دنو؟؟
زيزوومي نشيط
غير متصل
السلام عليكم ورحمه الله وبركاته
هذي تقارير لجهاززي وابسالكم جهازي مصااب ؟
صااير ثقيييييييل مو ع العااده
مع ان ماافيه برامج كثيره
ولا فاايلات كثيره
مدري وش مووضووعه
هذي لتقارير وانتم تفااهموا معاه وقوولووا لي وش يحسس فيه :b:
تقرير بالاداة كمبوفيكس
ComboFix 08-11-26.03 - arwa 11/26/2008 21:29:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.190 [GMT 3:00]
Running from: c:\documents and settings\arwa\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 18:35 344,096 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-26 18:35 2,256 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-26 18:35 14,924 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-26 18:35 1,637,920 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-26 17:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-22 15:39 --------- d-----w c:\documents and settings\arwa\Application Data\Skype
2008-11-22 15:30 --------- d-----w c:\documents and settings\arwa\Application Data\skypePM
2008-11-22 13:15 --------- d-----w c:\program files\aMSN
2008-11-21 11:57 --------- d-----w c:\program files\LtUcx
2008-11-12 11:48 --------- d-----w c:\program files\MSXML 4.0
2008-11-07 10:21 --------- d-----w c:\documents and settings\arwa\Application Data\Apple Computer
2008-11-07 10:12 --------- d-----w c:\program files\QuickTime
2008-11-07 10:11 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-07 10:07 --------- d-----w c:\program files\Java
2008-11-07 10:07 --------- d-----w c:\program files\Common Files\Java
2008-11-06 14:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 14:44 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-25 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 09:44 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-19 18:22 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-19 18:22 --------- d-----w c:\program files\Circle Developement
2008-10-19 18:19 --------- d-----w c:\program files\Windows Live
2008-10-18 21:51 --------- d-----w c:\program files\Skype
2008-10-18 21:51 --------- d-----w c:\program files\Common Files\Skype
2008-10-18 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-18 01:49 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-18 01:29 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-18 01:28 --------- d-----w c:\program files\Kaspersky Lab
2008-10-18 01:27 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-17 21:22 --------- d-----w c:\program files\Common Files\xing shared
2008-10-17 21:22 --------- d-----w c:\program files\Common Files\Real
2008-10-17 21:21 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-17 21:21 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-17 21:21 --------- d-----w c:\program files\Real
2008-10-17 20:09 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-10-17 20:09 --------- d-----w c:\program files\Atheros
2008-10-17 20:08 --------- d-----w c:\documents and settings\arwa\Application Data\Intel
2008-10-17 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-10-17 20:07 --------- d-----w c:\program files\Intel
2008-10-17 20:07 --------- d-----w c:\program files\DIFX
2008-10-17 20:04 --------- d-----w c:\program files\Synaptics
2008-10-17 20:03 --------- d-----w c:\program files\CONEXANT
2008-10-17 20:00 --------- d-----w c:\program files\Realtek
2008-10-17 19:52 --------- d-----w c:\program files\ATI Technologies
2008-10-17 19:41 --------- d-----w c:\program files\WIDCOMM
2008-10-17 19:30 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 13:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [07/19/2005 06:09 AM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [07/19/2005 06:06 AM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [07/19/2005 06:10 AM 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [01/08/2005 02:17 AM 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [01/08/2005 02:16 AM 692315]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [09/27/2005 12:37 PM 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [09/27/2005 12:37 PM 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [09/27/2005 12:41 PM 569413]
