سلام عليكم ورحمته الله وبركاته ..
هذا تقريري والله يعطيكم العافيه :i: ..
ComboFix 08-04-13.3 - ueser 04/14/2008 12:32:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.94 [GMT 3:00]
Running from: C:\Documents and Settings\ueser\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 10:33 22,090,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-14 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-14 10:32 1,015,840 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-14 10:29 304,940 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-14 10:29 101,336 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-14 07:06 --------- d-----w C:\Documents and Settings\ueser\Application Data\DMCache
2008-04-13 20:28 --------- d-----w C:\Documents and Settings\ueser\Application Data\Orbit
2008-04-13 20:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 14:50 360,064 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 07:41 --------- d-----w C:\Program Files\Google
2008-04-13 06:21 --------- d-----w C:\Documents and Settings\ueser\Application Data\cleaner
2008-04-13 05:56 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-13 05:41 --------- d-----w C:\Program Files\Internet Download Manager
2008-04-13 05:41 --------- d-----w C:\Documents and Settings\ueser\Application Data\uTorrent
2008-04-13 05:22 --------- d-----w C:\Program Files\Kantaris
2008-04-13 05:21 --------- d-----w C:\Program Files\Webshots
2008-04-13 04:11 --------- d-----w C:\Program Files\uTorrent
2008-04-13 04:07 --------- d-----w C:\Program Files\BitTorrent
2008-04-13 03:34 --------- d-----w C:\Program Files\Reshade
2008-04-13 03:12 6,832,448 ----a-w C:\WINDOWS\REGBK00.ZIP
2008-04-13 02:54 --------- d-----w C:\Documents and Settings\ueser\Application Data\zzMicroWorld_Anti_Virus
2008-04-12 15:41 --------- d-----w C:\Documents and Settings\ueser\Application Data\kantaris
2008-04-12 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-04-12 06:07 --------- d-----w C:\Program Files\No-IP
2008-04-12 05:56 --------- d-----w C:\Program Files\EjoyStudio
2008-04-12 05:54 --------- d-----w C:\Program Files\SwitchSniffer
2008-04-09 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 03:20 --------- d-----w C:\Program Files\PConPoint
2008-04-08 19:55 1,881,149 ----a-w C:\zyzoom_kav7_key_downloader_v4.exe
2008-04-06 10:31 --------- d-----w C:\Program Files\Ashampoo
2008-04-05 12:48 --------- d-----w C:\Program Files\Unlocker
2008-04-05 12:48 --------- d-----w C:\Program Files\TrueTransparency
2008-04-05 12:48 --------- d-----w C:\Program Files\IEPro
2008-04-05 07:57 --------- d-----w C:\Documents and Settings\ueser\Application Data\Sofrayt
2008-04-05 06:19 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-05 06:19 --------- d-----w C:\Program Files\Common Files\Real
2008-04-05 03:00 --------- d-----w C:\Documents and Settings\ueser\Application Data\Uniblue
2008-04-04 03:51 --------- d-----w C:\Documents and Settings\ueser\Application Data\BSplayer
2008-04-04 03:48 --------- d-----w C:\Documents and Settings\ueser\Application Data\BSplayer PRO
2008-04-04 00:44 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-04-04 00:36 --------- d-----w C:\Documents and Settings\ueser\Application Data\IEPro
2008-04-02 04:52 --------- d-----w C:\Documents and Settings\ueser\Application Data\GetRightToGo
2008-04-02 04:36 --------- d-----w C:\Program Files\Gabest
2008-03-31 21:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 01:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 01:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 01:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-29 08:19 --------- d-----w C:\Program Files\Vimicro
2008-03-27 17:01 --------- d-----w C:\Program Files\Real
2008-03-26 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-26 00:05 --------- d-----w C:\Program Files\GRETECH
2008-03-26 00:03 --------- d-----w C:\Program Files\Registry Compressor
2008-03-23 21:50 --------- d-----w C:\Documents and Settings\ueser\Application Data\zMicroWorld_Anti_Virus
2008-03-21 11:20 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-03-20 19:48 --------- d-----w C:\Program Files\IObit
2008-03-20 17:49 --------- d-----w C:\Documents and Settings\ueser\Application Data\IDM
2008-03-20 17:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-19 16:03 --------- d-----w C:\Documents and Settings\ueser\Application Data\FastStone
2008-03-11 14:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IEPro
2008-03-11 14:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-11 11:13 --------- d-----w C:\Program Files\Common Files\delet
2008-03-10 22:29 --------- d-----w C:\Program Files\QO Developments
2008-03-10 19:07 81,288 -c--a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-10 19:07 66,952 -c--a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-10 19:07 41,864 -c--a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-10 19:07 29,576 -c--a-w C:\WINDOWS\system32\drivers\kcom.sys
2008-03-10 14:44 --------- d-----w C:\Documents and Settings\ueser\Application Data\Ashampoo
2008-03-10 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-03-08 15:56 --------- d-----w C:\Documents and Settings\ueser\Application Data\TrojanHunter
2008-03-07 11:06 --------- d-----w C:\Program Files\Windows Live
2008-03-07 09:39 91,700 -c--a-w C:\WINDOWS\system32\drivers\klin.dat
2008-03-07 09:39 85,860 -c--a-w C:\WINDOWS\system32\drivers\klick.dat
2008-03-07 09:38 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-06 11:05 --------- d-----w C:\Documents and Settings\ueser\Application Data\MiniDm
2008-03-02 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-02-28 00:34 --------- d-----w C:\Documents and Settings\ueser\Application Data\Flock
2008-02-27 18:21 --------- d-----w C:\Documents and Settings\ueser\Application Data\MxBoost
2008-02-25 16:54 --------- d-----w C:\Documents and Settings\ueser\Application Data\Yahoo!
