هذ هو التقرير اخى الكريم
ComboFix 08-08-09.06 - Disturbia 2008-08-10 14:13:19.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.485 [GMT 3:00]
Running from: C:\Documents and Settings\Disturbia\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\actskn43.ocx
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-10 14:17 . 2008-08-10 14:17 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-08-10 14:17 . 2008-08-10 14:17 <DIR> d-------- C:\WINDOWS\srchasst
2008-08-10 14:17 . 2008-08-10 14:17 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-08-10 01:55 . 2008-08-10 01:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-10 01:52 . 2008-08-10 01:52 <DIR> d-------- C:\Documents and Settings\Disturbia\Application Data\Thinstall
2008-08-09 21:05 . 2008-08-09 21:05 1,844,730 --a------ C:\WINDOWS\Chevrolet_Celebrations.scr
2008-08-09 20:42 . 2008-08-10 03:34 12 --a------ C:\WINDOWS\dirsaver.ini
2008-08-09 02:39 . 2008-08-09 20:53 4,234,065 --a------ C:\WINDOWS\ChevroletSpark.scr
2008-08-08 14:16 . 2008-08-08 14:16 <DIR> d--hs---- C:\FOUND.002
2008-08-08 02:16 . 2008-08-08 02:16 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Splitter
2008-08-08 00:09 . 2008-08-08 00:09 <DIR> d-------- C:\DVDVideoSoft
2008-08-08 00:08 . 2008-08-08 00:08 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-04 19:46 . 2008-08-04 19:46 <DIR> d--hs---- C:\FOUND.001
2008-08-03 22:53 . 2008-08-03 22:53 <DIR> d-------- C:\Documents and Settings\Disturbia\Application Data\Command & Conquer 3 Tiberium Wars Demo
2008-08-03 22:15 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-08-03 22:07 . 2008-08-03 22:07 <DIR> d-------- C:\Program Files\Electronic Arts
2008-08-03 21:50 . 2008-08-03 21:50 <DIR> d--hs---- C:\FOUND.000
2008-08-03 21:44 . 2008-08-03 21:44 <DIR> d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY
2008-08-03 20:48 . 2008-08-03 20:48 <DIR> d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY
2008-07-31 13:17 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-29 01:19 . 2008-07-29 01:19 <DIR> d-------- C:\Program Files\Skype
2008-07-29 01:19 . 2008-07-29 01:19 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-29 01:19 . 2008-07-29 01:19 <DIR> d-------- C:\Documents and Settings\Disturbia\Application Data\skypePM
2008-07-29 01:19 . 2008-07-29 01:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-29 01:19 . 2008-07-29 01:19 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-28 22:10 . 2008-04-23 07:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-28 22:10 . 2007-04-17 12:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-28 22:10 . 2007-03-08 08:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-28 22:10 . 2008-04-23 07:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-28 22:10 . 2008-04-23 07:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-28 22:10 . 2008-04-23 07:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-28 22:10 . 2008-04-23 07:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-28 22:10 . 2008-04-23 07:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-28 22:10 . 2008-04-22 10:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-28 20:39 . 2008-02-26 14:48 297,984 --------- C:\WINDOWS\system32\dllcache\msctf.dll
2008-07-27 13:31 . 2008-07-31 01:52 20 --a------ C:\WINDOWS\popcinfo.dat
2008-07-26 21:57 . 2008-07-26 21:57 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-26 02:36 . 2008-07-26 02:36 <DIR> d-------- C:\Documents and Settings\Disturbia\Application Data\Skype
2008-07-25 14:12 . 2008-06-20 13:44 360,960 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-07-25 14:12 . 2008-06-20 20:36 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-07-25 14:12 . 2008-06-20 12:32 225,920 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-07-25 14:12 . 2008-06-20 20:36 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-07-25 14:12 . 2008-06-20 13:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-07-25 14:12 . 2006-08-16 15:08 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-07-25 00:07 . 2008-07-25 00:07 <DIR> d--hs---- C:\Documents and Settings\Disturbia\UserData
2008-07-24 21:34 . 2008-07-24 21:34 <DIR> d-------- C:\Program Files\Iso Burner
2008-07-24 16:45 . 2008-07-24 16:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-24 16:43 . 2008-07-24 16:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-24 16:43 . 2008-07-24 16:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-24 16:42 . 2008-07-24 16:42 <DIR> d-------- C:\Program Files\Mv2Player
2008-07-24 16:41 . 2008-07-24 16:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-24 16:41 . 2008-07-24 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-24 16:38 . 2008-07-24 16:38 <DIR> d-------- C:\Documents and Settings\Disturbia\Application Data\Media Player Classic
2008-07-24 16:38 . 2008-08-09 03:12 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-24 16:37 . 2008-07-24 16:37 <DIR> d-------- C:\Documents and Settings\Disturbia\Tracing
2008-07-24 16:29 . 2008-07-24 16:29 268 --ah----- C:\sqmdata00.sqm
2008-07-24 16:29 . 2008-07-24 16:29 244 --ah----- C:\sqmnoopt00.sqm
2008-07-24 16:26 . 2008-07-24 16:26 <DIR> d-------- C:\Documents and Settings\Disturbia\Application Data\IDM
2008-07-24 16:26 . 2008-07-24 16:26 <DIR> d-------- C:\Documents and Settings\Disturbia\Application Data\DMCache
2008-07-24 16:25 . 2008-07-24 16:25 <DIR> d-------- C:\Program Files\WinPcap
2008-07-24 16:25 . 2008-07-24 16:25 <DIR> d-------- C:\Program Files\netcut
2008-07-24 13:29 . 2008-07-24 13:29 <DIR> d-------- C:\Program Files\Windows Live
2008-07-24 13:13 . 2008-07-24 13:13 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-07-24 13:13 . 2008-07-24 13:13 <DIR> d-------- C:\Program Files\Ahead
