هذا تقرير اداة combofix
ComboFix 09-04-21.A3 - Me 04/23/2009 4:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.758.422 [GMT -7:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.
2009-04-23 09:51 . 2009-04-23 09:51 -------- d-----w c:\documents and settings\Me\Application Data\CyberScrub
2009-04-23 09:50 . 2009-04-23 09:50 -------- d-----w c:\documents and settings\Me\Application Data\cleaner
2009-04-23 06:11 . 2009-04-23 06:11 -------- d-----w c:\documents and settings\Me\Phone Browser
2009-04-23 06:09 . 2009-04-23 06:09 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-23 06:09 . 2009-04-23 06:10 -------- d-----w c:\documents and settings\Me\Application Data\Nokia
2009-04-23 06:08 . 2009-04-23 06:09 -------- d-----w c:\documents and settings\Me\Application Data\PC Suite
2009-04-23 06:07 . 2007-02-22 18:15 12288 ----a-w c:\windows\system32\drivers\nmwcdcm.sys
2009-04-23 06:07 . 2007-02-22 18:15 12288 ----a-w c:\windows\system32\drivers\nmwcdcj.sys
2009-04-23 06:07 . 2007-02-22 18:15 8320 ----a-w c:\windows\system32\drivers\nmwcdc.sys
2009-04-23 06:07 . 2007-02-22 18:15 137216 ----a-w c:\windows\system32\drivers\nmwcd.sys
2009-04-23 06:07 . 2007-02-22 18:15 65536 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-04-23 06:07 . 2007-02-22 18:15 90624 ----a-w c:\windows\system32\nmwcdcls.dll
2009-04-23 06:07 . 2009-04-23 06:07 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-04-23 04:46 . 2009-04-23 04:46 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-22 05:54 . 2009-04-23 09:51 3131424 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-22 05:54 . 2009-04-22 05:54 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-22 05:53 . 2008-07-08 20:54 148496 ----a-w c:\windows\system32\drivers\93769512.sys
2009-04-21 06:05 . 2006-02-28 12:00 37888 ----a-w c:\windows\system32\url.backup
2009-04-21 05:52 . 2009-04-21 05:52 -------- d-----w c:\documents and settings\Administrator\Application Data\Avant Profiles
2009-04-21 05:46 . 2006-08-02 22:01 138 ----a-w c:\windows\system32\VIPuninstall.bat
2009-04-21 05:46 . 2006-06-15 04:29 54689 ----a-w c:\windows\system32\VIPicon.ico
2009-04-21 05:46 . 2006-02-28 12:00 2940928 ----a-w c:\windows\system32\wmploc.backup
2009-04-21 05:46 . 2009-04-21 05:46 0 ----a-w C:\_@1A1.tmp
2009-04-21 05:46 . 2006-02-28 12:00 1492480 ----a-w c:\windows\system32\shdocvw.backup
2009-04-21 05:46 . 2006-02-28 12:00 1022976 ----a-w c:\windows\system32\browseui.backup
2009-04-21 05:46 . 2006-02-28 12:00 358400 ----a-w c:\windows\system32\inetcpl.backup
2009-04-21 05:44 . 2006-02-28 12:00 96256 ----a-w c:\windows\system32\occache.backup
2009-04-21 05:41 . 2006-08-16 06:21 96 ----a-w c:\windows\docs.ini
2009-04-21 05:41 . 2006-08-16 06:19 97 ----a-w c:\documents and settings\win.ini
2009-04-21 05:41 . 2003-06-22 19:31 65536 ----a-w c:\windows\system32\vbalProgBar6.ocx
2009-04-21 05:40 . 2009-04-21 05:40 -------- d-----w c:\documents and settings\Me\Local Settings\Application Data\Stardock
2009-04-20 08:55 . 2009-04-21 06:36 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-20 08:55 . 2009-04-20 08:55 1409 ----a-w c:\windows\QTFont.for
2009-04-20 07:03 . 2009-04-20 07:03 -------- d-s---w c:\documents and settings\Me\UserData
2009-04-20 06:08 . 2009-04-20 06:08 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-04-20 06:08 . 2009-04-20 06:08 -------- d-----w c:\documents and settings\Me\Contacts
2009-04-20 05:49 . 2009-04-20 05:49 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-20 05:49 . 2009-04-20 05:49 232 ---ha-w C:\sqmdata05.sqm
2009-04-20 05:48 . 2009-04-20 05:48 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-20 05:48 . 2009-04-20 05:48 232 ---ha-w C:\sqmdata04.sqm
2009-04-20 05:47 . 2009-04-20 05:47 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-20 05:47 . 2009-04-20 05:47 232 ---ha-w C:\sqmdata03.sqm
2009-04-20 05:46 . 2009-04-20 05:46 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-20 05:46 . 2009-04-20 05:46 232 ---ha-w C:\sqmdata02.sqm
2009-04-20 05:37 . 2009-04-20 05:37 -------- d-----w c:\documents and settings\Me\Application Data\Avant Profiles
2009-04-20 05:35 . 2009-04-20 05:35 -------- d-----w c:\documents and settings\Me\Local Settings\Application Data\ESET
2009-04-20 05:24 . 2009-04-22 10:13 -------- d-----w c:\documents and settings\Me\Application Data\U3
2009-04-20 05:22 . 2009-04-20 05:22 268 ---ha-w C:\sqmdata01.sqm
2009-04-20 05:22 . 2009-04-20 05:22 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-20 05:22 . 2009-04-20 05:22 99496 ----a-w c:\documents and settings\Me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-20 05:22 . 2009-04-20 05:22 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-20 05:04 . 2007-07-21 04:36 54272 ----a-r c:\windows\system32\drivers\dm9usb.sys
2009-04-20 03:23 . 2008-03-04 01:21 568 ---ha-w c:\windows\nod32fixtemdono.reg
2009-04-20 03:23 . 2008-03-03 21:25 5702 ---ha-w c:\windows\nod32restoretemdono.reg
2009-04-20 03:22 . 2009-04-20 03:22 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-20 03:20 . 2006-06-01 15:55 244864 ----a-w c:\windows\system32\drivers\yk51x86.sys
2009-04-20 03:19 . 2009-04-20 03:19 940794 ----a-w c:\windows\system32\LoopyMusic.wav
2009-04-20 03:19 . 2009-04-20 03:19 146650 ----a-w c:\windows\system32\BuzzingBee.wav
2009-04-20 03:19 . 2009-04-20 03:19 -------- d-----w c:\windows\system32\Lang
2009-04-20 03:16 . 2004-08-04 07:56 4096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
2009-04-20 03:15 . 2009-04-20 03:15 83 ----a-w c:\windows\QtZgAcer.UNI
2009-04-20 03:14 . 2006-07-14 19:13 5120 ----a-w c:\windows\system32\FILTRCOI.DLL
2009-04-20 03:14 . 2006-07-14 19:13 16896 ----a-w c:\windows\system32\drivers\DKbFltr.SYS
2009-04-20 03:14 . 2006-07-14 19:13 49152 ----a-w c:\windows\system32\QtBtLib.dll
2009-04-20 03:14 . 2006-07-14 19:13 147456 ----a-w c:\windows\UNINST32.EXE
2009-04-20 03:12 . 2009-04-20 03:12 -------- d-----w c:\windows\tiinst
2009-04-20 03:05 . 2009-04-20 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2009-04-20 03:04 . 2006-06-13 16:57 126976 ----a-w c:\windows\system32\igfxres.dll
2009-04-20 02:54 . 2004-08-04 06:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-20 02:11 . 2009-04-20 02:10 69632 ----a-w c:\windows\system32\javacpl.cpl
2009-04-20 02:08 . 2009-04-20 02:08 268 ---ha-w C:\sqmdata00.sqm
2009-04-20 02:08 . 2009-04-20 02:08 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-20 02:06 . 2009-04-23 06:08 -------- dc----w c:\windows\system32\DRVSTORE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 06:33 . 2009-04-20 01:56 -------- d-----w c:\program files\Common Files\Adobe
2009-04-23 06:31 . 2009-04-20 01:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-23 06:08 . 2009-04-23 06:08 -------- d-----w c:\program files\Common Files\Nokia
2009-04-23 06:08 . 2009-04-23 06:08 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-23 06:08 . 2009-04-23 06:07 -------- d-----w c:\program files\Nokia
2009-04-23 06:08 . 2009-04-23 06:08 -------- d-----w c:\program files\DIFX
2009-04-23 06:08 . 2009-04-23 06:08 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-23 06:07 . 2009-04-23 05:23 -------- d-----w c:\program files\PhotoFiltre
2009-04-23 05:54 . 2009-04-20 01:57 -------- d-----w c:\program files\Winamp
2009-04-21 10:36 . 2009-04-20 02:08 -------- d-----w c:\program files\Circle Developement
2009-04-20 07:02 . 2009-04-20 02:08 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-20 07:02 . 2009-04-20 02:06 -------- d-----w c:\program files\MSN Messenger
2009-04-20 05:37 . 2009-04-20 05:37 -------- d-----w c:\program files\Avant Browser
2009-04-20 03:22 . 2009-04-20 03:22 -------- d-----w c:\program files\ESET
2009-04-20 03:16 . 2009-04-20 03:16 -------- d-----w c:\program files\Realtek
2009-04-20 03:16 . 2009-04-20 03:06 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-20 03:15 . 2009-04-20 03:15 -------- d-----w c:\program files\Launch Manager
2009-04-20 03:12 . 2009-04-20 03:12 -------- d-----w c:\program files\WIDCOMM
2009-04-20 03:06 . 2009-04-20 03:06 -------- d-----w c:\program files\Synaptics
2009-04-20 03:06 . 2009-04-20 03:06 -------- d-----w c:\program files\Atheros
2009-04-20 02:55 . 2009-04-20 02:55 -------- d-----w c:\program files\Intel
2009-04-20 02:10 . 2009-04-20 02:10 -------- d-----w c:\program files\Java
2009-04-20 02:10 . 2009-04-20 02:10 -------- d-----w c:\program files\Common Files\Java
2009-04-20 02:10 . 2006-02-28 12:00 502272 ----a-w c:\windows\system32\winlogon.exe
2009-04-20 02:10 . 2009-04-20 02:10 2232 ----a-w c:\windows\java\Packages\Data\777JJRTF.DAT
2009-04-20 02:10 . 2009-04-20 02:10 155995 ----a-w c:\windows\java\Packages\HF3VZ7FH.ZIP
2009-04-20 02:09 . 2009-04-20 02:09 2678 ----a-w c:\windows\java\Packages\Data\E7RZD7Z3.DAT
2009-04-20 02:09 . 2009-04-20 02:09 2678 ----a-w c:\windows\java\Packages\Data\ZNNRVJ1R.DAT
2009-04-20 02:09 . 2009-04-20 02:09 2678 ----a-w c:\windows\java\Packages\Data\YJ1V7ZNV.DAT
2009-04-20 02:09 . 2009-04-20 02:09 2678 ----a-w c:\windows\java\Packages\Data\UPVXZZHN.DAT
2009-04-20 02:09 . 2009-04-20 02:09 2678 ----a-w c:\windows\java\Packages\Data\60MVB5V5.DAT
2009-04-20 02:08 . 2009-04-20 02:08 -------- d-----w c:\program files\Windows Live
2009-04-20 02:06 . 2009-04-20 02:06 -------- d-----w c:\program files\Common Files\xing shared
2009-04-20 02:06 . 2009-04-20 02:05 -------- d-----w c:\program files\Common Files\Real
2009-04-20 02:06 . 2009-04-20 01:51 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-20 02:06 . 2009-04-20 01:51 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-20 02:05 . 2009-04-20 02:05 -------- d-----w c:\program files\Real
2009-04-20 01:59 . 2009-04-20 01:59 -------- d-----w c:\program files\QuickTime
2009-04-20 01:59 . 2009-04-20 01:57 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-20 01:59 . 2009-04-20 01:59 -------- d-----w c:\program files\Apple Software Update
2009-04-20 01:58 . 2009-04-20 01:58 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-20 01:54 . 2009-04-20 01:54 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-20 01:53 . 2009-04-20 01:53 172032 ------w c:\windows\Setup1.exe
2009-04-20 01:53 . 2009-04-20 01:53 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-20 01:52 . 2009-04-20 01:52 -------- d-----w c:\program files\Common Files\CyberLink
2009-04-20 01:51 . 2009-04-20 01:51 -------- d-----w c:\program files\CyberLink
2009-04-20 01:50 . 2009-04-20 01:17 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-20 01:39 . 2009-04-20 01:29 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-20 01:38 . 2009-04-20 01:38 -------- d-----w c:\program files\Microsoft Works
2009-04-20 01:38 . 2009-04-20 01:38 -------- d-----w c:\program files\MSBuild
2009-04-20 01:18 . 2009-04-20 01:18 -------- d-----w c:\program files\microsoft frontpage
2009-04-20 01:14 . 2009-04-20 01:14 21640 ----a-w c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2009-04-20 02:10 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-20 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-04-20 77824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 471040]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 53248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-07-19 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-19 16248320]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-14 88204]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-22 113664]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-02-28 3584]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
S1 is-MQF5Jdrv;is-MQF5Jdrv;c:\windows\system32\DRIVERS\93769512.sys [2008-07-08 148496]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\dm9usb.sys [2007-07-21 54272]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14226968-2f2a-11de-9994-001636a5911a}]
\Shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{171e66b5-2d6b-11de-998b-00606e0032a2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{171e66b7-2d6b-11de-998b-00606e0032a2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 21:21]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-VIPv3_Auto_Update - (no file)
HKLM-Run-VisualTooltip - (no file)
HKLM-Run-Vistadrv - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = proxy5.yanbulink.net:8080
IE: أضف إلى قائمة الإعلانات السوداء - c:\program files\Avant Browser\AddToADBlackList.htm
IE: إفتح في المتصفّح الرائد الجديد - c:\program files\Avant Browser\OpenInNewBrowser.htm
IE: إمنع كلّ الصور من نفس الخادم - c:\program files\Avant Browser\AddAllToADBlackList.htm
IE: ابراز - c:\program files\Avant Browser\Highlight.htm
IE: افتح كل الوصلات التي بهذه الصفحة ... - c:\program files\Avant Browser\OpenAllLinks.htm
IE: بحث - c:\program files\Avant Browser\Search.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-23 04:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-23 4:36
ComboFix-quarantined-files.txt 2009-04-23 11:36
Pre-Run: 20,935,839,744 bytes free
Post-Run: 21,000,011,776 bytes free
234 --- E O F --- 2009-04-21 05:00
_________________________________
بعد عمل التقرير ارجو الاطلاع على الموضوع التالي :
اخوي طبقت اللي موجود بالشرح
لكن رساله اعادة تشغيل الجهاز ماظهرت لي
اعدت تشغيل الجهاز يدوياً ,, لكن المشكلة مازالت قائمة :f:
