دويتو غريب
زيزوومى مميز
- إنضم
- 25 أغسطس 2008
- المشاركات
- 528
- مستوى التفاعل
- 0
- النقاط
- 520
- الإقامة
- يبي
- الموقع الالكتروني
- www,algrabiya.net
غير متصل
ComboFix 08-12-05.02 - alsadi 12/06/2008 5:10:00.22 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.86 [GMT 3:00]
Running from: c:\documents and settings\alsadi\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 02:13 1,236,256 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-06 02:13 --------- dc----w c:\documents and settings\alsadi\Application Data\DMCache
2008-12-06 01:58 462,932 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-06 01:58 29,596,704 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-06 01:58 122,804 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-06 01:47 --------- dc----w c:\documents and settings\alsadi\Application Data\cleaner
2008-12-05 18:54 --------- dc----w c:\program files\Messenger Plus! Live
2008-12-05 18:54 --------- dc----w c:\program files\Circle Developement
2008-12-02 12:06 --------- dc----w c:\program files\تحويل الفلاش الى صورة
2008-11-23 23:38 --------- dc----w c:\documents and settings\alsadi\Application Data\IDM
2008-11-23 22:39 --------- dc----w c:\program files\Internet Download Manager
2008-11-19 16:09 --------- dc----w c:\program files\Notepad++
2008-11-18 21:52 --------- dc----w c:\program files\NauzNet Solutions
2008-11-16 22:37 --------- dc----w c:\documents and settings\alsadi\Application Data\Notepad++
2008-11-16 14:26 --------- dc----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-11-16 10:28 --------- dc----w c:\program files\Paltalk Messenger
2008-11-16 10:27 --------- dc----w c:\program files\No-IP
2008-11-16 10:25 --------- dc----w c:\program files\AMSN
2008-11-14 08:38 --------- dc----w c:\program files\PHP Expert Editor
2008-11-12 21:28 --------- dc----w c:\program files\LeapFTP
2008-11-12 19:48 30,615 -c--a-w c:\windows\java\x.exe
2008-11-04 17:38 --------- dc----w c:\program files\Kelk 2000
2008-11-04 17:34 --------- dc----w c:\program files\FlashFXP
2008-10-27 22:35 --------- dc----w c:\documents and settings\alsadi\Application Data\bif
2008-10-18 12:03 --------- dc----w c:\program files\Hotspot Shield
2008-10-17 09:05 64,502 -c--a-w c:\windows\BricoPackUninst.cmd
2008-10-17 09:05 6,108 -c--a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-17 09:05 218,624 -c--a-w c:\windows\system32\uxtheme.dll
2008-10-09 21:04 --------- dc----w c:\program files\LtUcx
2008-10-09 12:00 --------- dc----w c:\program files\Kaspersky Lab
2008-09-15 15:37 1,845,888 -c--a-w c:\windows\system32\win32k.sys
2008-09-12 10:44 206,256 -c--a-w c:\windows\system32\idmmbc.dll
.
((((((((((((((((((((((((((((( snapshot_Sun 11-16-2008_17.37.42.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-27 22:15:38 12,288 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-27 22:15:38 282,624 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2008-11-27 22:15:38 135,168 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-27 22:15:38 27,136 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-27 22:15:38 4,096 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-04-14 14:34:36 872,448 -c--a-w c:\windows\system32\iconv.dll
+ 2004-04-14 14:34:48 1,327,104 -c--a-w c:\windows\system32\php4ts.dll
+ 2007-11-08 15:00:04 300,544 -c--a-w c:\windows\system32\ShellExt\GMailFS.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 03:56 AM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [11/29/2007 07:25 PM 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:09 AM 1667584]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/28/2008 02:39 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [08/28/2008 05:23 PM 185896]
"kav"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [02/15/2006 05:37 PM 135271]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [06/03/2005 03:52 AM 36975]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 03:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:biforst
R1 is-VS2F2drv;is-VS2F2drv;c:\windows\system32\drivers\97304137.sys [2008-08-28 148496]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\tdi.sys [2004-08-04 18560]
S4 is-VS2F2;is-VS2F2;"c:\documents and settings\All Users\سطح المكتب\Kaspersky Lab Tool\is-VS2F2\is-VS2F2.exe" -r []
.
s of the 'Scheduled Tasks' folder
2008-12-06 c:\windows\Tasks\AA0CFB6991A77529.job
- c:\docume~1\81ee~1\applic~1\chinfo~1\Start Load Flap.exe []
2008-11-02 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {14CD80A0-CDE4-4B56-8662-AEBF3B859D72} = 192.168.1.254
O16 -: Microsoft XML Parser for Java -
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\imcv1.dll
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413}
hxxp://voice2.maxvoice.net/talk.cab
c:\windows\Downloaded Program Files\talk.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-12-06 05:13:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\klogon.dll
.
Completion time: 12/06/2008 5:15:29
ComboFix-quarantined-files.txt 2008-12-06 02:15:25
ComboFix2.txt 2008-11-30 15:10:16
ComboFix3.txt 2008-11-27 09:53:04
ComboFix4.txt 2008-11-23 22:03:31
ComboFix5.txt 2008-12-06 02:09:01
Pre-Run: 14,927,855,616 bytes free
Post-Run: 14,919,983,104 bytes free
138 --- E O F --- 2008-10-23 22:34:06
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.86 [GMT 3:00]
Running from: c:\documents and settings\alsadi\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 02:13 1,236,256 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-06 02:13 --------- dc----w c:\documents and settings\alsadi\Application Data\DMCache
2008-12-06 01:58 462,932 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-06 01:58 29,596,704 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-06 01:58 122,804 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-06 01:47 --------- dc----w c:\documents and settings\alsadi\Application Data\cleaner
2008-12-05 18:54 --------- dc----w c:\program files\Messenger Plus! Live
2008-12-05 18:54 --------- dc----w c:\program files\Circle Developement
2008-12-02 12:06 --------- dc----w c:\program files\تحويل الفلاش الى صورة
2008-11-23 23:38 --------- dc----w c:\documents and settings\alsadi\Application Data\IDM
2008-11-23 22:39 --------- dc----w c:\program files\Internet Download Manager
2008-11-19 16:09 --------- dc----w c:\program files\Notepad++
2008-11-18 21:52 --------- dc----w c:\program files\NauzNet Solutions
2008-11-16 22:37 --------- dc----w c:\documents and settings\alsadi\Application Data\Notepad++
2008-11-16 14:26 --------- dc----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-11-16 10:28 --------- dc----w c:\program files\Paltalk Messenger
2008-11-16 10:27 --------- dc----w c:\program files\No-IP
2008-11-16 10:25 --------- dc----w c:\program files\AMSN
2008-11-14 08:38 --------- dc----w c:\program files\PHP Expert Editor
2008-11-12 21:28 --------- dc----w c:\program files\LeapFTP
2008-11-12 19:48 30,615 -c--a-w c:\windows\java\x.exe
2008-11-04 17:38 --------- dc----w c:\program files\Kelk 2000
2008-11-04 17:34 --------- dc----w c:\program files\FlashFXP
2008-10-27 22:35 --------- dc----w c:\documents and settings\alsadi\Application Data\bif
2008-10-18 12:03 --------- dc----w c:\program files\Hotspot Shield
2008-10-17 09:05 64,502 -c--a-w c:\windows\BricoPackUninst.cmd
2008-10-17 09:05 6,108 -c--a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-17 09:05 218,624 -c--a-w c:\windows\system32\uxtheme.dll
2008-10-09 21:04 --------- dc----w c:\program files\LtUcx
2008-10-09 12:00 --------- dc----w c:\program files\Kaspersky Lab
2008-09-15 15:37 1,845,888 -c--a-w c:\windows\system32\win32k.sys
2008-09-12 10:44 206,256 -c--a-w c:\windows\system32\idmmbc.dll
.
((((((((((((((((((((((((((((( snapshot_Sun 11-16-2008_17.37.42.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-27 22:15:38 12,288 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-27 22:15:38 282,624 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2008-11-27 22:15:38 135,168 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-27 22:15:38 27,136 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-27 22:15:38 4,096 -c--a-r c:\windows\Installer\{90170401-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-04-14 14:34:36 872,448 -c--a-w c:\windows\system32\iconv.dll
+ 2004-04-14 14:34:48 1,327,104 -c--a-w c:\windows\system32\php4ts.dll
+ 2007-11-08 15:00:04 300,544 -c--a-w c:\windows\system32\ShellExt\GMailFS.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 03:56 AM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [11/29/2007 07:25 PM 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:09 AM 1667584]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/28/2008 02:39 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [08/28/2008 05:23 PM 185896]
"kav"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [02/15/2006 05:37 PM 135271]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [06/03/2005 03:52 AM 36975]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 03:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:biforst
R1 is-VS2F2drv;is-VS2F2drv;c:\windows\system32\drivers\97304137.sys [2008-08-28 148496]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\tdi.sys [2004-08-04 18560]
S4 is-VS2F2;is-VS2F2;"c:\documents and settings\All Users\سطح المكتب\Kaspersky Lab Tool\is-VS2F2\is-VS2F2.exe" -r []
.
s of the 'Scheduled Tasks' folder
2008-12-06 c:\windows\Tasks\AA0CFB6991A77529.job
- c:\docume~1\81ee~1\applic~1\chinfo~1\Start Load Flap.exe []
2008-11-02 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {14CD80A0-CDE4-4B56-8662-AEBF3B859D72} = 192.168.1.254
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\imcv1.dll
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413}
hxxp://voice2.maxvoice.net/talk.cab
c:\windows\Downloaded Program Files\talk.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-12-06 05:13:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\klogon.dll
.
Completion time: 12/06/2008 5:15:29
ComboFix-quarantined-files.txt 2008-12-06 02:15:25
ComboFix2.txt 2008-11-30 15:10:16
ComboFix3.txt 2008-11-27 09:53:04
ComboFix4.txt 2008-11-23 22:03:31
ComboFix5.txt 2008-12-06 02:09:01
Pre-Run: 14,927,855,616 bytes free
Post-Run: 14,919,983,104 bytes free
138 --- E O F --- 2008-10-23 22:34:06
