مهاوي وبس
زيزوومى محترف
غير متصل
- بادئ الموضوع مهاوي وبس
- تاريخ البدء
- 958
MAAX
عضوشرف
غير متصل
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
او ادخلي على الوضع الأمن وشغلي الأدارة ورح تشتغل الأداة بأذن الله
الدخول للوضع الامن
اعد التشغيل وقبل ظهور شاشة الويندوز
اضغط باستمرار على زر f8
ستاتيك شاشة فيهاا عدة خيارات اختر منهاا
safemode
ثم اختر التالي
من الشاشة التالية اختر حساب الادمن او اي حساب تريد
اخيرا اضغط موافق للدخول لسطح المكتب
بالأنتظار للتقرير في الأداة الي عطاكي ياها ماكس
الدخول للوضع الامن
اعد التشغيل وقبل ظهور شاشة الويندوز
اضغط باستمرار على زر f8
ستاتيك شاشة فيهاا عدة خيارات اختر منهاا
safemode
ثم اختر التالي
من الشاشة التالية اختر حساب الادمن او اي حساب تريد
اخيرا اضغط موافق للدخول لسطح المكتب
بالأنتظار للتقرير في الأداة الي عطاكي ياها ماكس
توقيع : AbOdy
تأييد
0
نسيم الليل
زيزوومي جديد
- إنضم
- 23 أكتوبر 2007
- المشاركات
- 73
- مستوى التفاعل
- 2
- النقاط
- 80
غير متصل
نفس المشكله طلعت عندي وحملت الاداة وهذا التقرير
ComboFix 08-09-22.06 - HORUS 09/24/2008 9:36:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1490 [GMT 3:00]
Running from: C:\Documents and Settings\HORUS\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00010B26
C:\Program Files\MyWebSearch\bar\Cache\00016F8D.bin
C:\Program Files\MyWebSearch\bar\Cache\00017B26.bin
C:\Program Files\MyWebSearch\bar\Cache\00017FD9.bin
C:\Program Files\MyWebSearch\bar\Cache\0002E4E7
C:\Program Files\MyWebSearch\bar\Cache\00162678
C:\Program Files\MyWebSearch\bar\Cache\001E156A
C:\Program Files\MyWebSearch\bar\Cache\0033D394.bin
C:\Program Files\MyWebSearch\bar\Cache\0033DA6A.bin
C:\Program Files\MyWebSearch\bar\Cache\0033DE13.bin
C:\Program Files\MyWebSearch\bar\Cache\007C6650.bin
C:\Program Files\MyWebSearch\bar\Cache\007C74D7.bin
C:\Program Files\MyWebSearch\bar\Cache\007C77E4.bin
C:\Program Files\MyWebSearch\bar\Cache\007C7AE1.bin
C:\Program Files\MyWebSearch\bar\Cache\007C7DB0.bin
C:\Program Files\MyWebSearch\bar\Cache\00A666D0.bin
C:\Program Files\MyWebSearch\bar\Cache\00A6CFBC.bin
C:\Program Files\MyWebSearch\bar\Cache\00A6D8B5.bin
C:\Program Files\MyWebSearch\bar\Cache\00A6DDE5.bin
C:\Program Files\MyWebSearch\bar\Cache\00A6E2E6.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 06:43 14,069,024 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-24 06:42 --------- d-----w C:\Documents and Settings\HORUS\Application Data\DMCache
2008-09-24 06:41 501,280 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-24 06:41 48,704 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-24 06:41 194,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-24 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-23 14:07 --------- d-----w C:\Documents and Settings\HORUS\Application Data\Changer XP
2008-09-23 06:46 --------- d-----w C:\Program Files\Changer XP
2008-09-21 08:00 --------- d-----w C:\Program Files\Network Stumbler
2008-09-21 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-13 21:06 --------- d-----w C:\Documents and Settings\HORUS\Application Data\IDM
2008-09-10 16:41 --------- d-----w C:\Program Files\eTeSoft Video Converter
2008-09-05 16:40 --------- d-----w C:\Program Files\ACD Systems
2008-09-01 15:14 --------- d-----w C:\Documents and Settings\HORUS\Application Data\Thinstall
2008-08-30 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-08-30 22:52 --------- d-----w C:\Program Files\TechSmith
2008-08-30 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-29 17:17 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-08-27 19:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-26 06:54 --------- d-----w C:\Program Files\SeePassword
2008-08-26 06:54 --------- d-----w C:\Program Files\Paltalk Messenger
2008-08-26 06:54 --------- d-----w C:\Program Files\NetStudio
2008-08-26 06:54 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-26 06:54 --------- d-----w C:\Program Files\Easy Video Downloader
2008-08-26 06:54 --------- d-----w C:\Program Files\Acala 3GP Movies Free
2008-08-24 14:07 2,275,840 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-08-23 00:44 --------- d-----w C:\Documents and Settings\HORUS\Application Data\TuneUp Software
2008-08-23 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-21 20:58 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-20 21:30 --------- d-----w C:\Program Files\DupKiller
