جهازي وتقرير كمبوفيكس

الحالة
مغلق و غير مفتوح للمزيد من الردود.
M

Mr.SaUdI

زيزوومي جديد
إنضم
22 أكتوبر 2008
المشاركات
939
مستوى التفاعل
7
النقاط
0
غير متصل
السلام عليكم ورحمة الله وبركاته

تقرير كمبوفيكس , وقبل التقرير سويت بحث بـ الكاسبر سكورتي والافاست

كود: 
ComboFix 08-11-23.02 - SaUdI CaFfe 11/24/2008 19:20:51.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1256.1.1025.18.80 [GMT 3:00]
Running from: d:\برامج\برامج\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.ATHEER2-A639511\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\artools.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\hpowiax3.dll
c:\windows\system32\kakle.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll

.
(((((((((((((((((((((((((   Files Created from 2008-10-24 to 2008-11-24  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 16:25    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\DMCache
2008-11-24 15:15    ---------    d---a-w    c:\documents and settings\All Users\Application Data\TEMP
2008-11-24 12:49    ---------    d-----w    c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-24 01:11    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\PC Suite
2008-11-23 05:59    ---------    d-----w    c:\program files\WebExe
2008-11-22 22:04    ---------    d-----w    c:\program files\TuneUp Utilities 2009
2008-11-22 21:58    ---------    d-sh--w    c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-22 21:51    ---------    d-----w    c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-22 17:52    ---------    d-----w    c:\program files\G-Lock Software
2008-11-22 17:52    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\G-Lock Software
2008-11-22 12:27    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\Uniblue
2008-11-22 11:47    ---------    d--h--w    c:\program files\InstallShield Installation Information
2008-11-21 14:30    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\Media Player Classic
2008-11-20 11:23    0    ---ha-w    c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-20 11:22    0    ---ha-w    c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-20 05:31    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\Nokia
2008-11-20 05:24    ---------    d-----w    c:\program files\Nokia
2008-11-20 05:24    ---------    d-----w    c:\program files\Common Files\PCSuite
2008-11-20 05:24    ---------    d-----w    c:\program files\Common Files\Nokia
2008-11-20 05:23    ---------    d-----w    c:\program files\PC Connectivity Solution
2008-11-20 05:21    ---------    d-----w    c:\documents and settings\All Users\Application Data\Installations
2008-11-17 13:23    ---------    d-----w    c:\program files\Flash Memory Toolkit
2008-11-15 08:44    ---------    d-----w    c:\documents and settings\All Users\Application Data\Avira
2008-11-15 00:40    ---------    d-----w    c:\program files\Allok RM RMVB to AVI MPEG DVD Converter
2008-11-14 20:55    164    ----a-w    C:\install.dat
2008-11-14 14:59    ---------    d-----w    c:\program files\Alwil Software
2008-11-14 11:35    ---------    d-----w    c:\program files\MSXML 4.0
2008-11-13 16:28    ---------    d-----w    c:\program files\Real_SC
2008-11-13 15:58    ---------    d-----w    c:\program files\RM to MP3 Converter
2008-11-13 15:24    ---------    d-----w    c:\program files\Free Audio Pack
2008-11-13 15:22    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\Search Settings
2008-11-13 15:18    ---------    d-----w    c:\program files\Search Settings
2008-11-13 11:39    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\IDM
2008-11-09 15:03    ---------    d-----w    c:\program files\Scratch
2008-11-09 05:58    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\COWON
2008-11-09 05:55    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\ACD Systems
2008-11-08 13:29    ---------    d-----w    c:\program files\Internet Download Manager
2008-11-06 13:10    ---------    d-----w    c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-11-03 21:10    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\HP
2008-11-03 21:10    ---------    d-----w    c:\documents and settings\All Users\Application Data\HP
2008-11-03 15:15    ---------    d-----w    c:\documents and settings\All Users\Application Data\WEBREG
2008-11-03 15:12    ---------    d-----w    c:\program files\HP
2008-11-03 15:11    ---------    d-----w    c:\program files\Hewlett-Packard
2008-11-03 15:11    ---------    d-----w    c:\program files\Common Files\HP
2008-11-03 15:11    ---------    d-----w    c:\program files\Common Files\Hewlett-Packard
2008-11-03 15:11    ---------    d-----w    c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-03 15:08    ---------    d-----w    c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-03 07:19    ---------    d-----w    c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-02 00:02    ---------    d-----w    c:\program files\QuickTime
2008-11-02 00:01    ---------    d-----w    c:\program files\Common Files\Apple
2008-11-02 00:01    ---------    d-----w    c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-02 00:00    ---------    d-----w    c:\program files\Apple Software Update
2008-11-02 00:00    ---------    d-----w    c:\documents and settings\All Users\Application Data\Apple
2008-11-01 22:23    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\DivX
2008-10-31 18:13    ---------    d-----w    c:\program files\Common Files\xing shared
2008-10-31 18:13    ---------    d-----w    c:\program files\Common Files\Real
2008-10-30 22:09    ---------    d-----w    c:\program files\Messenger Plus! Live
2008-10-26 22:25    ---------    d-----w    c:\program files\MSN Messenger
