اخوي LINEZERO يعطيك العافية على المجهود الطيب وهذا التقرير
ComboFix 08-10-06.05 - Ahmad 10/07/2008 3:14:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1581 [GMT 3:00]
Running from: C:\Documents and Settings\Ahmad\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Ultra.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 00:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-06 02:54 --------- d-----w C:\Program Files\Folder Lock
2008-10-05 23:19 499,744 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-05 22:43 --------- d-----w C:\Program Files\Hotspot_Shield
2008-10-05 22:43 --------- d-----w C:\Program Files\Conduit
2008-10-05 22:37 --------- d-----w C:\Program Files\Hotspot Shield
2008-10-05 22:25 --------- d-----w C:\Documents and Settings\Ahmad\Application Data\SlipStream
2008-10-05 14:37 3,836 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-05 00:45 31,772 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-05 00:45 3,257,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-03 22:46 --------- d-----w C:\Program Files\The KMPlayer
2008-10-02 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\zyz Kaspersky Lab setup files
2008-10-02 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-27 03:45 --------- d-----w C:\Documents and Settings\Ahmad\Application Data\uTorrent
2008-09-18 22:04 --------- d-----w C:\Program Files\My Drivers
2008-09-16 04:33 --------- d-----w C:\Documents and Settings\Ahmad\Application Data\Ectaco
2008-09-16 04:32 --------- d-----w C:\Program Files\LingvoSoft
2008-09-13 22:01 --------- d-----w C:\Program Files\DAP
2008-09-13 21:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-13 03:58 --------- d-----w C:\Program Files\3Dscreensaver.com
2008-09-13 03:57 466,944 ----a-w C:\WINDOWS\Scooby Doo.scr
2008-09-13 03:57 180,224 ----a-w C:\WINDOWS\UninstallWSST.exe
2008-09-09 01:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-09 01:06 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-09 01:06 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-08 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-24 20:19 --------- d-----w C:\Program Files\TOSHIBA
2008-08-23 06:21 --------- d-----w C:\Program Files\MotoGP2 Demo
2008-08-23 06:21 --------- d-----w C:\Program Files\Common Files\DirectX
2008-08-20 23:32 --------- d-----w C:\Program Files\Wasatchware
2008-08-20 23:32 --------- d-----w C:\Program Files\Codemasters
2008-08-19 22:10 --------- d-----w C:\Program Files\EA Games
2008-08-12 23:42 --------- d-----w C:\Program Files\Video Convert Master
2008-08-12 23:40 --------- d-----w C:\Program Files\Extension Changer
2008-08-09 23:08 81,920 ----a-w C:\Documents and Settings\Ahmad\Application Data\ezpinst.exe
2008-08-09 23:08 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-09 23:08 47,360 ----a-w C:\Documents and Settings\Ahmad\Application Data\pcouffin.sys
2008-08-09 22:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-07 00:02 --------- d-----w C:\Program Files\Unlocker
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [11/24/2005 03:38 PM 94208]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [03/23/2006 12:13 AM 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 11:55 PM 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/28/2005 11:52 PM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 11:55 PM 118784]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 02:02 PM 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [06/03/2005 03:52 AM 36975]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/02/2006 06:02 PM 761948]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [02/02/2006 12:11 PM 73728]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/25/2008 07:26 AM 185896]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [10/20/2005 02:45 PM 871936]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"RTHDCPL"="RTHDCPL.EXE" [12/10/2005 01:49 AM 15691264 C:\WINDOWS\RTHDCPL.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [10/15/2005 04:29 PM 88203 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [08/03/2005 02:26 PM 266240 C:\WINDOWS\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 1753088]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-07-11 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Ahmad^Start Menu^Programs^Startup^Ela-Salaty.lnk]
path=C:\Documents and Settings\Ahmad\Start Menu\Programs\Startup\Ela-Salaty.lnk
backup=C:\WINDOWS\pss\Ela-Salaty.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Ahmad^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Ahmad\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 10/13/2004 07:24 PM 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 07/22/2008 07:12 AM 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 08/20/2006 01:48 PM 6656 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\MotoGP2 Demo\\motogp2_demo.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM 24592]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM 27136]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-DriveDiscoveryMemoryResident - C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R1 -: HKCU-Internet Settings,ProxyServer = http=127.0.0.1:3128;https=127.0.0.1:3128;socks=127.0.0.1:9000
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;localhost;<local>
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-07 03:20:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 10/07/2008 3:21:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-07 00:21:37
Pre-Run: 15,794,257,920 bytes free
Post-Run: 16,556,363,776 bytes free
167
k:
