هذا تقرير الفحص
ComboFix 08-09-28.01 - AL-HASSOB 09/29/2008 20:56:34.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.267 [GMT 3:00]
Running from: C:\Documents and Settings\AL-HASSOB\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system\oeminfo.ini
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 17:58 655,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-29 17:58 3,892 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-29 17:58 2,184 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-29 17:58 16,416 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-29 17:06 --------- d-----w C:\Program Files\My Drivers
2008-09-29 16:37 --------- d-----w C:\Program Files\HP
2008-09-27 22:08 --------- d-----w C:\Program Files\Power Video Converter
2008-09-27 20:34 --------- d--h--w C:\Program Files\Zero G Registry
2008-09-27 16:00 --------- d-----w C:\Program Files\Zealot Software
2008-09-27 15:53 --------- d-----w C:\Program Files\Easy Video Splitter
2008-09-26 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-09-26 21:32 --------- d-----w C:\Program Files\SRS Labs
2008-09-18 11:18 --------- d-----w C:\Program Files\AskBarDis
2008-09-18 11:13 --------- d-----w C:\Program Files\Paltalk Messenger
2008-09-18 11:13 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\Paltalk
2008-09-17 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 16:31 --------- d-----w C:\Program Files\ImageBadger
2008-09-17 16:31 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\ImageBadger
2008-09-17 15:46 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-09 14:57 --------- d-----w C:\Program Files\myBabylon_English
2008-09-09 14:57 --------- d-----w C:\Program Files\Conduit
2008-09-05 20:50 --------- d-----w C:\Program Files\LtUcx
2008-09-05 16:06 --------- d-----w C:\Program Files\Easy Video Downloader
2008-09-05 12:01 --------- d-----w C:\Program Files\Winamp
2008-09-05 12:01 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\Winamp
2008-09-05 11:35 --------- d-----w C:\Program Files\Common Files\NSV
2008-09-04 23:02 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-04 23:02 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-04 23:02 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-04 23:02 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-09-04 23:02 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\AVGTOOLBAR
2008-09-04 23:01 45,568 ----a-w C:\WINDOWS\system32\avgfwdx.dll
2008-09-04 23:01 23,296 ----a-w C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-09-04 23:01 --------- d-----w C:\Program Files\AVG
2008-09-04 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-04 17:49 --------- d-----w C:\Program Files\USB Disk Security
2008-09-04 14:34 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-04 14:34 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-04 14:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-04 14:34 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\TuneUp Software
2008-09-04 14:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 19:09 --------- d-----w C:\Program Files\Total Video Converter
2008-08-31 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-08-31 15:27 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\Uniblue
2008-08-31 15:23 --------- d-----w C:\Program Files\Uniblue
2008-08-29 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-29 19:57 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\CyberLink
2008-08-28 08:53 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\DivX
2008-08-28 08:51 --------- d-----w C:\Program Files\DivX
2008-08-28 07:40 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-23 12:57 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-23 12:56 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-23 12:56 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-22 18:56 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-22 18:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-22 02:22 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\Media Player Classic
2008-08-22 02:09 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\Nokia Multimedia Player
2008-08-20 22:11 155,995 ----a-w C:\WINDOWS\java\Packages\M4T7NDBX.ZIP
2008-08-20 22:04 --------- d-----w C:\Program Files\Sun
2008-08-20 21:36 --------- d-----w C:\Program Files\DSR9500 Studio 1.4
2008-08-20 21:25 --------- d-----w C:\Program Files\HumaxZoneUploader
2008-08-20 21:02 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-20 21:02 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\IDM
2008-08-20 21:02 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\DMCache
2008-08-20 20:40 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-20 20:33 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-20 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-20 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-20 17:21 --------- d-----w C:\Program Files\SOFT
2008-08-20 16:39 172,032 ------w C:\WINDOWS\Setup1.exe
2008-08-20 16:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-20 16:34 --------- d-----w C:\Program Files\Java
2008-08-20 16:33 --------- d-----w C:\Program Files\Common Files\Java
2008-08-20 16:19 --------- d-----w C:\Program Files\Macromedia
2008-08-20 16:19 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-08-20 16:15 --------- d-----w C:\Program Files\Formosoft
2008-08-20 16:03 --------- d-----w C:\Program Files\Nokia
2008-08-20 16:03 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-20 16:03 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-20 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-20 16:03 --------- d-----w C:\Documents and Settings\AL-HASSOB\Application Data\PC Suite
2008-08-20 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-20 15:53 --------- d-----w C:\Program Files\Nero
2008-08-20 15:49 --------- d-----w C:\Program Files\CyberLink
2008-08-20 15:48 --------- d-----w C:\Program Files\MSN Messenger
2008-08-20 15:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-20 15:44 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-20 15:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 15:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 15:01 --------- d-----w C:\Program Files\Real
2008-08-20 15:01 --------- d-----w C:\Program Files\Common Files\Real
2008-08-20 14:58 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-20 14:17 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-29 17:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [08/21/2008 12:04 AM 2606512]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2008 05:42 AM 1695232]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:55 PM 5674352]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [11/25/2007 02:47 PM 481280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/23/2008 03:56 PM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2008-09-11 11713536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 12/05/2006 10:55 PM 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 12/13/2005 08:49 AM 217088 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 11/30/2005 04:56 PM 1306624 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 11/23/2006 03:10 PM 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 08/23/2008 03:56 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 08/04/2008 02:02 AM 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 04/23/2003 07:53 PM 54784 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
S3 gwiopm;gwiopm;C:\Program Files\My Drivers\gwiopm.sys [06/03/1998 01:59 PM 3904]
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
MSConfigStartUp-InCD - C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-SecurDisc - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com/
O8 -: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-29 20:59:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEMONITOR.EXE
.
**************************************************************************
.
Completion time: 09/29/2008 21:01:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-29 18:01:34
Pre-Run: 10,536,517,632 bytes free
Post-Run: 10,551,787,520 bytes free
211 --- E O F --- 2008-09-29 16:20:15
المشكلة حتى مكتشف الاخطاء ما يعمل مدري وش سالفته بعد...طبعا كمبيوتري وندوز اكس بي باك 3.