2008-10-26 21:53    ---------    d-----w    c:\documents and settings\SaUdI CaFfe\Application Data\TuneUp Software
2008-10-26 15:07    ---------    d-----w    c:\documents and settings\Administrator.ATHEER2-A639511\Application Data\PC Suite
2008-10-26 01:31    ---------    d-----w    c:\documents and settings\Administrator.ATHEER2-A639511\Application Data\COWON
2008-10-26 00:38    ---------    d-----w    c:\documents and settings\Administrator.ATHEER2-A639511\Application Data\ACD Systems
2008-10-25 15:14    ---------    d-----w    c:\documents and settings\Administrator.ATHEER2-A639511\Application Data\DivX
2008-10-25 02:17    974,848    ----a-w    c:\windows\UNRecode.exe
2008-10-25 02:17    974,848    ----a-w    c:\windows\UNNeroVision.exe
2008-10-25 02:17    974,848    ----a-w    c:\windows\UNNeroShowTime.exe
2008-10-25 02:17    974,848    ----a-w    c:\windows\UNNeroMediaHome.exe
2008-10-25 02:17    974,848    ----a-w    c:\windows\UNNeroBackItUp.exe
2008-10-25 02:01    73,216    ----a-w    c:\windows\ST6UNST.EXE
2008-10-25 02:01    6,656    ----a-w    c:\windows\delttsul.exe
2008-10-25 02:01    47,104    ----a-w    c:\windows\AKDeInstall.exe
2008-10-25 02:01    46,592    ----a-w    c:\windows\setdebug.exe
2008-10-25 02:01    241,664    ----a-w    c:\windows\NuNInst.exe
2008-10-25 01:25    ---------    d-----w    c:\program files\JetAudio
2008-10-25 01:25    ---------    d-----w    c:\program files\ClocX
2008-10-24 19:52    ---------    d-----w    c:\documents and settings\Administrator.ATHEER2-A639511\Application Data\TuneUp Software
2008-10-24 11:21    455,296    ----a-w    c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:24    ---------    d-----w    c:\program files\Java
2008-10-21 19:21    ---------    d-----w    c:\program files\Common Files\LightScribe
2008-10-21 16:01    ---------    d-----w    c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-19 17:09    ---------    d-----w    c:\documents and settings\All Users\Application Data\Microsoft Corporation
2008-10-17 22:47    ---------    d-----w    c:\program files\Paltalk Messenger
2008-10-16 21:30    ---------    d-----w    c:\program files\Ace Utilities
2008-10-15 16:10    ---------    d-----w    c:\program files\Microsoft Windows OneCare Live
2008-10-14 06:24    ---------    d-----w    c:\documents and settings\All Users\Application Data\LightScribe
2008-10-13 15:17    ---------    d-----w    c:\program files\Microsoft Works
2008-10-13 07:22    ---------    d-----w    c:\documents and settings\All Users\Application Data\TuneUp Software
2008-10-13 01:04    ---------    d-----w    c:\program files\Common Files\NSV
2008-10-12 23:48    ---------    dcsh--w    c:\program files\Common Files\WindowsLiveInstaller
2008-10-12 23:12    ---------    d-----w    c:\program files\Windows Live
2008-10-12 18:20    ---------    d-----w    c:\program files\Common Files\Ahead
2008-10-12 18:20    ---------    d-----w    c:\documents and settings\All Users\Application Data\Ahead
2008-10-12 18:17    ---------    d-----w    c:\program files\Nero
2008-10-12 18:17    ---------    d-----w    c:\documents and settings\All Users\Application Data\Nero
2008-10-12 17:58    ---------    d-----w    c:\program files\Macromedia
2008-10-12 17:58    ---------    d-----w    c:\program files\Common Files\InstallShield
2008-10-12 17:57    ---------    d-----w    c:\program files\Common Files\Adobe
2008-10-12 17:28    ---------    d-----w    c:\program files\DIFX
2008-10-12 17:28    ---------    d-----w    c:\documents and settings\All Users\Application Data\PC Suite
2008-10-12 17:25    ---------    d-----w    c:\documents and settings\All Users\Application Data\WinZip
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/28/2008 02:39 PM 2606512]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [10/02/2008 07:00 AM 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [10/31/2008 09:13 PM 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalStart.lnk]
backup=c:\windows\pss\PalStart.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 10/24/2008 11:12 PM 155648 c:\program files\Common Files\Ahead\Lib\nmbgmonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 10/24/2008 11:13 PM 1057280 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 10/24/2008 11:56 PM 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 10/25/2008 04:59 AM 1629696 c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 10/24/2008 11:12 PM 843776 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 10/31/2008 09:13 PM 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-24 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-24 20560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-11-23 603904]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-23 362240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
s of the 'Scheduled Tasks' folder

2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [07/30/2008 12:34 PM]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\SaUdI CaFfe\Application Data\Mozilla\Firefox\Profiles\kg7qiwql.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://ar.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ar:official
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL="http://www.gmer.net/"]http://www.gmer.net[/URL]
Rootkit scan 2008-11-24 19:24:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WgaLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 11/24/2008 19:29:37 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-24 16:28:25

Pre-Run: 16,972,775,424 bytes free
Post-Run: 17,212,837,888 bytes free

243    --- E O F ---    2008-11-22 21:18:32

وجزاكم الله الف خير
 

توقيع : Mr.SaUdI
ترتيب حسب التاريخ ترتيب حسب الأصوات
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى