- بادئ الموضوع anjam
- تاريخ البدء
- 1,004
Blackstar_tech
زيزوومي جديد
- إنضم
- 28 أغسطس 2007
- المشاركات
- 2,158
- مستوى التفاعل
- 9
- النقاط
- 0
- الإقامة
- Egypt
- الموقع الالكتروني
- www.zyzoom.net
غير متصل
السلام عليكم انجاااااااااام ,,
ما هو نوع الاصدار لديكي ؟ و هل تستخدمي كراك او سيريالات ؟
ما هو نوع الاصدار لديكي ؟ و هل تستخدمي كراك او سيريالات ؟
توقيع : Blackstar_tech
تأييد
0
Blackstar_tech
زيزوومي جديد
- إنضم
- 28 أغسطس 2007
- المشاركات
- 2,158
- مستوى التفاعل
- 9
- النقاط
- 0
- الإقامة
- Egypt
- الموقع الالكتروني
- www.zyzoom.net
غير متصل
اختي الكريمة تابعي
و يا حبذا لو تستخدمي اي نسخة معها كراك
و تجعلي يبحث عن التحديث اتوماتيكيا ,,
اتمني لكي التوفيق ,,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
و يا حبذا لو تستخدمي اي نسخة معها كراك
و تجعلي يبحث عن التحديث اتوماتيكيا ,,
اتمني لكي التوفيق ,,
توقيع : Blackstar_tech
تأييد
0
Blackstar_tech
زيزوومي جديد
- إنضم
- 28 أغسطس 2007
- المشاركات
- 2,158
- مستوى التفاعل
- 9
- النقاط
- 0
- الإقامة
- Egypt
- الموقع الالكتروني
- www.zyzoom.net
غير متصل
اينعم ,, لكن احتي الكريمة حاولي تجريب البرنامج التالي
و ان شاء الله مشكلة التحديث الي زوااااااااااااااااال ,,
تحياتي لكي ..
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
و ان شاء الله مشكلة التحديث الي زوااااااااااااااااال ,,
تحياتي لكي ..
توقيع : Blackstar_tech
تأييد
0
تفرير ComboFix
ComboFix 08-08-30.03 - Mfc 09/18/2008 2:43:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.258 [GMT 3:00]
Running from: C:\Documents and Settings\Mfc\My Documents\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\msn.exe
C:\WINDOWS\cmsetac.dll
C:\WINDOWS\KB8888239.log
C:\WINDOWS\msn.exe
C:\WINDOWS\ntdtcstp.dll
C:\WINDOWS\system32\server.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 04:40 33,388 ----a-w C:\msngr.exe
2008-09-15 22:11 112,128 ----a-w C:\dos.pif
2008-09-15 19:54 66,560 ----a-w C:\WINDOWS\twmsico.dll
2008-09-07 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 13:15 --------- d-----w C:\Documents and Settings\Mfc\Application Data\Media Player Classic
2008-09-02 21:21 --------- d-----w C:\Program Files\GetData
2008-08-30 08:19 --------- d-----w C:\Documents and Settings\Mfc\Application Data\dogcampjoy
2008-08-30 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
2008-08-30 08:17 --------- d-----w C:\Program Files\MSN Messenger
2008-08-30 08:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 08:17 --------- d-----w C:\Program Files\dogcampjoy
2008-08-28 13:35 --------- d-----w C:\Documents and Settings\Mfc\Application Data\cleaner
2008-08-27 07:29 --------- d-----w C:\Program Files\Play89
