السلام عليكم و رحمة الله
الجهاز مرة واحدة اتقلب حالة الكاسبر كل شوية يطلع لي رسالة فية فيروس و مسحت لغاية دلوقتي فوق 130 فيروس و لسة كل شوية رسالة و جربت اعمل سكان بالباندا اللي طلع مفيش حاجة و عملت سكان ب سبايوير دكتور و اميرجنسي سباي و جيكز و hijack this و نفذت كل اللي قالوة و كل اللي شايفة ملفات dll بتتحذف و بدأ ملفات exe اللي كل الجهاز تضرب اعمل اية و كان في اخ بيشتكي من نفس الفيروس تقريبا و المدير طلب منة سكان ببرنامج معين و ادي اللوج فايل بتاعة
ComboFix 08-07-29.1 - smart 07/30/2008 9:32:41.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.457 [GMT 3:00]
Running from: C:\Documents and Settings\smart\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Messenger\msgmr.dll
C:\WINDOWS\system32\fackwir.dll
C:\WINDOWS\Update.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 06:34 60,116 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-30 06:34 58,144 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-30 06:34 3,942,432 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-30 06:34 16,964 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-30 05:56 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 05:56 --------- d-----w C:\Documents and Settings\smart\Application Data\Malwarebytes
2008-07-30 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 18:20 24,576 ----a-w C:\WINDOWS\system32\tiplict.dll
2008-07-29 18:20 24,576 ----a-w C:\WINDOWS\system32\manleu.dll
2008-07-29 18:04 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-07-29 18:04 --------- d-----w C:\Documents and Settings\smart\Application Data\PC Tools
2008-07-29 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-28 02:12 --------- d-----w C:\Program Files\Motorola
2008-07-23 22:32 286,720 ------w C:\WINDOWS\Setup1.exe
2008-07-23 17:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 17:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-17 21:05 --------- d-----w C:\Documents and Settings\smart\Application Data\NCH Swift Sound
2008-07-16 09:51 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-07-14 21:44 44 ----a-w C:\ain.dll
2008-07-11 17:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-07-05 20:58 704 ----a-w C:\Dionakra.DAT
2008-07-03 20:01 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-03 20:01 --------- d-----w C:\Documents and Settings\smart\Application Data\IDM
2008-07-03 20:01 --------- d-----w C:\Documents and Settings\smart\Application Data\DMCache
2008-06-29 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\NFS Underground
2008-06-29 20:37 --------- d-----w C:\Program Files\Common Files\DirectX
2008-06-27 22:19 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-27 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-26 20:48 --------- d-----w C:\Program Files\Harf
2008-06-26 20:38 --------- d-----w C:\Program Files\CCleaner
2008-06-26 20:37 --------- d-----w C:\Program Files\RightClickGoogleSearchOpenSelectedURL
2008-06-26 20:37 --------- d-----w C:\Program Files\Extension Changer
2008-06-26 11:49 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-06-26 11:21 --------- d-----w C:\Program Files\NextSecurity.NET
2008-06-25 19:50 --------- d-----w C:\Documents and Settings\smart\Application Data\InstallShield
2008-06-25 19:47 --------- d-----w C:\Program Files\VIA
2008-06-10 18:22 81,288 ----a-w C:\WINDOWS\system32\drivers\IKSYSSEC.SYS
2008-06-02 12:19 66,952 ----a-w C:\WINDOWS\system32\drivers\IKSYSFLT.SYS
2008-06-02 12:19 42,376 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-02 12:19 29,576 ----a-w C:\WINDOWS\system32\drivers\KCOM.SYS
2008-06-02 12:19 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/28/2008 01:17 AM 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/01/2004 12:00 AM 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [04/13/2007 08:26 PM 598920]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/15/2008 08:39 AM 931248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 11:14 AM 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 11:14 AM 81920]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [03/24/2006 07:09 PM 139367]
"nwiz"="nwiz.exe" [10/04/2007 11:14 AM 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [01/01/2004 12:00 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.X264"= x264vfw.dll
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^smart^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\smart\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 01/01/2004 12:00 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:54 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 01/23/2006 02:52 PM 872448 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 06/20/2006 04:02 PM 4538368 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
-ra------ 06/28/2006 09:05 PM 49152 C:\WINDOWS\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 06/20/2006 11:42 PM 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [06/02/2008 03:19 PM]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [12/12/2007 09:35 AM]
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [07/23/2008 08:09 PM]
S3 NSPacket;NextSecurity Packet Driver;C:\WINDOWS\system32\drivers\nspacket.sys [12/06/2004 08:08 PM]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{006CA8A1-61BC-4774-A54C-F49034270BAD} - (no file)
ShellExecuteHooks-{53D44DB6-E22B-4B17-97D3-572C96CCA6E1} - (no file)
SSODL-msnmsg-{DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
Notify-NavLogon - (no file)
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DownloadAccelerator - C:\Program Files\DAP\DAP.EXE
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Download Video -
O8 -: Open Selected URL - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\openselectedurl.htm
O8 -: Search &Google - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\google.htm
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O17 -: HKLM\CCS\Interface\{5A46F3E3-7341-4067-A1C0-4DF408B5BED8}: NameServer = 217.52.47.130,217.52.47.140
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-07-30 09:36:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 07/30/2008 9:36:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 06:36:48
Pre-Run: 8,757,346,304 bytes free
Post-Run: 8,787,607,552 bytes free
184
و دا ص
ورة فيروس كل لما افتح الجهاز بييجي
ودا واحد غيرة
و مستني المساعدة
الجهاز مرة واحدة اتقلب حالة الكاسبر كل شوية يطلع لي رسالة فية فيروس و مسحت لغاية دلوقتي فوق 130 فيروس و لسة كل شوية رسالة و جربت اعمل سكان بالباندا اللي طلع مفيش حاجة و عملت سكان ب سبايوير دكتور و اميرجنسي سباي و جيكز و hijack this و نفذت كل اللي قالوة و كل اللي شايفة ملفات dll بتتحذف و بدأ ملفات exe اللي كل الجهاز تضرب اعمل اية و كان في اخ بيشتكي من نفس الفيروس تقريبا و المدير طلب منة سكان ببرنامج معين و ادي اللوج فايل بتاعة
ComboFix 08-07-29.1 - smart 07/30/2008 9:32:41.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.457 [GMT 3:00]
Running from: C:\Documents and Settings\smart\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Messenger\msgmr.dll
C:\WINDOWS\system32\fackwir.dll
C:\WINDOWS\Update.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 06:34 60,116 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-30 06:34 58,144 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-30 06:34 3,942,432 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-30 06:34 16,964 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-30 05:56 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 05:56 --------- d-----w C:\Documents and Settings\smart\Application Data\Malwarebytes
2008-07-30 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 18:20 24,576 ----a-w C:\WINDOWS\system32\tiplict.dll
2008-07-29 18:20 24,576 ----a-w C:\WINDOWS\system32\manleu.dll
2008-07-29 18:04 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-07-29 18:04 --------- d-----w C:\Documents and Settings\smart\Application Data\PC Tools
2008-07-29 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-28 02:12 --------- d-----w C:\Program Files\Motorola
2008-07-23 22:32 286,720 ------w C:\WINDOWS\Setup1.exe
2008-07-23 17:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 17:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-17 21:05 --------- d-----w C:\Documents and Settings\smart\Application Data\NCH Swift Sound
2008-07-16 09:51 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-07-14 21:44 44 ----a-w C:\ain.dll
2008-07-11 17:08 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-07-05 20:58 704 ----a-w C:\Dionakra.DAT
2008-07-03 20:01 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-03 20:01 --------- d-----w C:\Documents and Settings\smart\Application Data\IDM
2008-07-03 20:01 --------- d-----w C:\Documents and Settings\smart\Application Data\DMCache
2008-06-29 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\NFS Underground
2008-06-29 20:37 --------- d-----w C:\Program Files\Common Files\DirectX
2008-06-27 22:19 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-27 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-26 20:48 --------- d-----w C:\Program Files\Harf
2008-06-26 20:38 --------- d-----w C:\Program Files\CCleaner
2008-06-26 20:37 --------- d-----w C:\Program Files\RightClickGoogleSearchOpenSelectedURL
2008-06-26 20:37 --------- d-----w C:\Program Files\Extension Changer
2008-06-26 11:49 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-06-26 11:21 --------- d-----w C:\Program Files\NextSecurity.NET
2008-06-25 19:50 --------- d-----w C:\Documents and Settings\smart\Application Data\InstallShield
2008-06-25 19:47 --------- d-----w C:\Program Files\VIA
2008-06-10 18:22 81,288 ----a-w C:\WINDOWS\system32\drivers\IKSYSSEC.SYS
2008-06-02 12:19 66,952 ----a-w C:\WINDOWS\system32\drivers\IKSYSFLT.SYS
2008-06-02 12:19 42,376 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-02 12:19 29,576 ----a-w C:\WINDOWS\system32\drivers\KCOM.SYS
2008-06-02 12:19 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/28/2008 01:17 AM 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/01/2004 12:00 AM 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [04/13/2007 08:26 PM 598920]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/15/2008 08:39 AM 931248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 11:14 AM 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 11:14 AM 81920]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [03/24/2006 07:09 PM 139367]
"nwiz"="nwiz.exe" [10/04/2007 11:14 AM 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [01/01/2004 12:00 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.X264"= x264vfw.dll
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^smart^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\smart\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 01/01/2004 12:00 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:54 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 01/23/2006 02:52 PM 872448 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 06/20/2006 04:02 PM 4538368 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
-ra------ 06/28/2006 09:05 PM 49152 C:\WINDOWS\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 06/20/2006 11:42 PM 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [06/02/2008 03:19 PM]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [12/12/2007 09:35 AM]
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [07/23/2008 08:09 PM]
S3 NSPacket;NextSecurity Packet Driver;C:\WINDOWS\system32\drivers\nspacket.sys [12/06/2004 08:08 PM]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{006CA8A1-61BC-4774-A54C-F49034270BAD} - (no file)
ShellExecuteHooks-{53D44DB6-E22B-4B17-97D3-572C96CCA6E1} - (no file)
SSODL-msnmsg-{DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
Notify-NavLogon - (no file)
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DownloadAccelerator - C:\Program Files\DAP\DAP.EXE
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Download Video -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O8 -: Open Selected URL - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\openselectedurl.htm
O8 -: Search &Google - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\google.htm
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O17 -: HKLM\CCS\Interface\{5A46F3E3-7341-4067-A1C0-4DF408B5BED8}: NameServer = 217.52.47.130,217.52.47.140
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-07-30 09:36:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 07/30/2008 9:36:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 06:36:48
Pre-Run: 8,757,346,304 bytes free
Post-Run: 8,787,607,552 bytes free
184
و دا ص
ودا واحد غيرة
و مستني المساعدة
