مشكور اخي و هذا تقرير combo
ComboFix 08-07-25.7 - alkurdi 2008-07-26 17:13:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.962.1033.18.660 [GMT 2:00]
Running from: D:\program\fix enternet explorr\coputer problem\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\alkurdi\Application Data\.#
C:\Documents and Settings\alkurdi\Application Data\.#\MBX@61C@3841F8.###
C:\Documents and Settings\alkurdi\Application Data\.#\MBX@61C@384228.###
C:\Documents and Settings\alkurdi\Application Data\.#\MBX@61C@384258.###
C:\Documents and Settings\alkurdi\Application Data\.#\MBX@698@3841F8.###
C:\Documents and Settings\alkurdi\Application Data\.#\MBX@698@384228.###
C:\Documents and Settings\alkurdi\Application Data\.#\MBX@698@384258.###
C:\Documents and Settings\alkurdi\Application Data\Antivirus2008y
C:\Documents and Settings\alkurdi\Application Data\macromedia\Flash Player\#Shareds\328LRB9F\interclick.com
C:\Documents and Settings\alkurdi\Application Data\macromedia\Flash Player\#Shareds\328LRB9F\interclick.com\ud.sol
C:\Documents and Settings\alkurdi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\alkurdi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\ALOAudioFile2.dll
C:\WINDOWS\system32\ALOAVIFile.dll
C:\WINDOWS\system32\ALOQuickTimeFile.dll
C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOWMAFile2.dll
C:\WINDOWS\system32\cmnocfg.xml
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\qviexio3.dat
C:\WINDOWS\system32\Ultra.dll
C:\WINDOWS\system32\winitn.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-25 01:14 . 2008-07-25 01:15 <DIR> d-------- C:\Program Files\Golden Al-Wafi Translator
2008-07-25 01:14 . 2008-07-25 01:14 172,032 --------- C:\WINDOWS\Setup1.exe
2008-07-21 23:19 . 2008-07-21 23:19 <DIR> d-------- C:\Program Files\SoftwareDoctor
2008-07-21 19:20 . 2008-07-21 19:20 <DIR> d-------- C:\Program Files\Real
2008-07-21 19:20 . 2008-07-21 19:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-19 19:42 . 2008-07-19 19:59 <DIR> d-------- C:\Prokon
2008-07-16 02:21 . 2008-07-16 02:21 <DIR> d-------- C:\Documents and Settings\alkurdi\Application Data\Avira
2008-07-16 02:17 . 2008-07-16 02:17 <DIR> d-------- C:\Program Files\Avira
2008-07-16 02:17 . 2008-07-16 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-16 02:17 . 2008-07-16 02:28 71,592 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-07-16 02:17 . 2008-07-16 02:28 71,464 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-07-15 12:47 . 2008-07-15 12:47 <DIR> d-------- C:\Program Files\Business-in-a-Box
2008-07-14 15:52 . 2006-01-06 15:53 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2008-07-14 15:52 . 2006-01-06 15:53 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-07-14 15:17 . 2008-07-15 20:19 <DIR> d-------- C:\Documents and Settings\alkurdi\Contacts
2008-07-13 15:28 . 2008-07-13 16:08 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-13 02:33 . 2008-07-13 02:33 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4
2008-07-10 03:48 . 2008-07-23 00:44 <DIR> d-------- C:\Documents and Settings\alkurdi\Application Data\Nuotex
2008-07-10 03:08 . 2008-07-10 03:08 <DIR> d-------- C:\Documents and Settings\alkurdi\amsn_received
2008-07-10 03:08 . 2008-07-10 03:08 <DIR> d-------- C:\Documents and Settings\alkurdi\amsn
2008-07-10 03:07 . 2008-07-10 03:15 <DIR> d-------- C:\Program Files\AMSN
2008-07-09 02:55 . 2008-07-09 02:55 <DIR> d-------- C:\Program Files\Street Fighter II
2008-07-09 02:55 . 2008-06-05 02:10 32,768 --a------ C:\WINDOWS\system32\Yahoo.exe
2008-07-09 01:41 . 2008-07-14 14:33 <DIR> d-------- C:\Documents and Settings\alkurdi\Application Data\DMCache
2008-07-05 02:57 . 2008-07-07 03:57 <DIR> d-------- C:\Documents and Settings\alkurdi\Application Data\DivX
2008-07-02 13:53 . 2008-07-02 13:53 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-07-01 03:28 . 2008-07-15 22:09 <DIR> d-------- C:\Documents and Settings\alkurdi\Application Data\MysteryStudio
2008-07-01 03:22 . 2008-07-01 03:22 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-06-29 15:18 . 2008-06-29 15:18 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-06-29 15:18 . 2008-06-29 15:18 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-06-29 15:18 . 2007-09-12 19:29 782,336 -ra------ C:\WINDOWS\system32\tmp1E.tmp
2008-06-29 15:18 . 2007-09-12 19:29 782,336 -ra------ C:\WINDOWS\system32\tmp1D.tmp
2008-06-29 15:00 . 2008-07-05 23:27 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-06-29 15:00 . 2008-07-05 23:27 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-06-29 13:31 . 2008-06-29 13:31 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 01:41 . 2008-01-01 21:38 <DIR> d-------- C:\Documents and Settings\Administrator\ff_temp
2008-06-29 01:41 . 2008-01-01 21:38 <DIR> d-------- C:\Documents and Settings\Administrator\7zS184A.tmp
2008-06-29 01:41 . 2008-06-29 01:45 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-28 03:10 . 2008-06-28 03:10 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-28 03:06 . 2008-06-28 03:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-06-28 03:05 . 2008-06-29 15:32 <DIR> d-------- C:\Program Files\WildGames
2008-06-28 02:55 . 2008-06-28 02:56 <DIR> d-------- C:\Program Files\Project64 1.6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-24 23:14 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-21 21:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-21 17:20 --------- d-----w C:\Program Files\Common Files\Real
2008-07-16 02:07 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-07-14 23:43 --------- d-----w C:\Documents and Settings\alkurdi\Application Data\Hamachi
2008-07-14 19:39 --------- d-----w C:\Documents and Settings\alkurdi\Application Data\mjusbsp
2008-07-14 13:15 --------- d-----w C:\Program Files\MSN Messenger
2008-07-14 02:39 --------- d-----w C:\Documents and Settings\alkurdi\Application Data\LimeWire
2008-07-05 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-05 13:38 --------- d-----w C:\Documents and Settings\alkurdi\Application Data\Autodesk
2008-07-03 00:17 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-07-03 00:17 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-07-03 00:17 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2008-07-03 00:17 544,256 ----a-w C:\WINDOWS\system32\agsaamd.dll
2008-07-03 00:17 538,624 ----a-w C:\WINDOWS\system32\agsaamb.dll
2008-07-03 00:17 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-07-03 00:17 331,776 ----a-w C:\WINDOWS\system32\agsaama.dll
2008-07-03 00:17 2,846,720 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-07-03 00:16 90,112 ----a-w C:\WINDOWS\system32\ALOAudioFormatSettings3.dll
2008-07-03 00:16 780,288 ----a-w C:\WINDOWS\system32\ALOVideoCompress.dll
2008-07-03 00:16 778,240 ----a-w C:\WINDOWS\system32\ALOAudioCompress2.dll
2008-07-03 00:16 215,552 ----a-w C:\WINDOWS\system32\ALOWMVFile.dll
2008-07-03 00:16 2,846,720 ----a-w C:\WINDOWS\system32\ALOAudioCompress3.dll
2008-07-03 00:16 188,416 ----a-w C:\WINDOWS\system32\ALOVideoFile.dll
2008-07-03 00:16 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-07-02 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-02 11:54 --------- d-----w C:\Documents and Settings\alkurdi\Application Data\CyberLink
2008-07-02 11:52 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
2008-06-29 13:18 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-29 13:18 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-29 13:18 --------- d-----w C:\Program Files\OpenAL
2008-06-29 13:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 11:13 --------- d-----w C:\Documents and Settings\alkurdi\Application Data\USBSafelyRemove
2008-06-21 16:58 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-20 19:27 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-06-20 19:27 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-06-20 19:27 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-06-20 19:27 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-06-12 21:51 --------- d-----w C:\Program Files\Borland
2008-06-12 21:51 --------- d-----w C:\Program Files\Algorithm
2008-06-06 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-06 07:57 --------- d-----w C:\Program Files\Google
2008-06-04 13:18 --------- d-----w C:\Documents and Settings\alkurdi\Application Data\Makayama
2008-06-03 14:59 --------- d-----w C:\Documents and Settings\alkurdi\Application Data\Nokia Multimedia Player
2008-05-28 22:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-02 20:46 768,544 ----a-w C:\WINDOWS\system32\nvcplui.exe
2008-05-02 20:46 442,368 ----a-w C:\WINDOWS\system32\nvudisp.exe
2008-05-02 20:46 313,888 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2008-05-01 15:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-15 09:59 81,920 ----a-w C:\Documents and Settings\alkurdi\Application Data\ezpinst.exe
2008-04-15 09:59 47,360 ----a-w C:\Documents and Settings\alkurdi\Application Data\pcouffin.sys
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
------- Sigcheck -------
2006-01-13 04:03 360448 2a4818aea80acd2c95d7d92d2f3155f8 C:\WINDOWS\system32\drivers\tcpip.sys
2006-01-13 03:46 1075200 2deaca71a7fd77205f59d48d76b2f565 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-01-13 03:13 15360]
"cdloader"="C:\Documents and Settings\alkurdi\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 21:37 50520]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-06 09:52 68856]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-02-19 12:36 155648]