2008-08-17 13:23 --------- d-----w C:\Program Files\Cain
2008-08-17 13:16 --------- d-----w C:\Program Files\WinPcap
2008-08-16 22:00 --------- d-----w C:\Program Files\GRETECH
2008-08-16 22:00 --------- d-----w C:\Documents and Settings\HORUS\Application Data\GRETECH
2008-08-16 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-14 21:40 --------- d-----w C:\Program Files\GetData
2008-08-11 00:24 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-11 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2008-08-11 00:23 --------- d-----w C:\Program Files\Ulead Systems
2008-08-11 00:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-09 23:55 --------- d-----w C:\Documents and Settings\HORUS\Application Data\FunWebProducts
2008-08-09 20:59 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-07 20:29 --------- d-----w C:\Program Files\EMUSB2.0
2008-08-07 20:29 --------- d-----w C:\Program Files\eMPIA
2008-08-07 20:27 --------- d-----w C:\Program Files\directx
2008-08-07 20:26 --------- d-----w C:\Program Files\honestech
2008-07-30 22:48 --------- d-----w C:\Program Files\Sun
2008-07-30 22:45 --------- d-----w C:\Program Files\Java
2008-07-30 20:30 --------- d-----w C:\Program Files\VisualRoute Lite Edition
2008-07-27 23:10 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [06/11/2008 12:40 PM 61440]
[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/04/2003 05:00 AM 196096]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [10/02/2006 07:12 PM 846336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [09/01/2004 03:00 AM 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [09/01/2004 03:00 AM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [09/01/2004 03:00 AM 455168]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/08/2008 07:30 PM 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/08/2008 07:30 PM 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/08/2008 07:30 PM 138008]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/08/2008 07:29 PM 888832]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/24/2008 12:11 AM 185896]
"RTHDCPL"="RTHDCPL.EXE" [06/08/2008 07:31 PM 16384512 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [09/01/2004 03:00 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Changer XP.lnk - C:\Program Files\Changer XP\ChangerXP.exe [2003-07-21 1261568]
emRemote.lnk - C:\Program Files\eMPIA\EM2801\emRemote.exe [2008-08-07 69729]
Scheduler for TomMade.lnk - C:\Program Files\honestech\TV Plus 3.0\TVR 2.0\scheduleTV.exe [2008-08-07 307200]
SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe [2008-05-15 6822728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 01/12/2006 04:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]
--a------ 12/04/2004 02:44 AM 1331200 C:\Program Files\SeePassword\SeePassword.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 11/21/2006 08:38 PM 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 08/30/2007 05:43 PM 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SeePassword"=C:\Program Files\SeePassword\SeePassword.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Alcmtr"=ALCMTR.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
"SkyTel"=SkyTel.EXE
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Digital Asphyxia\\Y!TunnelPro V1.3 Build 272\\YTunnelPro.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\Cain\\Cain.exe"=
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [09/01/2004 03:00 AM 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [06/08/2008 07:29 PM 264576]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [01/11/2007 01:20 PM 194304]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM 27136]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [11/06/2007 11:22 PM 34064]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [03/24/2004 05:12 AM 17280]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8267675a-566f-11dd-93b4-001644a4311c}]
\Shell\AutoRun\command - G:\33gmhso.bat
\Shell\explore\Command - G:\33gmhso.bat
\Shell\open\Command - G:\33gmhso.bat
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HORUS\Application Data\Mozilla\Firefox\Profiles\xfch9sow.default\
