السلام عليكم ورحمة الله
هذا تقرير ComboFix
نرجو الاطلاع وفقكم الله ..
ComboFix 08-12-03.04 - أبــو خــالـــد 12/04/2008 21:32:57.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1108 [GMT 3:00]
Running from: c:\documents and settings\Administrator.JET9\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 18:17 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-04 18:17 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-04 18:17 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-04 18:17 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-27 17:17 2,328,832 ----a-w c:\windows\system32\TUKernel.exe
2008-11-21 16:58 --------- d-----w c:\program files\iVocalize Web Conference 4
2008-11-12 18:42 --------- d-----w c:\program files\MSXML 4.0
2008-10-29 17:25 --------- d-----w c:\program files\Windows Defender
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-17 08:45 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\channels
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 11:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 11:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 13:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-20 22:21 72,066 ----a-w c:\windows\BricoPackUninst.cmd
2008-09-20 22:21 5,431 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-09-20 10:34 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-09-15 23:53 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-13 02:44 197 --sha-w c:\program files\Common Files\maxtreme.dat
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-05 20:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-05 20:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 17:15 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2003-04-22 07:46 2,719,744 ------w c:\program files\aiodrv.msi
2003-04-22 07:42 2,588,672 ------w c:\program files\aiosw.msi
2003-04-22 07:24 16,606 ----a-w c:\program files\hpomdl01.dat
2003-04-22 07:23 267 ----a-w c:\program files\readme.html
2003-04-09 15:19 2,848 ----a-w c:\program files\hpound08.inf
2003-04-09 15:19 14,157 ----a-w c:\program files\hpousc08.inf
2003-04-09 15:00 4,715 ----a-w c:\program files\hpoglu08.inf
2003-04-09 15:00 2,889 ----a-w c:\program files\hpousb08.inf
2003-04-09 10:13 577,536 ----a-w c:\program files\Setup.exe
2003-03-20 13:20 24,728 ----a-w c:\program files\HPZipr12.cat
2003-03-20 13:20 24,285 ----a-w c:\program files\hposcu08.cat
2003-03-20 13:20 22,523 ----a-w c:\program files\HPZius12.cat
2003-03-20 13:20 22,082 ----a-w c:\program files\hpzist12.cat
2003-03-20 13:20 22,082 ----a-w c:\program files\HPZid412.cat
2003-03-20 13:20 21,641 ----a-w c:\program files\HPOunp08.cat
2003-03-20 13:20 205,503 ----a-w c:\program files\hpoprn08.cat
2003-03-09 18:30 63,562 ----a-w c:\program files\hposcu08.inf
2003-03-09 18:30 51,266 ----a-w c:\program files\hpoprn08.inf
2003-03-09 18:30 33,952 ----a-w c:\program files\hpzid412.inf
2003-03-09 18:30 3,898 ----a-w c:\program files\hpounp08.inf
2003-03-09 18:30 3,667 ----a-w c:\program files\hpzist12.inf
2003-03-09 18:30 274,432 ----a-w c:\program files\hpzglu07.exe
2003-03-09 18:30 237,568 ----a-w c:\program files\hpzc3212.dll
2003-03-09 18:30 23,186 ----a-w c:\program files\hpzcin06.ex_
2003-03-09 18:30 184,320 ----a-w c:\program files\hpzscr07.dll
2003-03-09 18:30 16,352 ----a-w c:\program files\HPZUCI12.DLL
2003-03-09 18:30 14,285 ----a-w c:\program files\hpzius12.inf
2003-03-09 18:30 10,325 ----a-w c:\program files\hpzipr12.inf
2002-09-09 15:48 458,752 ----a-w c:\program files\tls704d.dll
2002-09-09 15:48 22,608 ----a-w c:\program files\usbprint.sys
2002-09-09 15:48 12,288 ----a-w c:\program files\usbmon.dll
2002-09-09 15:47 70,656 ----a-w c:\program files\msvcirt.dll
2002-09-09 15:47 55,155 ----a-w c:\program files\hpzusb00.sy_
2002-09-09 15:47 5,705 ----a-w c:\program files\hpzuci02.dl_
2002-09-09 15:47 254,005 ----a-w c:\program files\msvcrt.dll
2002-09-09 15:47 25,639 ----a-w c:\program files\hpzpom04.dl_
2002-09-09 15:47 212,992 ----a-w c:\program files\hpzpnp07.dll
2002-09-09 15:46 52,552 ----a-w c:\program files\hpziou01.dl_
2002-09-09 15:46 49,212 ----a-w c:\program files\hpzjvp01.dll
2002-09-09 15:46 46,017 ----a-w c:\program files\hpzion00.sy_
2002-09-09 15:46 417,849 ----a-w c:\program files\hpzjpp01.dll
2002-09-09 15:46 28,722 ----a-w c:\program files\hpzjlog.dll
2002-09-09 15:46 249,913 ----a-w c:\program files\hpzjut01.dll
2002-09-06 07:54 995,383 ----a-w c:\program files\MFC42.DLL
2008-08-23 23:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082420080825\index.dat
.