2008-02-24 08:03 --------- d-----w C:\Program Files\PhotoZoom Pro 2
2008-02-22 04:40 --------- d-----w C:\Documents and Settings\ueser\Application Data\Move Networks
2008-02-21 15:32 --------- d-----w C:\Program Files\DCETools
2008-02-20 03:01 --------- d-----w C:\Documents and Settings\ueser\Application Data\ESTsoft
2008-02-19 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flexense
2008-02-19 02:50 6,114 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-19 02:50 54,647 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-15 22:48 --------- d-----w C:\Documents and Settings\ueser\Application Data\Alien Skin
2008-02-15 15:52 --------- d-----w C:\Documents and Settings\ueser\Application Data\MakeUpPilot
2004-03-07 07:30 16 -c--a-w C:\Documents and Settings\ueser\Application Data\QNVW601P.dll
.
------- Sigcheck -------
04/20/2006 03:18 PM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
10/30/2007 07:53 PM 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
04/13/2008 05:50 PM 360064 ef7834c1d9ddf4c7da697d8c24a03791 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [11/29/2007 07:25 PM 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:56 AM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [03/21/2008 06:30 AM 2594224]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2003 08:05 PM 1498032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [11/03/2007 03:50 PM 6731312]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [08/05/2005 03:15 PM 61440]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [03/01/2008 08:10 AM 15872]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM 227856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 01:06 PM 40048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/05/2008 09:18 AM 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 10:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [10/04/2006 11:48 AM 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
gce.exe [2007-07-08 22:02:08 30720]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gce.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
backup=C:\WINDOWS\pss\gce.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ueser^Start Menu^Programs^Startup^lang_A_S.exe]
backup=C:\WINDOWS\pss\lang_A_S.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ueser^Start Menu^Programs^Startup^TaskBarTransparent.lnk]
backup=C:\WINDOWS\pss\TaskBarTransparent.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ueser^Start Menu^Programs^Startup^TrueTransparency.lnk]
backup=C:\WINDOWS\pss\TrueTransparency.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
-ra--c--- 12/12/2005 10:52 AM 454656 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
--a------ 08/05/2005 03:15 PM 61440 C:\WINDOWS\VM305_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckRegDefragService]
--a------ 09/22/2004 11:18 PM 299520 C:\PROGRA~1\REGIST~2\rbcs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lrrpfgcp]
--a--c--- 07/08/2007 09:50 PM 8192 C:\WINDOWS\lrrpfgcp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
--a--c--- 12/05/2007 07:45 AM 916800 C:\Program Files\RFA\rfagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 04/05/2008 09:18 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a--c--- 09/15/2006 05:54 AM 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a--c--- 04/26/2007 02:41 AM 176128 C:\WINDOWS\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabledxpsp2res.dll,-22009
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/14/2007 12:28 AM]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [09/18/2001 01:46 PM]
S3 PCNat;PC-Nat Miniport;C:\WINDOWS\system32\DRIVERS\pcnat.sys [03/26/2003 12:51 PM]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [11/03/2005 10:46 AM]
.
*******s of the 'Scheduled Tasks' folder
"2008-04-14 10:30:32 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-04-14 13:32:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 04/14/2008 13:55:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 10:53:37
Pre-Run: 12,686,643,200 bytes free
Post-Run: 12,646,199,296 bytes free
.
2008-04-11 18:02:42 --- E O F ---
ماكنّه كبير 88 :u:
.. وهذا تقريري بالهايجاك.. :q:
Logfile of HijackThis v1.99.1
Scan saved at 02:05:37 م, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: gce.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: إضافة إلى مضاد الشعارات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
سلام عليكم .. :i:
هذا تقريري والله يعطيكم العافيه :i: ..
