هذا تقرير الاداة
ComboFix 08-10-08.04 - BVX-Messi 10/09/2008 14:13:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.221 [GMT 2:00]
Running from: C:\Documents and Settings\BVX-Messi\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\ssvichosst.exe
C:\WINDOWS\system32\autorun.ini
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\ssvichosst.exe
C:\WINDOWS\Tasks\At1.job
.
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 12:13 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\DMCache
2008-10-09 11:15 --------- d-----w C:\Program Files\lg_swupdate
2008-10-09 08:01 --------- d-----w C:\Program Files\Sony
2008-10-09 07:58 --------- d-----w C:\Program Files\Vstplugins
2008-10-09 06:45 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\IDM
2008-10-08 19:14 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\Publish Providers
2008-10-08 17:14 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\Sony
2008-10-08 17:12 --------- d-----w C:\Program Files\Sony Setup
2008-10-08 16:47 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\COWON
2008-10-08 16:41 --------- d-----w C:\Program Files\anoooos
2008-10-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-08 14:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-08 13:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 13:52 --------- d-----w C:\Program Files\JetAudio
2008-10-08 13:52 --------- d-----w C:\Program Files\Common Files\COWON
2008-10-08 13:51 --------- d-----w C:\Program Files\Windows Live
2008-10-08 13:50 --------- d-----w C:\Program Files\YouTube Downloader
2008-10-08 13:50 --------- d-----w C:\Program Files\Firefox 2.0.0.13
2008-09-29 14:40 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\TMP
2008-09-29 14:01 --------- d-----w C:\Program Files\Intel
2008-09-29 14:01 --------- d-----w C:\Program Files\Common Files\Intel
2008-09-29 14:01 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-09-29 14:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-09-29 14:01 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\Intel
2008-09-29 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-09-29 13:15 --------- d-----w C:\Program Files\Battery miser
2008-09-29 12:40 81,920 ----a-w C:\WINDOWS\system32\cmudax.dll
2008-09-29 12:27 --------- d-----w C:\Program Files\ma-config.com
2008-09-29 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-29 12:13 --------- d-----w C:\Program Files\Realtek AC97
2008-09-29 12:09 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-29 12:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-29 12:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-29 10:37 --------- d-----w C:\Program Files\Kodak
2008-09-29 10:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-28 17:51 --------- d-----w C:\Program Files\System
2008-09-28 10:15 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\Media Player Classic
2008-09-28 10:13 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\Nero
2008-09-28 10:11 354,560 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-26 15:30 565,248 ----a-w C:\WINDOWS\system32\CS.dll
2008-09-26 15:17 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-26 15:16 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\TuneUp Software
2008-09-20 13:06 --------- d-----w C:\Documents and Settings\BVX-Messi\Application Data\Winamp
2008-09-14 15:26 --------- d-----w C:\Program Files\Marvell
2008-09-14 15:23 --------- d-----w C:\Program Files\Synaptics
2008-09-14 15:23 --------- d-----w C:\Program Files\On Screen Display
2008-09-14 15:13 --------- d-----w C:\Program Files\ATI Technologies
2008-09-13 20:33 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-13 20:32 --------- d-----w C:\Program Files\Winamp
2008-09-13 20:31 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-13 20:31 --------- d-----w C:\Program Files\Java
2008-09-13 20:30 --------- d-----w C:\Program Files\Common Files\Java
2008-09-13 20:27 --------- d-----w C:\Program Files\Nero
2008-09-13 20:27 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-13 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-13 20:26 --------- d-----w C:\Program Files\CCleaner
2008-08-18 08:04 290,176 ----a-w C:\WINDOWS\system32\drivers\yk51x86.sys
2008-08-18 08:04 270,336 ----a-w C:\WINDOWS\system32\ykx32mpcoinst.dll
2008-07-10 18:19 208,896 ----a-w C:\WINDOWS\system32\NetProvCredMan.dll
2006-11-25 11:11 2,560 --sh--r C:\WINDOWS\system32\fooool.exe
.
------- Sigcheck -------
05/30/2008 09:56 AM 2343424 9a64fdd5bd8ce0018af03e31b4beaa71 C:\WINDOWS\system32\ntoskrnl.exe
01/27/2008 04:04 PM 1524224 e24cd37d23a71dbb9a484a50eb255462 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 07:42 PM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"IDMan"="C:\Program Files\anoooos\Internet Download Manager\IDMan.exe" [09/01/2008 07:04 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LG Intelligent Update"="C:\Program Files\lg_swupdate\autoupdate.exe" [09/26/2008 05:29 PM 102400]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/07/2004 08:10 PM 344064]
"batterymiser"="C:\Program Files\Battery miser\batterymiser.exe" [06/01/2006 05:54 PM 335872]
"KeybdUtility"="C:\Program Files\On Screen Display\Hotkey.exe" [02/23/2005 08:55 PM 77824]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 07:35 AM 36352]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/29/2004 10:02 AM 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/29/2004 10:01 AM 688218]
"IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [07/10/2008 08:30 PM 1351680]
"IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [07/10/2008 08:13 PM 1191936]
"AGRSMMSG"="AGRSMMSG.exe" [11/09/2004 10:19 AM 88358 C:\WINDOWS\AGRSMMSG.exe]
"Barsaka"="explorer.exe" [01/27/2008 04:04 PM 1524224 C:\WINDOWS\explorer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 07:42 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/29/2008 12:26:26 PM 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "C:\WINDOWS\system32\bmpsap.dll" [06/01/2006 05:54 PM 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [07/13/2006 01:34 PM 1475712]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [09/02/2008 04:14 PM 191656]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [09/28/2008 12:11 PM 354560]
S3 vadd;Value-added filter;C:\WINDOWS\system32\DRIVERS\vadd.sys [12/17/2004 07:54 AM 43008]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{104010b6-9540-11dd-9c73-0012f0504e97}]
\Shell\AutoRun\command - E:\fooool.exe
\Shell\explore\Command - E:\fooool.exe
\Shell\open\Command - E:\fooool.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-Yahoo Messengger - C:\WINDOWS\system32\SSVICHOSST.exe
HKU-Default-RunOnce-tscuninstall - C:\WINDOWS\system32\tscupgrd.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: Download all links with IDM - C:\Program Files\anoooos\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video with IDM - C:\Program Files\anoooos\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\anoooos\Internet Download Manager\IEExt.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{0F3106AE-8222-4B14-85DA-6ACCD8C3E075}: NameServer = 115.115.115.1
O17 -: HKLM\CCS\Interface\{9BFAB73D-47D6-4D0E-B176-70117E764431}: NameServer = 172.10.0.1 79.141.17.4
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-09 14:18:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UserIO]
"ImagePath"="\??\C:\Program Files\lg_swupdate\UserIO.sys"
.
Completion time: 10/09/2008 14:20:56
ComboFix-quarantined-files.txt 2008-10-09 12:20:51
Pre-Run: 33,402,171,392 bytes free
Post-Run: 33,793,306,624 bytes free
169
وهذا تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:26:47 م, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Battery miser\batterymiser.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\On Screen Display\Hotkey.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\anoooos\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\lg_swupdate\Gilautouc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\BVX-Messi\Desktop\allfile\Zyzoom_HijackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\anoooos\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\Battery miser\batterymiser.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\anoooos\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\anoooos\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\anoooos\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\anoooos\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F3106AE-8222-4B14-85DA-6ACCD8C3E075}: NameServer = 115.115.115.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BFAB73D-47D6-4D0E-B176-70117E764431}: NameServer = 172.10.0.1 79.141.17.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F3106AE-8222-4B14-85DA-6ACCD8C3E075}: NameServer = 115.115.115.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F3106AE-8222-4B14-85DA-6ACCD8C3E075}: NameServer = 115.115.115.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 6957 bytes
