 2009-08-18 06:20 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\Google
2009-08-11 15:05 . 2001-08-17 10:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-08-11 15:05 . 2001-08-17 10:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-08-11 15:04 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-08-11 15:04 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-08-11 09:45 . 2009-08-11 09:45 -------- d-s---w- c:\documents and settings\acer\UserData
2009-08-11 09:29 . 2009-08-11 09:29 -------- d-----w- c:\program files\Zain e-GO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 11:30 . 2009-08-10 17:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 20:56 . 2009-08-10 17:16 -------- d-----w- c:\program files\Common Files\Real
2009-08-22 22:56 . 2009-08-10 17:06 -------- d-----w- c:\program files\MSN Messenger
2009-08-19 17:28 . 2009-08-10 17:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-19 06:33 . 2009-08-12 05:45 4 ----a-w- C:\timeStmp.tmp
2009-08-15 16:01 . 2009-08-10 16:59 95024 ----a-w- c:\documents and settings\acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 23:47 . 2009-08-10 17:18 -------- d-----w- c:\documents and settings\acer\Application Data\Paltalk
2009-08-11 21:26 . 2009-08-10 17:03 -------- d-----w- c:\program files\GRETECH
2009-08-10 17:30 . 2009-08-10 17:30 -------- d-----w- c:\documents and settings\acer\Application Data\ESET
2009-08-10 17:29 . 2009-08-10 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-10 17:25 . 2009-08-10 17:25 -------- d-----w- c:\program files\Intel
2009-08-10 17:23 . 2009-08-10 17:23 -------- d-----w- c:\program files\CONEXANT
2009-08-10 17:18 . 2009-08-10 17:18 -------- d-----w- c:\program files\Total Video Converter
2009-08-10 17:17 . 2009-08-10 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-08-10 17:16 . 2009-08-10 17:16 -------- d-----w- c:\program files\CyberLink
2009-08-10 17:16 . 2009-08-10 17:15 -------- d-----w- c:\program files\Real
2009-08-10 17:14 . 2009-08-10 17:13 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-08-10 17:12 . 2009-08-10 17:12 172032 ------w- c:\windows\Setup1.exe
2009-08-10 17:12 . 2009-08-10 17:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-08-10 17:07 . 2009-08-10 17:07 -------- d-----w- c:\program files\Microsoft.NET
2009-08-10 17:06 . 2009-08-10 17:06 -------- d-----w- c:\program files\Microsoft Works
2009-08-10 16:54 . 2009-08-10 16:54 -------- d-----w- c:\program files\microsoft frontpage
2009-08-10 16:50 . 2009-08-10 16:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-03 12:48 . 2009-07-03 12:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 12:45 . 2009-07-03 12:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-06-15 11:01 . 2009-06-15 11:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
.
------- Sigcheck -------
[-] 2007-11-22 . 0A874046BB7B547864811CFF0DD19724 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-08-12 3114416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-23 185896]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-20 113664]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S3 DBGMSG;DBGMSG;dbgmsg.sys --> dbgmsg.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{585f8106-9c6b-11de-b66a-001f3a2629ba}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MagnifyingGlass - c:\documents and settings\acer\Desktop\copy95\برامج تعليمية\Magnifying Glass.exe
HKLM-Explorer_Run-pathn - c:\windows\system\svchost.exe
HKLM-Explorer_Run-svchst - c:\windows\system\svchost.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.kw/
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: &تصدير إلى Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-09-08 15:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2492)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1025\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1025\OWCI11.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-08 15:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-08 12:45
Pre-Run: 38,813,769,728 bytes free
Post-Run: 39,351,730,176 bytes free
220
توقيع : sneekr
تأييد
0