alshbaah_911
زيزوومى مميز
- إنضم
- 28 مايو 2008
- المشاركات
- 571
- مستوى التفاعل
- 0
- النقاط
- 520
غير متصل
السلام عليكم ورحمة الله وبركاته
اخواني هذا التقرير وابيكم تشوفونه الله يخليكم
ComboFix 08-12-21.04 - winXP 03/25/2009 19:27:35.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.2038.1371 [GMT 3:00]
Running from: c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\سطح المكتب\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\plugin1.dat
c:\windows\system32\SysPr.prx
.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-25 16:25 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\DMCache
2009-03-25 13:47 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\Kaspersky Lab
2009-03-25 13:44 9,804 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-25 13:44 712,736 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-25 13:44 37,664 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-25 13:44 3,877,920 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-25 12:14 --------- d---a-w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\TEMP
2009-03-23 06:32 663,040 ----a-w c:\windows\is-2RCV7.exe
2009-03-23 06:32 --------- d-----w c:\program files\Driver-Soft
2009-03-19 18:54 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\uTorrent
2009-03-18 18:45 --------- d-----w c:\program files\Paltalk Messenger
2009-03-17 11:55 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Malwarebytes
2009-03-17 11:54 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\Malwarebytes
2009-03-16 19:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 13:48 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Vso
2009-03-15 14:44 --------- d-----w c:\program files\VSO
2009-03-14 19:30 --------- d-----w c:\program files\Call of Duty
2009-03-13 17:17 --------- d-----w c:\program files\Golden Al-Wafi Translator
2009-03-13 12:09 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-13 11:29 --------- d-----w c:\program files\Your Uninstaller 2008
2009-03-10 03:37 --------- d-----w c:\program files\Nokia
2009-03-10 03:37 --------- d-----w c:\program files\Common Files\Nokia
2009-03-10 03:34 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\Installations
2009-03-10 03:18 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\PC Suite
2009-03-09 10:39 --------- d-----w c:\program files\RM to MP3 Converter
2009-03-06 22:43 --------- d-----w c:\program files\Hetman Software
2009-03-05 13:48 --------- d-----w c:\program files\Microsoft Works
2009-03-05 13:47 --------- d-----w c:\program files\Microsoft.NET
2009-02-27 13:27 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 16:17 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\Nokia
2009-02-25 16:09 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-02-25 16:09 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-02-22 14:02 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Thinstall
2009-02-22 12:05 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Media Player Classic
2009-02-22 12:03 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-22 12:03 --------- d-----w c:\program files\Common Files\Real
2009-02-22 10:54 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\SmitfraudFix
2009-02-18 19:32 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\cleaner
2009-02-15 13:49 --------- d-----w c:\program files\Windows Defender
2009-02-14 15:36 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2
2009-02-14 11:31 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\SBMAV Disk Cleaner
2009-02-14 11:14 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Nokia
2009-02-14 11:13 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\AVGTOOLBAR
2009-02-14 11:13 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\Administrator\Application Data\CyberLink
2009-02-12 01:57 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-11 20:42 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Kaspersky_Key_Finder_(KKF
2009-02-09 14:15 1,846,144 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:54 --------- d-----w c:\program files\ElcomSoft
2009-02-06 15:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-05 15:44 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-04 15:25 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-04 15:25 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-25 22:38 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\SystemRequirementsLab
2009-01-23 10:09 73,216 -c--a-w c:\windows\ST6UNST.EXE
2009-01-23 10:09 249,856 -c----w c:\windows\Setup1.exe
2009-01-20 18:11 197 -csha-w c:\program files\Common Files\maxtreme.dat
2009-01-14 23:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-14 23:05 43,008 -c--a-w c:\windows\system32\licmgr10.dll
2009-01-14 23:04 18,944 -c--a-w c:\windows\system32\corpol.dll
2009-01-14 23:03 72,704 -c--a-w c:\windows\system32\admparse.dll
2009-01-14 23:03 71,680 -c--a-w c:\windows\system32\iesetup.dll
2009-01-14 23:03 420,352 -c--a-w c:\windows\system32\vb(*)(*)(*)(*)(*)(*).dll
2009-01-14 23:01 34,304 -c--a-w c:\windows\system32\imgutil.dll
2009-01-14 23:00 48,128 -c--a-w c:\windows\system32\mshtmler.dll
2009-01-14 23:00 45,568 -c--a-w c:\windows\system32\mshta.exe
2009-01-14 22:50 156,160 ----a-w c:\windows\system32\msls31.dll
2008-12-31 14:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 14:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 14:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
.