"ACU"="c:\program files\Atheros\ACU.exe" [01/31/2005 08:05 AM 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [10/18/2008 12:21 AM 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [11/07/2008 01:07 PM 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [11/07/2008 01:12 PM 282624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"RTHDCPL"="RTHDCPL.EXE" [11/17/2005 06:27 AM 15600128 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-05 618557]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010dff33-a736-11dd-a654-00166f27d2f3}]
\Shell\AutoRun\command - vva0hc0p.cmd
\Shell\explore\Command - vva0hc0p.cmd
\Shell\open\Command - vva0hc0p.cmd
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://downloads.ewido.net/ewidoOnlineScan.cab
c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\imcv1.dll
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413}
hxxp://209.11.247.226/talk.cab
c:\windows\Downloaded Program Files\talk.inf
c:\windows\Downloaded Program Files\ReadUid.ocx - O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA}
hxxp://209.11.247.226/ReadUid.CAB
c:\windows\Downloaded Program Files\ReadUid.INF
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-26 21:36:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\acs.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 11/26/2008 21:39:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-26 18:39:00
Pre-Run: 40,617,467,904 bytes free
Post-Run: 40,630,493,184 bytes free
162 --- E O F --- 2008-11-12 11:50:23
وهذا تقرير ... باستخدام الاداة Deckard's System Scanner
Deckard's System Scanner v20071014.68
Run by arwa on 2008-11-26 21:48:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
59: 2008-11-26 18:48:19 UTC - RP59 - Deckard's System Scanner Restore Point
58: 2008-11-26 18:29:21 UTC - RP58 - ComboFix created restore point
57: 2008-11-26 15:48:04 UTC - RP57 - نقطة اختبار النظام
56: 2008-11-25 11:39:43 UTC - RP56 - نقطة اختبار النظام
55: 2008-11-23 15:09:26 UTC - RP55 - نقطة اختبار النظام
-- First Restore Point --
1: 2008-10-17 19:39:12 UTC - RP1 - نقطة اختبار النظام
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 503 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-11-26 21:49:07
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\arwa\سطح المكتب\dss.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8319 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1400>
R2 s24trans (نقل WLAN) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-10-26 and 2008-11-26 -----------------------------
2008-11-26 21:33:18 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-11-26 21:28:11 68096 --a------ C:\WINDOWS\zip.exe
2008-11-26 21:28:11 49152 --a------ C:\WINDOWS\VFIND.exe
2008-11-26 21:28:11 212480 --a------ C:\WINDOWS\SWXCACLS.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-11-26 21:28:11 136704 --a------ C:\WINDOWS\SWSC.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-11-26 21:28:11 161792 --a------ C:\WINDOWS\SWREG.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-11-26 21:28:11 98816 --a------ C:\WINDOWS\sed.exe
2008-11-26 21:28:11 80412 --a------ C:\WINDOWS\grep.exe
2008-11-26 21:28:11 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-11-26 20:26:32 0 d-------- C:\WINDOWS\BDOSCAN8
2008-11-22 16:15:45 0 d-------- C:\Documents and Settings\arwa\amsn
2008-11-22 16:14:54 0 d-------- C:\Program Files\aMSN
2008-11-21 14:57:31 0 d-------- C:\Program Files\LtUcx
2008-11-13 13:49:18 0 d-------- C:\WINDOWS\Sun
2008-11-12 14:48:32 0 d-------- C:\Program Files\MSXML 4.0
2008-11-07 13:21:30 0 d-------- C:\Documents and Settings\arwa\Application Data\Apple Computer
2008-11-07 13:11:32 0 d-------- C:\Program Files\QuickTime
2008-11-07 13:11:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-07 13:07:42 0 d-------- C:\Program Files\Java
2008-11-07 13:07:42 0 d-------- C:\Program Files\Common Files\Java
2008-11-07 13:06:23 0 d-------- C:\Documents and Settings\arwa\Application Data\Sun
2008-11-04 22:20:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-28 18:11:35 0 dr-h----- C:\Documents and Settings\arwa\Recent
-- Find3M Report ---------------------------------------------------------------
2008-11-26 21:40:55 318838 --a------ C:\WINDOWS\system32\perfh001.dat
2008-11-26 21:40:55 53088 --a------ C:\WINDOWS\system32\perfc001.dat
2008-11-26 21:31:24 0 d-------- C:\Program Files\Common Files
2008-11-22 18:39:00 0 d-------- C:\Documents and Settings\arwa\Application Data\Skype
2008-11-22 18:30:52 0 d-------- C:\Documents and Settings\arwa\Application Data\skypePM
2008-11-06 17:48:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-11-06 17:44:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-10-24 12:44:38 0 d-------- C:\Program Files\Windows Live Safety Center
2008-10-20 15:28:56 0 d-------- C:\Program Files\Messenger
2008-10-20 15:25:06 0 d-------- C:\Program Files\Movie Maker
2008-10-20 15:20:59 0 d-------- C:\Program Files\Windows NT
2008-10-19 21:22:39 0 d-------- C:\Program Files\Circle Developement
2008-10-19 21:22:27 0 d-------- C:\Program Files\Messenger Plus! Live
2008-10-19 21:19:24 0 d-------- C:\Program Files\Windows Live
2008-10-19 00:53:16 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-19 00:51:18 0 d-------- C:\Program Files\Skype
2008-10-19 00:51:15 0 d-------- C:\Program Files\Common Files\Skype
2008-10-18 04:28:58 0 d-------- C:\Program Files\Kaspersky Lab
2008-10-18 00:24:50 0 d-------- C:\Documents and Settings\arwa\Application Data\Real
2008-10-18 00:24:32 0 d-------- C:\Documents and Settings\arwa\Application Data\Macromedia
2008-10-18 00:24:32 0 d-------- C:\Documents and Settings\arwa\Application Data\Adobe
2008-10-18 00:22:01 0 d-------- C:\Program Files\Common Files\xing shared
2008-10-18 00:22:00 0 d-------- C:\Program Files\Common Files\Real
2008-10-18 00:21:50 0 d-------- C:\Program Files\Real
2008-10-18 00:07:05 0 d-------- C:\Program Files\Common Files\ODBC
2008-10-18 00:07:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-10-18 00:06:19 62 --ahs---- C:\Documents and Settings\arwa\Application Data\desktop.ini
2008-10-17 23:09:36 0 d-------- C:\Program Files\Atheros
2008-10-17 23:08:30 0 d-------- C:\Documents and Settings\arwa\Application Data\Intel
2008-10-17 23:07:56 0 d-------- C:\Program Files\DIFX
2008-10-17 23:07:41 0 d-------- C:\Program Files\Intel
2008-10-17 23:04:00 0 d-------- C:\Program Files\Synaptics
2008-10-17 23:03:22 0 d-------- C:\Program Files\CONEXANT
2008-10-17 23:00:09 0 d-------- C:\Program Files\Realtek
2008-10-17 22:52:30 0 d-------- C:\Program Files\ATI Technologies
2008-10-17 22:41:19 0 d-------- C:\Program Files\WIDCOMM
2008-10-17 22:38:55 0 d-------- C:\Documents and Settings\arwa\Application Data\Identities
2008-10-17 22:30:01 0 d-------- C:\Program Files\microsoft frontpage
2008-10-17 22:29:34 0 -rahs---- C:\MSDOS.SYS
2008-10-17 22:29:34 0 -rahs---- C:\IO.SYS
2008-10-17 22:29:34 0 --a------ C:\CONFIG.SYS
2008-10-17 22:29:34 0 --a------ C:\AUTOEXEC.BAT
2008-10-17 22:27:48 0 d--h----- C:\Program Files\WindowsUpdate
2008-10-17 22:27:42 0 d-------- C:\Program Files\Online Services
2008-10-17 22:26:48 0 d-------- C:\Program Files\Common Files\MSSoap
2008-10-17 22:25:41 22144 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-10-17 22:24:54 0 d-------- C:\Program Files\MSN Gaming Zone
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
07/29/2008 08:21 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 06:09 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/19/2005 06:06 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 06:10 AM]
"RTHDCPL"="RTHDCPL.EXE" [11/17/2005 06:27 AM C:\WINDOWS\RTHDCPL.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [01/08/2005 02:17 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/08/2005 02:16 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [09/27/2005 12:37 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [09/27/2005 12:37 PM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [09/27/2005 12:41 PM]
"ACU"="C:\Program Files\Atheros\ACU.exe" [01/31/2005 08:05 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/18/2008 12:21 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [11/07/2008 01:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/07/2008 01:12 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
C:\Documents and Settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [05/01/2006 09:35:36 ê]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010dff33-a736-11dd-a654-00166f27d2f3}]
AutoRun\command- vva0hc0p.cmd
explore\Command- vva0hc0p.cmd
open\Command- vva0hc0p.cmd
*Newly Created Service* - CATCHME
-- End of Deckard's System Scanner: finished at 2008-11-26 21:49:49 ------------
وجزى الله خير من دخل ودعمني برايي او حل او مساعده او حتى رفع او حتى دعووه ..
وجعلني الله واياكم ومن قررا موضووعي ممن يقول لهم الرحمن(( سلاما طبتم اهل جنتي))
<<يارررب
هذي تقارير لجهاززي وابسالكم جهازي مصااب ؟
صااير ثقيييييييل مو ع العااده
مع ان ماافيه برامج كثيره
ولا فاايلات كثيره
مدري وش مووضووعه
هذي لتقارير وانتم تفااهموا معاه وقوولووا لي وش يحسس فيه :b:
تقرير بالاداة كمبوفيكس
ComboFix 08-11-26.03 - arwa 11/26/2008 21:29:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.190 [GMT 3:00]
Running from: c:\documents and settings\arwa\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 18:35 344,096 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-26 18:35 2,256 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-26 18:35 14,924 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-26 18:35 1,637,920 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-26 17:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-22 15:39 --------- d-----w c:\documents and settings\arwa\Application Data\Skype
2008-11-22 15:30 --------- d-----w c:\documents and settings\arwa\Application Data\skypePM
2008-11-22 13:15 --------- d-----w c:\program files\aMSN
2008-11-21 11:57 --------- d-----w c:\program files\LtUcx
2008-11-12 11:48 --------- d-----w c:\program files\MSXML 4.0
2008-11-07 10:21 --------- d-----w c:\documents and settings\arwa\Application Data\Apple Computer
2008-11-07 10:12 --------- d-----w c:\program files\QuickTime
2008-11-07 10:11 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-07 10:07 --------- d-----w c:\program files\Java
2008-11-07 10:07 --------- d-----w c:\program files\Common Files\Java
2008-11-06 14:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 14:44 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-25 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 09:44 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-19 18:22 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-19 18:22 --------- d-----w c:\program files\Circle Developement
2008-10-19 18:19 --------- d-----w c:\program files\Windows Live
2008-10-18 21:51 --------- d-----w c:\program files\Skype
2008-10-18 21:51 --------- d-----w c:\program files\Common Files\Skype
2008-10-18 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-18 01:49 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-18 01:29 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-18 01:28 --------- d-----w c:\program files\Kaspersky Lab
2008-10-18 01:27 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-17 21:22 --------- d-----w c:\program files\Common Files\xing shared
2008-10-17 21:22 --------- d-----w c:\program files\Common Files\Real
2008-10-17 21:21 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-17 21:21 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-17 21:21 --------- d-----w c:\program files\Real
2008-10-17 20:09 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-10-17 20:09 --------- d-----w c:\program files\Atheros
2008-10-17 20:08 --------- d-----w c:\documents and settings\arwa\Application Data\Intel
2008-10-17 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-10-17 20:07 --------- d-----w c:\program files\Intel
2008-10-17 20:07 --------- d-----w c:\program files\DIFX
2008-10-17 20:04 --------- d-----w c:\program files\Synaptics
2008-10-17 20:03 --------- d-----w c:\program files\CONEXANT
2008-10-17 20:00 --------- d-----w c:\program files\Realtek
2008-10-17 19:52 --------- d-----w c:\program files\ATI Technologies
2008-10-17 19:41 --------- d-----w c:\program files\WIDCOMM
2008-10-17 19:30 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 13:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:24 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [07/19/2005 06:09 AM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [07/19/2005 06:06 AM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [07/19/2005 06:10 AM 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [01/08/2005 02:17 AM 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [01/08/2005 02:16 AM 692315]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [09/27/2005 12:37 PM 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [09/27/2005 12:37 PM 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [09/27/2005 12:41 PM 569413]
