تقرير الهايجاك
ComboFix 08-09-27.06 - samy 09/29/2008 6:51:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.139 [GMT 3:00]
Running from: C:\Documents and Settings\samy\سطح المكتب\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\samy\s\samy@ad.yieldmanager[1].txt
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 03:57 --------- d-----w C:\Documents and Settings\samy\Application Data\DMCache
2008-09-29 03:49 --------- d-----w C:\Program Files\Popup Blocker
2008-09-29 02:55 --------- d-----w C:\Program Files\ESET
2008-09-28 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-28 02:15 --------- d-----w C:\Documents and Settings\samy\Application Data\Nokia Multimedia Player
2008-09-28 02:15 --------- d-----w C:\Documents and Settings\samy\Application Data\Datalayer
2008-09-28 02:13 --------- d-----w C:\Documents and Settings\samy\Application Data\Nokia
2008-09-28 02:12 --------- d-----w C:\Program Files\DIFX
2008-09-28 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-28 02:11 --------- d-----w C:\Program Files\Nokia
2008-09-28 02:11 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-28 02:11 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-28 02:10 --------- d-----w C:\Documents and Settings\samy\Application Data\PC Suite
2008-09-28 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-09-27 05:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-09-27 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-26 03:48 --------- d-----w C:\Program Files\CyberLat
2008-09-26 02:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-26 02:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-26 02:36 --------- d-----w C:\Program Files\NoLimits Demo v1.262
2008-09-24 05:06 --------- d-----w C:\Program Files\Common Files\Vbox
2008-09-24 05:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 02:52 --------- d-----w C:\Documents and Settings\samy\Application Data\zzMicroWorld_Anti_Virus
2008-09-24 01:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-24 01:30 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-24 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-23 20:33 --------- d-----w C:\Program Files\Your Company Name
2008-09-23 04:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-22 15:02 --------- d-----w C:\Program Files\TechSmith
2008-09-22 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-22 15:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 14:32 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-22 14:32 --------- d-----w C:\Documents and Settings\samy\Application Data\IDM
2008-09-21 15:57 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-21 08:14 --------- d-----w C:\Program Files\ma-config.com
2008-09-21 08:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-21 06:17 --------- d-----w C:\Program Files\Windows Live
2008-09-21 05:05 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-21 05:05 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-21 05:05 --------- d-----w C:\Program Files\Real
2008-09-21 05:05 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-21 05:05 --------- d-----w C:\Program Files\Common Files\Real
2008-09-21 05:04 --------- d-----w C:\Program Files\Google
2008-09-21 04:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-19 09:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-09-19 09:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-09-12 10:44 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-09-08 20:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 13:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-08-18 10:27 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-08-18 10:19 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 10:18 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-08-18 09:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/22/2008 05:29 PM 2606512]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [08/16/2007 04:19 PM 5728112]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/27/2006 04:21 PM 1449984]
"nodenable"="C:\Program Files\eset\nodenable.exe" [09/23/2008 12:27 AM 326829]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberLat Ram Cleaner"="C:\Program Files\CyberLat\CyberLat RAM Cleaner 2" [X]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/21/2008 08:05 AM 185896]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [08/18/2008 01:23 PM 1447168]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [06/15/2006 12:36 PM 229376]
"SoundMan"="SOUNDMAN.EXE" [02/23/2005 01:13 PM 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^SnagIt 9.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\SnagIt 9.lnk
backup=C:\WINDOWS\pss\SnagIt 9.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 09/21/2008 08:05 AM 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 08/16/2007 04:19 PM 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [08/18/2008 01:27 PM 34312]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [09/21/2008 08:05 AM 29744]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [09/02/2008 04:14 PM 191656]
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\samy\Application Data\Mozilla\Firefox\Profiles\80636nyl.default\
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-29 06:56:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Popup Blocker\PKMaster.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 09/29/2008 7:02:48 - machine was rebooted [samy]
ComboFix-quarantined-files.txt 2008-09-29 04:02:39
Pre-Run: 15,790,772,224 bytes free
Post-Run: 16,195,608,576 bytes free
161
