الموضوع: استفسارات: حاسوبي يعاني من نوافذ مزعجة وملفات ضارة..
عرض مشاركة واحدة
قديم 13-04-2009, 18:00   #19
معلومات العضو
عبدالسميع سرحان
نجم الأمل
الصورة الرمزية عبدالسميع سرحان







عبدالسميع سرحان غير متصل

آخر مواضيعي

افتراضي


3- قمت بتحميل الكومبو مرة اخري لأن الأفيرا قام بحذفه وكان التحميل من الرابط الأول والحجم 2.93 MB وليس 2.8
4- قبل الانتقال للوضع الأمن وقفت الأفيرا ثم قمت بتشغيل الكومبو على الوضع الأمن وكان سمة اختلافات بين ما تم والشرح فكانت الرسائل تاتي وتختفي بسرعة .. وهذا هو التقرير
كود:
ComboFix 09-04-13.A2 - Administrator 04/13/2009 20:05.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1256.1.1033.18.2037.1783 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
(((((((((((((((((((((((((   Files Created from 2009-03-13 to 2009-04-13  )))))))))))))))))))))))))))))))
.

2009-04-13 15:20 . 2009-04-13 15:20	--------	d-----w	c:\program files\Avira
2009-04-13 14:05 . 2009-02-13 08:31	55640	----a-w	c:\windows\system32\drivers\avgntflt.sys
2009-04-12 15:19 . 2009-04-12 15:19	--------	d-----w	c:\documents and settings\Administrator\Application Data\VSRevoGroup
2009-04-12 15:03 . 2009-04-12 15:03	--------	d-----w	c:\program files\VS Revo Group
2009-04-12 14:58 . 2009-04-12 14:58	69632	----a-w	c:\windows\uinst001.exe
2009-04-11 18:29 . 2009-04-11 18:29	--------	d-----w	c:\documents and settings\Administrator\Application Data\Desktopicon
2009-04-11 18:29 . 2009-04-11 18:29	--------	d-----w	c:\program files\Unlocker
2009-04-11 07:50 . 2009-01-09 19:19	1089593	-c----w	c:\windows\system32\dllcache\ntprint.cat
2009-04-10 21:46 . 2009-04-10 21:46	--------	d-----w	c:\program files\Trend Micro
2009-04-10 21:45 . 2009-04-10 21:45	812344	----a-w	c:\program files\HJTInstall.exe
2009-04-10 17:15 . 2009-04-10 17:15	--------	d-----w	c:\program files\Family Games
2009-04-10 16:36 . 2009-04-10 16:36	--------	d-----w	c:\windows\system32\XPSViewer
2009-04-10 16:36 . 2009-04-10 16:36	--------	d-----w	c:\program files\MSBuild
2009-04-10 16:36 . 2009-04-10 16:36	--------	d-----w	c:\program files\Reference Assemblies
2009-04-10 16:36 . 2008-07-06 12:06	89088	-c----w	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-10 16:36 . 2008-07-06 12:06	575488	-c----w	c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-10 16:36 . 2008-07-06 12:06	575488	------w	c:\windows\system32\xpsshhdr.dll
2009-04-10 16:36 . 2008-07-06 12:06 1676288	-c----w	c:\windows\system32\dllcache\xpssvcs.dll
2009-04-10 16:36 . 2008-07-06 12:06 1676288	------w	c:\windows\system32\xpssvcs.dll
2009-04-10 16:36 . 2008-07-06 12:06	117760	------w	c:\windows\system32\prntvpt.dll
2009-04-10 16:36 . 2008-07-06 10:50	597504	-c----w	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-10 15:50 . 2006-05-13 18:29	843	----a-w	C:\ChangeWinXPKey.vbs
2009-04-08 17:15 . 2009-04-08 17:16	--------	d-----w	C:\divx
2009-04-08 14:31 . 2009-04-08 14:31	--------	d-----w	c:\documents and settings\All Users\Application Data\Genimo
2009-04-08 14:27 . 2009-04-08 14:27	--------	d-----w	c:\documents and settings\Administrator\Application Data\Genimo
2009-04-07 17:18 . 2002-04-07 08:17	414	----a-r	c:\windows\system32\lame_acm.xml
2009-04-07 17:17 . 2008-09-24 17:41	839680	----a-w	c:\windows\system32\LameACM.acm
2009-04-05 17:05 . 2009-04-05 17:22	--------	d-----w	c:\program files\CamStudio
2009-04-03 19:47 . 2009-04-03 19:53	--------	d-----w	c:\program files\Kasparov Chessmate
2009-04-03 19:47 . 2009-04-03 19:47	--------	d-----w	c:\program files\ReflexiveArcade
2009-04-03 14:54 . 2009-04-03 14:56	--------	d-----w	c:\program files\Inkscape
