كراك الفيستا
زيزوومى مميز
غير متصل
السلام عليكم
موضوعي هذا ابيكم تحللون التقرير تبع الهايجاك مدري شسمة و الاداه الثانية
طبعا اخواني اسف لاني كتبت الموضوع في موضوع منفصل لاني حطيت التقرير في موضوعي تبع الخطوط وانحلت مشكلة الخط بالشات لاكن الخطوط في مثلا امر MSCONFIG لا الحين صغيره
اول تقرير طلع اسمة log
وهذا مضمونه
---------------------------
ComboFix 08-11-12.01 - vi-xp 11/13/2008 20:05:22.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1256.1.1025.18.944 [GMT 3:00]
Running from: c:\users\vi-xp\Documents\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-11-13 15:51 268,800 ----a-w c:\windows\System32\es.dll
2008-11-13 15:51 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_0 1005.Wdf
2008-11-13 15:51 --------- d-----w c:\program files\CONEXANT
2008-11-13 15:46 678,408 ----a-w c:\windows\System32\gpprefcl.dll
2008-11-13 11:16 --------- d-----w c:\programdata\Messenger Plus!
2008-11-13 10:30 --------- d-----w c:\programdata\TechSmith
2008-11-13 10:30 --------- d-----w c:\program files\TechSmith
2008-11-13 10:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-12 19:28 174 --sha-w c:\program files\desktop.ini
2008-11-12 19:26 --------- d-----w c:\program files\Windows Mail
2008-11-12 19:26 --------- d-----w c:\program files\Windows Calendar
2008-11-12 19:23 87,040 ----a-w c:\windows\System32\msoert2.dll
2008-11-12 19:23 39,424 ----a-w c:\windows\System32\ACCTRES.dll
2008-11-12 19:23 205,824 ----a-w c:\windows\System32\msoeacct.dll
2008-11-12 19:22 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2008-11-12 19:22 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2008-11-12 19:22 542,720 ----a-w c:\windows\System32\sysmain.dll
2008-11-12 19:22 502,784 ----a-w c:\windows\System32\wlansvc.dll
2008-11-12 19:22 47,104 ----a-w c:\windows\System32\wlanapi.dll
2008-11-12 19:22 297,984 ----a-w c:\windows\System32\wlansec.dll
2008-11-12 19:22 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2008-11-12 19:22 258,232 ----a-w c:\windows\system32\drivers\acpi.sys
2008-11-12 19:22 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2008-11-12 19:22 2,923,520 ----a-w c:\windows\explorer.exe
2008-11-12 19:19 8,147,968 ----a-w c:\windows\System32\wmploc.DLL
2008-11-12 19:19 7,680 ----a-w c:\windows\System32\spwmp.dll
2008-11-12 19:19 4,096 ----a-w c:\windows\System32\dxmasf.dll
2008-11-12 19:19 356,864 ----a-w c:\windows\System32\MediadataHandler.dll
2008-11-12 19:18 45,112 ----a-w c:\windows\system32\drivers\pciidex.sys
2008-11-12 19:18 21,560 ----a-w c:\windows\system32\drivers\atapi.sys
2008-11-12 19:18 17,464 ----a-w c:\windows\system32\drivers\intelide.sys
2008-11-12 19:18 154,624 ----a-w c:\windows\system32\drivers\nwifi.sys
2008-11-12 19:18 15,928 ----a-w c:\windows\system32\drivers\pciide.sys
2008-11-12 19:18 109,624 ----a-w c:\windows\system32\drivers\ataport.sys
2008-11-12 19:14 88,576 ----a-w c:\windows\System32\avifil32.dll
2008-11-12 18:57 --------- d-----w c:\users\vi-xp\AppData\Roaming\FastStone
2008-11-12 15:52 --------- d-----w c:\program files\Windows Sidebar
2008-11-12 15:52 --------- d-----w c:\program files\Windows Defender
2008-11-12 15:49 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-11-12 15:49 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-11-12 15:49 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-11-12 15:49 272,896 ----a-w c:\windows\System32\polstore.dll
2008-11-12 15:48 194,560 ----a-w c:\windows\System32\WebClnt.dll
2008-11-12 15:48 110,080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2008-11-12 15:47 49,664 ----a-w c:\windows\System32\csrsrv.dll
2008-11-12 15:47 376,320 ----a-w c:\windows\System32\winsrv.dll
2008-11-12 15:46 211,456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2008-11-12 15:46 2,048 ----a-w c:\windows\System32\tzres.dll
2008-11-12 15:46 1,060,920 ----a-w c:\windows\system32\drivers\ntfs.sys
2008-11-12 15:45 374,456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2008-11-12 15:45 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-11-12 15:44 414,208 ----a-w c:\windows\System32\msscp.dll
2008-11-12 15:44 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-11-12 15:44 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-11-12 15:44 1,194,496 ----a-w c:\windows\System32\msxml3.dll
2008-11-12 15:43 86,016 ----a-w c:\windows\System32\icfupgd.dll
2008-11-12 15:43 63,488 ----a-w c:\windows\system32\drivers\mpsdrv.sys
2008-11-12 15:43 61,952 ----a-w c:\windows\System32\cmifw.dll
2008-11-12 15:43 396,800 ----a-w c:\windows\System32\MPSSVC.dll
2008-11-12 15:43 392,192 ----a-w c:\windows\System32\FirewallAPI.dll
2008-11-12 15:43 23,040 ----a-w c:\windows\system32\drivers\tunnel.sys
2008-11-12 15:43 178,688 ----a-w c:\windows\System32\iphlpsvc.dll
2008-11-12 15:43 16,896 ----a-w c:\windows\System32\wfapigp.dll
2008-11-12 15:43 15,360 ----a-w c:\windows\system32\drivers\TUNMP.SYS
2008-11-12 15:43 104,448 ----a-w c:\windows\System32\DWWIN.EXE
2008-11-12 15:42 803,328 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-11-12 15:42 8,704 ----a-w c:\windows\System32\hcrstco.dll
2008-11-12 15:42 8,704 ----a-w c:\windows\System32\hccoin.dll
2008-11-12 15:42 5,888 ----a-w c:\windows\system32\drivers\usbd.sys
2008-11-12 15:42 38,400 ----a-w c:\windows\system32\drivers\usbehci.sys
2008-11-12 15:42 24,064 ----a-w c:\windows\System32\netcfg.exe
2008-11-12 15:42 23,040 ----a-w c:\windows\system32\drivers\usbuhci.sys
2008-11-12 15:42 224,768 ----a-w c:\windows\system32\drivers\usbport.sys
2008-11-12 15:42 22,016 ----a-w c:\windows\System32\netiougc.exe
2008-11-12 15:42 216,632 ----a-w c:\windows\system32\drivers\netio.sys
2008-11-12 15:42 192,000 ----a-w c:\windows\system32\drivers\usbhub.sys
2008-11-12 15:42 167,424 ----a-w c:\windows\System32\tcpipcfg.dll
2008-11-12 15:41 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2008-11-12 15:41 290,304 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-12 15:41 223,232 ----a-w c:\windows\System32\WMASF.DLL
2008-11-12 15:41 2,048 ----a-w c:\windows\System32\asferror.dll
2008-11-12 15:41 19,456 ----a-w c:\windows\system32\drivers\bthenum.sys
2008-11-12 15:40 57,856 ----a-w c:\windows\System32\SLUINotify.dll
2008-11-12 15:40 566,784 ----a-w c:\windows\System32\SLCommDlg.dll
2008-11-12 15:40 441,856 ----a-w c:\windows\System32\win32spl.dll
2008-11-12 15:40 39,936 ----a-w c:\windows\System32\slcinst.dll
2008-11-12 15:40 37,376 ----a-w c:\windows\System32\printcom.dll
2008-11-12 15:40 351,232 ----a-w c:\windows\System32\SLUI.exe
2008-11-12 15:40 33,280 ----a-w c:\windows\System32\slwmi.dll
2008-11-12 15:40 296,448 ----a-w c:\windows\System32\gdi32.dll
2008-11-12 15:40 268,288 ----a-w c:\windows\System32\mcbuilder.exe
2008-11-12 15:40 223,232 ----a-w c:\windows\System32\SLC.dll
2008-11-12 15:40 2,605,568 ----a-w c:\windows\System32\SLsvc.exe
2008-11-12 15:40 186,368 ----a-w c:\windows\System32\SLLUA.exe
2008-11-12 15:39 84,992 ----a-w c:\windows\system32\drivers\srvnet.sys
2008-11-12 15:39 83,968 ----a-w c:\windows\System32\dnsrslvr.dll
