هلابك اخووووي هذا التقرير لاهنت
ComboFix 09-10-11.03 - أبو خالد 10/12/2009 19:23.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1256.966.1025.18.1014.315 [GMT 3:00]
Running from: c:\users\أبو خالد\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\users\أبو خالد\AppData\Roaming\addons.dat
c:\users\أبو خالد\AppData\Roaming\Bifrost
c:\users\أبو خالد\AppData\Roaming\Bifrost\server.exe
c:\windows\system32\mpxa.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.
2009-10-12 16:37 . 2009-10-12 16:38 -------- d-----w- c:\users\أبو خالد\AppData\Local\temp
2009-10-12 16:37 . 2009-10-12 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-12 09:56 . 2009-10-12 10:03 -------- d-----w- c:\users\أبو خالد\AppData\Roaming\FairStars Recorder
2009-10-12 09:56 . 2009-10-12 10:03 -------- d-----w- c:\program files\FairStars Recorder
2009-10-11 11:53 . 2009-10-11 11:53 -------- d-----w- c:\users\أبو خالد\AppData\Roaming\Any DVD Converter Professional
2009-10-11 11:53 . 2009-10-11 11:53 -------- d-----w- c:\program files\Any DVD Converter Professional
2009-10-11 11:46 . 2009-10-11 11:46 -------- d-----w- c:\program files\Any Video Converter
2009-10-11 11:24 . 2009-10-11 11:46 -------- d-----w- c:\users\أبو خالد\AppData\Roaming\Any Video Converter
2009-10-11 08:16 . 2009-10-11 08:16 -------- d-----w- C:\tmp
2009-10-11 07:40 . 2009-10-11 08:36 -------- d-----w- C:\Download
2009-10-11 07:39 . 2009-10-11 07:41 -------- d-----w- C:\YouTubeGet
2009-10-02 23:11 . 2009-10-01 07:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-24 08:30 . 2009-09-29 10:11 -------- d-----w- c:\users\أبو خالد\كاسبر سكاي 7
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 16:15 . 2008-09-26 20:44 43549216 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-12 14:39 . 2008-09-26 10:57 -------- d-----w- c:\programdata\Kaspersky Lab
2009-10-12 11:15 . 2008-09-26 20:44 587240 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-12 11:15 . 2008-08-09 16:37 1660 ----a-w- c:\windows\bthservsdp.dat
2009-10-12 11:07 . 2008-06-21 14:55 116784 ----a-w- c:\users\أبو خالد\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-11 11:41 . 2009-05-08 09:05 -------- d-----w- c:\program files\JLC's Software
2009-10-11 11:40 . 2008-08-09 18:34 -------- d-----w- c:\program files\Total Video Converter
2009-10-03 21:49 . 2008-06-21 18:55 -------- d-----w- c:\program files\Google
2009-10-02 07:29 . 2008-06-23 09:33 -------- d-----w- c:\program files\Windows Live
2009-09-29 20:20 . 2006-12-05 05:25 81136 ----a-w- c:\windows\system32\perfc001.dat
2009-09-29 20:20 . 2006-12-05 05:25 460662 ----a-w- c:\windows\system32\perfh001.dat
2009-09-27 07:29 . 2009-02-13 21:07 -------- d-----w- c:\programdata\licenselessway
2009-09-23 22:35 . 2009-08-31 06:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-23 21:03 . 2008-07-08 11:19 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-09-23 17:55 . 2008-09-26 20:45 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-23 17:55 . 2008-09-26 20:45 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-12 15:05 . 2008-09-15 22:51 -------- d-----w- c:\users\أبو خالد\AppData\Roaming\uTorrent
2009-07-26 13:44 . 2009-07-26 13:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pop Film"="c:\programdata\peak bait bait.7l1jnnu" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-11 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\system32\MSCONFIG.exe" [2006-11-02 222208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-20 198160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-12-11 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^أبو خالد^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\أبو خالد\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DFA5C827-8656-40C7-BB4B-C16C68F35A8B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E50B61B5-B1C6-4944-B0FA-B7AF86E28229}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E90B8468-FB3C-4233-83CE-96AAA7AAB200}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC5F740F-F4A8-4827-9C0A-68812A1945FE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FBC8D5C4-1DA9-42A1-BE04-B1B5E361D2C3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{1A6F5781-D280-4CBF-AD77-D6FF02A9B1AE}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{283D8950-F29A-41C8-9FCB-D511BC6F3AB3}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{1DE2D94B-CACD-421A-9A2C-00FE5A47EA13}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{04042E48-731A-413C-9415-6043E915C04B}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{DBBC82FF-A201-400F-93E6-9260645B22A3}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorEngine
"{D78C021F-6998-4E9F-80B8-FA32E0D1D3A6}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorEngine
"{D0F16533-7D9C-4884-9134-1C4B8A836FA2}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{84696C03-9B67-427C-A9F9-8C34D23FE1FD}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{057583B1-02EC-47BC-9926-5EBF19C8E520}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{744F4E2B-B4CD-49DE-B7C0-BAF28A4EA0B5}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{AD221321-597D-43EF-B8BA-4BB494606488}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0364C24A-3978-4B2B-9B4E-0097B5F707D6}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"TCP Query User{DCDD01C0-2F9F-4502-97DC-4DBE5A994800}c:\\users\\أبو خالد\\desktop\\170 kb\\utorrent.exe"= UDP:c:\users\أبو خالد\desktop\170 kb\utorrent.exe:utorrent.exe
"UDP Query User{3690D600-8036-4D84-B48D-C40DCAE4DEA9}c:\\users\\أبو خالد\\desktop\\170 kb\\utorrent.exe"= TCP:c:\users\أبو خالد\desktop\170 kb\utorrent.exe:utorrent.exe
"{6071FE97-2993-420A-AA9A-78CA5D14F3B9}"= UDP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0
"{9766AE81-EE80-4948-9762-6AED175DEF89}"= TCP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0
"TCP Query User{D786112E-C11D-4F33-83FD-F1C7730B49B2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C9211929-7049-4A8A-8CA1-70F9EAAF44DF}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C4B89E3A-FE57-4562-9FCD-7BB6824DA770}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{79C5BA38-52A7-4B79-BA82-E54DD22B2053}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{86737E9C-5070-4453-90AF-A8776FEA0D09}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{59B4727F-200A-4221-9C0F-B81BFF9711FF}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{87C05B45-C1EC-4C01-A851-6944DA282F14}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{0639D79A-0666-42C2-ACC8-373E8F0CFFEC}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{7B71AFC2-481F-4198-AE6B-23F01DFB40E9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{5624AA50-0120-4296-B69F-3BABDE5B3459}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{E0403DFE-4F36-4C08-992D-ED37CDF1AAA5}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FBDA1E1C-7CCC-4468-A914-246870BD6973}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{C51192AD-A25E-4A37-B47B-0BCB1562C2C1}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{FCF74C6E-49E2-4C98-BDF2-BFE1629D853A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{043488E9-2058-4A99-9948-628EA1C6DCC2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{ADF5CCE6-013B-4167-93F5-D2E4B76F10B6}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"TCP Query User{F21A4A18-B7C5-4CB8-8161-6628DACD9732}c:\\program files\\paltalk messenger\\paltalk.exe"= UDP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"UDP Query User{3D04171C-F290-4717-BD86-78E4DFCB1A58}c:\\program files\\paltalk messenger\\paltalk.exe"= TCP:c:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"TCP Query User{546671C7-3F89-4FE3-BCA6-DE5E52FE2298}c:\\program files\\www.cproxy.com\\cproxy.exe"= UDP:c:\program files\
www.cproxy.com\cproxy.exe:CPROXY.com
"UDP Query User{5A0FE89A-3B9D-4649-8653-5541E431150D}c:\\program files\\www.cproxy.com\\cproxy.exe"= TCP:c:\program files\
www.cproxy.com\cproxy.exe:CPROXY.com
"TCP Query User{DC023BFA-810A-4D58-AE5C-B95137D8CD6F}c:\\program files\\www.cproxy.com\\cproxy.exe"= UDP:c:\program files\
www.cproxy.com\cproxy.exe:CPROXY.com
