هذا التقرير الاول ComboFix 08-08-09.06 - adel 08/10/2008 14:25:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.96 [GMT 3:00]
Running from: C:\Documents and Settings\adel\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\adel\Application Data\temp.dll
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\blphcn2wj0enfr.scr
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\phcn2wj0enfr.bmp
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\vb6lib.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 11:27 6,404,012 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-10 11:27 477,618,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-10 11:27 333,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-10 11:27 3,476,256 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-10 11:27 --------- d-----w C:\Documents and Settings\adel\Application Data\DMCache
2008-08-10 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-10 10:33 --------- d-----w C:\Documents and Settings\adel\Application Data\cleaner
2008-08-09 09:07 --------- d-----w C:\Program Files\Registry Fast
2008-08-09 04:18 39 ----a-w C:\ntosboot.bat
2008-08-08 14:12 0 ----a-w C:\osy3.sys
2008-08-08 07:08 --------- d-----w C:\Documents and Settings\adel\Application Data\Skype
2008-08-08 05:06 --------- d-----w C:\Program Files\Cucusoft
2008-08-08 04:58 --------- d-----w C:\Documents and Settings\adel\Application Data\SWF.max
2008-08-08 04:56 --------- d-----w C:\Program Files\SWF.max
2008-08-08 04:50 --------- d-----w C:\Program Files\Batch Image Resizer
2008-08-08 04:31 --------- d-----w C:\Program Files\ImTOO
2008-08-08 04:09 --------- d-----w C:\Program Files\AIMP2
2008-08-08 03:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-08 02:18 --------- d-----w C:\Program Files\Xilisoft
2008-08-07 04:34 --------- d-----w C:\Program Files\Realtek AC97
2008-08-07 03:41 40,136 ----a-w C:\WINDOWS\system32\drivers\ET5Drv.sys
2008-08-07 03:34 --------- d-----w C:\Program Files\Gigabyte
2008-08-07 03:23 --------- d-----w C:\Program Files\AvRack
2008-08-07 02:40 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-08-07 02:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-07 02:40 --------- d-----w C:\Program Files\Paltalk Messenger
2008-08-07 02:40 --------- d-----w C:\Program Files\MyTubePlayer
2008-08-07 02:40 --------- d-----w C:\Program Files\ma-config.com
2008-08-07 02:40 --------- d-----w C:\Program Files\Blaze Video Magic
2008-08-07 02:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-08-07 00:31 --------- d-----w C:\Documents and Settings\adel\Application Data\IDM
2008-08-07 00:16 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 04:51 --------- d-----w C:\Documents and Settings\adel\Application Data\InstallShield
2008-08-06 04:14 2,793,472 ----a-w C:\
08062008drvgenpro.exe
2008-08-04 05:08 --------- d-----w C:\Program Files\MSNTweaker
2008-08-04 02:17 --------- d-----w C:\Program Files\Quack Player
2008-08-04 02:15 --------- d-----w C:\Documents and Settings\adel\Application Data\Hide IP NG
2008-08-04 00:04 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-03 23:44 --------- d-----w C:\Documents and Settings\adel\Application Data\Delete
2008-08-02 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-02 01:23 --------- d-----w C:\Program Files\Folderico
2008-08-02 00:33 --------- d-----w C:\Program Files\Google
2008-08-01 22:24 --------- d-----w C:\Program Files\Registry Compressor
2008-08-01 19:25 --------- d-----w C:\Program Files\Kristanix
2008-08-01 17:50 --------- d-----w C:\Program Files\Nicolas MERLET
2008-08-01 16:03 --------- d-----w C:\Program Files\GVR
2008-08-01 15:51 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-01 15:49 --------- d-----w C:\Program Files\Common Files\Real
2008-08-01 15:45 --------- d-----w C:\Program Files\IE7Pro
2008-08-01 15:45 --------- d-----w C:\Documents and Settings\adel\Application Data\IE7Pro
2008-07-31 00:38 --------- d-----w C:\Program Files\Flock
2008-07-31 00:38 --------- d-----w C:\Documents and Settings\adel\Application Data\Flock
2008-07-29 13:33 --------- d-----w C:\Program Files\QuickTime
2008-07-29 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-29 04:59 --------- d-----w C:\Program Files\ShaPlus Google Translator
2008-07-29 04:47 --------- d-----w C:\Documents and Settings\adel\Application Data\skypePM
2008-07-28 08:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-07-26 00:19 --------- d-----w C:\Documents and Settings\adel\Application Data\Paltalk
2008-07-25 19:31 --------- d-----w C:\Program Files\System
2008-07-25 03:48 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-21 08:59 --------- d-----w C:\Documents and Settings\adel\Application Data\Auslogics
2008-07-21 03:05 --------- d-----w C:\Documents and Settings\adel\Application Data\CyberScrub
2008-07-21 02:29 --------- d-----w C:\Documents and Settings\adel\Application Data\Thinstall
2008-07-21 00:39 --------- d-----w C:\Documents and Settings\adel\Application Data\URSoft
2008-07-21 00:37 --------- d-----w C:\Documents and Settings\adel\Application Data\FLVPlayer4Free
2008-07-21 00:35 --------- d-----w C:\Documents and Settings\adel\Application Data\NCH Swift Sound
2008-07-21 00:34 --------- d-----w C:\Documents and Settings\adel\Application Data\Media Player Classic
2008-07-21 00:34 --------- d-----w C:\Documents and Settings\adel\Application Data\DivX
2008-07-21 00:34 --------- d-----w C:\Documents and Settings\adel\Application Data\Apple Computer
2008-07-20 09:58 --------- d-----w C:\Documents and Settings\adel\Application Data\TuneUp Software
2008-07-20 09:32 --------- d-----w C:\Documents and Settings\adel\Application Data\IEPro
2008-07-20 03:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cleaner
2008-07-20 01:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-07-18 02:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-17 23:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-07-17 19:03 --------- d-----w C:\Program Files\Anti Trojan Elite
2008-07-14 14:21 --------- d-----w C:\Program Files\NCH Software
2008-07-14 14:17 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-14 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-14 14:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-07-14 09:15 --------- d-----w C:\Program Files\Camtech