ComboFix 08-04-13.3 - ueser 04/14/2008 12:32:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.94 [GMT 3:00]
Running from: C:\Documents and Settings\ueser\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 10:33 22,090,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-14 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-14 10:32 1,015,840 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-14 10:29 304,940 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-14 10:29 101,336 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-14 07:06 --------- d-----w C:\Documents and Settings\ueser\Application Data\DMCache
2008-04-13 20:28 --------- d-----w C:\Documents and Settings\ueser\Application Data\Orbit
2008-04-13 20:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 14:50 360,064 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 07:41 --------- d-----w C:\Program Files\Google
2008-04-13 06:21 --------- d-----w C:\Documents and Settings\ueser\Application Data\cleaner
2008-04-13 05:56 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-13 05:41 --------- d-----w C:\Program Files\Internet Download Manager
2008-04-13 05:41 --------- d-----w C:\Documents and Settings\ueser\Application Data\uTorrent
2008-04-13 05:22 --------- d-----w C:\Program Files\Kantaris
2008-04-13 05:21 --------- d-----w C:\Program Files\Webshots
2008-04-13 04:11 --------- d-----w C:\Program Files\uTorrent
2008-04-13 04:07 --------- d-----w C:\Program Files\BitTorrent
2008-04-13 03:34 --------- d-----w C:\Program Files\Reshade
2008-04-13 03:12 6,832,448 ----a-w C:\WINDOWS\REGBK00.ZIP
2008-04-13 02:54 --------- d-----w C:\Documents and Settings\ueser\Application Data\zzMicroWorld_Anti_Virus
2008-04-12 15:41 --------- d-----w C:\Documents and Settings\ueser\Application Data\kantaris
2008-04-12 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-04-12 06:07 --------- d-----w C:\Program Files\No-IP
2008-04-12 05:56 --------- d-----w C:\Program Files\EjoyStudio
2008-04-12 05:54 --------- d-----w C:\Program Files\SwitchSniffer
2008-04-09 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 03:20 --------- d-----w C:\Program Files\PConPoint
2008-04-08 19:55 1,881,149 ----a-w C:\zyzoom_kav7_key_downloader_v4.exe
2008-04-06 10:31 --------- d-----w C:\Program Files\Ashampoo
2008-04-05 12:48 --------- d-----w C:\Program Files\Unlocker
2008-04-05 12:48 --------- d-----w C:\Program Files\TrueTransparency
2008-04-05 12:48 --------- d-----w C:\Program Files\IEPro
2008-04-05 07:57 --------- d-----w C:\Documents and Settings\ueser\Application Data\Sofrayt
2008-04-05 06:19 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-05 06:19 --------- d-----w C:\Program Files\Common Files\Real
2008-04-05 03:00 --------- d-----w C:\Documents and Settings\ueser\Application Data\Uniblue
2008-04-04 03:51 --------- d-----w C:\Documents and Settings\ueser\Application Data\BSplayer
2008-04-04 03:48 --------- d-----w C:\Documents and Settings\ueser\Application Data\BSplayer PRO
2008-04-04 00:44 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-04-04 00:36 --------- d-----w C:\Documents and Settings\ueser\Application Data\IEPro
2008-04-02 04:52 --------- d-----w C:\Documents and Settings\ueser\Application Data\GetRightToGo
2008-04-02 04:36 --------- d-----w C:\Program Files\Gabest
2008-03-31 21:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 01:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 01:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 01:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-29 08:19 --------- d-----w C:\Program Files\Vimicro
2008-03-27 17:01 --------- d-----w C:\Program Files\Real
2008-03-26 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-26 00:05 --------- d-----w C:\Program Files\GRETECH
2008-03-26 00:03 --------- d-----w C:\Program Files\Registry Compressor
2008-03-23 21:50 --------- d-----w C:\Documents and Settings\ueser\Application Data\zMicroWorld_Anti_Virus
2008-03-21 11:20 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-03-20 19:48 --------- d-----w C:\Program Files\IObit
2008-03-20 17:49 --------- d-----w C:\Documents and Settings\ueser\Application Data\IDM
2008-03-20 17:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-19 16:03 --------- d-----w C:\Documents and Settings\ueser\Application Data\FastStone
2008-03-11 14:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IEPro
2008-03-11 14:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-11 11:13 --------- d-----w C:\Program Files\Common Files\delet
2008-03-10 22:29 --------- d-----w C:\Program Files\QO Developments
2008-03-10 19:07 81,288 -c--a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-10 19:07 66,952 -c--a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-10 19:07 41,864 -c--a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-10 19:07 29,576 -c--a-w C:\WINDOWS\system32\drivers\kcom.sys
2008-03-10 14:44 --------- d-----w C:\Documents and Settings\ueser\Application Data\Ashampoo
2008-03-10 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2008-03-08 15:56 --------- d-----w C:\Documents and Settings\ueser\Application Data\TrojanHunter
2008-03-07 11:06 --------- d-----w C:\Program Files\Windows Live
2008-03-07 09:39 91,700 -c--a-w C:\WINDOWS\system32\drivers\klin.dat
2008-03-07 09:39 85,860 -c--a-w C:\WINDOWS\system32\drivers\klick.dat
2008-03-07 09:38 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-06 11:05 --------- d-----w C:\Documents and Settings\ueser\Application Data\MiniDm
2008-03-02 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-02-28 00:34 --------- d-----w C:\Documents and Settings\ueser\Application Data\Flock
2008-02-27 18:21 --------- d-----w C:\Documents and Settings\ueser\Application Data\MxBoost
2008-02-25 16:54 --------- d-----w C:\Documents and Settings\ueser\Application Data\Yahoo!