2008-11-12 15:39 58,368 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2008-11-12 15:39 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-11-12 15:39 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-11-12 15:39 130,048 ----a-w c:\windows\system32\drivers\srv2.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [11/12/2008 06:39 PM 1232896]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:55 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 02:28 PM 266497]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/12/2008 04:04 PM 185872]
"BluetoothAuthenticationAgent"="bthprops.cpl" [11/02/2006 12:44 PM 989696 c:\windows\System32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [03/09/2007 04:28 PM 598016 c:\windows\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 11/12/2008 04:04 PM 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3618269246-2164899484-259586693-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{9AB81F7C-AC09-4B8B-883D-AC4BDEA3F870}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{7B2320EC-B0F9-4411-9C79-0DAD10CF36C8}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.s ys [05/07/2008 02:20 PM 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [05/16/2008 10:19 AM 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [07/11/2008 12:23 PM 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [06/12/2008 02:59 PM 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [05/09/2008 01:22 PM 41217]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [09/24/2008 02:32 PM 935208]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [11/02/2006 12:45 PM 22016]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [05/07/2008 10:51 AM 71464]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [11/12/2008 03:07 PM 240128]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.ex e [11/12/2008 03:50 PM 355584]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV 3.SYS [11/02/2006 10:41 AM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTB S23.SYS [11/02/2006 10:41 AM 251904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-11-13 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2008-11-13 c:\windows\Tasks\Update for Windows Vista (KB940510).job
- c:\windows\system32\wgaer_m.exe [04/19/2008 02:06 AM]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O8 -: &تصدير إلى Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-13 20:07:19
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 11/13/2008 20:08:45
ComboFix-quarantined-files.txt 2008-11-13 17:08:38
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 26,402,541,568 bytes free
191 --- E O F --- 2008-11-13 16:52:07
---------------------------------------------------
وهذا تقرير اسمة higacthis
-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:41:44 ص, on 14/11/08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\vi-xp\Documents\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 4885 bytes
----------------
هل تقريري سليم ؟ ؟
وشكرا ..
موضوعي هذا ابيكم تحللون التقرير تبع الهايجاك مدري شسمة و الاداه الثانية
طبعا اخواني اسف لاني كتبت الموضوع في موضوع منفصل لاني حطيت التقرير في موضوعي تبع الخطوط وانحلت مشكلة الخط بالشات لاكن الخطوط في مثلا امر MSCONFIG لا الحين صغيره
اول تقرير طلع اسمة log
وهذا مضمونه
---------------------------
ComboFix 08-11-12.01 - vi-xp 11/13/2008 20:05:22.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1256.1.1025.18.944 [GMT 3:00]
Running from: c:\users\vi-xp\Documents\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-11-13 15:51 268,800 ----a-w c:\windows\System32\es.dll
2008-11-13 15:51 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_0 1005.Wdf
2008-11-13 15:51 --------- d-----w c:\program files\CONEXANT
2008-11-13 15:46 678,408 ----a-w c:\windows\System32\gpprefcl.dll
2008-11-13 11:16 --------- d-----w c:\programdata\Messenger Plus!
