tebib mohamed
زيزوومي جديد
غير متصل
اخواني لقد سئمت من الفيروس riskware invader اريد حلا اليكم تقرير ComboFix 09-05-13.04 - mohamed 14/05/2009 18:50.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.213.1036.18.255.118 [GMT 2:00]
Running from: c:\documents and settings\mohamed\Mes documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system\oeminfo.ini
c:\windows\system32\azton.mt
c:\windows\system32\kr_done1
c:\windows\system32\Ultra.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.
2009-05-14 16:46 . 2009-05-14 16:47 -------- d-----w C:\32788R22FWJFW
2009-05-13 14:38 . 2009-05-13 14:38 72 ----a-w c:\windows\system\Eval.Dat
2009-05-11 22:28 . 2009-05-11 22:28 -------- d-----w c:\program files\i-Media
2009-05-11 22:28 . 2009-05-11 22:28 -------- d-----w c:\program files\Goto
2009-04-27 22:59 . 2009-05-07 09:06 -------- d-----w c:\program files\QuickMediaConverter
2009-04-27 03:46 . 2009-04-27 03:46 -------- d-----w c:\documents and settings\mohamed\Local Settings\Application Data\Babylon
2009-04-26 03:50 . 2009-05-14 09:27 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-04-23 16:53 . 2009-04-23 16:53 -------- d-----w c:\program files\Fichiers communs\Common Share
2009-04-23 16:53 . 2008-12-18 11:38 719872 ----a-w c:\windows\system32\devil.dll
2009-04-23 16:53 . 2008-12-18 11:38 351744 ----a-w c:\windows\system32\avisynth.dll
2009-04-23 16:53 . 2008-12-18 11:38 1700352 ----a-w c:\windows\system32\gdiplus.dll
2009-04-23 16:53 . 2009-04-23 16:53 -------- d-----w c:\program files\OJOsoft
2009-04-21 20:57 . 2009-04-21 20:57 -------- d-----w C:\tmp
2009-04-21 20:25 . 2009-04-21 20:25 -------- d-----w C:\tmpDownload
2009-04-20 22:07 . 2009-04-21 21:15 -------- d-----w C:\YouTubeGet
2009-04-20 20:34 . 2009-04-20 20:34 -------- d-----w c:\documents and settings\mohamed\Application Data\Ahead
2009-04-17 08:59 . 2009-04-17 08:59 -------- d-----w c:\documents and settings\fmz-abd-abdr-omar\Application Data\Yahoo!
2009-04-17 04:16 . 2009-04-17 04:16 -------- d-----w c:\program files\SuperCopier2
2009-04-17 03:59 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 03:59 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 03:59 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 03:59 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 03:59 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 03:59 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 03:59 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 03:59 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 03:59 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 02:22 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
2009-04-17 02:20 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 16:37 . 2009-03-25 21:15 9673248 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-14 16:34 . 2009-03-25 21:15 319264 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-14 10:30 . 2009-03-25 21:15 33176 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-14 10:30 . 2009-03-25 21:15 132788 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-06 21:19 . 2008-09-06 00:04 -------- d-----w c:\program files\PcBugDoctor
2009-04-26 03:50 . 2009-02-11 23:41 -------- d-----w c:\program files\Google
2009-04-17 09:02 . 2001-08-28 12:00 75800 ----a-w c:\windows\system32\perfc00C.dat
2009-04-17 09:02 . 2001-08-28 12:00 467686 ----a-w c:\windows\system32\perfh00C.dat
2009-04-12 12:29 . 2008-12-12 15:39 78552 ----a-w c:\documents and settings\fmz-abd-abdr-omar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 15:53 . 2009-04-10 15:53 -------- d-----w c:\program files\Cucusoft
2009-04-10 15:43 . 2008-10-06 20:47 -------- d-----w c:\program files\Total Video Converter
2009-04-10 04:17 . 2009-04-09 21:26 -------- d-----w c:\program files\ABC Amber ePub Converter
2009-04-09 21:06 . 2009-04-09 21:06 -------- d-----w c:\program files\AdultPDF
2009-04-08 12:38 . 2008-08-29 23:48 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 21:24 . 2009-04-01 21:54 -------- d-----w c:\program files\SpeedBit Toolbar
2009-04-02 20:32 . 2009-04-01 22:32 -------- d-----w c:\program files\SpeedBit Video Accelerator
2009-04-02 12:09 . 2009-02-26 23:45 -------- d-----w c:\program files\MultiTranse
2009-04-02 11:39 . 2008-08-31 23:06 78552 ----a-w c:\documents and settings\mohamed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 22:32 . 2009-04-01 22:32 -------- d-----w c:\program files\AskSBar
2009-04-01 21:54 . 2009-04-01 21:54 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-04-01 21:37 . 2009-03-26 22:54 -------- d-----w c:\program files\Mass Downloader
2009-04-01 21:07 . 2009-04-01 21:07 -------- d-----w c:\program files\uTorrent
2009-03-27 10:56 . 2009-03-27 10:56 -------- d-----w c:\program files\THQ
2009-03-26 23:50 . 2007-10-31 12:41 112144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-03-26 23:50 . 2009-03-25 21:16 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-26 23:50 . 2009-03-25 21:16 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-26 19:37 . 2009-03-26 19:35 30464 ----a-w c:\windows\VDM44.tmp
2009-03-26 19:20 . 2009-03-26 19:20 -------- d-----w c:\program files\Yahoo!
2009-03-25 21:15 . 2009-03-25 21:15 -------- d-----w c:\program files\Kaspersky Lab
2009-03-22 11:08 . 2009-03-22 11:07 -------- d-----w c:\program files\Family Programs 2
2009-03-22 11:07 . 2009-03-22 11:07 -------- d-----w c:\program files\Common Files
2009-03-21 20:18 . 2009-03-20 22:11 -------- d-----w c:\program files\McAfee
2009-03-20 22:08 . 2009-03-20 22:08 -------- d-----w c:\program files\McAfee VirusScan Home Edition 7.0 Demo
2009-03-06 14:20 . 2004-08-19 21:09 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-19 21:09 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-26 23:49 . 2009-02-26 23:49 0 ----a-w c:\program files\MultiTransefind.ini
2009-02-20 17:10 . 2009-03-26 19:13 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-19 07:18 . 2008-08-31 18:05 23704 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-04-01 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-04-01 22:32 66912 ----a-w c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"IDMan"="c:\documents and settings\mohamed\Mes documents\logiciels\Portable IDM v5.14 Build 5\IDM 5.14 B5 Portable\App\Internet Download Manager\IDMan.exe" [2008-09-16 2606512]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Google Update"="c:\documents and settings\mohamed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-26 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\evntsvc.exe" [2008-10-02 146432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"Cmaudio"="cmicnfg.cpl" [BU]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-29 921600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_04"="md %USERPROFILE%\Local Settings\Temp" [X]
"nlpo_05"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nlpo_01"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"nlpo_02"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"nlpo_03"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"nlpo_06"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"nlpo_07"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\mohamed\Menu D‚marrer\Programmes\D‚marrage\
Reboot.exe [2004-10-1 334336]
c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-9 610365]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\mohamed\\Mes documents\\logiciels\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 14:28 24592]
S3 AutorunDirectIO;AutorunDirectIO;\??\e:\autorun\DIODrvr.sys --> e:\autorun\DIODrvr.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06b9a6c6-78d0-11dd-aca0-00142abf1dcb}]
\Shell\AutoRun\command - 1utbfd.bat
\Shell\open\Command - 1utbfd.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89fb92d4-3277-11de-8d3a-00142abf1dcb}]
\Shell\AutoRun\command - bndlma.exe
\Shell\explore\Command - bndlma.exe
\Shell\open\Command - bndlma.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 08:20]
2009-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-920026266-839522115-1003.job
- c:\documents and settings\mohamed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-26 20:56]
2008-10-03 c:\windows\Tasks\PcbugDoctormohamed.job
- c:\program files\PcBugDoctor\PcBugDoctor.exe [2004-02-16 12:57]
2009-05-14 c:\windows\Tasks\User_Feed_Synchronization-{BA680058-E82B-403D-A6FE-D0C19B502787}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
2009-05-14 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\documents and settings\mohamed\Mes documents\logiciels\Portable IDM v5.14 Build 5\IDM 5.14 B5 Portable\App\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\documents and settings\mohamed\Mes documents\logiciels\Portable IDM v5.14 Build 5\IDM 5.14 B5 Portable\App\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\documents and settings\mohamed\Mes documents\logiciels\Portable IDM v5.14 Build 5\IDM 5.14 B5 Portable\App\Internet Download Manager\IEGetAll.htm
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Fichiers communs\Microsoft Shared\Information Retrieval\itss51.dll
FF - ProfilePath - c:\documents and settings\mohamed\Application Data\Mozilla\Firefox\Profiles\o6m6jlhv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\documents and settings\mohamed\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\mohamed\Application Data\Mozilla\Firefox\Profiles\o6m6jlhv.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\mohamed\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-14 19:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\mohamed\LOCALS~1\Temp\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5a8144b3-9808-4e0a-9e71-bf6434847764}]
@Denied: (Full) (Everyone)
"Model"=dword:00000041
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d0,b7,55,11,17,01,cf,c4,65,2a,6c,67,81,c8,62,56,02,51,ea,0a,3a,
a8,3b,95,2e,0e,a8,6c,da,72,95,3d,cd,2e,35,5e,f8,2d,b6,ab,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1068)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
Completion time: 2009-05-14 19:15
ComboFix-quarantined-files.txt 2009-05-14 17:15
ComboFix2.txt 2008-12-15 22:36
Pre-Run: 6 372 057 088 octets libres
Post-Run: 6 482 391 040 octets libres
257 --- E O F --- 2009-04-27 03:30 شكرا على المساعدة
Microsoft Windows XP Professionnel 5.1.2600.3.1256.213.1036.18.255.118 [GMT 2:00]
Running from: c:\documents and settings\mohamed\Mes documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system\oeminfo.ini
c:\windows\system32\azton.mt
c:\windows\system32\kr_done1
c:\windows\system32\Ultra.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.
2009-05-14 16:46 . 2009-05-14 16:47 -------- d-----w C:\32788R22FWJFW
2009-05-13 14:38 . 2009-05-13 14:38 72 ----a-w c:\windows\system\Eval.Dat
2009-05-11 22:28 . 2009-05-11 22:28 -------- d-----w c:\program files\i-Media
2009-05-11 22:28 . 2009-05-11 22:28 -------- d-----w c:\program files\Goto
2009-04-27 22:59 . 2009-05-07 09:06 -------- d-----w c:\program files\QuickMediaConverter
2009-04-27 03:46 . 2009-04-27 03:46 -------- d-----w c:\documents and settings\mohamed\Local Settings\Application Data\Babylon
2009-04-26 03:50 . 2009-05-14 09:27 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-04-23 16:53 . 2009-04-23 16:53 -------- d-----w c:\program files\Fichiers communs\Common Share
2009-04-23 16:53 . 2008-12-18 11:38 719872 ----a-w c:\windows\system32\devil.dll
2009-04-23 16:53 . 2008-12-18 11:38 351744 ----a-w c:\windows\system32\avisynth.dll
2009-04-23 16:53 . 2008-12-18 11:38 1700352 ----a-w c:\windows\system32\gdiplus.dll
2009-04-23 16:53 . 2009-04-23 16:53 -------- d-----w c:\program files\OJOsoft
2009-04-21 20:57 . 2009-04-21 20:57 -------- d-----w C:\tmp
2009-04-21 20:25 . 2009-04-21 20:25 -------- d-----w C:\tmpDownload
2009-04-20 22:07 . 2009-04-21 21:15 -------- d-----w C:\YouTubeGet
2009-04-20 20:34 . 2009-04-20 20:34 -------- d-----w c:\documents and settings\mohamed\Application Data\Ahead
2009-04-17 08:59 . 2009-04-17 08:59 -------- d-----w c:\documents and settings\fmz-abd-abdr-omar\Application Data\Yahoo!
2009-04-17 04:16 . 2009-04-17 04:16 -------- d-----w c:\program files\SuperCopier2
2009-04-17 03:59 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 03:59 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 03:59 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 03:59 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 03:59 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 03:59 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 03:59 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 03:59 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 03:59 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 02:22 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
2009-04-17 02:20 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 16:37 . 2009-03-25 21:15 9673248 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-14 16:34 . 2009-03-25 21:15 319264 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-14 10:30 . 2009-03-25 21:15 33176 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-14 10:30 . 2009-03-25 21:15 132788 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-06 21:19 . 2008-09-06 00:04 -------- d-----w c:\program files\PcBugDoctor
2009-04-26 03:50 . 2009-02-11 23:41 -------- d-----w c:\program files\Google
2009-04-17 09:02 . 2001-08-28 12:00 75800 ----a-w c:\windows\system32\perfc00C.dat
2009-04-17 09:02 . 2001-08-28 12:00 467686 ----a-w c:\windows\system32\perfh00C.dat
2009-04-12 12:29 . 2008-12-12 15:39 78552 ----a-w c:\documents and settings\fmz-abd-abdr-omar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 15:53 . 2009-04-10 15:53 -------- d-----w c:\program files\Cucusoft
2009-04-10 15:43 . 2008-10-06 20:47 -------- d-----w c:\program files\Total Video Converter
2009-04-10 04:17 . 2009-04-09 21:26 -------- d-----w c:\program files\ABC Amber ePub Converter
2009-04-09 21:06 . 2009-04-09 21:06 -------- d-----w c:\program files\AdultPDF
2009-04-08 12:38 . 2008-08-29 23:48 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 21:24 . 2009-04-01 21:54 -------- d-----w c:\program files\SpeedBit Toolbar
2009-04-02 20:32 . 2009-04-01 22:32 -------- d-----w c:\program files\SpeedBit Video Accelerator
2009-04-02 12:09 . 2009-02-26 23:45 -------- d-----w c:\program files\MultiTranse
2009-04-02 11:39 . 2008-08-31 23:06 78552 ----a-w c:\documents and settings\mohamed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 22:32 . 2009-04-01 22:32 -------- d-----w c:\program files\AskSBar
2009-04-01 21:54 . 2009-04-01 21:54 50688 ----a-w c:\windows\system32\wbhelp2.dll
2009-04-01 21:37 . 2009-03-26 22:54 -------- d-----w c:\program files\Mass Downloader
2009-04-01 21:07 . 2009-04-01 21:07 -------- d-----w c:\program files\uTorrent
2009-03-27 10:56 . 2009-03-27 10:56 -------- d-----w c:\program files\THQ
2009-03-26 23:50 . 2007-10-31 12:41 112144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-03-26 23:50 . 2009-03-25 21:16 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-26 23:50 . 2009-03-25 21:16 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-26 19:37 . 2009-03-26 19:35 30464 ----a-w c:\windows\VDM44.tmp
2009-03-26 19:20 . 2009-03-26 19:20 -------- d-----w c:\program files\Yahoo!
