السلام عليكم
هذا التقرير:
ComboFix 08-09-27.03 - Micro.Pc 09/28/2008 15:59:24.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1531 [GMT 3:00]
Running from: D:\Documents and Settings\Micro.Pc\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Micro.Pc\s\micro.pc@ad.yieldmanager[1].txt
C:\Documents and Settings\Micro.Pc\s\micro.pc@advertising[2].txt
C:\Documents and Settings\Micro.Pc\s\micro.pc@sexstar[2].txt
C:\Documents and Settings\Micro.Pc\s\micro.pc@trafficmp[2].txt
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 13:01 5,024 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-28 13:01 31,008 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-28 13:01 17,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-28 13:01 1,127,200 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-28 12:12 --------- d-----w C:\Documents and Settings\Micro.Pc\Application Data\Malwarebytes
2008-09-28 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 04:03 --------- d-----w C:\Program Files\SAV
2008-09-21 02:42 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-27 17:15 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-27 16:31 --------- d-----w C:\Program Files\BandRich
2008-08-17 01:26 --------- d-----w C:\Program Files\MyConnection Server
2008-08-17 01:18 --------- d-----w C:\Program Files\VisualRoute Lite Edition
2008-08-16 19:02 --------- d-----w C:\Documents and Settings\Micro.Pc\Application Data\Hewlett-Packard
2008-08-16 18:57 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-08-16 18:54 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-08-16 18:52 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-15 04:12 --------- d-----w C:\Documents and Settings\Micro.Pc\Application Data\CyberLink
2008-08-06 19:25 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 00:31 --------- d-----w C:\Documents and Settings\Micro.Pc\Application Data\AdobeUM
2008-08-03 14:47 --------- d-----w C:\Program Files\Mobily Connect Card
2008-08-01 00:11 --------- d-----w C:\Documents and Settings\Micro.Pc\Application Data\IDM
2008-07-30 00:25 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-30 00:25 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-30 00:02 --------- d-----w C:\Program Files\Nuclear Coffee
2008-07-29 16:38 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-29 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 12:00 PM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [10/09/2006 11:28 AM 139264]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [02/16/2008 07:46 PM 108032]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
"HUAWEI 3G Data Card MTS"="C:\PROGRA~1\MOBILY~1\Mobily Connect Card.exe" [03/31/2007 11:58 AM 335872]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [08/27/2008 08:15 PM 880896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [05/18/2006 11:29 AM 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM 413696]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 12:22 AM 405504]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/15/2007 04:33 AM 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/15/2007 04:32 AM 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [11/15/2007 04:33 AM 137752]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [05/09/2007 03:01 PM 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/26/2007 04:14 AM 1024000]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [10/09/2007 09:17 AM 2183168]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [07/03/2007 01:57 PM 1228800]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/29/2008 05:39 PM 185896]
"Antivirus"="C:\Program Files\SAV\sav.exe" [09/26/2008 09:00 AM 404992]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM 218376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/12/2004 12:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.avis"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=C:\WINDOWS\pss\PalStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 11/05/2007 11:12 AM 884176 C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 11/01/2002 10:33 PM 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 11/04/2002 08:57 AM 73728 C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 09/27/2006 01:46 PM 3698688 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 01/12/2006 04:40 PM 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 04/29/2008 05:39 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 07/27/2006 01:27 AM 4617720 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 BandLuxe_Service;BandLuxe Service;C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [06/03/2008 10:12 AM 87264]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [05/04/2007 01:00 PM 105984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [06/07/2007 03:00 PM 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [10/10/2007 03:03 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [03/05/2007 08:45 AM 7424]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM 27136]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\WINDOWS\system32\DRIVERS\br3gmdm.sys [03/14/2008 10:31 AM 100096]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ea834e9-6162-11dd-8289-001f3ae0b406}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95b14be8-618f-11dd-828c-001f3ae0b406}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95b14bea-618f-11dd-828c-001f3ae0b406}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1270c18-616b-11dd-828b-001f3ae0b406}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Micro.Pc\Application Data\Mozilla\Firefox\Profiles\81tmgoe4.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-28 16:02:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CRYPSERV.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 09/28/2008 16:04:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 13:04:16
Pre-Run: 66,247,688,192 bytes free
Post-Run: 67,422,650,368 bytes free
201
والحين بسوي فقره الثانيه
( 2 )
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
برب ثواني
k: