peaceful
زيزوومي جديد
غير متصل
السلام عليكم و رحمة الله و بركاته
انا جهازي اصيب بفيروس ما اذكر اسمه بالضبط لكن كان من نوع Win32 Torojan و بعد الفرمته سويت اسكان ببرنامج Avast ووجده وحذفه و بعدين سويت اسكان ب Spyware Doctor ووجد فيروسات و تروجنات و حذفه و سويت مره اخرا ما طلع لي شي لكن انا ابتأكد من خلو الجهاز من هذي التروجونات و مع العلم انا عندي هاردسك خارجي و فيه معلومات كثيره ما ادري هل التقرير هذا شامل الهاردسك ولا لا و كيف اعرف ان الهاردسك الخارجي خالي من الفيروسات ايضاًًً
شاكر لكم و مقدر و الأن مع التقرير
ComboFix 08-11-27.01 - HUSSAIN 2008-11-27 16:59:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1527 [GMT 3:00]
Running from: c:\documents and settings\HUSSAIN\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\hpowiax2.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.
2008-11-27 16:58 . 2008-11-27 16:58 <DIR> d-------- c:\program files\Trend Micro
2008-11-27 15:50 . 2008-11-27 15:50 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-27 06:54 . 2008-11-27 06:54 0 --a------ c:\windows\msicpl.ini
2008-11-27 06:08 . 2008-11-27 06:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-27 04:23 . 2008-11-27 07:27 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 03:38 . 2008-11-27 03:38 <DIR> d-------- c:\documents and settings\HUSSAIN\Application Data\HP
2008-11-27 03:38 . 2008-11-27 03:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-27 03:36 . 2008-11-27 03:38 <DIR> d-------- c:\program files\Common Files\HP
2008-11-27 03:35 . 2008-11-27 03:35 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-27 03:34 . 2008-11-27 03:34 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-27 03:34 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-27 03:34 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2008-11-27 03:34 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-11-27 03:34 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-11-27 03:34 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-11-27 03:34 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2008-11-27 03:34 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-11-27 03:28 . 2008-11-27 03:28 <DIR> d-------- c:\program files\Adverts
2008-11-27 03:28 . 2008-11-27 03:28 <DIR> d---s---- c:\documents and settings\HUSSAIN\UserData
2008-11-27 03:27 . 2008-11-27 03:27 <DIR> d-------- c:\program files\Windows Live
2008-11-27 03:27 . 2008-11-27 03:27 <DIR> d-------- c:\program files\Messenger Plus! Live
2008-11-27 03:27 . 2008-11-27 03:38 <DIR> d-------- c:\program files\HP
2008-11-27 03:25 . 2008-11-27 03:28 <DIR> d-------- c:\documents and settings\HUSSAIN\Contacts
2008-11-27 03:02 . 2006-04-13 04:04 49,664 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-27 03:02 . 2006-04-13 04:04 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-27 03:01 . 2006-04-13 04:04 282,624 -ra------ c:\windows\system32\HPZc3212.dll
2008-11-27 03:01 . 2006-01-04 12:12 77,824 -ra------ c:\windows\system32\HPZIDS01.dll
2008-11-27 03:01 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2008-11-27 03:01 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-27 03:01 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-27 03:01 . 2006-04-13 04:04 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-27 02:59 . 2006-04-13 04:02 827,392 -ra------ c:\windows\system32\hpotiop2.dll
2008-11-27 02:59 . 2006-04-13 04:02 254,026 -ra------ c:\windows\system32\hpovst09.dll
2008-11-27 02:59 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-27 02:59 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-27 02:53 . 2008-11-27 02:53 1,555 --a------ c:\windows\ata live update.ini
2008-11-27 02:47 . 2008-11-27 03:38 127,516 --a------ c:\windows\hpoins11.dat
2008-11-27 02:46 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-27 02:46 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-11-27 02:44 . 2008-11-27 02:44 268 --ah----- C:\sqmdata01.sqm
2008-11-27 02:44 . 2008-11-27 02:44 244 --ah----- C:\sqmnoopt01.sqm
2008-11-26 09:41 . 2008-11-26 09:41 268 --ah----- C:\sqmdata00.sqm
2008-11-26 09:41 . 2008-11-26 09:41 244 --ah----- C:\sqmnoopt00.sqm
2008-11-26 09:40 . 2008-11-26 09:40 <DIR> d-------- c:\documents and settings\HUSSAIN\Application Data\Media Player Classic
2008-11-26 09:40 . 2008-11-26 09:40 0 --a------ c:\windows\nsreg.dat
2008-11-26 09:39 . 2008-11-26 09:39 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-26 09:34 . 2008-11-26 09:34 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-26 09:33 . 2008-11-27 03:27 <DIR> d-------- c:\program files\MSN Messenger
2008-11-26 09:33 . 2006-05-13 21:29 843 --a------ C:\ChangeWinXPKey.vbs
2008-11-26 09:29 . 2008-11-26 09:29 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-26 09:23 . 2008-11-26 09:23 <DIR> d-------- c:\program files\CCleaner
2008-11-26 09:22 . 2008-11-26 09:22 <DIR> d-------- c:\program files\Real
2008-11-26 09:22 . 2008-11-26 09:22 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-26 09:22 . 2008-11-26 09:22 <DIR> d-------- c:\program files\Common Files\Real
2008-11-26 09:20 . 2008-11-26 09:20 <DIR> d-------- c:\program files\Webteh
2008-11-26 09:20 . 2008-11-26 09:21 <DIR> d-------- c:\documents and settings\HUSSAIN\Application Data\BSplayer PRO
2008-11-26 09:16 . 2008-11-26 09:16 <DIR> d-------- c:\windows\speech
2008-11-26 09:16 . 2008-11-26 09:16 <DIR> d-------- c:\program files\Golden Al-Wafi Translator
2008-11-26 09:16 . 2008-11-26 09:16 <DIR> d-------- C:\Al-Moheet
2008-11-26 09:16 . 2008-11-26 09:16 172,032 --------- c:\windows\Setup1.exe
2008-11-26 09:16 . 2008-11-26 09:16 73,216 --a------ c:\windows\ST6UNST.EXE
2008-11-26 06:12 . 2003-10-10 15:00 57,344 --a------ c:\windows\system32\WMErrAra.dll
2008-11-26 06:12 . 2003-10-10 15:00 34,356 --a------ c:\windows\WMPrfAra.prx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 23:04 --------- d-----w c:\program files\Alwil Software
2008-11-25 22:36 --------- d-----w c:\program files\MSI
2008-11-25 22:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 22:28 --------- d-----w c:\program files\Realtek
2008-11-25 22:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 22:28 --------- d-----w c:\documents and settings\HUSSAIN\Application Data\InstallShield
2008-11-25 22:27 4,716 ----a-w c:\windows\gdrv.sys
2008-11-25 22:24 --------- d-----w c:\program files\Intel
2008-11-25 22:15 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-26 185896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-26 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-26 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-11-26 27648]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\HUSSAIN\Application Data\Mozilla\Firefox\Profiles\w6ycqeg0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-27 17:03:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-11-27 17:04:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-27 14:04:34
Pre-Run: 25,260,417,024 bytes free
Post-Run: 25,357,488,128 bytes free
173
انا جهازي اصيب بفيروس ما اذكر اسمه بالضبط لكن كان من نوع Win32 Torojan و بعد الفرمته سويت اسكان ببرنامج Avast ووجده وحذفه و بعدين سويت اسكان ب Spyware Doctor ووجد فيروسات و تروجنات و حذفه و سويت مره اخرا ما طلع لي شي لكن انا ابتأكد من خلو الجهاز من هذي التروجونات و مع العلم انا عندي هاردسك خارجي و فيه معلومات كثيره ما ادري هل التقرير هذا شامل الهاردسك ولا لا و كيف اعرف ان الهاردسك الخارجي خالي من الفيروسات ايضاًًً
شاكر لكم و مقدر و الأن مع التقرير
ComboFix 08-11-27.01 - HUSSAIN 2008-11-27 16:59:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1527 [GMT 3:00]
Running from: c:\documents and settings\HUSSAIN\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\hpowiax2.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.
2008-11-27 16:58 . 2008-11-27 16:58 <DIR> d-------- c:\program files\Trend Micro
2008-11-27 15:50 . 2008-11-27 15:50 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-27 06:54 . 2008-11-27 06:54 0 --a------ c:\windows\msicpl.ini
2008-11-27 06:08 . 2008-11-27 06:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-27 04:23 . 2008-11-27 07:27 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 03:38 . 2008-11-27 03:38 <DIR> d-------- c:\documents and settings\HUSSAIN\Application Data\HP
2008-11-27 03:38 . 2008-11-27 03:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-27 03:36 . 2008-11-27 03:38 <DIR> d-------- c:\program files\Common Files\HP
2008-11-27 03:35 . 2008-11-27 03:35 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-27 03:34 . 2008-11-27 03:34 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-27 03:34 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-27 03:34 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2008-11-27 03:34 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-11-27 03:34 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-11-27 03:34 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-11-27 03:34 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2008-11-27 03:34 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-11-27 03:28 . 2008-11-27 03:28 <DIR> d-------- c:\program files\Adverts
2008-11-27 03:28 . 2008-11-27 03:28 <DIR> d---s---- c:\documents and settings\HUSSAIN\UserData
2008-11-27 03:27 . 2008-11-27 03:27 <DIR> d-------- c:\program files\Windows Live
2008-11-27 03:27 . 2008-11-27 03:27 <DIR> d-------- c:\program files\Messenger Plus! Live
2008-11-27 03:27 . 2008-11-27 03:38 <DIR> d-------- c:\program files\HP
2008-11-27 03:25 . 2008-11-27 03:28 <DIR> d-------- c:\documents and settings\HUSSAIN\Contacts
2008-11-27 03:02 . 2006-04-13 04:04 49,664 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-27 03:02 . 2006-04-13 04:04 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-27 03:01 . 2006-04-13 04:04 282,624 -ra------ c:\windows\system32\HPZc3212.dll
2008-11-27 03:01 . 2006-01-04 12:12 77,824 -ra------ c:\windows\system32\HPZIDS01.dll
2008-11-27 03:01 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2008-11-27 03:01 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-27 03:01 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-27 03:01 . 2006-04-13 04:04 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-27 02:59 . 2006-04-13 04:02 827,392 -ra------ c:\windows\system32\hpotiop2.dll
2008-11-27 02:59 . 2006-04-13 04:02 254,026 -ra------ c:\windows\system32\hpovst09.dll
2008-11-27 02:59 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-27 02:59 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-27 02:53 . 2008-11-27 02:53 1,555 --a------ c:\windows\ata live update.ini
2008-11-27 02:47 . 2008-11-27 03:38 127,516 --a------ c:\windows\hpoins11.dat
2008-11-27 02:46 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-27 02:46 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-11-27 02:44 . 2008-11-27 02:44 268 --ah----- C:\sqmdata01.sqm
2008-11-27 02:44 . 2008-11-27 02:44 244 --ah----- C:\sqmnoopt01.sqm
2008-11-26 09:41 . 2008-11-26 09:41 268 --ah----- C:\sqmdata00.sqm
2008-11-26 09:41 . 2008-11-26 09:41 244 --ah----- C:\sqmnoopt00.sqm
2008-11-26 09:40 . 2008-11-26 09:40 <DIR> d-------- c:\documents and settings\HUSSAIN\Application Data\Media Player Classic
2008-11-26 09:40 . 2008-11-26 09:40 0 --a------ c:\windows\nsreg.dat
2008-11-26 09:39 . 2008-11-26 09:39 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-26 09:34 . 2008-11-26 09:34 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-26 09:33 . 2008-11-27 03:27 <DIR> d-------- c:\program files\MSN Messenger
2008-11-26 09:33 . 2006-05-13 21:29 843 --a------ C:\ChangeWinXPKey.vbs
2008-11-26 09:29 . 2008-11-26 09:29 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-26 09:23 . 2008-11-26 09:23 <DIR> d-------- c:\program files\CCleaner
2008-11-26 09:22 . 2008-11-26 09:22 <DIR> d-------- c:\program files\Real
2008-11-26 09:22 . 2008-11-26 09:22 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-26 09:22 . 2008-11-26 09:22 <DIR> d-------- c:\program files\Common Files\Real
2008-11-26 09:20 . 2008-11-26 09:20 <DIR> d-------- c:\program files\Webteh
2008-11-26 09:20 . 2008-11-26 09:21 <DIR> d-------- c:\documents and settings\HUSSAIN\Application Data\BSplayer PRO
2008-11-26 09:16 . 2008-11-26 09:16 <DIR> d-------- c:\windows\speech
2008-11-26 09:16 . 2008-11-26 09:16 <DIR> d-------- c:\program files\Golden Al-Wafi Translator
2008-11-26 09:16 . 2008-11-26 09:16 <DIR> d-------- C:\Al-Moheet
2008-11-26 09:16 . 2008-11-26 09:16 172,032 --------- c:\windows\Setup1.exe
2008-11-26 09:16 . 2008-11-26 09:16 73,216 --a------ c:\windows\ST6UNST.EXE
2008-11-26 06:12 . 2003-10-10 15:00 57,344 --a------ c:\windows\system32\WMErrAra.dll
2008-11-26 06:12 . 2003-10-10 15:00 34,356 --a------ c:\windows\WMPrfAra.prx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 23:04 --------- d-----w c:\program files\Alwil Software
2008-11-25 22:36 --------- d-----w c:\program files\MSI
2008-11-25 22:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 22:28 --------- d-----w c:\program files\Realtek
2008-11-25 22:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 22:28 --------- d-----w c:\documents and settings\HUSSAIN\Application Data\InstallShield
2008-11-25 22:27 4,716 ----a-w c:\windows\gdrv.sys
2008-11-25 22:24 --------- d-----w c:\program files\Intel
2008-11-25 22:15 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SW20"="c:\windows\system32\sw20.exe" [2006-09-07 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-09-07 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-26 185896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-26 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-26 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S3 DigiCellDriver;DigiCellDriver;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-11-26 27648]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\HUSSAIN\Application Data\Mozilla\Firefox\Profiles\w6ycqeg0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-11-27 17:03:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-11-27 17:04:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-27 14:04:34
Pre-Run: 25,260,417,024 bytes free
Post-Run: 25,357,488,128 bytes free
173