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-24 09:42:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TechSmith\SnagIt 9\TscHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\SnagItEditor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 09/24/2008 9:47:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-24 06:47:02
Pre-Run: 45,778,214,912 bytes free
Post-Run: 45,774,041,088 bytes free
336 --- E O F --- 2008-09-23 01:33:42
ComboFix 08-09-22.06 - HORUS 09/24/2008 9:36:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1490 [GMT 3:00]
Running from: C:\Documents and Settings\HORUS\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00010B26
C:\Program Files\MyWebSearch\bar\Cache\00016F8D.bin
C:\Program Files\MyWebSearch\bar\Cache\00017B26.bin
C:\Program Files\MyWebSearch\bar\Cache\00017FD9.bin
C:\Program Files\MyWebSearch\bar\Cache\0002E4E7
C:\Program Files\MyWebSearch\bar\Cache\00162678
C:\Program Files\MyWebSearch\bar\Cache\001E156A
C:\Program Files\MyWebSearch\bar\Cache\0033D394.bin
C:\Program Files\MyWebSearch\bar\Cache\0033DA6A.bin
C:\Program Files\MyWebSearch\bar\Cache\0033DE13.bin
C:\Program Files\MyWebSearch\bar\Cache\007C6650.bin
C:\Program Files\MyWebSearch\bar\Cache\007C74D7.bin
C:\Program Files\MyWebSearch\bar\Cache\007C77E4.bin
C:\Program Files\MyWebSearch\bar\Cache\007C7AE1.bin
C:\Program Files\MyWebSearch\bar\Cache\007C7DB0.bin
C:\Program Files\MyWebSearch\bar\Cache\00A666D0.bin
C:\Program Files\MyWebSearch\bar\Cache\00A6CFBC.bin
C:\Program Files\MyWebSearch\bar\Cache\00A6D8B5.bin
C:\Program Files\MyWebSearch\bar\Cache\00A6DDE5.bin
C:\Program Files\MyWebSearch\bar\Cache\00A6E2E6.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 06:43 14,069,024 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-24 06:42 --------- d-----w C:\Documents and Settings\HORUS\Application Data\DMCache
2008-09-24 06:41 501,280 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-24 06:41 48,704 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-24 06:41 194,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-24 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-23 14:07 --------- d-----w C:\Documents and Settings\HORUS\Application Data\Changer XP
2008-09-23 06:46 --------- d-----w C:\Program Files\Changer XP
2008-09-21 08:00 --------- d-----w C:\Program Files\Network Stumbler
2008-09-21 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-13 21:06 --------- d-----w C:\Documents and Settings\HORUS\Application Data\IDM
2008-09-10 16:41 --------- d-----w C:\Program Files\eTeSoft Video Converter
2008-09-05 16:40 --------- d-----w C:\Program Files\ACD Systems
2008-09-01 15:14 --------- d-----w C:\Documents and Settings\HORUS\Application Data\Thinstall
2008-08-30 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-08-30 22:52 --------- d-----w C:\Program Files\TechSmith
2008-08-30 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-29 17:17 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-08-27 19:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-26 06:54 --------- d-----w C:\Program Files\SeePassword
2008-08-26 06:54 --------- d-----w C:\Program Files\Paltalk Messenger
2008-08-26 06:54 --------- d-----w C:\Program Files\NetStudio
2008-08-26 06:54 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-26 06:54 --------- d-----w C:\Program Files\Easy Video Downloader
2008-08-26 06:54 --------- d-----w C:\Program Files\Acala 3GP Movies Free
2008-08-24 14:07 2,275,840 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-08-23 00:44 --------- d-----w C:\Documents and Settings\HORUS\Application Data\TuneUp Software
2008-08-23 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-21 20:58 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-20 21:30 --------- d-----w C:\Program Files\DupKiller
2008-08-17 13:23 --------- d-----w C:\Program Files\Cain
2008-08-17 13:16 --------- d-----w C:\Program Files\WinPcap
2008-08-16 22:00 --------- d-----w C:\Program Files\GRETECH
2008-08-16 22:00 --------- d-----w C:\Documents and Settings\HORUS\Application Data\GRETECH
2008-08-16 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-14 21:40 --------- d-----w C:\Program Files\GetData
