مشكور اخى الكريم وهذة هى التقراير
اولا تقرير CompoFix
ComboFix 08-09-30.03 - Administrator 10/01/2008 16:21:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.293 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 14:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-10-01 14:22 465,952 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 14:22 4,720 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-01 14:22 147,488 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-01 14:22 1,584 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-01 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-01 12:36 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-10-01 12:17 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-10-01 12:16 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-01 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-01 11:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-01 11:42 --------- d-----w C:\Program Files\CCleaner
2008-10-01 11:39 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-01 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-10-01 11:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-10-01 11:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 11:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cleaner
2008-10-01 09:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ufasoft
2008-10-01 09:26 --------- d-----w C:\Program Files\Ufasoft
2008-10-01 01:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Wildfire
2008-09-30 23:50 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-30 14:38 --------- d-----w C:\Program Files\VirusTotalUploader
2008-09-30 14:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 14:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-30 12:58 --------- d-----w C:\Program Files\MSConfig CleanUp
2008-09-30 09:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-09-30 09:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-09-30 03:27 --------- d-----w C:\Program Files\HyperIM
2008-09-30 03:25 --------- d-----w C:\Program Files\MiniLyrics
2008-09-30 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-30 02:51 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-30 00:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-09-30 00:35 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-30 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-29 22:25 --------- d-----w C:\Program Files\Elaborate Bytes
2008-09-29 19:31 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-29 19:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\URSoft
2008-09-29 19:03 --------- d-----w C:\Program Files\Winamp
2008-09-29 18:11 --------- d-----w C:\Program Files\Windows Live
2008-09-29 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-29 17:42 --------- d-----w C:\Program Files\Yahoo!
2008-09-29 15:50 334,352 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-09-29 15:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-09 22:07 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 22:07 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
.
كود:
<pre>
----a-w 2,189,424 2008-09-30 13:05:26 C:\Documents and Settings\Administrator\Desktop\ZyZoom\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/15/2008 09:30 PM 2606512]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [09/24/2008 09:42 PM 1279216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lrrpfgcp"="C:\WINDOWS\lrrpfgcp.exe" [07/08/2007 09:50 PM 8192]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 02:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
gce.exe [2007-07-08 30720]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.DIV3"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.HFYU"= C:\PROGRA~1\K-LITE~1\codecs\huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.MPG4"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP43"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.lameacm"= C:\PROGRA~1\K-LITE~1\codecs\lameACM.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.divxa32"= C:\PROGRA~1\K-LITE~1\codecs\divxa32.acm
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 02:56 AM 14336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
S0 awjtc;awjtc;C:\WINDOWS\system32\drivers\kqotvqh.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [10/01/2008 01:39 PM 354560]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys [ ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\npg6m0ob.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-01 16:23:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\WINDOWS\zpitsp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 10/01/2008 16:26:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 14:26:41
Pre-Run: 6,428,676,096 bytes free
Post-Run: 6,382,919,680 bytes free
159 --- E O F --- 2008-09-29 17:32:24
____________________________________________________
ثانيا تقرير hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:27:22 م, on 01/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\WINDOWS\zpitsp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [lrrpfgcp] C:\WINDOWS\lrrpfgcp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: gce.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28A69C6-1F66-4FB5-8BD4-1E921D1F7FFA}: NameServer = 163.121.128.134 163.121.128.135
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 3858 bytes