((((((((((((((((((((((((((((( snapshot@Mon 11-24-2008_21.44.33.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 18:34:22 465,472 ----a-w c:\windows\Downloaded Program Files\wlscBase.dll
+ 2008-10-28 13:25:00 453,512 ----a-w c:\windows\Downloaded Program Files\wlscBase.dll
+ 2002-03-15 16:58:02 756,736 ----a-w c:\windows\Resources\Themes\Windows MAX 2003\Shell\NormalColor\shellstyle.dll
+ 2002-03-15 16:58:02 774,656 ----a-w c:\windows\Resources\Themes\Windows MAX 2003\Shell\WinMAXV45\shellstyle.dll
- 2008-11-24 10:42:52 59,774 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-04 18:22:52 59,774 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-24 10:42:52 395,534 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-04 18:22:52 395,534 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 03:12 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [05/05/2008 11:04 PM 2594224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [04/14/2008 03:12 AM 1695232]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\Administrator.JET9\Application Data\cleaner\CSPSeraser.exe" [11/20/2007 02:19 PM 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [07/28/2008 04:42 PM 185896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 03:12 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 03:12 AM 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/26/2008 06:41 PM 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" /a
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"d:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys [2008-02-09 941784]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-06-09 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-06-09 8320]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-05-06 194304]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1212445262.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [04/09/2003 05:56 PM]
2008-12-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2008-12-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [11/03/2006 07:20 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = 212.93.193.74:8080
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\FontSmooth.dll - O16 -: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061}
hxxp://www.qurancomplex.org/Downloads/FontSmooth.cab
c:\windows\Downloaded Program Files\FontSmooth.inf
FireFox -: Profile - c:\documents and settings\Administrator.JET9\Application Data\Mozilla\Firefox\Profiles\16fx4h5q.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.sa/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 21:35:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
.
Completion time: 12/04/2008 21:37:37
ComboFix-quarantined-files.txt 2008-12-04 18:37:30
ComboFix2.txt 2008-11-24 18:45:26
Pre-Run: 6,047,088,640 bytes free
Post-Run: 6,026,838,016 bytes free
229 --- E O F --- 2008-12-01 15:53:13
هذا تقرير ComboFix
نرجو الاطلاع وفقكم الله ..
ComboFix 08-12-03.04 - أبــو خــالـــد 12/04/2008 21:32:57.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1108 [GMT 3:00]
Running from: c:\documents and settings\Administrator.JET9\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 18:17 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-04 18:17 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-04 18:17 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-04 18:17 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-27 17:17 2,328,832 ----a-w c:\windows\system32\TUKernel.exe
2008-11-21 16:58 --------- d-----w c:\program files\iVocalize Web Conference 4
2008-11-12 18:42 --------- d-----w c:\program files\MSXML 4.0
2008-10-29 17:25 --------- d-----w c:\program files\Windows Defender
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-17 08:45 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\channels
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 11:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 11:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 13:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-20 22:21 72,066 ----a-w c:\windows\BricoPackUninst.cmd
2008-09-20 22:21 5,431 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-09-20 10:34 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-09-15 23:53 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-13 02:44 197 --sha-w c:\program files\Common Files\maxtreme.dat
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-05 20:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-05 20:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 17:15 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2003-04-22 07:46 2,719,744 ------w c:\program files\aiodrv.msi
2003-04-22 07:42 2,588,672 ------w c:\program files\aiosw.msi
2003-04-22 07:24 16,606 ----a-w c:\program files\hpomdl01.dat
2003-04-22 07:23 267 ----a-w c:\program files\readme.html
2003-04-09 15:19 2,848 ----a-w c:\program files\hpound08.inf
2003-04-09 15:19 14,157 ----a-w c:\program files\hpousc08.inf
2003-04-09 15:00 4,715 ----a-w c:\program files\hpoglu08.inf
2003-04-09 15:00 2,889 ----a-w c:\program files\hpousb08.inf
2003-04-09 10:13 577,536 ----a-w c:\program files\Setup.exe
2003-03-20 13:20 24,728 ----a-w c:\program files\HPZipr12.cat
2003-03-20 13:20 24,285 ----a-w c:\program files\hposcu08.cat
2003-03-20 13:20 22,523 ----a-w c:\program files\HPZius12.cat
2003-03-20 13:20 22,082 ----a-w c:\program files\hpzist12.cat
2003-03-20 13:20 22,082 ----a-w c:\program files\HPZid412.cat
2003-03-20 13:20 21,641 ----a-w c:\program files\HPOunp08.cat
2003-03-20 13:20 205,503 ----a-w c:\program files\hpoprn08.cat
2003-03-09 18:30 63,562 ----a-w c:\program files\hposcu08.inf
2003-03-09 18:30 51,266 ----a-w c:\program files\hpoprn08.inf
2003-03-09 18:30 33,952 ----a-w c:\program files\hpzid412.inf
2003-03-09 18:30 3,898 ----a-w c:\program files\hpounp08.inf
2003-03-09 18:30 3,667 ----a-w c:\program files\hpzist12.inf
2003-03-09 18:30 274,432 ----a-w c:\program files\hpzglu07.exe
2003-03-09 18:30 237,568 ----a-w c:\program files\hpzc3212.dll
2003-03-09 18:30 23,186 ----a-w c:\program files\hpzcin06.ex_
2003-03-09 18:30 184,320 ----a-w c:\program files\hpzscr07.dll
2003-03-09 18:30 16,352 ----a-w c:\program files\HPZUCI12.DLL
2003-03-09 18:30 14,285 ----a-w c:\program files\hpzius12.inf
2003-03-09 18:30 10,325 ----a-w c:\program files\hpzipr12.inf
2002-09-09 15:48 458,752 ----a-w c:\program files\tls704d.dll
2002-09-09 15:48 22,608 ----a-w c:\program files\usbprint.sys
2002-09-09 15:48 12,288 ----a-w c:\program files\usbmon.dll
2002-09-09 15:47 70,656 ----a-w c:\program files\msvcirt.dll
2002-09-09 15:47 55,155 ----a-w c:\program files\hpzusb00.sy_
2002-09-09 15:47 5,705 ----a-w c:\program files\hpzuci02.dl_
2002-09-09 15:47 254,005 ----a-w c:\program files\msvcrt.dll
2002-09-09 15:47 25,639 ----a-w c:\program files\hpzpom04.dl_
2002-09-09 15:47 212,992 ----a-w c:\program files\hpzpnp07.dll
2002-09-09 15:46 52,552 ----a-w c:\program files\hpziou01.dl_
2002-09-09 15:46 49,212 ----a-w c:\program files\hpzjvp01.dll
2002-09-09 15:46 46,017 ----a-w c:\program files\hpzion00.sy_
2002-09-09 15:46 417,849 ----a-w c:\program files\hpzjpp01.dll
2002-09-09 15:46 28,722 ----a-w c:\program files\hpzjlog.dll
2002-09-09 15:46 249,913 ----a-w c:\program files\hpzjut01.dll
2002-09-06 07:54 995,383 ----a-w c:\program files\MFC42.DLL
2008-08-23 23:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082420080825\index.dat
.
((((((((((((((((((((((((((((( snapshot@Mon 11-24-2008_21.44.33.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 18:34:22 465,472 ----a-w c:\windows\Downloaded Program Files\wlscBase.dll
+ 2008-10-28 13:25:00 453,512 ----a-w c:\windows\Downloaded Program Files\wlscBase.dll
+ 2002-03-15 16:58:02 756,736 ----a-w c:\windows\Resources\Themes\Windows MAX 2003\Shell\NormalColor\shellstyle.dll
+ 2002-03-15 16:58:02 774,656 ----a-w c:\windows\Resources\Themes\Windows MAX 2003\Shell\WinMAXV45\shellstyle.dll
- 2008-11-24 10:42:52 59,774 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-04 18:22:52 59,774 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-24 10:42:52 395,534 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-04 18:22:52 395,534 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 03:12 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [05/05/2008 11:04 PM 2594224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [04/14/2008 03:12 AM 1695232]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\Administrator.JET9\Application Data\cleaner\CSPSeraser.exe" [11/20/2007 02:19 PM 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [07/28/2008 04:42 PM 185896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 03:12 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 03:12 AM 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/26/2008 06:41 PM 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" /a
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"d:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys [2008-02-09 941784]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-06-09 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-06-09 8320]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-05-06 194304]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1212445262.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [04/09/2003 05:56 PM]
2008-12-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2008-12-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [11/03/2006 07:20 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = 212.93.193.74:8080
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\FontSmooth.dll - O16 -: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061}
hxxp://www.qurancomplex.org/Downloads/FontSmooth.cab
c:\windows\Downloaded Program Files\FontSmooth.inf
FireFox -: Profile - c:\documents and settings\Administrator.JET9\Application Data\Mozilla\Firefox\Profiles\16fx4h5q.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.sa/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 21:35:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
.
Completion time: 12/04/2008 21:37:37
ComboFix-quarantined-files.txt 2008-12-04 18:37:30
ComboFix2.txt 2008-11-24 18:45:26
Pre-Run: 6,047,088,640 bytes free
Post-Run: 6,026,838,016 bytes free
229 --- E O F --- 2008-12-01 15:53:13
هل الجهاز سليم والله يعطيكم العافية ..
