جزاك الله كل خير اخوي هذا التقرير الاول
ComboFix 08-10-17.01 - Administrator 10/17/2008 14:18:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.202 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kakle.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 08:27 --------- d-----w C:\Program Files\CCleaner
2008-10-17 11:28 9,006,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-17 11:27 285,984 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-17 11:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-10-17 11:25 29,900 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-17 11:25 125,756 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-17 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-15 21:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 20:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-10-15 20:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-10-15 19:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-15 13:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-10-12 07:52 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-10-09 20:03 --------- d-----w C:\Program Files\Opera 9
2008-10-07 22:30 --------- d-----w C:\Program Files\SWFText
2008-10-07 13:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Avant Profiles
2008-10-06 22:28 --------- d-----w C:\Program Files\UPHClean
2008-10-05 21:09 40,960 ----a-w C:\WINDOWS\system32\SSubTmr6.dll
2008-10-04 19:16 --------- d-----w C:\Program Files\Goldshell
2008-10-04 11:53 --------- d-----w C:\Program Files\flash player arabic
2008-10-03 23:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberScrub
2008-10-03 23:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cleaner
2008-10-03 23:07 --------- d-----w C:\Program Files\Yahoo!
2008-10-02 19:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-02 14:25 --------- d-----w C:\Program Files\TechSmith
2008-10-02 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-30 12:30 --------- d-----w C:\Program Files\Thinstall.VS
2008-09-28 00:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 22:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Downloaded Installations
2008-09-18 15:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Stilesoft
2008-09-18 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Thinstall
2008-09-15 18:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Moyea
2008-09-13 16:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\JLC's Software
2008-09-10 09:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-09 21:55 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-09 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-09 11:29 --------- d-----w C:\Program Files\CFi
2008-09-07 05:22 --------- d-----w C:\Program Files\Opera
2008-09-06 11:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TechSmith
2008-09-06 06:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-09-03 17:09 --------- d-----w C:\Program Files\ANI
2008-09-03 17:08 --------- d-----w C:\Program Files\D-Link
2008-09-03 16:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-01 22:52 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-01 22:52 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-01 22:52 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-09-01 14:51 --------- d-----w C:\Program Files\Kaspersky Lab
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CFi]
@="{2DBD5D71-CBB7-41D1-B170-511646B170BD}"
[HKEY_CLASSES_ROOT\CLSID\{2DBD5D71-CBB7-41D1-B170-511646B170BD}]
01/28/2007 02:50 PM 55296 --a------ C:\PROGRA~1\CFi\SHELLT~1\CFiShlJP.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/04/2008 02:04 AM 2606512]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [06/16/2006 09:24 AM 1323008]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [06/01/2006 03:59 PM 49152]
"SystemManagerV1"="C:\WINDOWS\SystemManagerV1.exe" [11/12/2007 12:50 AM 1357312]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 11:51 AM 218376]
"VTTimer"="VTTimer.exe" [05/07/2003 11:32 AM 36864 C:\WINDOWS\system32\VTTimer.exe]
"S3hotkey"="S3hotkey.exe" [05/27/2003 10:01 AM 159792 C:\WINDOWS\system32\S3hotkey.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{067B597C-C099-4A08-A180-E5FEC5DCF2DF}"= "C:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll" [01/28/2007 02:53 PM 43008]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 10/12/2008 10:49 AM 2188912 C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 01/19/2007 11:49 AM 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [10/12/2008 10:49 AM 35712]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [10/12/2008 10:49 AM 206456]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [05/11/2006 12:11 PM 472096]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 01:58 PM 24344]
.
s of the 'Scheduled Tasks' folder
2008-10-17 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\
0yce9bsp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Opera 9\program\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\Opera 9\program\plugins\NPSWF32.dll
FF -: plugin - C:\Program Files\Opera 9\program\plugins\NPSWF32_back.dll
FF -: plugin - C:\Program Files\Opera 9\program\plugins\npwmsdrm.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-17 14:27:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera 9\opera.exe
.
**************************************************************************
.
Completion time: 10/17/2008 14:35:12 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-10-17 11:34:47
Pre-Run: 6,091,141,120 bytes free
Post-Run: 6,046,031,872 bytes free
150
وهذا التقرير الثاني والصور طالعة اخوي جزاك الله خير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:38:56 م, on 17/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\S3hotkey.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera 9\opera.exe
C:\WINDOWS\explorer.exe
F:\الجديدة 5\لعمل تقرير هايجك مع عنوان الموقع مع موقع شرح العمية في التفصيل\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SystemManagerV1] C:\WINDOWS\SystemManagerV1.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3F83177-2864-48DC-8E58-34A8C615F99B}: NameServer = 217.10.160.8 217.10.162.8
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 4116 bytes