"Adobe Reader Speed Launcher"="D:\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RemoteControl8"="d:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="d:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-07-20 02:29 266497]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-21 19:19 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 03:41 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-13 03:36 62054]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
C:\Documents and Settings\alkurdi\Start Menu\Programs\Startup\
Yahoo.lnk - C:\WINDOWS\system32\Yahoo.exe [2008-07-09 02:55:26 32768]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-22 23:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 bpbsrhjr;bpbsrhjr;C:\WINDOWS\system32\drivers\raonrvap.dat []
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-07-16 02:28]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-07-20 02:29]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-20 02:29]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-07-20 02:29]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [2008-07-20 02:29]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2006-01-13 03:38]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-07-16 02:28]
S1 aiptektp;Pen Pad;C:\WINDOWS\system32\DRIVERS\aiptektp.sys []
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 16:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c9ed534-cac3-11dc-b7d9-000c41e9d2db}]
\Shell\AutoRun\command - tfk8.exe
\Shell\explore\Command - tfk8.exe
\Shell\open\Command - tfk8.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c9ed53d-cac3-11dc-b7d9-000c41e9d2db}]
\Shell\AutoRun\command - tfk8.exe
\Shell\explore\Command - tfk8.exe
\Shell\open\Command - tfk8.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c9ed53e-cac3-11dc-b7d9-000c41e9d2db}]
\Shell\AutoRun\command - tfk8.exe
\Shell\explore\Command - tfk8.exe
\Shell\open\Command - tfk8.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46c60286-1b98-11dd-b925-0014d113ae19}]
\Shell\AutoRun\command - I:\autorun.exe
\Shell\phone\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48b85d34-ca56-11dc-b7d7-000c41e9d2db}]
\Shell\AutoRun\command - E:\nplrssy.exe
\Shell\explore\Command - E:\nplrssy.exe
\Shell\open\Command - E:\nplrssy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8270f802-be25-11dc-b79d-000c41e9d2db}]
\Shell\AutoRun\command - E:\adgiygu.exe
\Shell\explore\Command - E:\adgiygu.exe
\Shell\open\Command - E:\adgiygu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8545671c-ccf1-11dc-b7e3-000c41e9d2db}]
\shell\explore\Command - boot.exe
\shell\open\Command - boot.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c47d4be-47b3-11dd-b9f1-0014d113ae19}]
\Shell\AutoRun\command - tfk8.exe
\Shell\explore\Command - tfk8.exe
\Shell\open\Command - tfk8.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c47d4bf-47b3-11dd-b9f1-0014d113ae19}]
\Shell\AutoRun\command - tfk8.exe
\Shell\explore\Command - tfk8.exe
\Shell\open\Command - tfk8.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4de81e4-c044-11dc-b7a6-000c41e9d2db}]
\Shell\AutoRun\command - xfoolavp.com
\Shell\explore\Command - xfoolavp.com
\Shell\open\Command - xfoolavp.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a5ecab-481b-11dd-b9f2-0014d113ae19}]
\Shell\AutoRun\command - tfk8.exe
\Shell\explore\Command - tfk8.exe
\Shell\open\Command - tfk8.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{D39D074E-A2DA-4963-9319-481DA3B6993A} - C:\WINDOWS\system32\auth.dll
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKCU-Run-Antivirus2008y - C:\Program Files\Antivirus2008y\antvrs.exe
HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-SystemBackup - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)
HKLM-Explorer_Run-DirectX For Microsoft® Windows - C:\WINDOWS\system32\fservice.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-07-26 17:17:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bpbsrhjr]
"ImagePath"="system32\drivers\raonrvap.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-07-26 17:23:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 15:23:09
Pre-Run: 6,378,917,888 bytes free
Post-Run: 7,015,710,720 bytes free
309
و هذا تقريق hijak
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:32 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\program\fix enternet explorr\coputer problem\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {D39D074E-A2DA-4963-9319-481DA3B6993A} - C:\WINDOWS\system32\auth.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl8] "d:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "d:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\alkurdi\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Yahoo.lnk = C:\WINDOWS\system32\Yahoo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8812 bytes
