السلام عليكم ورحمة الله وبركاتة
ComboFix 08-09-03.02 - w 09/04/2008 4:52:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1388 [GMT 3:00]
Running from: C:\Documents and Settings\w\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\#Shareds\NS63YU6U\bin.clearspring.com
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\#Shareds\NS63YU6U\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\w\s\w@om.one.microsoft[1].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 01:58 24,944 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-09-04 01:56 8,494,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-04 01:56 68,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-04 01:56 6,496 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-04 01:56 1,277,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-04 01:56 --------- d-----w C:\Documents and Settings\w\Application Data\Free Download Manager
2008-09-04 01:29 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-09-04 00:34 --------- d-----w C:\Documents and Settings\w\Application Data\cafe
2008-09-04 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\cafe
2008-09-03 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-03 19:02 --------- d-----w C:\Program Files\Driver Magician
2008-09-03 19:00 --------- d-----w C:\Program Files\ma-config.com
2008-09-03 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-03 18:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 22:52 --------- d-----w C:\Documents and Settings\w\Application Data\vlc
2008-09-02 22:50 --------- d-----w C:\Program Files\VideoLAN
2008-09-02 17:27 --------- d-----w C:\Program Files\nLite
2008-09-02 04:00 --------- d-----w C:\Program Files\IIS
2008-09-01 21:32 --------- d-----w C:\Program Files\Marvell
2008-09-01 21:31 --------- d-----w C:\Documents and Settings\w\Application Data\TMP
2008-09-01 20:42 468,971 ----a-w C:\yk51x86_v10.64.2.3.zip
2008-08-31 03:19 --------- d-----w C:\Program Files\Common Files\Akamai
2008-08-30 19:23 --------- d-----w C:\Documents and Settings\w\Application Data\Thinstall
2008-08-30 17:17 --------- d-----w C:\Program Files\Microsoft IPsec Diagnostic Tool
2008-08-30 17:16 --------- d-----w C:\Documents and Settings\w\Application Data\IPSecureLogs
2008-08-30 14:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-29 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-28 18:58 --------- d-----w C:\Program Files\CPUZ 147
2008-08-27 23:38 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-27 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-27 20:36 --------- d-----w C:\Documents and Settings\w\Application Data\Ahead
2008-08-27 03:37 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-08-26 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-25 17:25 --------- d-----w C:\Program Files\Microsoft Works
2008-08-25 17:24 --------- d-----w C:\Program Files\MSBuild
2008-08-25 16:32 --------- d-----w C:\Program Files\HP
2008-08-25 12:24 --------- d-----w C:\Program Files\XP LogonUI
2008-08-25 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-23 16:52 --------- d-----w C:\Documents and Settings\w\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-23 16:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-23 13:35 --------- d-----w C:\Program Files\Stardock
2008-08-23 11:12 --------- d-----w C:\Program Files\7-Zip
2008-08-23 04:13 --------- d-----w C:\Documents and Settings\w\Application Data\OfficeUpdate12
2008-08-21 12:59 --------- d-----w C:\Program Files\Free Download Manager
2008-08-21 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-08-21 10:32 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-21 10:32 --------- d-----w C:\Documents and Settings\w\Application Data\SystemRequirementsLab
2008-08-21 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-21 09:05 14,080 ----a-w C:\WINDOWS\system32\drivers\SaiMini.sys
2008-08-19 22:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-19 19:30 --------- d-----w C:\Program Files\MSECache
2008-08-19 04:05 --------- d-----w C:\Documents and Settings\w\Application Data\Apple Computer
2008-08-19 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-19 02:28 --------- d-----w C:\Program Files\QuickTime
2008-08-19 02:27 --------- d-----w C:\Program Files\Apple Software Update
2008-08-19 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-18 17:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 17:09 --------- d-----w C:\Program Files\Windows Defender
2008-08-18 12:33 --------- d-----w C:\Program Files\Realtek
2008-08-18 09:14 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-18 08:57 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-18 08:57 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-18 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-18 07:04 290,176 ----a-w C:\WINDOWS\system32\drivers\yk51x86.sys
2008-08-06 14:12 4,755,968 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-31 21:45 319,488 ----a-w C:\WINDOWS\HideWin.exe
2008-07-31 12:05 16,806,912 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-07-31 07:21 79,960 ----a-w C:\WINDOWS\system32\drivers\jraid.sys
2008-07-29 17:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-29 12:42 528,384 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-07-28 07:43 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-07-27 21:55 --------- d-----w C:\Program Files\Windows Resource Kits
2008-07-27 05:39 --------- d-----w C:\Program Files\Error Repair Professional
2008-07-24 14:11 --------- d-----w C:\Program Files\Intel Corporation
2008-07-23 23:34 --------- d-----w C:\Program Files\GIGABYTE
2008-07-22 02:08 --------- d-----w C:\Program Files\Microsoft
2008-07-21 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-21 15:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-18 18:39 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-16 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 10:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-07-12 22:46 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-12 22:44 --------- d-----w C:\Program Files\Java
2008-07-11 12:31 --------- d-----w C:\Program Files\cafe
2008-07-11 11:19 --------- d-----w C:\Program Files\Yahoo!
