عندي مجلد رفض ينحذف

محروم.كوم · #1 06-29-2010, 09:50 AM

عندي مجلد رفض ينحذف وعلى سطح المكتب استغربت وجوده وفيه اغراضي ان حاطتهن في هاردسك خارجي
ولقيته على سطح المكتب تم حذف جميع المجلدات الا مجلد واحد رفض يقول مستخذم من قبل شخص اخر وحاولت احذفه بكل طرق
رفض ويقول محمي مدري وش اسويبه حتى اسم المجلد رفض يغيره

انا قريت موضوع واحد وانت شرحت له عن كيف اعرف انه جهازي مخترق

سويت الي تقوله للعضو

وهذا نتيجه طلع لي

ComboFix 10-06-27.06 - ASD 06/28/2010 4:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1525.829 [GMT 3:00]
Running from: d:\فلاش\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
c:\documents and settings\ASD\Recent\Thumbs.db
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\kern el32.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.
2010-06-27 23:51 . 2010-06-27 23:51 -------- d-----w- c:\program files\PC Washer
2010-06-25 00:19 . 2010-06-25 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-06-25 00:03 . 2010-06-25 12:02 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-25 00:01 . 2010-06-25 00:01 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-06-25 00:01 . 2010-06-25 00:01 -------- d-----w- c:\windows\system32\LogFiles
2010-06-24 22:28 . 2010-06-24 22:28 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin \ThinShims\rpnpshimwmp.dll
2010-06-24 22:28 . 2010-06-24 22:28 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin \ThinShims\rpnpshimswf.dll
2010-06-24 22:28 . 2010-06-24 22:28 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext\Components\nprpffbrowserrec ordext.dll
2010-06-24 22:28 . 2010-06-24 22:28 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin \ThinShims\rpnpshimrp.dll
2010-06-24 22:28 . 2010-06-24 22:28 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin \ThinShims\rpnpshimqt.dll
2010-06-24 22:28 . 2010-06-24 22:28 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin \Common\rpmainbrowserrecordplugin.dll
2010-06-24 22:28 . 2010-06-24 22:28 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll
2010-06-24 22:28 . 2010-06-24 22:28 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
2010-06-24 22:27 . 2010-06-24 22:27 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-24 00:50 . 2010-06-24 19:55 -------- d-----w- c:\documents and settings\ASD\Local Settings\Application Data\Temp
2010-06-23 23:33 . 2010-06-23 23:33 0 ----a-w- c:\windows\nsreg.dat
2010-06-23 23:33 . 2010-06-23 23:33 -------- d-----w- c:\documents and settings\ASD\Local Settings\Application Data\Mozilla
2010-06-23 00:34 . 2008-04-14 15:58 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-06-23 00:34 . 2008-04-14 15:58 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-06-23 00:34 . 2001-08-17 19:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-06-23 00:34 . 2001-08-17 19:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-06-23 00:34 . 2001-08-17 19:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-06-23 00:34 . 2001-08-17 19:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-06-23 00:34 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-06-23 00:34 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-06-23 00:34 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-06-23 00:34 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-06-23 00:34 . 2001-08-17 11:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-06-23 00:34 . 2001-08-17 11:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-06-23 00:25 . 2010-05-07 15:17 358944 ----a-w- c:\windows\vncutil.exe
2010-06-23 00:25 . 2010-05-07 15:17 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-06-23 00:25 . 2010-05-07 15:17 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-06-23 00:25 . 2009-11-18 04:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-06-23 00:25 . 2009-11-18 04:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-06-19 14:23 . 2010-06-19 14:23 -------- d-----w- c:\documents and settings\ASD\Local Settings\Application Data\Conduit