2008-08-14 17:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-12 18:25 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-11 08:52 --------- d-----w C:\Program Files\ESET
2008-08-09 07:28 --------- d-----w C:\Documents and Settings\Mfc\Application Data\ESET
2008-08-09 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-08 01:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-06 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping
2008-07-23 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB
2008-07-23 04:26 --------- d-----w C:\Program Files\RealDrawPRO4
2008-07-17 07:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-17 02:45 --------- d-----w C:\Documents and Settings\Mfc\Application Data\TeamViewer
2005-02-11 09:52 157,056 ----a-w C:\WINDOWS\inf\tifm21.sys
2004-12-01 14:55 22,488 ----a-w C:\WINDOWS\inf\btcusb.sys
2004-11-05 08:39 82,148 ----a-w C:\WINDOWS\inf\VcommMgr.sys
2004-11-02 16:27 773,565 ----a-r C:\WINDOWS\inf\ialmnt5.sys
2004-11-02 16:26 819,259 ----a-r C:\WINDOWS\inf\ialmdd5.dll
2004-11-02 16:19 61,440 ----a-r C:\WINDOWS\inf\iAlmCoIn_v3943.dll
2004-11-02 16:19 512,000 ----a-r C:\WINDOWS\inf\ialmgdev.dll
2004-11-02 16:19 49,152 ----a-r C:\WINDOWS\inf\ialmrem.dll
2004-11-02 16:19 37,951 ----a-r C:\WINDOWS\inf\ialmrnt5.dll
2004-11-02 16:19 164,475 ----a-r C:\WINDOWS\inf\ialmdev5.dll
2004-11-02 16:19 100,924 ----a-r C:\WINDOWS\inf\ialmdnt5.dll
2004-11-02 16:17 2,289,664 ----a-r C:\WINDOWS\inf\ialmgicd.dll
2004-11-02 16:04 69,632 ----a-r C:\WINDOWS\inf\oemdspif.dll
2004-11-02 16:04 163,840 ----a-r C:\WINDOWS\inf\igfxres.dll
2004-11-02 16:04 114,688 ----a-r C:\WINDOWS\inf\igfxzoom.exe
2004-11-02 16:03 36,864 ----a-r C:\WINDOWS\inf\igfxexps.dll
2004-11-02 16:03 225,280 ----a-r C:\WINDOWS\inf\igfxpph.dll
2004-11-02 16:03 155,648 ----a-r C:\WINDOWS\inf\igfxtray.exe
2004-11-02 16:03 106,496 ----a-r C:\WINDOWS\inf\igfxext.exe
2004-11-02 16:02 45,056 ----a-r C:\WINDOWS\inf\igfxdgps.dll
2004-11-02 16:02 225,280 ----a-r C:\WINDOWS\inf\igfxeud.dll
2004-11-02 16:02 151,552 ----a-r C:\WINDOWS\inf\igfxdiag.exe
2004-11-02 16:01 503,808 ----a-r C:\WINDOWS\inf\igfxcfg.exe
2004-11-02 15:59 348,160 ----a-r C:\WINDOWS\inf\igfxsrvc.dll
2004-11-02 15:59 131,072 ----a-r C:\WINDOWS\inf\igfxhk.dll
2004-11-02 15:59 126,976 ----a-r C:\WINDOWS\inf\hkcmd.exe
2004-11-02 15:58 86,016 ----a-r C:\WINDOWS\inf\igfxdo.dll
2004-11-02 15:58 139,264 ----a-r C:\WINDOWS\inf\igfxdev.dll
2004-11-02 15:58 118,784 ----a-r C:\WINDOWS\inf\hccutils.dll
2004-11-02 15:58 1,245,184 ----a-r C:\WINDOWS\inf\igfxress.dll
2004-10-29 18:48 3,222,784 ----a-r C:\WINDOWS\inf\w29n51.sys
2004-10-28 14:37 1,270,572 ----a-r C:\WINDOWS\inf\AGRSM.sys