((((((((((((((((((((((((((((( snapshot_Wed 03-11-2009_21.52.01.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-17 13:50:34 16,384 -c--a-w c:\windows\system32\config\systemprofile\(*)(*)(*) (*)(*)(*)s\index.dat
+ 2009-03-19 17:49:22 16,384 -c--a-w c:\windows\system32\config\systemprofile\(*)(*)(*) (*)(*)(*)s\index.dat
- 2008-12-17 13:50:34 16,384 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-19 17:49:22 16,384 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-17 13:50:34 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\(*)(*)(*)(*)(*)(*)(*).IE5\index.dat
+ 2009-03-19 17:49:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\(*)(*)(*)(*)(*)(*)(*).IE5\index.dat
+ 2004-08-03 23:54:12 429,056 -c--a-w c:\windows\system32\dllcache\obrs0401.dll
+ 2004-08-03 23:56:02 378,368 -c--a-w c:\windows\system32\dllcache\wzcdlg.dll
+ 2003-12-15 20:16:32 81,920 ----a-w c:\windows\system32\eSellerateControl350.dll
+ 2003-12-15 20:16:32 348,160 ----a-w c:\windows\system32\eSellerateEngine.dll
- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
- 2009-02-14 15:53:56 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
+ 2009-03-20 21:04:31 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
- 2009-02-03 23:21:12 21,244,864 -c--a-w c:\windows\system32\MRT.exe
+ 2009-02-25 09:55:00 24,768,960 -c--a-w c:\windows\system32\MRT.exe
- 2003-09-23 05:00:00 1,385,744 -c--a-w c:\windows\system32\MSVBVM60.DLL
+ 2004-02-23 17:42:40 1,386,496 ----a-w c:\windows\system32\MSVBVM60.DLL
+ 2004-06-14 11:56:26 427,864 ----a-w c:\windows\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 02:56 AM 15360]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 01:05 AM 630784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [12/13/2005 05:44 PM 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [12/13/2005 05:41 PM 77824]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 02:13 PM 1101824]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [02/05/2009 06:44 PM 206088]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 02:18 PM 995328]
"FixCamera"="c:\windows\FixCamera.exe" [02/12/2007 02:50 PM 20480]
"tsnp325"="c:\windows\tsnp325.exe" [10/10/2006 03:49 PM 270336]
"snp325"="c:\windows\vsnp325.exe" [10/10/2006 02:11 PM 827392]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM 282624 c:\windows\stsystra.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 02:56 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 02:56 AM 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [02/26/2007 01:01 AM 437160]
c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\(*)(*)(*)(*)(*)(*)(*)(*)s and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkb d.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll,c: \progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~ 1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Bluetooth.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^Styler.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^TransBar.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^UberIcon.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^Y'z Shadow.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 10/15/2008 01:04 AM 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 12/23/2006 06:05 PM 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 08/03/2006 06:51 PM 1032192 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 02/12/2007 02:50 PM 20480 c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a--c--- 10/28/2008 07:08 PM 2606512 c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 10/13/2004 07:24 PM 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 02/06/2009 06:53 PM 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 01/12/2006 03:40 PM 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a--c--- 11/10/2008 03:07 PM 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a--c--- 11/20/2008 02:45 PM 14202672 c:\program files\ooVoo\ooVoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 11/10/2005 01:03 PM 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 03/08/2006 12:48 PM 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 07/04/2008 09:59 PM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
--a--c--- 02/12/2008 05:34 PM 456024 c:\program files\WebcamMax\wcmmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
--a--c--- 08/04/2004 02:56 AM 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 03/24/2006 05:30 PM 282624 c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"tsnp325"=c:\windows\tsnp325.exe
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"snp325"=c:\windows\vsnp325.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MS Config.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr .exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*
isabled
oVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*
isabled
oVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*
isabled
oVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*
isabled
oVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*
isabled
oVoo UDP المنفذ 37675
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CAMTHWDM.sys [2008-02-09 941784]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2009-01-12 10253056]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5be7ca8e-aa7f-11dd-b41d-0016414b9dfa}]
\(*)(*)(*)(*)l\AutoRun\command - F:\invwft2h.com
\(*)(*)(*)(*)l\explore\Command - F:\invwft2h.com
\(*)(*)(*)(*)l\open\Command - F:\invwft2h.com
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{67c2260d-af53-11dd-b42a-0015c50b881d}]
\(*)(*)(*)(*)l\AutoRun\command - wqesvxa.exe
\(*)(*)(*)(*)l\open\Command - wqesvxa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{73657792-3925-11dc-84fd-0019b96c3846}]
\(*)(*)(*)(*)l\AutoRun\command - RavMon.exe
\(*)(*)(*)(*)l\explore\Command - RavMon.exe -e
\(*)(*)(*)(*)l\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{73657793-3925-11dc-84fd-0019b96c3846}]
\(*)(*)(*)(*)l\AutoRun\command - RavMon.exe
\(*)(*)(*)(*)l\explore\Command - RavMon.exe -e
\(*)(*)(*)(*)l\open\Command - RavMon.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
(*)(*)(*)(*)(*)(*)(*)s of the 'Scheduled Tasks' folder
2009-03-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [12/21/2007 03:17 PM]
2009-03-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [11/03/2006 07:20 PM]
2009-03-25 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: "إضافة إلى حاجب الدعايات" - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
FF - ProfilePath - c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Mozilla\Firefox\Profiles\30nvxep0.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Mozilla\Firefox\Profiles\30nvxep0.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.40115.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.40115.0\npctrl.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-03-25 19:28:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\IWPDGINA.DLL
c:\program files\Intel\Wireless\Bin\SsoGnARA.dll
.
Completion time: 03/25/2009 19:29:30
ComboFix-quarantined-files.txt 2009-03-25 16:29:24
ComboFix2.txt 2009-03-19 18:06:42
ComboFix3.txt 2009-03-19 14:47:01
ComboFix4.txt 2009-03-11 18:53:58
ComboFix5.txt 2009-03-25 16:27:03
Pre-Run: 12,532,043,776 bytes free
Post-Run: 12,524,724,224 bytes free
315 --- E O F --- 2009-03-19 23:49:41
اخواني هذا التقرير وابيكم تشوفونه الله يخليكم
ComboFix 08-12-21.04 - winXP 03/25/2009 19:27:35.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.2038.1371 [GMT 3:00]
Running from: c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\سطح المكتب\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\plugin1.dat
c:\windows\system32\SysPr.prx
.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-25 16:25 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\DMCache
2009-03-25 13:47 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\Kaspersky Lab
2009-03-25 13:44 9,804 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-25 13:44 712,736 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-25 13:44 37,664 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-25 13:44 3,877,920 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-25 12:14 --------- d---a-w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\TEMP
2009-03-23 06:32 663,040 ----a-w c:\windows\is-2RCV7.exe
2009-03-23 06:32 --------- d-----w c:\program files\Driver-Soft
2009-03-19 18:54 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\uTorrent
2009-03-18 18:45 --------- d-----w c:\program files\Paltalk Messenger
2009-03-17 11:55 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Malwarebytes
2009-03-17 11:54 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\Malwarebytes
2009-03-16 19:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 13:48 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Vso
2009-03-15 14:44 --------- d-----w c:\program files\VSO
2009-03-14 19:30 --------- d-----w c:\program files\Call of Duty
2009-03-13 17:17 --------- d-----w c:\program files\Golden Al-Wafi Translator
2009-03-13 12:09 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-13 11:29 --------- d-----w c:\program files\Your Uninstaller 2008
2009-03-10 03:37 --------- d-----w c:\program files\Nokia
2009-03-10 03:37 --------- d-----w c:\program files\Common Files\Nokia
2009-03-10 03:34 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\Installations
2009-03-10 03:18 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\PC Suite
2009-03-09 10:39 --------- d-----w c:\program files\RM to MP3 Converter
2009-03-06 22:43 --------- d-----w c:\program files\Hetman Software
2009-03-05 13:48 --------- d-----w c:\program files\Microsoft Works
2009-03-05 13:47 --------- d-----w c:\program files\Microsoft.NET
2009-02-27 13:27 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 16:17 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\Application Data\Nokia
2009-02-25 16:09 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-02-25 16:09 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-02-22 14:02 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Thinstall