2008-07-11 03:38 --------- d-----w C:\Program Files\GameShadow
2008-07-11 02:15 --------- d-----w C:\Documents and Settings\w\Application Data\Yahoo!
2008-07-11 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 13:42 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-06-19 13:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2008-06-19 13:20 57,344 ----a-w C:\WINDOWS\Alcmtr.exe
2008-06-18 15:01 77,824 ----a-w C:\WINDOWS\SoundMan.exe
2007-12-27 00:43 22,328 ----a-w C:\Documents and Settings\w\Application Data\PnkBstrK.sys
2007-12-26 19:37 1 ----a-w C:\Documents and Settings\w\SI.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/12/2007 01:43 AM 1661304]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/22/2008 11:13 AM 152872]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [05/20/2008 05:27 PM 2474031]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/19/2008 05:17 PM 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [11/26/2006 09:30 PM 97357]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/27/2007 06:30 PM 286720]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM 13529088]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/27/2007 06:32 PM 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM 249856]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 03:00 PM 208952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/27/2007 06:28 PM 49152]
"EasyTuneVPro"="C:\Program Files\Gigabyte\ET5Pro\ETcall.exe" [07/26/2007 03:05 PM 20480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 12:01 PM 1037736]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [05/28/2008 08:27 AM 570664]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [03/20/2007 02:36 PM 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [11/19/2007 11:01 AM 1970176]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"SoundMan"="SOUNDMAN.EXE" [06/18/2008 06:01 PM 77824 C:\WINDOWS\SoundMan.exe]
"RTHDCPL"="RTHDCPL.EXE" [07/31/2008 03:05 PM 16806912 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [05/16/2008 02:01 PM 86016 C:\WINDOWS\system32\nvmctray.dll]
"AlcWzrd"="ALCWZRD.EXE" [06/19/2008 04:42 PM 2808832 C:\WINDOWS\alcwzrd.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [08/24/2007 03:18 AM 437160]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/26/2008 06:41 PM 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MVJP"= C:\WINDOWS\system32\mjpcodec.dll
"VIDC.IJLV"= ijlvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^w^قائمة ابدأ^البرامج^بدء التشغيل^GIGABYTE VGA Utility.lnk]
backup=C:\WINDOWS\pss\GIGABYTE VGA Utility.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\ExtraTools\\ExtraDNS\\ExtraDNS.dll"=
"C:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\GIGABYTE\\ET5Pro\\update.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP
xpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"9420:TCP"= 9420:TCP:*isabled:Akamai Network Manager
"5000:UDP"= 5000:UDP:*isabled:Akamai Network Manager
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [09/04/2008 04:58 AM 24944]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5Pro\markfun.w32 [07/24/2008 02:41 AM 17912]
R3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [08/08/2006 06:25 PM 182528]
S3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [01/21/2008 06:36 PM 5112]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [09/02/2008 04:14 PM 191656]
S4 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [04/14/2008 09:30 PM 14336]
S4 POSPerformanceCounters;Point Of Service Performance Counters;c:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [02/01/2007 11:14 PM 42352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
*Newly Created Service* - MARKFUN_NT
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\w\Application Data\Mozilla\Firefox\Profiles\syjrufjz.default\
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-04 04:59:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5Pro\markfun.w32"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\GIGABYTE\ET5Pro\GUI.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
.
**************************************************************************
.
Completion time: 09/04/2008 5:13:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 02:12:59
Pre-Run: 41,920,749,568 bytes free
Post-Run: 43,964,588,032 bytes free
248 --- E O F --- 2008-08-23 16:22:45
ComboFix 08-09-03.02 - w 09/04/2008 4:52:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1388 [GMT 3:00]
Running from: C:\Documents and Settings\w\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\#Shareds\NS63YU6U\bin.clearspring.com
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\#Shareds\NS63YU6U\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\w\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\w\s\w@om.one.microsoft[1].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 01:58 24,944 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-09-04 01:56 8,494,112 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-04 01:56 68,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-04 01:56 6,496 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-04 01:56 1,277,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-04 01:56 --------- d-----w C:\Documents and Settings\w\Application Data\Free Download Manager
2008-09-04 01:29 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-09-04 00:34 --------- d-----w C:\Documents and Settings\w\Application Data\cafe
2008-09-04 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\cafe
2008-09-03 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-03 19:02 --------- d-----w C:\Program Files\Driver Magician
2008-09-03 19:00 --------- d-----w C:\Program Files\ma-config.com
2008-09-03 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-03 18:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 22:52 --------- d-----w C:\Documents and Settings\w\Application Data\vlc
2008-09-02 22:50 --------- d-----w C:\Program Files\VideoLAN
2008-09-02 17:27 --------- d-----w C:\Program Files\nLite
2008-09-02 04:00 --------- d-----w C:\Program Files\IIS
2008-09-01 21:32 --------- d-----w C:\Program Files\Marvell
2008-09-01 21:31 --------- d-----w C:\Documents and Settings\w\Application Data\TMP
2008-09-01 20:42 468,971 ----a-w C:\yk51x86_v10.64.2.3.zip
2008-08-31 03:19 --------- d-----w C:\Program Files\Common Files\Akamai
2008-08-30 19:23 --------- d-----w C:\Documents and Settings\w\Application Data\Thinstall
2008-08-30 17:17 --------- d-----w C:\Program Files\Microsoft IPsec Diagnostic Tool
2008-08-30 17:16 --------- d-----w C:\Documents and Settings\w\Application Data\IPSecureLogs
2008-08-30 14:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-29 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-28 18:58 --------- d-----w C:\Program Files\CPUZ 147
2008-08-27 23:38 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-27 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-27 20:36 --------- d-----w C:\Documents and Settings\w\Application Data\Ahead
2008-08-27 03:37 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-08-26 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-25 17:25 --------- d-----w C:\Program Files\Microsoft Works
2008-08-25 17:24 --------- d-----w C:\Program Files\MSBuild
2008-08-25 16:32 --------- d-----w C:\Program Files\HP
2008-08-25 12:24 --------- d-----w C:\Program Files\XP LogonUI
2008-08-25 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-23 16:52 --------- d-----w C:\Documents and Settings\w\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-08-23 16:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-23 13:35 --------- d-----w C:\Program Files\Stardock
2008-08-23 11:12 --------- d-----w C:\Program Files\7-Zip
2008-08-23 04:13 --------- d-----w C:\Documents and Settings\w\Application Data\OfficeUpdate12
2008-08-21 12:59 --------- d-----w C:\Program Files\Free Download Manager
2008-08-21 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-08-21 10:32 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-21 10:32 --------- d-----w C:\Documents and Settings\w\Application Data\SystemRequirementsLab
2008-08-21 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-21 09:05 14,080 ----a-w C:\WINDOWS\system32\drivers\SaiMini.sys
2008-08-19 22:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-19 19:30 --------- d-----w C:\Program Files\MSECache
2008-08-19 04:05 --------- d-----w C:\Documents and Settings\w\Application Data\Apple Computer
2008-08-19 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-19 02:28 --------- d-----w C:\Program Files\QuickTime
2008-08-19 02:27 --------- d-----w C:\Program Files\Apple Software Update
2008-08-19 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-18 17:23 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 17:09 --------- d-----w C:\Program Files\Windows Defender
2008-08-18 12:33 --------- d-----w C:\Program Files\Realtek
2008-08-18 09:14 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-18 08:57 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-18 08:57 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-18 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-18 07:04 290,176 ----a-w C:\WINDOWS\system32\drivers\yk51x86.sys
2008-08-06 14:12 4,755,968 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-31 21:45 319,488 ----a-w C:\WINDOWS\HideWin.exe
2008-07-31 12:05 16,806,912 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-07-31 07:21 79,960 ----a-w C:\WINDOWS\system32\drivers\jraid.sys
2008-07-29 17:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-29 12:42 528,384 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-07-28 07:43 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-07-27 21:55 --------- d-----w C:\Program Files\Windows Resource Kits
2008-07-27 05:39 --------- d-----w C:\Program Files\Error Repair Professional
2008-07-24 14:11 --------- d-----w C:\Program Files\Intel Corporation
2008-07-23 23:34 --------- d-----w C:\Program Files\GIGABYTE
2008-07-22 02:08 --------- d-----w C:\Program Files\Microsoft
2008-07-21 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-21 15:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-18 18:39 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-16 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 10:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-07-12 22:46 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-12 22:44 --------- d-----w C:\Program Files\Java
2008-07-11 12:31 --------- d-----w C:\Program Files\cafe
2008-07-11 11:19 --------- d-----w C:\Program Files\Yahoo!
