شبنان
زيزوومي نشيط
غير متصل
السلام عليكم
تقرير جهازي الثاني لأداة كبو فيكس
وشكرا اخوي ماكس ويعطيك الف عافيه على الجهد الي تقدمه
ComboFix 08-12-17.01 - home 12/19/2008 2:00:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.2047.1645 [GMT 3:00]
Running from: c:\documents and settings\home\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 23:06 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-18 23:04 --------- d-----w c:\documents and settings\home\Application Data\DMCache
2008-12-18 23:03 516,128 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-18 23:03 3,892 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-18 23:03 24,024 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-18 23:03 2,802,720 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-18 22:47 --------- d-----w c:\program files\Trend Micro
2008-12-18 22:30 --------- d-----w c:\documents and settings\home\Application Data\Skype
2008-12-17 15:09 --------- d-----w c:\documents and settings\home\Application Data\Yahoo!
2008-12-17 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-17 14:39 --------- d-----w c:\program files\Yahoo!
2008-12-17 12:44 --------- d-----w c:\program files\DivX
2008-12-17 11:57 --------- d-----w c:\documents and settings\home\Application Data\DivX
2008-12-17 11:37 --------- d-----w c:\program files\Internet Download Manager
2008-12-17 11:17 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-17 11:00 --------- d-----w c:\documents and settings\home\Application Data\CyberLink
2008-12-13 12:18 --------- d-----w c:\program files\Free RM to MP3 Converter
2008-12-11 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-10 10:33 --------- d-----w c:\program files\Paltalk Messenger
2008-12-10 10:32 --------- d-----w c:\documents and settings\home\Application Data\Paltalk
2008-12-10 07:38 --------- d-----w c:\program files\MSN Messenger
2008-12-10 07:38 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-10 07:11 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-10 07:11 --------- d-----w c:\program files\Windows Live
2008-12-10 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-10 07:01 --------- d-----w c:\program files\Skype
2008-12-10 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-06 06:34 --------- d-----w c:\program files\Google
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-19 01:11 --------- d-----w c:\documents and settings\home\Application Data\HP
2008-11-06 19:08 --------- d-----w c:\documents and settings\home\Application Data\IDM
2008-11-03 00:30 --------- d-----w c:\program files\RM to MP3 Converter
2008-11-03 00:29 --------- d-----w c:\program files\nLite
2008-11-03 00:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 00:17 720,896 ----a-w c:\windows\iun6002.exe
2008-11-03 00:17 --------- d-----w c:\program files\Macromedia
2008-10-30 12:43 --------- d-----w c:\program files\lg_fwupdate
2008-10-28 21:27 --------- d-----w c:\program files\MSBuild
2008-10-28 21:26 --------- d-----w c:\program files\Reference Assemblies
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 11:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 11:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-12 18:02 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-12 18:02 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 13:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [07/29/2008 05:18 PM 2610608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [04/19/2007 08:26 AM 7700480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Paltalk Messenger\\Paltalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\apache\\Apache.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S4 MySQL_s;MySQL_s;"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL_s []
S4 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice [2002-01-25 20480]
.
s of the 'Scheduled Tasks' folder
2008-12-18 c:\windows\Tasks\User_Feed_Synchronization-{09A7B7B8-4145-4359-A8B1-BA816FAE943A}.job
- c:\windows\system32\msfeedssync.exe [08/13/2007 06:36 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = about:blank
uInternet Settings,ProxyServer = proxy.sahara.com.sa:80
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-12-19 02:04:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL_s]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL_s"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 12/19/2008 2:08:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-18 23:08:47
Pre-Run: 66,961,887,232 bytes free
Post-Run: 66,897,514,496 bytes free
152 --- E O F --- 2008-12-18 22:32:42
تقرير جهازي الثاني لأداة كبو فيكس
وشكرا اخوي ماكس ويعطيك الف عافيه على الجهد الي تقدمه
ComboFix 08-12-17.01 - home 12/19/2008 2:00:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.2047.1645 [GMT 3:00]
Running from: c:\documents and settings\home\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 23:06 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-18 23:04 --------- d-----w c:\documents and settings\home\Application Data\DMCache
2008-12-18 23:03 516,128 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-18 23:03 3,892 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-18 23:03 24,024 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-18 23:03 2,802,720 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-18 22:47 --------- d-----w c:\program files\Trend Micro
2008-12-18 22:30 --------- d-----w c:\documents and settings\home\Application Data\Skype
2008-12-17 15:09 --------- d-----w c:\documents and settings\home\Application Data\Yahoo!
2008-12-17 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-17 14:39 --------- d-----w c:\program files\Yahoo!
2008-12-17 12:44 --------- d-----w c:\program files\DivX
2008-12-17 11:57 --------- d-----w c:\documents and settings\home\Application Data\DivX
2008-12-17 11:37 --------- d-----w c:\program files\Internet Download Manager
2008-12-17 11:17 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-17 11:00 --------- d-----w c:\documents and settings\home\Application Data\CyberLink
2008-12-13 12:18 --------- d-----w c:\program files\Free RM to MP3 Converter
2008-12-11 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-10 10:33 --------- d-----w c:\program files\Paltalk Messenger
2008-12-10 10:32 --------- d-----w c:\documents and settings\home\Application Data\Paltalk
2008-12-10 07:38 --------- d-----w c:\program files\MSN Messenger
2008-12-10 07:38 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-10 07:11 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-10 07:11 --------- d-----w c:\program files\Windows Live
2008-12-10 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-10 07:01 --------- d-----w c:\program files\Skype
2008-12-10 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-06 06:34 --------- d-----w c:\program files\Google
2008-11-21 21:47 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-19 01:11 --------- d-----w c:\documents and settings\home\Application Data\HP
2008-11-06 19:08 --------- d-----w c:\documents and settings\home\Application Data\IDM
2008-11-03 00:30 --------- d-----w c:\program files\RM to MP3 Converter
2008-11-03 00:29 --------- d-----w c:\program files\nLite
2008-11-03 00:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 00:17 720,896 ----a-w c:\windows\iun6002.exe
2008-11-03 00:17 --------- d-----w c:\program files\Macromedia
2008-10-30 12:43 --------- d-----w c:\program files\lg_fwupdate
2008-10-28 21:27 --------- d-----w c:\program files\MSBuild
2008-10-28 21:26 --------- d-----w c:\program files\Reference Assemblies
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 11:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 11:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 11:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 11:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 11:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 11:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 11:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 11:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 11:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 11:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-12 18:02 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-12 18:02 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 13:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [07/29/2008 05:18 PM 2610608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [04/19/2007 08:26 AM 7700480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Paltalk Messenger\\Paltalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\apache\\Apache.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S4 MySQL_s;MySQL_s;"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL_s []
S4 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice [2002-01-25 20480]
.
s of the 'Scheduled Tasks' folder
2008-12-18 c:\windows\Tasks\User_Feed_Synchronization-{09A7B7B8-4145-4359-A8B1-BA816FAE943A}.job
- c:\windows\system32\msfeedssync.exe [08/13/2007 06:36 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = about:blank
uInternet Settings,ProxyServer = proxy.sahara.com.sa:80
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-12-19 02:04:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL_s]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL_s"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 12/19/2008 2:08:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-18 23:08:47
Pre-Run: 66,961,887,232 bytes free
Post-Run: 66,897,514,496 bytes free
152 --- E O F --- 2008-12-18 22:32:42
