السلام عليكم
دة ياخى الكريم تقرير اداة الكومبو فيكس
ComboFix 08-11-12.01 - Administrator 11/13/2008 21:28:23.2 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1092 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 17:33 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-10 19:20 --------- d-----w c:\program files\Internet Download Manager
2008-11-10 19:20 --------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2008-11-10 19:20 --------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2008-11-09 14:50 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-11-08 19:42 --------- d-----w c:\program files\Common Files\DirectX
2008-11-08 19:39 --------- d-----w c:\program files\EA GAMES
2008-11-08 19:16 --------- d-----w c:\program files\Ela-Salaty
2008-11-08 19:15 --------- d-----w c:\program files\Java
2008-11-08 19:15 --------- d-----w c:\program files\Common Files\Java
2008-11-08 19:01 --------- d-----w c:\program files\Turbo BaramgyFox English Edition
2008-11-08 19:00 --------- d-----w c:\program files\myproxy
2008-11-08 19:00 --------- d-----w c:\program files\DIFX
2008-11-08 19:00 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-08 19:00 --------- d-----w c:\program files\Common Files\Nokia
2008-11-08 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-11-08 19:00 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2008-11-08 19:00 --------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2008-11-08 18:59 --------- d-----w c:\program files\PC Connectivity Solution
2008-11-08 18:59 --------- d-----w c:\program files\Nokia
2008-11-08 18:57 --------- d-----w c:\program files\Avira
2008-11-08 18:57 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-11-08 18:55 --------- d-----w c:\program files\Microsoft.NET
2008-11-08 18:55 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-08 18:53 --------- d-----w c:\program files\Nero
2008-11-08 18:53 --------- d-----w c:\program files\Common Files\Ahead
2008-11-08 18:53 --------- d-----w c:\documents and settings\Administrator\Application Data\Winamp
2008-11-08 18:52 728,858 ----a-w c:\program files\Common Files\unins000.exe
2008-11-08 18:52 2,848 ----a-w c:\program files\Common Files\unins000.dat
2008-11-08 18:52 --------- d-----w c:\program files\Ringz Studio
2008-11-08 18:52 --------- d-----w c:\program files\Common Files\Real
2008-11-08 18:51 155,995 ----a-w c:\winxp\java\Packages\KDRVDRPZ.ZIP
2008-11-08 18:49 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-08 18:47 --------- d-----w c:\program files\FlashGet
2008-11-08 18:45 --------- d-----w c:\program files\DivX
2008-11-08 18:36 --------- d-----w c:\program files\Yahoo!
2008-11-08 18:36 --------- d-----w c:\program files\Intel
2008-11-08 18:31 --------- d-----w c:\program files\WINAMP
2008-10-24 11:10 453,632 ----a-w c:\winxp\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\winxp\system32\dllcache\mrxsmb.sys
2008-10-17 05:09 602,112 ----a-w c:\winxp\system32\nvapi.dll
2008-10-15 16:57 332,800 ------w c:\winxp\system32\dllcache\netapi32.dll
2008-10-11 23:46 11,264 ----a-w c:\winxp\system32\avrt.dll
2008-10-09 16:25 182,275 ----a-w c:\winxp\system32\d3d10core.dll
2008-10-09 14:36 512,008 ----a-w c:\winxp\system32\D3DX10d_39.dll
2008-09-18 13:47 940,304 ----a-w c:\winxp\system32\msjava.dll
2008-09-18 13:47 73,728 ----a-w c:\winxp\system32\CompressATI2.dll
2008-09-18 13:47 430,088 ----a-w c:\winxp\system32\D3D10SDKLayers.DLL
2008-09-18 13:47 1,171,456 ----a-w c:\winxp\system32\msvcr80d.dll
2008-09-15 11:57 1,846,016 ----a-w c:\winxp\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\winxp\system32\dllcache\win32k.sys
2008-09-12 10:44 206,256 ----a-w c:\winxp\system32\idmmbc.dll
2008-09-04 16:42 1,106,944 ----a-w c:\winxp\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\winxp\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ------w c:\winxp\system32\dllcache\srv.sys
2008-08-19 09:30 18,432 ------w c:\winxp\system32\dllcache\iedw.exe
2008-08-14 10:00 2,180,352 ----a-w c:\winxp\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ------w c:\winxp\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ------w c:\winxp\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w c:\winxp\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w c:\winxp\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ------w c:\winxp\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ------w c:\winxp\system32\dllcache\ntkrpamp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\ctfmon.exe" [01/01/2002 02:33 AM 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [09/19/2008 05:34 PM 4347120]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [12/16/2005 12:57 PM 94208]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [09/12/2008 12:45 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\winxp\system32\igfxtray.exe" [11/28/2005 07:55 AM 98304]
"igfxhkcmd"="c:\winxp\system32\hkcmd.exe" [11/28/2005 07:52 AM 77824]
"igfxpers"="c:\winxp\system32\igfxpers.exe" [11/28/2005 07:55 AM 118784]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [02/07/2005 04:04 AM 94037]
"NeroFilterCheck"="c:\winxp\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [12/20/2007 05:16 PM 37376]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 02:28 PM 266497]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [01/23/2007 11:19 AM 223232]
"RTHDCPL"="RTHDCPL.EXE" [07/21/2006 10:56 AM 16261632 c:\winxp\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [05/16/2006 12:04 PM 2879488 c:\winxp\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [01/01/2002 02:33 AM 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1634304]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-03-05 5090816]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MAYHILL_TROFISH.EXE [2002-01-01 13305444]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.vp31"= vp31vfw.dll
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\myproxy\\MyProxy.exe"=
R1 avfwot;avfwot;c:\winxp\system32\DRIVERS\avfwot.sys [05/07/2008 02:20 PM 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [05/16/2008 10:19 AM 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [07/11/2008 12:23 PM 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [06/12/2008 02:59 PM 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [05/09/2008 01:22 PM 41217]
R3 avfwim;AvFw Packet Filter Miniport;c:\winxp\system32\DRIVERS\avfwim.sys [05/07/2008 10:51 AM 71464]
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Trickler - c:\documents and settings\administrator\local settings\temp\~vis0000\fsg_4104.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dkw2zx5f.default\
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-13 21:29:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/13/2008 21:29:37
ComboFix-quarantined-files.txt 2008-11-13 19:29:36
Pre-Run: 8,541,011,968 bytes free
Post-Run: 8,711,708,672 bytes free
153 --- E O F --- 2008-11-13 16:26:05
ودة تقرير الهاى جاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:39:48 م, on 13/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINXP\RTHDCPL.EXE
C:\WINXP\system32\igfxtray.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINXP\system32\NOTEPAD.EXE
H:\اداة الهاى جاك\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: MAYHILL_TROFISH.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.amrkhaled.net
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6379 bytes