2009-04-02 19:15 . 2009-04-02 19:15	--------	d-----w	c:\documents and settings\Administrator\Application Data\Internet Saving Optimizer
2009-04-02 19:14 . 2009-04-02 19:14	--------	d-----w	c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
2009-04-02 19:14 . 2009-04-02 19:14	--------	d-----w	c:\program files\Media Access Startup
2009-04-02 19:14 . 2009-04-02 19:14	--------	d-----w	c:\program files\Nice Prosper
2009-04-02 19:13 . 2009-04-02 19:13	--------	d-----w	c:\program files\Internet Saving Optimizer
2009-04-02 19:13 . 2009-04-02 19:13	--------	d-----w	c:\program files\System Search Dispatcher
2009-04-02 19:12 . 2009-04-02 19:33	--------	d-----w	c:\program files\DoubleD
2009-04-02 19:11 . 2009-04-02 19:11	--------	dc-h--w	c:\documents and settings\All Users\Application Data\{0C2DF936-9DF0-4DB1-AACD-40480B065ABE}
2009-04-02 19:11 . 2009-04-02 19:11	--------	d-----w	c:\documents and settings\Administrator\Local Settings\Application Data\DoubleD
2009-04-01 21:24 . 2009-04-01 21:24	667976	----a-w	c:\windows\system32\360x180° Mekan.scr
2009-04-01 21:24 . 2009-04-01 21:24	--------	d-----w	c:\windows\system32\mekanlar
2009-03-30 18:13 . 2009-03-30 18:13	--------	d-----w	c:\documents and settings\Administrator\Application Data\Blender Foundation
2009-03-30 18:13 . 2009-03-30 18:13	--------	d-----w	c:\program files\Blender Foundation
2009-03-30 17:41 . 2009-03-30 17:41	--------	d-----w	c:\documents and settings\Administrator\Application Data\Inkscape
2009-03-26 16:46 . 2009-03-26 16:46	--------	d-----w	c:\documents and settings\Administrator\Application Data\FastStone
2009-03-26 16:46 . 2009-03-26 16:46	--------	d-----w	c:\program files\FastStone Image Viewer
2009-03-21 20:42 . 2009-03-21 20:42	--------	d-----w	C:\Softendo
2009-03-21 20:31 . 2009-03-22 11:01	52	----a-w	c:\windows\mafosav.INI
2009-03-21 20:27 . 2009-03-21 20:27	--------	d-----w	c:\program files\Mario Forever
2009-03-20 19:37 . 2009-03-20 19:37	--------	d-----w	c:\program files\SWiSHmax
2009-03-19 13:58 . 1998-10-29 13:45	306688	----a-w	c:\windows\IsUninst.exe
2009-03-18 18:51 . 2009-03-23 20:08	--------	d-----w	c:\documents and settings\Administrator\Application Data\DivX
2009-03-18 18:47 . 2009-01-27 01:35	120056	------w	c:\windows\system32\pxcpyi64.exe
2009-03-18 18:47 . 2009-01-27 01:35	118520	------w	c:\windows\system32\pxinsi64.exe
2009-03-18 18:47 . 2009-01-27 01:35	129784	------w	c:\windows\system32\pxafs.dll
2009-03-18 18:47 . 2009-04-07 18:44	--------	d-----w	c:\program files\DivX
2009-03-18 18:47 . 2009-03-18 18:47	--------	d-----w	c:\program files\Common Files\DivX Shared
2009-03-18 17:41 . 2009-04-02 19:14	--------	d-----w	c:\documents and settings\Administrator\Tracing
2009-03-18 17:40 . 2009-03-18 17:40	--------	d-----w	c:\program files\Microsoft Office Outlook Connector
2009-03-18 17:40 . 2009-02-06 15:08	55152	----a-w	c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-18 17:37 . 2009-03-18 17:37	--------	d-----w	c:\program files\Microsoft Sync Framework
2009-03-18 17:37 . 2006-11-29 10:06 3426072	----a-w	c:\windows\system32\d3dx9_32.dll
2009-03-18 17:37 . 2009-03-18 17:37	--------	d-----w	c:\program files\Microsoft SQL Server Compact Edition
2009-03-18 17:35 . 2009-03-18 17:40	--------	d-----w	c:\program files\Microsoft
2009-03-18 17:35 . 2009-04-11 08:50	--------	d-----w	c:\program files\Windows Live
2009-03-18 17:11 . 2009-03-18 17:11	--------	d-----w	c:\program files\Common Files\Windows Live
2009-03-17 15:56 . 2009-03-17 15:56	--------	d-----w	c:\program files\SWiSHE.NET

