وهاي تقرير الأداة الأولى comb fix
ComboFix 08-12-07.04 - kjvf 12/09/2008 11:16:47.4 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.545 [GMT 2:00]
Running from: c:\documents and settings\kjvf\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\autorun.inf
H:\iyfjmg.cmd
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 09:18 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-09 09:18 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-09 09:18 3,616 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-09 09:18 1,108 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-09 08:00 0 ----a-w C:\osy3.sys
2008-12-08 18:23 --------- d-----w c:\program files\FLVPlayer
2008-12-07 08:29 --------- d-----w c:\program files\Real
2008-12-07 08:29 --------- d-----w c:\program files\Common Files\xing shared
2008-12-07 08:29 --------- d-----w c:\program files\Common Files\Real
2008-12-07 08:27 --------- d-----w c:\documents and settings\kjvf\Application Data\PC Suite
2008-12-07 08:27 --------- d-----w c:\documents and settings\kjvf\Application Data\Nokia
2008-12-07 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-12-07 08:26 --------- d-----w c:\program files\PC Connectivity Solution
2008-12-07 08:26 --------- d-----w c:\program files\Nokia
2008-12-07 08:26 --------- d-----w c:\program files\DIFX
2008-12-07 08:26 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-07 08:26 --------- d-----w c:\program files\Common Files\Nokia
2008-12-07 08:25 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-12-07 08:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 08:18 --------- d-----w c:\program files\Intel
2008-12-07 08:18 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 08:18 --------- d-----w c:\program files\C-Media 3D Audio
2008-12-07 08:10 --------- d-----w c:\program files\Internet Download Manager
2008-12-07 08:10 --------- d-----w c:\documents and settings\kjvf\Application Data\IDM
2008-12-07 08:10 --------- d-----w c:\documents and settings\kjvf\Application Data\DMCache
2008-12-07 07:53 96,645 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-07 07:53 87,941 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-07 07:52 --------- d-----w c:\program files\Kaspersky Lab
2008-12-07 07:52 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-07 05:22 --------- d-----w c:\program files\microsoft frontpage
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2003-08-27 09:49 3,424 ----a-w c:\windows\inf\OTHER\cmiainfo.sys
.
(((((((((((((((((((((((((((((
snapshot@Mon 12-08-2008_21.08.43.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-04-06 16:07:38 114,688 ----a-r c:\windows\system32\hkcmd.exe
+ 2003-04-06 16:07:38 192,512 ----a-r c:\windows\system32\hkcmd.exe
- 2003-04-06 16:19:52 155,648 ----a-r c:\windows\system32\igfxtray.exe
+ 2003-04-06 16:19:52 233,472 ----a-r c:\windows\system32\igfxtray.exe
- 2008-12-08 17:03:30 40,118 ----a-w c:\windows\system32\perfc001.dat
+ 2008-12-09 09:01:12 40,118 ----a-w c:\windows\system32\perfc001.dat
- 2008-12-08 17:03:30 40,128 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-09 09:01:12 40,128 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-08 17:03:30 251,674 ----a-w c:\windows\system32\perfh001.dat
+ 2008-12-09 09:01:12 251,674 ----a-w c:\windows\system32\perfh001.dat
- 2008-12-08 17:03:30 311,740 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-09 09:01:12 311,740 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [12/04/2008 02:00 PM 2827696]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:09 AM 1667584]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [06/17/2008 04:00 PM 1323008]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [08/11/2008 08:31 AM 1202176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [12/07/2008 10:29 AM 267792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [04/06/2003 06:19 PM 233472]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [04/06/2003 06:07 PM 192512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/03/2004 10:56 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\flashplayer10_install_plugin_091508.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 2009\\avp.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\ComboFix\\nircmd.com"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSync2.exe"=
"c:\\Program Files\\Common Files\\Nokia\\MPAPI\\MPAPI3s.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
*Newly Created Service* - ASC3360PR
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-12-09 11:19:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\klogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\program files\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE
c:\program files\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLUSBSRV.EXE
c:\program files\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLRSSRV.EXE
c:\program files\COMMON FILES\NOKIA\MPAPI\MPAPI3S.EXE
c:\program files\INTERNET DOWNLOAD MANAGER\IEMONITOR.EXE
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 12/09/2008 11:20:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-09 09:20:34
ComboFix3.txt 2008-12-08 19:09:32
ComboFix2.txt 2008-12-09 08:54:56
Pre-Run: 6,922,051,584 bytes free
Post-Run: 6,928,793,600 bytes free
141