2010-06-19 14:23 . 2010-06-19 14:24 -------- d-----w- c:\documents and settings\ASD\Local Settings\Application Data\Messenger_Plus_Live_Saudi_Arabia
2010-06-19 14:23 . 2010-06-19 14:23 -------- d-----w- c:\program files\Conduit
2010-06-19 14:23 . 2010-06-19 14:23 -------- d-----w- c:\program files\Messenger_Plus_Live_Saudi_Arabia
2010-06-16 23:02 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\ASD\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2010-06-16 22:59 . 2010-06-16 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2010-06-16 22:59 . 2010-06-16 22:59 -------- d-----w- c:\documents and settings\ASD\Application Data\GRETECH
2010-06-16 21:32 . 2010-06-16 22:03 -------- d-----w- c:\documents and settings\ASD\Local Settings\Application Data\WMTools Downloaded Files
2010-06-14 21:11 . 2010-06-14 21:11 -------- d-----w- c:\program files\Common Files\PCSuite
2010-06-14 21:11 . 2010-06-14 21:11 -------- d-----w- c:\program files\Common Files\Nokia
2010-06-14 21:10 . 2010-06-14 21:10 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-14 21:10 . 2010-06-14 20:54 33809848 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_ara.exe
2010-06-14 21:09 . 2010-06-14 21:09 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActi ons\pcswpcsi.exe
2010-06-14 21:09 . 2010-06-14 21:09 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActi ons\UninstCCD.exe
2010-06-14 21:09 . 2010-06-14 21:09 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActi ons\UninstPCSFEMsi.exe
2010-06-14 21:09 . 2010-06-14 21:09 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActi ons\UninstPCS.exe
2010-06-12 07:31 . 2010-06-12 07:31 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-06-12 07:31 . 2010-06-18 12:22 -------- d-----w- c:\documents and settings\ASD\Application Data\Uniblue
2010-06-12 07:30 . 2010-06-18 12:22 -------- d-----w- c:\program files\Uniblue
2010-06-10 14:07 . 2008-04-14 15:59 151040 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-06-10 14:07 . 2008-04-14 15:59 151040 ----a-w- c:\windows\system32\irftp.exe
2010-06-10 14:07 . 2008-04-14 15:59 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-06-10 14:07 . 2008-04-14 15:59 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-06-10 14:07 . 2008-04-14 15:59 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-06-10 14:07 . 2008-04-14 15:59 27648 ----a-w- c:\windows\system32\irmon.dll
2010-06-07 19:04 . 2010-05-06 10:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dl l
2010-06-07 02:01 . 2010-06-07 02:01 -------- d-sh--w- c:\documents and settings\ASD\IECompatCache
2010-06-04 22:49 . 2010-06-24 22:28 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin \Chrome\Hook\rpchromebrowserrecordhelper .dll
2010-06-04 22:48 . 2010-06-24 00:52 -------- d-----w- c:\documents and settings\ASD\Local Settings\Application Data\Google
2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\program files\Google
2010-06-01 23:19 . 2010-06-01 23:19 -------- d-----w- c:\windows\Sun
2010-06-01 23:01 . 2010-06-01 23:01 -------- d-sh--w- c:\windows\system32\config\systemprofile \IETldCache
2010-06-01 22:53 . 2010-06-01 22:53 -------- d-----w- c:\windows\l2schemas
2010-06-01 22:53 . 2010-06-01 22:53 -------- d-----w- c:\windows\system32\ar
2010-06-01 22:53 . 2010-06-01 22:53 -------- d-----w- c:\windows\system32\bits
2010-06-01 22:46 . 2010-06-01 22:46 -------- d-sh--w- c:\documents and settings\ASD\PrivacIE
2010-06-01 22:43 . 2010-06-01 22:43 -------- d-sh--w- c:\documents and settings\ASD\IETldCache