"UDP Query User{D6F9DD69-C1C8-4A3F-8D05-BAA95C231C7A}c:\\program files\\www.cproxy.com\\cproxy.exe"= TCP:c:\program files\
www.cproxy.com\cproxy.exe:CPROXY.com
"TCP Query User{ED7F844F-036B-46B7-96B3-E7676FCE0AD3}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"UDP Query User{7ADB007B-1355-44F8-A620-41701C372D9F}c:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:c:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"TCP Query User{C1C069D3-BE08-4A88-AE54-4244F84520DC}c:\\users\\أبو خالد\\appdata\\local\\temp\\rar$ex00.852\\170 kb\\utorrent.exe"= UDP:c:\users\أبو خالد\appdata\local\temp\rar$ex00.852\170 kb\utorrent.exe:utorrent.exe
"UDP Query User{8AEE6E1E-12E5-47D3-9A3A-7C7F249D3D85}c:\\users\\أبو خالد\\appdata\\local\\temp\\rar$ex00.852\\170 kb\\utorrent.exe"= TCP:c:\users\أبو خالد\appdata\local\temp\rar$ex00.852\170 kb\utorrent.exe:utorrent.exe
"TCP Query User{78F93C42-73B6-43E6-9C76-2618412CB133}c:\\users\\أبو خالد\\desktop\\utorrent.exe"= UDP:c:\users\أبو خالد\desktop\utorrent.exe:utorrent.exe
"UDP Query User{9CDE1647-ECC1-4E81-B93D-14838DBBE5EC}c:\\users\\أبو خالد\\desktop\\utorrent.exe"= TCP:c:\users\أبو خالد\desktop\utorrent.exe:utorrent.exe
"{A25307C9-D42E-4910-8FDA-4ECD4293E170}"= UDP:c:\windows\System32\mpxa.exe:mpxa
"{B22B7796-EAAE-42D8-ADA6-8F7080169ABC}"= TCP:c:\windows\System32\mpxa.exe:mpxa
"TCP Query User{7F253916-9CED-438F-9C2C-F39FB1B51F34}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{850071BF-D2B4-4DF8-9333-65EE9D5AC29A}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{4377A438-13A8-4C6D-B411-98B6721A65C9}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B9B87D35-9A8B-4123-94E1-1C403841A48C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\MSNShell\\Bin\\engie.exe"= c:\program files\MSNShell\Bin\engie.exe:*:Enabled:MSNShell
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [04/04/07 02:59 م 20760]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28/08/08 11:48 م 3664384]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [21/06/08 05:58 م 240128]
S2 gupdate1ca447372954750;gupdate1ca447372954750;c:\program files\Google\Update\GoogleUpdate.exe [04/10/09 12:49 ص 133104]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [02/09/08 04:14 م 191656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 21:49]
2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 21:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for - file:///C:/Windows//classes/xmldso.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://174.37.178.22:1999/ReadUid.CAB
FF - ProfilePath - c:\users\أبو خالد\AppData\Roaming\Mozilla\Firefox\Profiles\i9m3ftg7.default\
FF - prefs.
js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.
js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\users\أبو خالد\AppData\Roaming\Mozilla\Firefox\Profiles\i9m3ftg7.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-{B02C8A79-166D-EAED-C15F-3D1CC66CC436} - c:\users\أبو خالد\AppData\Roaming\Bifrost\server.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-12 19:38
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1466200160-2339364353-1653606426-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="a"
[HKEY_USERS\S-1-5-21-1466200160-2339364353-1653606426-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5f,e7,61,18,f4,d6,36,7c,e7,1a,47,f2,db,c6,11,e0,a0,5f,2f,c1,3a,
95,73,95,6e,5b,da,f6,bb,ac,26,d7,77,dc,a4,14,2b,d4,d3,77,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-1466200160-2339364353-1653606426-1000_Classes\CLSID\{a3af0d70-306b-468d-adec-9b727f3ab226}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000103
"Therad"=dword:00000019
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(848)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\windows\system32\WS2_32.dll
- - - - - - - > 'lsass.exe'(748)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
.
Completion time: 2009-10-12 19:41
ComboFix-quarantined-files.txt 2009-10-12 16:41
Pre-Run: 15,667,068,928 bytes free
Post-Run: 15,478,792,192 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
245 --- E O F --- 2009-06-27 21:40