"ACU"="c:\program files\Atheros\ACU.exe" [01/31/2005 08:05 AM 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [10/18/2008 12:21 AM 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [11/07/2008 01:07 PM 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [11/07/2008 01:12 PM 282624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"RTHDCPL"="RTHDCPL.EXE" [11/17/2005 06:27 AM 15600128 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-05 618557]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010dff33-a736-11dd-a654-00166f27d2f3}]
\Shell\AutoRun\command - vva0hc0p.cmd
\Shell\explore\Command - vva0hc0p.cmd
\Shell\open\Command - vva0hc0p.cmd
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://downloads.ewido.net/ewidoOnlineScan.cab
c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\imcv1.dll
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413}
hxxp://209.11.247.226/talk.cab
c:\windows\Downloaded Program Files\talk.inf
c:\windows\Downloaded Program Files\ReadUid.ocx - O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA}
hxxp://209.11.247.226/ReadUid.CAB
c:\windows\Downloaded Program Files\ReadUid.INF
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-11-26 21:36:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\acs.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 11/26/2008 21:39:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-26 18:39:00
Pre-Run: 40,617,467,904 bytes free
Post-Run: 40,630,493,184 bytes free
162 --- E O F --- 2008-11-12 11:50:23
وهذا تقرير ... باستخدام الاداة Deckard's System Scanner
Deckard's System Scanner v20071014.68
Run by arwa on 2008-11-26 21:48:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
59: 2008-11-26 18:48:19 UTC - RP59 - Deckard's System Scanner Restore Point
58: 2008-11-26 18:29:21 UTC - RP58 - ComboFix created restore point
57: 2008-11-26 15:48:04 UTC - RP57 - نقطة اختبار النظام
56: 2008-11-25 11:39:43 UTC - RP56 - نقطة اختبار النظام
55: 2008-11-23 15:09:26 UTC - RP55 - نقطة اختبار النظام
-- First Restore Point --
1: 2008-10-17 19:39:12 UTC - RP1 - نقطة اختبار النظام
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 503 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-11-26 21:49:07
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\arwa\سطح المكتب\dss.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8319 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1400>
R2 s24trans (نقل WLAN) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-10-26 and 2008-11-26 -----------------------------
2008-11-26 21:33:18 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-11-26 21:28:11 68096 --a------ C:\WINDOWS\zip.exe
2008-11-26 21:28:11 49152 --a------ C:\WINDOWS\VFIND.exe
2008-11-26 21:28:11 212480 --a------ C:\WINDOWS\SWXCACLS.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-11-26 21:28:11 136704 --a------ C:\WINDOWS\SWSC.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-11-26 21:28:11 161792 --a------ C:\WINDOWS\SWREG.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-11-26 21:28:11 98816 --a------ C:\WINDOWS\sed.exe
2008-11-26 21:28:11 80412 --a------ C:\WINDOWS\grep.exe
2008-11-26 21:28:11 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-11-26 20:26:32 0 d-------- C:\WINDOWS\BDOSCAN8
2008-11-22 16:15:45 0 d-------- C:\Documents and Settings\arwa\amsn
2008-11-22 16:14:54 0 d-------- C:\Program Files\aMSN
2008-11-21 14:57:31 0 d-------- C:\Program Files\LtUcx
2008-11-13 13:49:18 0 d-------- C:\WINDOWS\Sun
2008-11-12 14:48:32 0 d-------- C:\Program Files\MSXML 4.0
2008-11-07 13:21:30 0 d-------- C:\Documents and Settings\arwa\Application Data\Apple Computer
2008-11-07 13:11:32 0 d-------- C:\Program Files\QuickTime
2008-11-07 13:11:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-07 13:07:42 0 d-------- C:\Program Files\Java
2008-11-07 13:07:42 0 d-------- C:\Program Files\Common Files\Java
2008-11-07 13:06:23 0 d-------- C:\Documents and Settings\arwa\Application Data\Sun
2008-11-04 22:20:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-28 18:11:35 0 dr-h----- C:\Documents and Settings\arwa\Recent
-- Find3M Report ---------------------------------------------------------------
2008-11-26 21:40:55 318838 --a------ C:\WINDOWS\system32\perfh001.dat
2008-11-26 21:40:55 53088 --a------ C:\WINDOWS\system32\perfc001.dat
2008-11-26 21:31:24 0 d-------- C:\Program Files\Common Files
2008-11-22 18:39:00 0 d-------- C:\Documents and Settings\arwa\Application Data\Skype
2008-11-22 18:30:52 0 d-------- C:\Documents and Settings\arwa\Application Data\skypePM