2009-03-25 21:15 . 2009-03-25 21:15 -------- d-----w c:\program files\Kaspersky Lab
2009-03-22 11:08 . 2009-03-22 11:07 -------- d-----w c:\program files\Family Programs 2
2009-03-22 11:07 . 2009-03-22 11:07 -------- d-----w c:\program files\Common Files
2009-03-21 20:18 . 2009-03-20 22:11 -------- d-----w c:\program files\McAfee
2009-03-20 22:08 . 2009-03-20 22:08 -------- d-----w c:\program files\McAfee VirusScan Home Edition 7.0 Demo
2009-03-06 14:20 . 2004-08-19 21:09 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-19 21:09 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-26 23:49 . 2009-02-26 23:49 0 ----a-w c:\program files\MultiTransefind.ini
2009-02-20 17:10 . 2009-03-26 19:13 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-19 07:18 . 2008-08-31 18:05 23704 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-04-01 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-04-01 22:32 66912 ----a-w c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"IDMan"="c:\documents and settings\mohamed\Mes documents\logiciels\Portable IDM v5.14 Build 5\IDM 5.14 B5 Portable\App\Internet Download Manager\IDMan.exe" [2008-09-16 2606512]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Google Update"="c:\documents and settings\mohamed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-26 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\evntsvc.exe" [2008-10-02 146432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"Cmaudio"="cmicnfg.cpl" [BU]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-29 921600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_04"="md %USERPROFILE%\Local Settings\Temp" [X]
"nlpo_05"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nlpo_01"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"nlpo_02"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"nlpo_03"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"nlpo_06"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"nlpo_07"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\mohamed\Menu D‚marrer\Programmes\D‚marrage\
Reboot.exe [2004-10-1 334336]
c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-9 610365]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\mohamed\\Mes documents\\logiciels\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 14:28 24592]
S3 AutorunDirectIO;AutorunDirectIO;\??\e:\autorun\DIODrvr.sys --> e:\autorun\DIODrvr.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06b9a6c6-78d0-11dd-aca0-00142abf1dcb}]
\Shell\AutoRun\command - 1utbfd.bat
\Shell\open\Command - 1utbfd.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89fb92d4-3277-11de-8d3a-00142abf1dcb}]
\Shell\AutoRun\command - bndlma.exe
\Shell\explore\Command - bndlma.exe
\Shell\open\Command - bndlma.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 08:20]
2009-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-920026266-839522115-1003.job
- c:\documents and settings\mohamed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-26 20:56]
2008-10-03 c:\windows\Tasks\PcbugDoctormohamed.job
- c:\program files\PcBugDoctor\PcBugDoctor.exe [2004-02-16 12:57]
2009-05-14 c:\windows\Tasks\User_Feed_Synchronization-{BA680058-E82B-403D-A6FE-D0C19B502787}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
2009-05-14 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\documents and settings\mohamed\Mes documents\logiciels\Portable IDM v5.14 Build 5\IDM 5.14 B5 Portable\App\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\documents and settings\mohamed\Mes documents\logiciels\Portable IDM v5.14 Build 5\IDM 5.14 B5 Portable\App\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\documents and settings\mohamed\Mes documents\logiciels\Portable IDM v5.14 Build 5\IDM 5.14 B5 Portable\App\Internet Download Manager\IEGetAll.htm
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Fichiers communs\Microsoft Shared\Information Retrieval\itss51.dll
FF - ProfilePath - c:\documents and settings\mohamed\Application Data\Mozilla\Firefox\Profiles\o6m6jlhv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2095689&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\documents and settings\mohamed\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\mohamed\Application Data\Mozilla\Firefox\Profiles\o6m6jlhv.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\mohamed\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-14 19:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\mohamed\LOCALS~1\Temp\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5a8144b3-9808-4e0a-9e71-bf6434847764}]
@Denied: (Full) (Everyone)
"Model"=dword:00000041
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d0,b7,55,11,17,01,cf,c4,65,2a,6c,67,81,c8,62,56,02,51,ea,0a,3a,
a8,3b,95,2e,0e,a8,6c,da,72,95,3d,cd,2e,35,5e,f8,2d,b6,ab,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1068)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
Completion time: 2009-05-14 19:15
ComboFix-quarantined-files.txt 2009-05-14 17:15
ComboFix2.txt 2008-12-15 22:36
Pre-Run: 6 372 057 088 octets libres
Post-Run: 6 482 391 040 octets libres
257 --- E O F --- 2009-04-27 03:30 شكرا على المساعدة