2010-06-01 22:41 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dl l
2010-06-01 22:41 . 2010-06-08 00:01 -------- d-----w- c:\windows\ie8updates
2010-06-01 22:41 . 2010-05-06 10:31 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-01 22:41 . 2010-05-06 10:31 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-01 22:41 . 2010-05-06 10:31 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.d ll
2010-06-01 22:41 . 2010-05-06 10:31 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dl l
2010-06-01 22:41 . 2010-05-06 10:31 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-01 22:41 . 2010-05-06 10:31 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-01 22:40 . 2010-06-01 22:41 -------- dc-h--w- c:\windows\ie8
2010-05-30 23:20 . 2004-08-03 21:38 700928 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-05-30 23:08 . 2010-06-24 00:06 -------- d-----w- c:\windows\system32\ar-sa
2010-05-30 21:29 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dl l
2010-05-30 21:22 . 2008-06-14 17:31 271616 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-30 21:22 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\drivers\bthport.sys
2010-05-30 21:21 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-05-30 21:21 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-30 21:21 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-30 21:19 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-30 21:16 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-30 21:15 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.ex e
2010-05-30 21:15 . 2010-02-17 11:04 2191488 -c----w- c:\windows\system32\dllcache\ntoskrnl.ex e
2010-05-30 21:15 . 2009-03-06 14:20 283136 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-05-30 21:15 . 2009-02-09 11:21 110592 -c----w- c:\windows\system32\dllcache\services.ex e
2010-05-30 21:15 . 2009-02-09 10:51 681472 -c----w- c:\windows\system32\dllcache\advapi32.dl l
2010-05-30 21:15 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-05-30 21:15 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dl l
2010-05-30 21:15 . 2010-02-16 19:04 2147840 -c----w- c:\windows\system32\dllcache\ntkrnlmp.ex e
2010-05-30 21:15 . 2009-06-25 08:25 724480 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-05-30 21:15 . 2009-02-09 10:51 693760 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-05-30 21:15 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dl l
2010-05-30 21:15 . 2010-02-16 19:04 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.ex e
2010-05-30 20:56 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dl l
2010-05-30 20:49 . 2008-04-21 21:14 215040 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-05-30 20:47 . 2010-06-08 00:02 -------- d--h--w- c:\windows\$hf_mig$
2010-05-30 19:19 . 2010-05-30 19:19 -------- d-----w- c:\program files\MSI
2010-05-30 18:56 . 2010-06-04 22:21 734728 ----a-w- c:\documents and settings\ASD\Application Data\Real\RealPlayer\setup\AU_setup14.ex e
2010-05-30 18:52 . 2008-04-14 15:59 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-30 18:19 . 2010-05-30 18:19 -------- d-----w- c:\documents and settings\ASD\Application Data\com.adobe.mauby.4875E02D9FB21EE389F 73B8D1702B320485DF8CE.1
2010-05-30 18:19 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\ASD\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-05-30 17:05 . 2009-02-13 19:02 11520 ----a-r- c:\windows\system32\drivers\wdcsam.sys
2010-05-30 17:02 . 2010-05-30 17:02 -------- d-----w- c:\windows\Profiles
2010-05-30 17:02 . 2010-05-30 17:02 -------- d-----w- c:\documents and settings\ASD\Application Data\InterTrust
2010-05-30 17:02 . 1998-10-29 12:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-05-30 17:01 . 2010-05-30 19:18 -------- d-----w- c:\documents and settings\ASD\Local Settings\Application Data\Adobe
2010-05-30 16:59 . 2010-05-30 16:59 -------- d-----w- c:\documents and settings\ASD\Local Settings\Application Data\Identities
2010-05-30 02:43 . 2010-06-09 15:25 -------- d-----w- c:\program files\Acoustica Mixcraft
2010-05-30 02:33 . 1999-12-17 05:13 86016 ----a-w- c:\windows\unvise32.exe
2010-05-30 02:33 . 2010-06-27 22:51 -------- d-----w- c:\program files\SWiSHmax
2010-05-29 17:37 . 2010-05-29 17:37 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-29 17:37 . 2007-01-11 10:20 194304 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2010-05-29 17:37 . 2002-10-02 06:57 13532 ----a-w- c:\windows\system32\drivers\SjyPkt.sys
2010-05-29 17:37 . 2010-05-29 17:37 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility
2010-05-29 17:37 . 2010-05-29 17:37 -------- d-----w- c:\windows\OPTIONS
2010-05-29 17:10 . 2010-05-29 17:10 -------- d-sh--w- c:\documents and settings\ASD\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2010-06-27 11:43 . 2001-09-19 12:00 40118 ----a-w- c:\windows\system32\perfc001.dat
2010-06-27 11:43 . 2001-09-19 12:00 251674 ----a-w- c:\windows\system32\perfh001.dat
2010-06-04 22:49 . 2009-03-19 15:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-30 02:35 . 2010-05-28 20:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache \index.dat
2010-05-29 08:31 . 2009-03-19 15:08 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 20:11 . 2010-05-28 20:11 -------- d-----w- c:\program files\microsoft frontpage