2008-07-14 08:36 --------- d-----w C:\Program Files\Vista Rainbar
2008-07-14 04:50 --------- d-----w C:\Program Files\AMP Font Viewer
2008-07-13 03:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 03:42 --------- d-----w C:\Program Files\Application Sound Embedder
2008-07-11 07:57 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-11 07:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-11 01:35 --------- d-----w C:\Program Files\Abadisoft
2008-07-11 00:37 --------- d-----w C:\Program Files\ibraheem_tech
2008-07-07 12:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\zMicroWorld_Anti_Virus
2008-07-07 10:10 --------- d-----w C:\Program Files\Panda Security
2008-06-28 00:13 --------- d-----w C:\Program Files\BreakPoint Software
2008-06-26 07:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Paltalk
2008-06-26 01:33 6,765,205 ----a-w C:\WINDOWS\REGBK08.ZIP
2008-06-24 20:29 --------- d-----w C:\Program Files\Allok Video Joiner
2008-06-24 11:11 --------- d-----w C:\Program Files\Styler
2008-06-24 11:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Styler
2008-06-20 12:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-02-15 23:50 2 --shatr C:\WINDOWS\winstart.bat
2008-03-20 15:06 1,480,232 --sha-r C:\WINDOWS\system32\LegitCheckControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/15/2007 02:28 AM 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [07/14/2006 04:24 PM 49152]
"Domino"="C:\WINDOWS\Domino.exe" [07/04/2006 02:16 PM 49152]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/13/2007 09:47 AM 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/13/2007 09:47 AM 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [01/13/2007 09:46 AM 135168]
"CheckRegDefragService"="C:\PROGRA~1\Registry Compressor\rbcs.exe" [09/22/2004 11:18 PM 299520]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
08/04/2004 12:55 AM 628224 C:\WINDOWS\system32\catsrvut.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS\system32\imc32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\
0\
0]
"Script"=C:\ntosboot.bat
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^قائمة ابدأ^البرامج^بدء التشغيل^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^قائمة ابدأ^البرامج^بدء التشغيل^RocketDock.lnk]
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^قائمة ابدأ^البرامج^بدء التشغيل^Styler.lnk]
backup=C:\WINDOWS\pss\Styler.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^gce.exe]
backup=C:\WINDOWS\pss\gce.exeCommon Startup
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\gce.exe
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
--a------ 08/07/2008 06:43 AM 207680 C:\Program Files\Gigabyte\ET5\GUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 10/18/2007 11:34 AM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 11/15/2007 02:28 AM 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 03/01/2006 04:22 PM 577536 C:\WINDOWS\soundman.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*
isabled
oVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*
isabled
oVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*
isabled
oVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*
isabled
oVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*
isabled
oVoo UDP المنفذ 37675
"8567:TCP"= 8567:TCP:*
isabled
oVoo TCP المنفذ 8567
"8567:UDP"= 8567:UDP:*
isabled
oVoo UDP المنفذ 8567
"8568:UDP"= 8568:UDP:*
isabled
oVoo UDP المنفذ 8568
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [06/19/2008 05:24 PM]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [12/10/2002 09:11 AM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\adel\My Documents\دولي []
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 12:56 AM]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 RapDrv;RapDrv;C:\WINDOWS\system32\drivers\RapDrv.sys [10/24/2003 03:57 PM]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [02/25/2003 06:26 PM]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [02/25/2003 06:26 PM]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [06/14/2008 03:23 AM]
S4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [03/30/2005 09:40 AM]
.
s of the 'Scheduled Tasks' folder
2008-08-08 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [12/21/2007 03:17 PM]
2008-07-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [04/11/2008 05:57 PM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://74.53.137.226/imscp/talka.cab
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\Authenticatedll.dll
C:\WINDOWS\Downloaded Program Files\imcv1.dll
C:\Program Files\LtUcx\1003\imcv1.dll
C:\WINDOWS\Downloaded Program Files\IMSInfo.dll
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_0_32.cab
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-10 14:30:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 20 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcdrom]
"ImagePath"="\??\C:\Documents and Settings\adel\My Documents\دولي"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\Documents and Settings\All Users\C:\Documents and Settings\All Users\C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 08/10/2008 14:33:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 11:33:12
ComboFix2.txt 2008-08-09 07:52:14
Pre-Run: 52,526,882,816 bytes free
Post-Run: 52,435,681,280 bytes free
317 --- E O F --- 2008-08-09 09:56:48
ةهذا التقرير الثاني Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:37:23 م, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Registry Compressor\rbcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\gce.exe
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\gce.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\adel\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Common Files\Products\FMCapt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CheckRegDefragService] "C:\PROGRA~1\Registry Compressor\rbcs.exe" -autorun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: gce.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: أحصائيات مضاد فيروسات المواقع - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8430 bytes