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 16:21 . 2009-01-10 15:07	--------	d-----w	c:\documents and settings\Administrator\Application Data\DMCache
2009-04-13 15:20 . 2009-01-15 22:20	--------	d-----w	c:\documents and settings\All Users\Application Data\Avira
2009-04-13 15:00 . 2009-01-09 18:00	--------	d-----w	c:\program files\Norton Security Scan
2009-04-12 19:40 . 2009-01-03 16:14	--------	d-----w	c:\documents and settings\Administrator\Application Data\Skype
2009-04-12 18:14 . 2009-01-03 16:20	--------	d-----w	c:\documents and settings\Administrator\Application Data\skypePM
2009-04-12 15:01 . 2009-01-09 18:01	--------	d-----w	c:\program files\Common Files\Symantec Shared
2009-04-11 08:53 . 2009-01-01 17:19	--------	d-----w	c:\program files\Google
2009-04-11 08:44 . 2009-01-01 17:20	--------	d-----w	c:\program files\Yahoo!
2009-04-10 16:41 . 2009-01-01 16:39	98560	----a-w	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 13:17 . 2009-01-07 20:45	--------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-10 13:17 . 2009-02-17 22:22	--------	d-----w	c:\program files\Microsoft Works
2009-04-02 20:08 . 2009-04-02 19:28	775	----a-w	C:\14300407-222837.890.log
2009-04-01 15:26 . 2009-02-20 17:14	--------	d-----w	c:\program files\AxySnake
2009-03-24 17:43 . 2009-01-05 17:02	230432	----a-w	C:\PAP7501.dat
2009-03-19 14:03 . 2009-01-01 17:22	--------	d-----w	c:\program files\Common Files\Adobe
2009-03-14 14:15 . 2009-01-04 17:03	--------	d-----w	c:\documents and settings\Administrator\Application Data\Yahoo!
2009-03-14 14:15 . 2009-01-01 17:20	--------	d-----w	c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-13 19:27 . 2009-03-13 19:27	244	---ha-w	C:\sqmnoopt11.sqm
2009-03-13 19:27 . 2009-03-13 19:27	232	---ha-w	C:\sqmdata11.sqm
2009-03-13 19:27 . 2009-03-13 19:27	244	---ha-w	C:\sqmnoopt10.sqm
2009-03-13 19:27 . 2009-03-13 19:27	232	---ha-w	C:\sqmdata10.sqm
2009-03-13 19:27 . 2009-03-13 19:27	244	---ha-w	C:\sqmnoopt09.sqm
2009-03-13 19:27 . 2009-03-13 19:27	232	---ha-w	C:\sqmdata09.sqm
2009-03-13 19:26 . 2009-03-13 19:26	244	---ha-w	C:\sqmnoopt08.sqm
2009-03-13 19:26 . 2009-03-13 19:26	232	---ha-w	C:\sqmdata08.sqm
2009-03-13 19:26 . 2009-03-13 19:26	244	---ha-w	C:\sqmnoopt07.sqm
2009-03-13 19:26 . 2009-03-13 19:26	232	---ha-w	C:\sqmdata07.sqm
2009-03-13 19:24 . 2009-03-13 19:24	244	---ha-w	C:\sqmnoopt06.sqm
2009-03-13 19:24 . 2009-03-13 19:24	232	---ha-w	C:\sqmdata06.sqm
2009-03-13 19:23 . 2009-03-13 19:23	244	---ha-w	C:\sqmnoopt05.sqm
2009-03-13 19:23 . 2009-03-13 19:23	232	---ha-w	C:\sqmdata05.sqm
2009-03-13 19:19 . 2009-03-13 19:19	244	---ha-w	C:\sqmnoopt04.sqm
2009-03-13 19:19 . 2009-03-13 19:19	232	---ha-w	C:\sqmdata04.sqm
2009-03-13 16:19 . 2009-03-13 15:40	--------	d-----w	c:\documents and settings\Administrator\Application Data\IBP
2009-03-12 14:33 . 2009-03-12 14:32	--------	d-----w	c:\program files\IslamicPlayer
2009-03-02 10:33 . 2009-01-11 16:07	--------	d-----w	c:\documents and settings\Administrator\Application Data\IDM
2009-02-27 12:44 . 2009-02-27 12:44	73216	----a-w	c:\windows\ST6UNST.EXE
2009-02-27 12:44 . 2009-02-27 12:44	249856	------w	c:\windows\Setup1.exe
2009-02-26 14:20 . 2009-02-26 14:20	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-02-26 07:04 . 2009-01-20 15:10	--------	d-----w	c:\program files\Microsoft Silverlight
2009-02-25 21:16 . 2009-02-25 21:16	--------	d-----w	c:\documents and settings\All Users\Application Data\BOONTY
2009-02-25 21:16 . 2009-02-25 21:16	--------	d-----w	c:\program files\Common Files\BOONTY Shared
2009-02-25 20:30 . 2009-01-20 16:02	--------	d-----w	c:\program files\Common Files\ACD Systems
2009-02-25 16:29 . 2009-02-21 19:29	--------	d-----w	c:\program files\المصحف المعلم للأطفال
2009-02-25 16:29 . 2009-02-21 19:29	720896	----a-w	c:\windows\iun6002ev.exe
2009-02-21 19:37 . 2009-02-21 19:37	--------	d-----w	c:\program files\Common Files\Skype
2009-02-21 19:37 . 2009-02-21 19:37	--------	d-----r	c:\program files\Skype
2009-02-21 19:37 . 2009-01-03 16:14	--------	d-----w	c:\documents and settings\All Users\Application Data\Skype
2009-02-20 18:19 . 2009-02-20 18:19	--------	d-----w	c:\program files\Super DX-Ball Deluxe
2009-02-20 17:24 . 2009-02-20 17:15	--------	d-----w	c:\program files\Fantasy Tetrix
2009-02-20 17:17 . 2009-02-20 17:17	4096	----a-w	c:\windows\d3dx.dat
2009-02-20 17:17 . 2009-02-20 17:17	--------	d-----w	c:\program files\Alien Shooter
2009-02-20 17:14 . 2009-02-20 17:14	--------	d-----w	c:\program files\BrixoutXP
2009-02-18 18:52 . 2009-02-18 18:51	--------	d-----w	c:\documents and settings\All Users\Application Data\Zylom
2009-02-14 17:48 . 2009-02-14 17:42	--------	d-----w	c:\documents and settings\Administrator\Application Data\Apple Computer
2009-02-14 17:42 . 2009-02-14 17:42	--------	d-----w	c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-14 17:42 . 2009-02-14 17:42	--------	d-----w	c:\program files\iTunes
2009-02-14 17:42 . 2009-02-14 17:42	--------	d-----w	c:\program files\iPod
2009-02-14 17:42 . 2009-02-14 17:41	--------	d-----w	c:\program files\Common Files\Apple
2009-02-14 17:42 . 2009-02-14 17:41	--------	d-----w	c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-14 17:41 . 2009-02-14 17:41	--------	d-----w	c:\program files\QuickTime
2009-02-14 17:41 . 2009-02-14 17:41	--------	d-----w	c:\program files\Apple Software Update
2009-02-14 17:41 . 2009-02-14 17:41	--------	d-----w	c:\documents and settings\All Users\Application Data\Apple
2009-02-11 20:36 . 2009-02-11 20:36	268	---ha-w	C:\sqmdata03.sqm
2009-02-11 20:36 . 2009-02-11 20:36	244	---ha-w	C:\sqmnoopt03.sqm
2009-02-09 11:13 . 2004-08-04 12:00	1846784	----a-w	c:\windows\system32\win32k.sys
2009-02-06 16:03 . 2009-02-06 16:03	307576	----a-w	c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52	49504	----a-w	c:\windows\system32\sirenacm.dll
2009-01-27 01:34 . 2009-01-27 01:34	815104	----a-w	c:\windows\system32\divx_xx0a.dll
2009-01-25 15:41 . 2009-01-01 17:18	499712	----a-w	c:\windows\system32\msvcp71.dll
2009-01-25 15:41 . 2009-01-01 17:18	348160	----a-w	c:\windows\system32\msvcr71.dll
2009-01-24 19:49 . 2004-09-28 03:38	114688	----a-w	c:\windows\system32\wmatimer.dll
2009-01-16 01:54 . 2009-01-15 13:56	94208	----a-w	c:\documents and settings\Administrator\Application Data\ezplay.sys
2009-01-16 01:54 . 2009-01-15 13:55	47360	----a-w	c:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-01-14 14:52 . 2009-01-14 14:52	392	---ha-w	C:\$$JetTHM$$.cache
2009-01-14 09:51 . 2009-01-14 09:51	275	----a-w	C:\Shortcut to Local Disk (E).lnk
2009-01-27 01:2009-01-27 01:34		34:38 .	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:2009-01-27 01:34		34:38 .	c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-09-18 18:2007-09-18 18:02		02:38 .	c:\program files\mozilla firefox\components\FlashgetXpi.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [01/14/2009 09:03 PM 2606512]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 03:12 AM 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/15/2008 01:04 AM 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [05/02/2008 07:15 AM 15872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [01/25/2009 06:41 PM 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [03/02/2009 12:08 PM 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 03:12 AM 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [04/14/2008 03:12 AM 53760 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-03-19 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGetX\\FlashGetX.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/05/2009 04:17 PM 108289]
R2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [02/06/2009 06:08 PM 55152]
R2 gupdate1c992d5c907461a;Google Update Service (gupdate1c992d5c907461a);c:\program files\Google\Update\GoogleUpdate.exe [02/20/2009 12:05 AM 133104]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/09/2008 11:48 PM 602392]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [02/06/2009 06:08 PM 533360]
R3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\DRIVERS\GUCI_AVS.sys [04/30/2008 09:35 AM 537216]
R4 SeaPort;SeaPort; [x]

.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [07/30/2008 12:34 PM]

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [02/20/2009 12:05 AM]

2009-04-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [03/11/2009 08:20 PM]

2009-04-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]

2009-04-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]

2009-04-13 c:\windows\Tasks\User_Feed_Synchronization-{E497338D-DC65-4432-9386-93857C8A6429}.job
- c:\windows\system32\msfeedssync.exe [08/13/2007 06:36 PM]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Download ALL with IDA
IE: Download with IDA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\n5cxqb4e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://home.PCWallpaperZone.com|http://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.dll
FF - component: c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.dll
FF - component: c:\program files\Mozilla Firefox\components\FlashgetXpi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 20:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-527237240-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,4f,c7,80,ad,4d,b5,4e,a3,81,52,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,4f,c7,80,ad,4d,b5,4e,a3,81,52,\
"B34DEDAE08DEBC3D9AE72E5085B5F343BB2B215141"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,4f,c7,80,ad,4d,b5,4e,a3,81,52,\

[HKEY_USERS\S-1-5-21-436374069-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76DF01AD-D9CB-DC05-D68C-3320B05750F9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"faloiebklfhn"=hex:66,61,62,64,63,6c,69,6a,64,64,6d,70,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f0,c2,49,1c,bc,4a,06,83,11,b6,76,87,9c,b7,66,d7,18,31,aa,de,cf,
   0e,b1,60,f3,14,85,7e,38,bc,28,14,a0,b6,c2,e5,cd,e1,18,a9,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f113647a-40e4-4e71-b314-24dffef0025b}]
@Denied: (Full) (Everyone)
"Model"=dword:0000004d
"Therad"=dword:00000008
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
   4b,7b,ad,04,7a,b1,b5,76,9b,27,47,0b,b0,0e,82,56,d9,d8,39,8b,ad,1b,f7,d2,b0,\
.
Completion time: 04/13/2009 20:08
ComboFix-quarantined-files.txt  2009-04-13 17:08
ComboFix2.txt  2009-04-10 21:19

Pre-Run: 40,241,106,944 bytes free
Post-Run: 40,252,723,200 bytes free

302	--- E O F ---	2009-04-11 10:58



التوقيع