2009-02-22 12:05 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Media Player Classic
2009-02-22 12:03 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-22 12:03 --------- d-----w c:\program files\Common Files\Real
2009-02-22 10:54 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\SmitfraudFix
2009-02-18 19:32 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\cleaner
2009-02-15 13:49 --------- d-----w c:\program files\Windows Defender
2009-02-14 15:36 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2
2009-02-14 11:31 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\SBMAV Disk Cleaner
2009-02-14 11:14 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Nokia
2009-02-14 11:13 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\AVGTOOLBAR
2009-02-14 11:13 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\Administrator\Application Data\CyberLink
2009-02-12 01:57 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-11 20:42 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Kaspersky_Key_Finder_(KKF
2009-02-09 14:15 1,846,144 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:54 --------- d-----w c:\program files\ElcomSoft
2009-02-06 15:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-05 15:44 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-04 15:25 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-04 15:25 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-25 22:38 --------- d-----w c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\SystemRequirementsLab
2009-01-23 10:09 73,216 -c--a-w c:\windows\ST6UNST.EXE
2009-01-23 10:09 249,856 -c----w c:\windows\Setup1.exe
2009-01-20 18:11 197 -csha-w c:\program files\Common Files\maxtreme.dat
2009-01-14 23:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-14 23:05 43,008 -c--a-w c:\windows\system32\licmgr10.dll
2009-01-14 23:04 18,944 -c--a-w c:\windows\system32\corpol.dll
2009-01-14 23:03 72,704 -c--a-w c:\windows\system32\admparse.dll
2009-01-14 23:03 71,680 -c--a-w c:\windows\system32\iesetup.dll
2009-01-14 23:03 420,352 -c--a-w c:\windows\system32\vb(*)(*)(*)(*)(*)(*).dll
2009-01-14 23:01 34,304 -c--a-w c:\windows\system32\imgutil.dll
2009-01-14 23:00 48,128 -c--a-w c:\windows\system32\mshtmler.dll
2009-01-14 23:00 45,568 -c--a-w c:\windows\system32\mshta.exe
2009-01-14 22:50 156,160 ----a-w c:\windows\system32\msls31.dll
2008-12-31 14:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 14:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 14:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
.
((((((((((((((((((((((((((((( snapshot_Wed 03-11-2009_21.52.01.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-17 13:50:34 16,384 -c--a-w c:\windows\system32\config\systemprofile\(*)(*)(*) (*)(*)(*)s\index.dat
+ 2009-03-19 17:49:22 16,384 -c--a-w c:\windows\system32\config\systemprofile\(*)(*)(*) (*)(*)(*)s\index.dat
- 2008-12-17 13:50:34 16,384 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-19 17:49:22 16,384 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-17 13:50:34 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\(*)(*)(*)(*)(*)(*)(*).IE5\index.dat
+ 2009-03-19 17:49:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\(*)(*)(*)(*)(*)(*)(*).IE5\index.dat
+ 2004-08-03 23:54:12 429,056 -c--a-w c:\windows\system32\dllcache\obrs0401.dll
+ 2004-08-03 23:56:02 378,368 -c--a-w c:\windows\system32\dllcache\wzcdlg.dll
+ 2003-12-15 20:16:32 81,920 ----a-w c:\windows\system32\eSellerateControl350.dll
+ 2003-12-15 20:16:32 348,160 ----a-w c:\windows\system32\eSellerateEngine.dll
- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
- 2009-02-14 15:53:56 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
+ 2009-03-20 21:04:31 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
- 2009-02-03 23:21:12 21,244,864 -c--a-w c:\windows\system32\MRT.exe
+ 2009-02-25 09:55:00 24,768,960 -c--a-w c:\windows\system32\MRT.exe
- 2003-09-23 05:00:00 1,385,744 -c--a-w c:\windows\system32\MSVBVM60.DLL
+ 2004-02-23 17:42:40 1,386,496 ----a-w c:\windows\system32\MSVBVM60.DLL
+ 2004-06-14 11:56:26 427,864 ----a-w c:\windows\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 02:56 AM 15360]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 01:05 AM 630784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [12/13/2005 05:44 PM 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [12/13/2005 05:41 PM 77824]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 02:13 PM 1101824]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [02/05/2009 06:44 PM 206088]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 02:18 PM 995328]
"FixCamera"="c:\windows\FixCamera.exe" [02/12/2007 02:50 PM 20480]
"tsnp325"="c:\windows\tsnp325.exe" [10/10/2006 03:49 PM 270336]
"snp325"="c:\windows\vsnp325.exe" [10/10/2006 02:11 PM 827392]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM 282624 c:\windows\stsystra.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 02:56 AM 110592 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 02:56 AM 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [02/26/2007 01:01 AM 437160]
c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\(*)(*)(*)(*)(*)(*)(*)(*)s and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkb d.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll,c: \progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~ 1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Bluetooth.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^Styler.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^TransBar.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^UberIcon.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^(*)(*)(*)(*)(*)(*)(*)(*)s and Settings^winXP^قائمة ابدأ^البرامج^بدء التشغيل^Y'z Shadow.lnk]
path=c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\قائمة ابدأ\البرامج\بدء التشغيل\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 10/15/2008 01:04 AM 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 12/23/2006 06:05 PM 143360 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 08/03/2006 06:51 PM 1032192 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 02/12/2007 02:50 PM 20480 c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a--c--- 10/28/2008 07:08 PM 2606512 c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
-----c--- 10/13/2004 07:24 PM 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 02/06/2009 06:53 PM 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 01/12/2006 03:40 PM 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a--c--- 11/10/2008 03:07 PM 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a--c--- 11/20/2008 02:45 PM 14202672 c:\program files\ooVoo\ooVoo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 11/10/2005 01:03 PM 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 03/08/2006 12:48 PM 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 07/04/2008 09:59 PM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
--a--c--- 02/12/2008 05:34 PM 456024 c:\program files\WebcamMax\wcmmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
--a--c--- 08/04/2004 02:56 AM 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 03/24/2006 05:30 PM 282624 c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"tsnp325"=c:\windows\tsnp325.exe
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"snp325"=c:\windows\vsnp325.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MS Config.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr .exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*
"443:UDP"= 443:UDP:*
"37674:TCP"= 37674:TCP:*
"37674:UDP"= 37674:UDP:*
"37675:UDP"= 37675:UDP:*
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CAMTHWDM.sys [2008-02-09 941784]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2009-01-12 10253056]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5be7ca8e-aa7f-11dd-b41d-0016414b9dfa}]
\(*)(*)(*)(*)l\AutoRun\command - F:\invwft2h.com
\(*)(*)(*)(*)l\explore\Command - F:\invwft2h.com
\(*)(*)(*)(*)l\open\Command - F:\invwft2h.com
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{67c2260d-af53-11dd-b42a-0015c50b881d}]
\(*)(*)(*)(*)l\AutoRun\command - wqesvxa.exe
\(*)(*)(*)(*)l\open\Command - wqesvxa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{73657792-3925-11dc-84fd-0019b96c3846}]
\(*)(*)(*)(*)l\AutoRun\command - RavMon.exe
\(*)(*)(*)(*)l\explore\Command - RavMon.exe -e
\(*)(*)(*)(*)l\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{73657793-3925-11dc-84fd-0019b96c3846}]
\(*)(*)(*)(*)l\AutoRun\command - RavMon.exe
\(*)(*)(*)(*)l\explore\Command - RavMon.exe -e
\(*)(*)(*)(*)l\open\Command - RavMon.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
(*)(*)(*)(*)(*)(*)(*)s of the 'Scheduled Tasks' folder
2009-03-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [12/21/2007 03:17 PM]
2009-03-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [11/03/2006 07:20 PM]
2009-03-25 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: "إضافة إلى حاجب الدعايات" - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
FF - ProfilePath - c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Mozilla\Firefox\Profiles\30nvxep0.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\(*)(*)(*)(*)(*)(*)(*)(*)s and settings\winXP\Application Data\Mozilla\Firefox\Profiles\30nvxep0.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.40115.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.40115.0\npctrl.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-03-25 19:28:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\IWPDGINA.DLL
c:\program files\Intel\Wireless\Bin\SsoGnARA.dll
.
Completion time: 03/25/2009 19:29:30
ComboFix-quarantined-files.txt 2009-03-25 16:29:24
ComboFix2.txt 2009-03-19 18:06:42
ComboFix3.txt 2009-03-19 14:47:01
ComboFix4.txt 2009-03-11 18:53:58
ComboFix5.txt 2009-03-25 16:27:03
Pre-Run: 12,532,043,776 bytes free
Post-Run: 12,524,724,224 bytes free
315 --- E O F --- 2009-03-19 23:49:41