2008-11-13 10:30 --------- d-----w c:\programdata\TechSmith
2008-11-13 10:30 --------- d-----w c:\program files\TechSmith
2008-11-13 10:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-12 19:28 174 --sha-w c:\program files\desktop.ini
2008-11-12 19:26 --------- d-----w c:\program files\Windows Mail
2008-11-12 19:26 --------- d-----w c:\program files\Windows Calendar
2008-11-12 19:23 87,040 ----a-w c:\windows\System32\msoert2.dll
2008-11-12 19:23 39,424 ----a-w c:\windows\System32\ACCTRES.dll
2008-11-12 19:23 205,824 ----a-w c:\windows\System32\msoeacct.dll
2008-11-12 19:22 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2008-11-12 19:22 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2008-11-12 19:22 542,720 ----a-w c:\windows\System32\sysmain.dll
2008-11-12 19:22 502,784 ----a-w c:\windows\System32\wlansvc.dll
2008-11-12 19:22 47,104 ----a-w c:\windows\System32\wlanapi.dll
2008-11-12 19:22 297,984 ----a-w c:\windows\System32\wlansec.dll
2008-11-12 19:22 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2008-11-12 19:22 258,232 ----a-w c:\windows\system32\drivers\acpi.sys
2008-11-12 19:22 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2008-11-12 19:22 2,923,520 ----a-w c:\windows\explorer.exe
2008-11-12 19:19 8,147,968 ----a-w c:\windows\System32\wmploc.DLL
2008-11-12 19:19 7,680 ----a-w c:\windows\System32\spwmp.dll
2008-11-12 19:19 4,096 ----a-w c:\windows\System32\dxmasf.dll
2008-11-12 19:19 356,864 ----a-w c:\windows\System32\MediadataHandler.dll
2008-11-12 19:18 45,112 ----a-w c:\windows\system32\drivers\pciidex.sys
2008-11-12 19:18 21,560 ----a-w c:\windows\system32\drivers\atapi.sys
2008-11-12 19:18 17,464 ----a-w c:\windows\system32\drivers\intelide.sys
2008-11-12 19:18 154,624 ----a-w c:\windows\system32\drivers\nwifi.sys
2008-11-12 19:18 15,928 ----a-w c:\windows\system32\drivers\pciide.sys
2008-11-12 19:18 109,624 ----a-w c:\windows\system32\drivers\ataport.sys
2008-11-12 19:14 88,576 ----a-w c:\windows\System32\avifil32.dll
2008-11-12 18:57 --------- d-----w c:\users\vi-xp\AppData\Roaming\FastStone
2008-11-12 15:52 --------- d-----w c:\program files\Windows Sidebar
2008-11-12 15:52 --------- d-----w c:\program files\Windows Defender
2008-11-12 15:49 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-11-12 15:49 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-11-12 15:49 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-11-12 15:49 272,896 ----a-w c:\windows\System32\polstore.dll
2008-11-12 15:48 194,560 ----a-w c:\windows\System32\WebClnt.dll
2008-11-12 15:48 110,080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2008-11-12 15:47 49,664 ----a-w c:\windows\System32\csrsrv.dll
2008-11-12 15:47 376,320 ----a-w c:\windows\System32\winsrv.dll
2008-11-12 15:46 211,456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2008-11-12 15:46 2,048 ----a-w c:\windows\System32\tzres.dll
2008-11-12 15:46 1,060,920 ----a-w c:\windows\system32\drivers\ntfs.sys
2008-11-12 15:45 374,456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2008-11-12 15:45 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-11-12 15:44 414,208 ----a-w c:\windows\System32\msscp.dll
2008-11-12 15:44 2,048 ----a-w c:\windows\System32\msxml3r.dll
2008-11-12 15:44 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-11-12 15:44 1,194,496 ----a-w c:\windows\System32\msxml3.dll
2008-11-12 15:43 86,016 ----a-w c:\windows\System32\icfupgd.dll
2008-11-12 15:43 63,488 ----a-w c:\windows\system32\drivers\mpsdrv.sys
2008-11-12 15:43 61,952 ----a-w c:\windows\System32\cmifw.dll
2008-11-12 15:43 396,800 ----a-w c:\windows\System32\MPSSVC.dll
2008-11-12 15:43 392,192 ----a-w c:\windows\System32\FirewallAPI.dll
2008-11-12 15:43 23,040 ----a-w c:\windows\system32\drivers\tunnel.sys
2008-11-12 15:43 178,688 ----a-w c:\windows\System32\iphlpsvc.dll
2008-11-12 15:43 16,896 ----a-w c:\windows\System32\wfapigp.dll
2008-11-12 15:43 15,360 ----a-w c:\windows\system32\drivers\TUNMP.SYS
2008-11-12 15:43 104,448 ----a-w c:\windows\System32\DWWIN.EXE
2008-11-12 15:42 803,328 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-11-12 15:42 8,704 ----a-w c:\windows\System32\hcrstco.dll
2008-11-12 15:42 8,704 ----a-w c:\windows\System32\hccoin.dll
2008-11-12 15:42 5,888 ----a-w c:\windows\system32\drivers\usbd.sys
2008-11-12 15:42 38,400 ----a-w c:\windows\system32\drivers\usbehci.sys
2008-11-12 15:42 24,064 ----a-w c:\windows\System32\netcfg.exe
2008-11-12 15:42 23,040 ----a-w c:\windows\system32\drivers\usbuhci.sys
2008-11-12 15:42 224,768 ----a-w c:\windows\system32\drivers\usbport.sys
2008-11-12 15:42 22,016 ----a-w c:\windows\System32\netiougc.exe
2008-11-12 15:42 216,632 ----a-w c:\windows\system32\drivers\netio.sys
2008-11-12 15:42 192,000 ----a-w c:\windows\system32\drivers\usbhub.sys
2008-11-12 15:42 167,424 ----a-w c:\windows\System32\tcpipcfg.dll
2008-11-12 15:41 9,728 ----a-w c:\windows\System32\LAPRXY.DLL
2008-11-12 15:41 290,304 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-12 15:41 223,232 ----a-w c:\windows\System32\WMASF.DLL
2008-11-12 15:41 2,048 ----a-w c:\windows\System32\asferror.dll
2008-11-12 15:41 19,456 ----a-w c:\windows\system32\drivers\bthenum.sys
2008-11-12 15:40 57,856 ----a-w c:\windows\System32\SLUINotify.dll
2008-11-12 15:40 566,784 ----a-w c:\windows\System32\SLCommDlg.dll
2008-11-12 15:40 441,856 ----a-w c:\windows\System32\win32spl.dll
2008-11-12 15:40 39,936 ----a-w c:\windows\System32\slcinst.dll
2008-11-12 15:40 37,376 ----a-w c:\windows\System32\printcom.dll
2008-11-12 15:40 351,232 ----a-w c:\windows\System32\SLUI.exe
2008-11-12 15:40 33,280 ----a-w c:\windows\System32\slwmi.dll
2008-11-12 15:40 296,448 ----a-w c:\windows\System32\gdi32.dll
2008-11-12 15:40 268,288 ----a-w c:\windows\System32\mcbuilder.exe
2008-11-12 15:40 223,232 ----a-w c:\windows\System32\SLC.dll
2008-11-12 15:40 2,605,568 ----a-w c:\windows\System32\SLsvc.exe
2008-11-12 15:40 186,368 ----a-w c:\windows\System32\SLLUA.exe
2008-11-12 15:39 84,992 ----a-w c:\windows\system32\drivers\srvnet.sys
2008-11-12 15:39 83,968 ----a-w c:\windows\System32\dnsrslvr.dll
2008-11-12 15:39 58,368 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2008-11-12 15:39 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-11-12 15:39 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-11-12 15:39 130,048 ----a-w c:\windows\system32\drivers\srv2.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [11/12/2008 06:39 PM 1232896]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:55 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 02:28 PM 266497]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/12/2008 04:04 PM 185872]
"BluetoothAuthenticationAgent"="bthprops.cpl" [11/02/2006 12:44 PM 989696 c:\windows\System32\bthprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [03/09/2007 04:28 PM 598016 c:\windows\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 11/12/2008 04:04 PM 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3618269246-2164899484-259586693-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{9AB81F7C-AC09-4B8B-883D-AC4BDEA3F870}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{7B2320EC-B0F9-4411-9C79-0DAD10CF36C8}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.s ys [05/07/2008 02:20 PM 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [05/16/2008 10:19 AM 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [07/11/2008 12:23 PM 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [06/12/2008 02:59 PM 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [05/09/2008 01:22 PM 41217]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [09/24/2008 02:32 PM 935208]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [11/02/2006 12:45 PM 22016]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [05/07/2008 10:51 AM 71464]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [11/12/2008 03:07 PM 240128]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.ex e [11/12/2008 03:50 PM 355584]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV 3.SYS [11/02/2006 10:41 AM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTB S23.SYS [11/02/2006 10:41 AM 251904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-11-13 c:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2008-11-13 c:\windows\Tasks\Update for Windows Vista (KB940510).job
- c:\windows\system32\wgaer_m.exe [04/19/2008 02:06 AM]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O8 -: &تصدير إلى Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-11-13 20:07:19
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 11/13/2008 20:08:45
ComboFix-quarantined-files.txt 2008-11-13 17:08:38
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 26,402,541,568 bytes free
191 --- E O F --- 2008-11-13 16:52:07
---------------------------------------------------
وهذا تقرير اسمة higacthis
-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:41:44 ص, on 14/11/08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\vi-xp\Documents\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 4885 bytes
----------------
هل تقريري سليم ؟ ؟
وشكرا ..