2008-08-11 00:24 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-11 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2008-08-11 00:23 --------- d-----w C:\Program Files\Ulead Systems
2008-08-11 00:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-09 23:55 --------- d-----w C:\Documents and Settings\HORUS\Application Data\FunWebProducts
2008-08-09 20:59 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-07 20:29 --------- d-----w C:\Program Files\EMUSB2.0
2008-08-07 20:29 --------- d-----w C:\Program Files\eMPIA
2008-08-07 20:27 --------- d-----w C:\Program Files\directx
2008-08-07 20:26 --------- d-----w C:\Program Files\honestech
2008-07-30 22:48 --------- d-----w C:\Program Files\Sun
2008-07-30 22:45 --------- d-----w C:\Program Files\Java
2008-07-30 20:30 --------- d-----w C:\Program Files\VisualRoute Lite Edition
2008-07-27 23:10 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [06/11/2008 12:40 PM 61440]
[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/04/2003 05:00 AM 196096]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [10/02/2006 07:12 PM 846336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [09/01/2004 03:00 AM 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [09/01/2004 03:00 AM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [09/01/2004 03:00 AM 455168]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/08/2008 07:30 PM 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/08/2008 07:30 PM 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/08/2008 07:30 PM 138008]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/08/2008 07:29 PM 888832]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/24/2008 12:11 AM 185896]
"RTHDCPL"="RTHDCPL.EXE" [06/08/2008 07:31 PM 16384512 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [09/01/2004 03:00 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Changer XP.lnk - C:\Program Files\Changer XP\ChangerXP.exe [2003-07-21 1261568]
emRemote.lnk - C:\Program Files\eMPIA\EM2801\emRemote.exe [2008-08-07 69729]
Scheduler for TomMade.lnk - C:\Program Files\honestech\TV Plus 3.0\TVR 2.0\scheduleTV.exe [2008-08-07 307200]
SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe [2008-05-15 6822728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 01/12/2006 04:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]
--a------ 12/04/2004 02:44 AM 1331200 C:\Program Files\SeePassword\SeePassword.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 11/21/2006 08:38 PM 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 08/30/2007 05:43 PM 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SeePassword"=C:\Program Files\SeePassword\SeePassword.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Alcmtr"=ALCMTR.EXE
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
"SkyTel"=SkyTel.EXE
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Digital Asphyxia\\Y!TunnelPro V1.3 Build 272\\YTunnelPro.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\Cain\\Cain.exe"=
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [09/01/2004 03:00 AM 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [06/08/2008 07:29 PM 264576]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [01/11/2007 01:20 PM 194304]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM 27136]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [11/06/2007 11:22 PM 34064]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [03/24/2004 05:12 AM 17280]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8267675a-566f-11dd-93b4-001644a4311c}]
\Shell\AutoRun\command - G:\33gmhso.bat
\Shell\explore\Command - G:\33gmhso.bat
\Shell\open\Command - G:\33gmhso.bat
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HORUS\Application Data\Mozilla\Firefox\Profiles\xfch9sow.default\
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-09-24 09:42:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TechSmith\SnagIt 9\TscHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\SnagItEditor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 09/24/2008 9:47:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-24 06:47:02
Pre-Run: 45,778,214,912 bytes free
Post-Run: 45,774,041,088 bytes free
336 --- E O F --- 2008-09-23 01:33:42
توقيع : نسيم الليل
تأييد
0
- الحالة