2008-11-06 17:48:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-11-06 17:44:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-10-24 12:44:38 0 d-------- C:\Program Files\Windows Live Safety Center
2008-10-20 15:28:56 0 d-------- C:\Program Files\Messenger
2008-10-20 15:25:06 0 d-------- C:\Program Files\Movie Maker
2008-10-20 15:20:59 0 d-------- C:\Program Files\Windows NT
2008-10-19 21:22:39 0 d-------- C:\Program Files\Circle Developement
2008-10-19 21:22:27 0 d-------- C:\Program Files\Messenger Plus! Live
2008-10-19 21:19:24 0 d-------- C:\Program Files\Windows Live
2008-10-19 00:53:16 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-19 00:51:18 0 d-------- C:\Program Files\Skype
2008-10-19 00:51:15 0 d-------- C:\Program Files\Common Files\Skype
2008-10-18 04:28:58 0 d-------- C:\Program Files\Kaspersky Lab
2008-10-18 00:24:50 0 d-------- C:\Documents and Settings\arwa\Application Data\Real
2008-10-18 00:24:32 0 d-------- C:\Documents and Settings\arwa\Application Data\Macromedia
2008-10-18 00:24:32 0 d-------- C:\Documents and Settings\arwa\Application Data\Adobe
2008-10-18 00:22:01 0 d-------- C:\Program Files\Common Files\xing shared
2008-10-18 00:22:00 0 d-------- C:\Program Files\Common Files\Real
2008-10-18 00:21:50 0 d-------- C:\Program Files\Real
2008-10-18 00:07:05 0 d-------- C:\Program Files\Common Files\ODBC
2008-10-18 00:07:01 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-10-18 00:06:19 62 --ahs---- C:\Documents and Settings\arwa\Application Data\desktop.ini
2008-10-17 23:09:36 0 d-------- C:\Program Files\Atheros
2008-10-17 23:08:30 0 d-------- C:\Documents and Settings\arwa\Application Data\Intel
2008-10-17 23:07:56 0 d-------- C:\Program Files\DIFX
2008-10-17 23:07:41 0 d-------- C:\Program Files\Intel
2008-10-17 23:04:00 0 d-------- C:\Program Files\Synaptics
2008-10-17 23:03:22 0 d-------- C:\Program Files\CONEXANT
2008-10-17 23:00:09 0 d-------- C:\Program Files\Realtek
2008-10-17 22:52:30 0 d-------- C:\Program Files\ATI Technologies
2008-10-17 22:41:19 0 d-------- C:\Program Files\WIDCOMM
2008-10-17 22:38:55 0 d-------- C:\Documents and Settings\arwa\Application Data\Identities
2008-10-17 22:30:01 0 d-------- C:\Program Files\microsoft frontpage
2008-10-17 22:29:34 0 -rahs---- C:\MSDOS.SYS
2008-10-17 22:29:34 0 -rahs---- C:\IO.SYS
2008-10-17 22:29:34 0 --a------ C:\CONFIG.SYS
2008-10-17 22:29:34 0 --a------ C:\AUTOEXEC.BAT
2008-10-17 22:27:48 0 d--h----- C:\Program Files\WindowsUpdate
2008-10-17 22:27:42 0 d-------- C:\Program Files\Online Services
2008-10-17 22:26:48 0 d-------- C:\Program Files\Common Files\MSSoap
2008-10-17 22:25:41 22144 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-10-17 22:24:54 0 d-------- C:\Program Files\MSN Gaming Zone
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
07/29/2008 08:21 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 06:09 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/19/2005 06:06 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 06:10 AM]
"RTHDCPL"="RTHDCPL.EXE" [11/17/2005 06:27 AM C:\WINDOWS\RTHDCPL.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [01/08/2005 02:17 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/08/2005 02:16 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [09/27/2005 12:37 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [09/27/2005 12:37 PM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [09/27/2005 12:41 PM]
"ACU"="C:\Program Files\Atheros\ACU.exe" [01/31/2005 08:05 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/18/2008 12:21 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [11/07/2008 01:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/07/2008 01:12 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [07/29/2008 08:20 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
C:\Documents and Settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [05/01/2006 09:35:36 ê]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010dff33-a736-11dd-a654-00166f27d2f3}]
AutoRun\command- vva0hc0p.cmd
explore\Command- vva0hc0p.cmd
open\Command- vva0hc0p.cmd
*Newly Created Service* - CATCHME
-- End of Deckard's System Scanner: finished at 2008-11-26 21:49:49 ------------
وجزى الله خير من دخل ودعمني برايي او حل او مساعده او حتى رفع او حتى دعووه ..
وجعلني الله واياكم ومن قررا موضووعي ممن يقول لهم الرحمن(( سلاما طبتم اهل جنتي))
<<يارررب
.png)
.png)