2008-07-11 03:38 --------- d-----w C:\Program Files\GameShadow
2008-07-11 02:15 --------- d-----w C:\Documents and Settings\w\Application Data\Yahoo!
2008-07-11 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 13:42 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-06-19 13:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2008-06-19 13:20 57,344 ----a-w C:\WINDOWS\Alcmtr.exe
2008-06-18 15:01 77,824 ----a-w C:\WINDOWS\SoundMan.exe
2007-12-27 00:43 22,328 ----a-w C:\Documents and Settings\w\Application Data\PnkBstrK.sys
2007-12-26 19:37 1 ----a-w C:\Documents and Settings\w\SI.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/12/2007 01:43 AM 1661304]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/22/2008 11:13 AM 152872]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [05/20/2008 05:27 PM 2474031]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/19/2008 05:17 PM 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [11/26/2006 09:30 PM 97357]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/27/2007 06:30 PM 286720]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/16/2008 02:01 PM 13529088]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/27/2007 06:32 PM 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM 249856]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 03:00 PM 208952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/27/2007 06:28 PM 49152]
"EasyTuneVPro"="C:\Program Files\Gigabyte\ET5Pro\ETcall.exe" [07/26/2007 03:05 PM 20480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 12:01 PM 1037736]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [05/28/2008 08:27 AM 570664]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [03/20/2007 02:36 PM 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [11/19/2007 11:01 AM 1970176]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"SoundMan"="SOUNDMAN.EXE" [06/18/2008 06:01 PM 77824 C:\WINDOWS\SoundMan.exe]
"RTHDCPL"="RTHDCPL.EXE" [07/31/2008 03:05 PM 16806912 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [05/16/2008 02:01 PM 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [05/16/2008 02:01 PM 86016 C:\WINDOWS\system32\nvmctray.dll]
"AlcWzrd"="ALCWZRD.EXE" [06/19/2008 04:42 PM 2808832 C:\WINDOWS\alcwzrd.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [08/24/2007 03:18 AM 437160]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/26/2008 06:41 PM 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MVJP"= C:\WINDOWS\system32\mjpcodec.dll
"VIDC.IJLV"= ijlvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^w^قائمة ابدأ^البرامج^بدء التشغيل^GIGABYTE VGA Utility.lnk]
backup=C:\WINDOWS\pss\GIGABYTE VGA Utility.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\ExtraTools\\ExtraDNS\\ExtraDNS.dll"=
"C:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\GIGABYTE\\ET5Pro\\update.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP
xpsp2res.dll,-22015"1701:UDP"= 1701:UDP
xpsp2res.dll,-22016"500:UDP"= 500:UDP
xpsp2res.dll,-22017"9420:TCP"= 9420:TCP:*
isabled:Akamai Network Manager"5000:UDP"= 5000:UDP:*
isabled:Akamai Network ManagerR0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [09/04/2008 04:58 AM 24944]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5Pro\markfun.w32 [07/24/2008 02:41 AM 17912]
R3 SaiH0461;SaiH0461;C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [08/08/2006 06:25 PM 182528]
S3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [01/21/2008 06:36 PM 5112]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [09/02/2008 04:14 PM 191656]
S4 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [04/14/2008 09:30 PM 14336]
S4 POSPerformanceCounters;Point Of Service Performance Counters;c:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [02/01/2007 11:14 PM 42352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
*Newly Created Service* - MARKFUN_NT
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\w\Application Data\Mozilla\Firefox\Profiles\syjrufjz.default\
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-09-04 04:59:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5Pro\markfun.w32"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\GIGABYTE\ET5Pro\GUI.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
.
**************************************************************************
.
Completion time: 09/04/2008 5:13:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 02:12:59
Pre-Run: 41,920,749,568 bytes free
Post-Run: 43,964,588,032 bytes free
248 --- E O F --- 2008-08-23 16:22:45