2008-02-24 08:03 --------- d-----w C:\Program Files\PhotoZoom Pro 2
2008-02-22 04:40 --------- d-----w C:\Documents and Settings\ueser\Application Data\Move Networks
2008-02-21 15:32 --------- d-----w C:\Program Files\DCETools
2008-02-20 03:01 --------- d-----w C:\Documents and Settings\ueser\Application Data\ESTsoft
2008-02-19 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flexense
2008-02-19 02:50 6,114 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-19 02:50 54,647 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-15 22:48 --------- d-----w C:\Documents and Settings\ueser\Application Data\Alien Skin
2008-02-15 15:52 --------- d-----w C:\Documents and Settings\ueser\Application Data\MakeUpPilot
2004-03-07 07:30 16 -c--a-w C:\Documents and Settings\ueser\Application Data\QNVW601P.dll
.
------- Sigcheck -------
04/20/2006 03:18 PM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
10/30/2007 07:53 PM 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
04/13/2008 05:50 PM 360064 ef7834c1d9ddf4c7da697d8c24a03791 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [11/29/2007 07:25 PM 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:56 AM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [03/21/2008 06:30 AM 2594224]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2003 08:05 PM 1498032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [11/03/2007 03:50 PM 6731312]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [08/05/2005 03:15 PM 61440]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [03/01/2008 08:10 AM 15872]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM 227856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 01:06 PM 40048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/05/2008 09:18 AM 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 10:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [10/04/2006 11:48 AM 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
gce.exe [2007-07-08 22:02:08 30720]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gce.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
backup=C:\WINDOWS\pss\gce.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ueser^Start Menu^Programs^Startup^lang_A_S.exe]
backup=C:\WINDOWS\pss\lang_A_S.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ueser^Start Menu^Programs^Startup^TaskBarTransparent.lnk]
backup=C:\WINDOWS\pss\TaskBarTransparent.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ueser^Start Menu^Programs^Startup^TrueTransparency.lnk]
backup=C:\WINDOWS\pss\TrueTransparency.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
-ra--c--- 12/12/2005 10:52 AM 454656 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
--a------ 08/05/2005 03:15 PM 61440 C:\WINDOWS\VM305_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckRegDefragService]
--a------ 09/22/2004 11:18 PM 299520 C:\PROGRA~1\REGIST~2\rbcs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lrrpfgcp]
--a--c--- 07/08/2007 09:50 PM 8192 C:\WINDOWS\lrrpfgcp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
--a--c--- 12/05/2007 07:45 AM 916800 C:\Program Files\RFA\rfagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 04/05/2008 09:18 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
C:\WINDOWS\VIPv3\VIPhd\vsdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a--c--- 09/15/2006 05:54 AM 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a--c--- 04/26/2007 02:41 AM 176128 C:\WINDOWS\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
isabledxpsp2res.dll,-22009R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/14/2007 12:28 AM]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [09/18/2001 01:46 PM]
S3 PCNat;PC-Nat Miniport;C:\WINDOWS\system32\DRIVERS\pcnat.sys [03/26/2003 12:51 PM]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [11/03/2005 10:46 AM]
.
*******s of the 'Scheduled Tasks' folder
"2008-04-14 10:30:32 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-04-14 13:32:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 04/14/2008 13:55:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 10:53:37
Pre-Run: 12,686,643,200 bytes free
Post-Run: 12,646,199,296 bytes free
.
2008-04-11 18:02:42 --- E O F ---
ماكنّه كبير 88 :u:.. وهذا تقريري بالهايجاك.. :q:
Logfile of HijackThis v1.99.1
Scan saved at 02:05:37 م, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: gce.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: إضافة إلى مضاد الشعارات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
سلام عليكم .. :i:
