اخي شاكر لك تفاعلك معي وبارك الله لك في مالك واولادك وجعلك ذخراً لوالديك واقر بهما عينك
هذا التقرير اخي وسوف اذهب لصلاة المغرب واعود ان شاء الله
ComboFix 08-08-24.03 - xp 08/25/2008 18:29:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.374 [GMT -7:00]
Running from: C:\Documents and Settings\xp\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\windowxp.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 01:33 557,088 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-26 01:33 4,032 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-26 01:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-26 01:32 22,092 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-26 01:32 2,555,424 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-26 01:14 --------- d-----w C:\Documents and Settings\xp\Application Data\CyberScrub
2008-08-26 01:14 --------- d-----w C:\Documents and Settings\xp\Application Data\cleaner
2008-08-25 13:53 --------- d-----w C:\Program Files\Google
2008-08-25 07:07 --------- d-----w C:\Program Files\Common Files\Real
2008-08-25 01:12 --------- d-----w C:\Program Files\Bug Doctor
2008-08-24 06:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-24 06:27 --------- d-----w C:\Documents and Settings\xp\Application Data\Windows Desktop Search
2008-08-24 06:26 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-24 06:18 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-24 04:05 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-23 06:26 --------- d-----w C:\Program Files\Yahoo!
2008-08-23 06:14 --------- d-----w C:\Program Files\1ClickWebSlideShow
2008-08-21 22:40 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-21 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-08-20 06:52 --------- d-----w C:\Program Files\Error Repair Professional
2008-08-19 05:25 --------- d-----w C:\Program Files\LtUcx
2008-08-15 23:34 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\agi
2008-08-14 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-14 00:14 --------- d-----w C:\Program Files\Super Internet TV
2008-08-14 00:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-08 21:04 --------- d-----w C:\Documents and Settings\xp\Application Data\Windows Search
2008-08-07 03:32 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-02 07:37 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-26 05:09 --------- d-----w C:\Documents and Settings\xp\Application Data\BSplayer
2008-07-26 04:52 --------- d-----w C:\Program Files\Webteh
2008-07-26 04:52 --------- d-----w C:\Documents and Settings\xp\Application Data\BSplayer Pro
2008-07-24 20:19 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-18 07:16 660 --sh--r C:\io64.sys
2008-07-16 01:44 --------- d-----w C:\Documents and Settings\xp\Application Data\agi
2008-07-16 01:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\agi
2008-07-11 23:43 --------- d-----w C:\Program Files\CCleaner
2008-07-10 07:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 18:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-28 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-27 01:06 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 02:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [11/22/2007 09:21 AM 61440]
[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 02:56 PM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/25/2008 12:07 AM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 02:56 PM 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [08/24/2007 04:18 AM 437160]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 10:19 PM 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/23/2006 12:49 AM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Start Menu^Programs^Startup^Ela-Salaty.lnk]
path=C:\Documents and Settings\xp\Start Menu\Programs\Startup\Ela-Salaty.lnk
backup=C:\WINDOWS\pss\Ela-Salaty.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^xp^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\xp\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\(Default)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
--a------ 05/16/2004 04:38 AM 107008 C:\Program Files\ClocX\ClocX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/03/2004 02:56 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 08/24/2007 08:00 AM 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 01/22/2005 07:31 PM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 01/22/2005 07:36 PM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 04/13/2006 12:09 PM 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 04/14/2003 09:05 PM 1498032 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/18/2007 12:34 PM 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 11:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 03/11/2003 05:24 PM 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 12/07/2005 11:57 PM 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 08/06/2004 09:27 AM 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 07/27/2004 02:48 PM 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 09/25/2007 02:11 AM 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 08/25/2008 12:07 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 11/03/2006 08:20 PM 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 08/30/2007 06:43 PM 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"C:\\Program Files\\Macromedia\\Flash MX\\Flash_original.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [03/26/2008 06:00 PM]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/03/2004 02:56 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [08/23/2008 09:05 PM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{942f8e9a-9f0a-11dc-9c0e-001485e1eb34}]
\Shell\AutoRun\command - H:\JMC.EXE
.
s of the 'Scheduled Tasks' folder
2008-08-26 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [08/01/2008 05:22 PM]
2008-08-26 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [11/03/2006 08:20 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-nod32kui - C:\Program Files\Eset\nod32kui.exe
MSConfigStartUp-Nokia - C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
MSConfigStartUp-PC Suite Tray - C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\xp\Application Data\Mozilla\Firefox\Profiles\a8x1muqr.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://arabia.msn.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-25 18:33:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 08/25/2008 18:38:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 01:38:45
Pre-Run: 12,732,686,336 bytes free
Post-Run: 12,660,191,232 bytes free
232 --- E O F --- 2008-08-25 06:05:58