2010-05-28 20:08 . 2010-05-28 20:08 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-07 15:54 . 2010-05-29 07:01 6037536 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-05-07 15:17 . 2010-05-29 07:01 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-05-07 15:17 . 2010-05-29 07:01 1833504 ----a-w- c:\windows\SkyTel.exe
2010-05-07 15:17 . 2010-05-29 07:01 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-05-07 15:17 . 2010-05-29 07:01 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-05-07 15:17 . 2010-05-29 07:01 19523616 ----a-w- c:\windows\RTHDCPL.EXE
2010-05-07 15:17 . 2010-05-29 07:01 2177568 ----a-w- c:\windows\MicCal.exe
2010-05-06 10:31 . 2004-08-04 08:55 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2004-08-04 08:46 1851136 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 08:52 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 22:40 . 2010-04-16 22:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-16 19:12 . 2010-04-16 19:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d657fd4-0328-423a-b12d-9576cd92af19}]
2010-04-15 09:33 2515552 ----a-w- c:\program files\Messenger_Plus_Live_Saudi_Arabia\t bMess.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\In ternet Explorer\Toolbar]
"{9d657fd4-0328-423a-b12d-9576cd92af19}"= "c:\program files\Messenger_Plus_Live_Saudi_Arabia\t bMess.dll" [2010-04-15 2515552]
[HKEY_CLASSES_ROOT\clsid\{9d657fd4-0328-423a-b12d-9576cd92af19}]
[HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Toolbar\Webbrowser]
"{9D657FD4-0328-423A-B12D-9576CD92AF19}"= "c:\program files\Messenger_Plus_Live_Saudi_Arabia\t bMess.dll" [2010-04-15 2515552]
[HKEY_CLASSES_ROOT\clsid\{9d657fd4-0328-423a-b12d-9576cd92af19}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\Googl eToolbarNotifier.exe" [2010-06-04 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Google Update"="c:\documents and settings\ASD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-24 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon .exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray .exe" [2005-11-03 98304]
"igfxpers"="c:\windows\system32\igfxpers .exe" [2005-11-03 118784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BluetoothAuthenticationAgent"="bthprops .cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2010-05-07 19523616]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-24 202256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2008-04-14 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-29 113664]
Bluetooth.lnk - c:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-5-31 577597]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-5-29 1719496]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2010-5-29 737280]
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\igfxhkcmd]
2005-11-03 07:22 77824 ----a-r- c:\windows\system32\hkcmd.exe
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29/05/2010 10:24 ص 135336]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8 187.sys [29/05/2010 08:37 م 194304]
R3 SjyPkt;SjyPkt;c:\windows\system32\driver s\SjyPkt.sys [29/05/2010 08:37 م 13532]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsa m.sys [30/05/2010 08:05 م 11520]
S3 Ambfilt;Ambfilt;c:\windows\system32\driv ers\Ambfilt.sys [23/06/2010 03:25 ص 1691480]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x .sys --> f:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1960408961-839522115-1003Core.job
- c:\documents and settings\ASD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-24 00:50]
2010-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1960408961-839522115-1003UA.job
- c:\documents and settings\ASD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-24 00:50]
2010-06-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1960408961-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09]
2010-06-28 c:\windows\Tasks\RealUpgradeScheduledTas kS-1-5-21-606747145-1960408961-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 19:09]
2010-06-27 c:\windows\Tasks\User_Feed_Synchronizati on-{9D505D7E-9A92-4F62-AC17-A082F1215EB9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = hxxp://www.gomlab.com/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************** **********************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-28 04:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentV ersion\Run
msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************** **********************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(5296)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes. dll
c:\windows\system32\PortableDeviceApi.dl l
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\documents and settings\ASD\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCras hHandler.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
.
**************************************** **********************************
.
Completion time: 2010-06-28 04:40:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-28 01:40
Pre-Run: 29,287,514,112 bytes free
Post-Run: 30,318,133,248 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition (1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WIND OWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 40CA5008CDE1CD956101D563959EAE11
__DEFINE_LIKE_SHARE__