2008-07-24 13:13 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-07-24 13:13 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-07-24 13:13 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-07-24 13:13 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-07-24 13:13 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-07-24 13:13 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-07-24 13:13 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-07-24 13:13 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-07-24 13:10 . 2008-07-24 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-24 13:09 . 2008-07-24 13:10 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-24 13:09 . 2008-07-24 13:09 <DIR> d-------- C:\Program Files\Opera
2008-07-24 13:09 . 2008-07-24 13:09 <DIR> d-------- C:\Program Files\My Company Name
2008-07-24 13:06 . 2008-07-24 13:06 <DIR> d--hs---- C:\Recycled
2008-07-24 12:44 . 2008-07-24 12:44 <DIR> d-------- C:\Program Files\Real Alternative
2008-07-24 12:44 . 2003-03-19 06:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-24 12:44 . 2004-01-12 01:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-07-24 10:06 . 2006-08-24 22:30 2,450,944 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-07-24 10:02 . 2008-07-24 10:02 <DIR> d-------- C:\Program Files\Google
2008-07-24 10:02 . 2008-07-24 10:02 <DIR> d-------- C:\Documents and Settings\Disturbia\Application Data\GRETECH
2008-07-24 10:02 . 2008-07-24 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-07-24 10:01 . 2008-07-24 10:02 <DIR> d-------- C:\Program Files\GRETECH
2008-07-24 03:26 . 2008-07-24 03:26 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-24 03:26 . 2008-07-24 03:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-24 03:21 . 2007-04-02 08:53 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-07-24 03:20 . 2008-05-07 07:55 1,288,192 --------- C:\WINDOWS\system32\dllcache\quartz.dll
2008-07-24 02:25 . 2008-07-24 02:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-24 02:23 . 2008-05-08 15:28 202,752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-24 02:18 . 2008-07-24 02:18 <DIR> d-------- C:\Documents and Settings\XPPRESP3
2008-07-24 02:18 . 2008-07-24 02:18 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-24 02:17 . 2008-07-24 02:17 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-24 02:17 . 2008-07-24 02:17 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-24 02:17 . 2008-07-24 02:17 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-24 02:15 . 2007-08-13 05:05 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-07-24 02:15 . 2007-07-23 11:39 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-07-24 02:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-24 02:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-24 02:09 . 2008-07-24 02:09 <DIR> d-------- C:\Program Files\Winamp
2008-07-24 02:09 . 2008-07-24 02:09 <DIR> d-------- C:\Documents and Settings\Disturbia\Application Data\Winamp
2008-07-24 02:08 . 2008-07-24 02:08 82,898 --a------ C:\WINDOWS\uninstall.exe
2008-07-24 02:08 . 2008-07-24 02:09 1,976 --a------ C:\WINDOWS\uninstall.ini
2008-07-24 02:07 . 2008-07-24 02:07 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-07-24 02:07 . 2008-07-24 02:07 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-24 02:07 . 2008-07-24 02:07 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 11:16 23,036 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-10 11:16 19,460 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-10 11:16 151,584 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-10 11:16 1,347,584 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-06 19:14 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-25 23:24 155,995 ----a-w C:\WINDOWS\java\Packages\QYS4DBBX.ZIP
2008-07-23 23:03 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-23 23:03 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-23 22:30 --------- d-----w C:\Program Files\Intel
2008-07-23 22:18 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-23 22:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-23 22:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 22:15 --------- d-----w C:\Program Files\Realtek
2008-07-23 22:15 --------- d-----w C:\Documents and Settings\Disturbia\Application Data\InstallShield
2008-07-23 22:11 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-23 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
------- Sigcheck -------
2006-09-09 01:02 2198144 ba08992ecfb4b23b9204add12ab385ea C:\WINDOWS\system32\ntkrnlpa.exe
2006-09-08 23:01 2321024 ef63859e4fd9cb3ec31a111481f4b1b6 C:\WINDOWS\system32\ntoskrnl.exe
2006-09-09 00:48 1616896 7f9583eff8102bce8bd6716744018f83 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-03 02:51 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-08-09 23:58 3739672]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 08:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 08:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 08:55 118784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 11:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 11:45 1826816 C:\WINDOWS\SkyTel.exe]
"Resume copy"="copyfstq.exe" [2003-06-10 17:35 57344 C:\WINDOWS\copyfstq.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"G:\\
002-games\\Command & Conquer Generals Zero Hour on Misho\\game.dat"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"G:\\
002-games\\UEFA Champions League 2006_2007\\CL07.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 00:10]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-NWEReboot - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.eg/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{35ACE321-D782-48F4-831F-BA21390C9016}: NameServer = 163.121.128.134,163.121.128.135
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-10 14:17:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\IGFXSRVC.EXE
.
**************************************************************************
.
Completion time: 2008-08-10 14:19:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 11:19:38
Pre-Run: 527,171,584 bytes free
Post-Run: 1,221,959,680 bytes free
238 --- E O F --- 2008-08-09 00:04:59
اما وصلة الهاى جاك فهى لا تعمل
