السلام عليكم
شكرا للرد السريع وده تقرير الفحص
ComboFix 08-11-16.05 - zezo 2008-11-18 2:21:37.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.229 [GMT 2:00]
Running from: c:\documents and settings\zezo\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\AppPatch\AcSpecf.sdb
c:\windows\MSVB50CHS.dll
c:\windows\system32\
08223B03.cfg
c:\windows\system32\122B901E.cfg
c:\windows\system32\2EF0D734.cfg
c:\windows\system32\43ACDCC5.cfg
c:\windows\system32\4D023DE9.cfg
c:\windows\system32\58FF3024.cfg
c:\windows\system32\66AFCB56.cfg
c:\windows\system32\9CA963CA.cfg
c:\windows\system32\9F684DE8.cfg
c:\windows\system32\B3721C07.cfg
c:\windows\system32\BA7EDF54.cfg
c:\windows\system32\DA63E650.cfg
c:\windows\system32\DFEC5CB7.cfg
c:\windows\system32\drivers\HBKernel32.sys
c:\windows\system32\E3367679.cfg
c:\windows\system32\E4814792.cfg
c:\windows\system32\F65BDEC7.cfg
c:\windows\system32\HBmhly.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ETH8023
-------\Service_HBKernel32
((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.
2008-11-18 02:24 . 2008-11-18 02:24 <DIR> d-------- c:\windows\system32\xircom
2008-11-18 02:24 . 2008-11-18 02:24 <DIR> d-------- c:\program files\microsoft frontpage
2008-11-18 00:56 . 2008-11-18 00:56 <DIR> d-------- c:\program files\ESET
2008-11-18 00:29 . 2008-11-18 00:29 0 --a------ C:\osy3.sys
2008-11-18 00:15 . 2008-11-18 00:20 984 --a------ c:\windows\system32\tmp.reg
2008-11-18 00:13 . 2006-04-27 17:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-18 00:13 . 2003-06-05 21:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-18 00:13 . 2004-07-31 18:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-18 00:06 . 2008-11-18 00:06 <DIR> d-------- C:\silver
2008-11-17 23:49 . 2008-11-17 23:49 <DIR> d-------- c:\documents and settings\zezo\Application Data\ESET
2008-11-17 23:45 . 2008-11-17 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-17 23:41 . 2008-11-17 23:41 <DIR> d-------- c:\program files\Internet Download Manager
2008-11-17 23:41 . 2008-11-17 23:41 <DIR> d-------- c:\documents and settings\zezo\Application Data\IDM
2008-11-17 23:41 . 2008-11-17 23:41 <DIR> d-------- c:\documents and settings\zezo\Application Data\DMCache
2008-11-17 06:35 . 2008-11-17 06:35 10,240 --a------ c:\windows\MKMKrnl.dll
2008-11-17 06:35 . 2008-11-17 06:35 220 --ahs---- c:\windows\system32\B8E83D3C.cfg
2008-11-17 06:35 . 2008-11-17 06:35 204 --ahs---- c:\windows\system32\C8FFD223.cfg
2008-11-17 06:35 . 2008-11-17 06:35 152 --ahs---- c:\windows\system32\
01AFE3DC.cfg
2008-11-17 06:34 . 2008-11-17 06:34 244 --ahs---- c:\windows\system32\755D0ED0.cfg
2008-11-17 06:34 . 2008-11-17 06:34 228 --ahs---- c:\windows\system32\70B0129E.cfg
2008-11-17 06:34 . 2008-11-17 06:34 220 --ahs---- c:\windows\system32\F8E07BB2.cfg
2008-11-17 06:34 . 2008-11-17 06:34 212 --ahs---- c:\windows\system32\4FBFD5A4.cfg
2008-11-17 06:34 . 2008-11-17 06:34 204 --ahs---- c:\windows\system32\5934EA2B.cfg
2008-11-17 06:34 . 2008-11-17 06:34 184 --ahs---- c:\windows\system32\93DEE065.cfg
2008-11-17 06:33 . 2008-11-17 06:33 296 --ahs---- c:\windows\system32\16AF66EB.cfg
2008-11-16 22:46 . 2008-11-16 22:46 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-16 22:46 . 2005-02-25 05:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-11-16 22:08 . 2008-11-16 22:08 <DIR> d-------- c:\windows\PC Check-up
2008-11-16 22:08 . 2008-11-16 22:08 <DIR> d-------- c:\program files\PC Check-up
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 19:56 --------- d-----w c:\program files\Windows Doctor
2008-11-16 19:55 354,560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-11-16 19:52 --------- d-----w c:\documents and settings\zezo\Application Data\TuneUp Software
2008-11-16 19:52 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-16 19:51 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-16 19:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-16 19:45 --------- d-----w c:\documents and settings\zezo\Application Data\Styler
2008-11-16 19:41 --------- d-----w c:\program files\Unlocker
2008-11-16 19:41 --------- d-----w c:\documents and settings\zezo\Application Data\Desktopicon
2008-11-16 19:40 --------- d-----w c:\program files\Sysinternals
2008-11-16 19:40 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-16 19:40 --------- d-----w c:\program files\IZArc
2008-11-16 19:40 --------- d-----w c:\program files\HashTab Shell Extension
2008-11-16 19:40 --------- d-----w c:\program files\Common Files\Stardock
2008-11-16 19:40 --------- d-----w c:\program files\Alky for Applications
2008-11-16 19:39 --------- d-----w c:\program files\Java
2008-11-16 19:30 --------- d-----w c:\program files\uTorrent
2008-11-16 19:30 --------- d-----w c:\documents and settings\zezo\Application Data\uTorrent
2008-11-16 19:28 --------- d-----w c:\program files\VistaExperience.org
2008-11-16 19:26 --------- d-----w c:\program files\Windows Sidebar
2008-11-16 19:26 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-16 19:26 --------- d-----w c:\program files\Utilities
2008-11-16 19:26 --------- d-----w c:\program files\Styler
2008-11-16 19:26 --------- d-----w c:\program files\Desktop
2008-11-16 19:26 --------- d-----w c:\program files\CCleaner
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"TransparencyEffect"="c:\program files\Utilities\Transparency Effect\YzShadow.exe" [2002-09-30 151552]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-12-02 1230848]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-17 2594224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"PC-Checkup"="c:\program files\PC Check-up\PCCheckUp.exe" [2008-03-18 4047360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"True Transparency"="c:\program files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 133120]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-04-27 c:\windows\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MPMKrnl"="c:\windows\MKMKrnl.dll" [2008-11-17 10240]
c:\documents and settings\zezo\Start Menu\Programs\Startup\
Styler.lnk - c:\documents and settings\zezo\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-11-16 15086]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2008-04-14 14336]
S3 d435fd4;d435fd4;\??\c:\windows\system32\d435fd4.sys []
S3 de8296f;de8296f;\??\c:\windows\system32\de8296f.sys []
S3 f35ee9e;f35ee9e;\??\c:\windows\system32\f35ee9e.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-16 354560]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - HELPSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
s of the 'Scheduled Tasks' folder
2008-11-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-04-16 09:59]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{70B0129E-726E-4789-A7C0-5DDC33241E94} - (no file)
ShellExecuteHooks-{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46} - (no file)
ShellExecuteHooks-{755D0ED0-3996-4ADB-9B1F-AD8F0E9E4738} - (no file)
ShellExecuteHooks-{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96} - (no file)
ShellExecuteHooks-{F8E07BB2-7A19-4057-80F1-E14646E630B4} - (no file)
ShellExecuteHooks-{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40} - (no file)
ShellExecuteHooks-{93DEE065-EC9B-4505-ADD3-19880AD3C38F} - (no file)
ShellExecuteHooks-{B8E83D3C-9466-4091-9AD1-1F89418A6EB7} - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-18 02:24:49
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\explorer.exe
-> c:\program files\RocketDock\RocketDock.dll
-> c:\program files\Unlocker\UnlockerHook.dll
-> c:\program files\Utilities\True Transparency\TrueTransparencyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\windows\system32\rundll32.exe
c:\program files\Styler\Styler.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
.
**************************************************************************
.
Completion time: 2008-11-18 2:25:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-18 00:25:52
Pre-Run: 4,968,407,040 bytes free
Post-Run: 4,919,042,048 bytes free
183 --- E O F --- 2008-11-16 20:46:11
=============================================================================
=============================================================================
وده تقيرير الهيجات
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:26 AM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\PC Check-up\PCCheckUp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Utilities\True Transparency\TrueTransparency.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Utilities\Transparency Effect\YzShadow.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\zezo\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\PC Check-up\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [True Transparency] "C:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TransparencyEffect] C:\Program Files\Utilities\Transparency Effect\YzShadow.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKLM\..\Policies\Explorer\Run: [MPMKrnl] rundll32 "C:\WINDOWS\MKMKrnl.dll",KMainProc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [True Transparency] "C:\Program Files\Utilities\True Transparency\TrueTransparency.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 4974 bytes