2004-10-27 13:57 2,284,864 ----a-w C:\WINDOWS\inf\ALCXWDM.SYS
2004-10-19 10:40 28,207 ----a-w C:\WINDOWS\inf\BTHidMgr.sys
2004-10-19 10:37 61,312 ----a-w C:\WINDOWS\inf\VComm.sys
2004-10-19 08:39 20,096 ----a-w C:\WINDOWS\inf\blueletaudio.sys
2004-10-15 10:20 458,752 ----a-r C:\WINDOWS\inf\w29NCPA.dll
2004-09-21 15:18 7,680 ----a-w C:\WINDOWS\inf\btinstall.dll
2004-09-21 15:18 11,604 ----a-w C:\WINDOWS\inf\vbtenum.sys
2004-09-21 15:15 10,804 ----a-w C:\WINDOWS\inf\BtNetDrv.sys
2004-09-07 14:23 156,672 ----a-w C:\WINDOWS\inf\RTLCPAPI.dll
2004-08-04 00:56 74,752 ----a-w C:\WINDOWS\inf\storprop.dll
2004-08-03 23:05 61,824 ----a-w C:\WINDOWS\inf\nic1394.sys
2004-08-03 23:05 60,800 ----a-w C:\WINDOWS\inf\arp1394.sys
2004-08-03 23:05 52,224 ----a-w C:\WINDOWS\inf\dmutil.dll
2004-08-03 23:05 20,992 ----a-w C:\WINDOWS\inf\hid.dll
2004-08-03 23:05 2,056,832 ----a-w C:\WINDOWS\inf\ntkrnlpa.exe
2004-08-03 22:59 57,472 ----a-w C:\WINDOWS\inf\redbook.sys
2004-08-03 22:56 8,704 ----a-w C:\WINDOWS\inf\batt.dll
2004-08-03 22:56 7,168 ----a-w C:\WINDOWS\inf\hccoin.dll
2004-08-03 22:56 30,208 ----a-w C:\WINDOWS\inf\bthserv.dll
2004-08-03 22:56 29,184 ----a-w C:\WINDOWS\inf\sdhcinst.dll
2004-08-03 22:56 20,992 ----a-w C:\WINDOWS\inf\bthci.dll
2004-08-03 22:56 193,024 ----a-w C:\WINDOWS\inf\fsquirt.exe
2004-08-03 22:56 108,032 ----a-w C:\WINDOWS\inf\wshbth.dll
2004-08-03 21:56 74,240 ----a-w C:\WINDOWS\inf\usbui.dll
2004-08-03 21:56 4,096 ----a-w C:\WINDOWS\inf\ksuser.dll
2004-08-03 21:56 23,552 ----a-w C:\WINDOWS\inf\wdmaud.drv
2004-08-03 21:20 2,180,992 ----a-w C:\WINDOWS\inf\ntoskrnl.exe
2004-08-03 21:10 61,056 ----a-w C:\WINDOWS\inf\ohci1394.sys
2004-08-03 21:10 53,248 ----a-w C:\WINDOWS\inf\1394bus.sys
2004-08-03 21:08 36,224 ----a-w C:\WINDOWS\inf\hidclass.sys
2004-08-03 21:08 24,960 ----a-w C:\WINDOWS\inf\hidparse.sys
2004-08-03 21:07 67,584 ----a-w C:\WINDOWS\inf\sdbus.sys
2004-08-03 21:07 119,936 ----a-w C:\WINDOWS\inf\pcmcia.sys
2004-08-03 21:00 41,856 ----a-w C:\WINDOWS\inf\imapi.sys
2004-08-03 20:59 49,536 ----a-w C:\WINDOWS\inf\cdrom.sys
2004-08-03 20:59 36,352 ----a-w C:\WINDOWS\inf\disk.sys
2004-08-03 20:59 131,968 ----a-w C:\WINDOWS\inf\hal.dll
2004-08-03 20:58 24,576 ----a-w C:\WINDOWS\inf\kbdclass.sys
2004-08-03 20:15 82,944 ----a-w C:\WINDOWS\inf\wdmaud.sys
2004-08-03 20:15 60,800 ----a-w C:\WINDOWS\inf\sysaudio.sys
2004-08-03 20:15 145,792 ----a-w C:\WINDOWS\inf\portcls.sys
2004-08-03 20:14 52,736 ----a-w C:\WINDOWS\inf\i8042prt.sys
2004-08-03 20:10 85,376 ----a-w C:\WINDOWS\inf\NABTSFEC.sys
2004-08-03 20:10 59,648 ----a-w C:\WINDOWS\inf\rfcomm.sys
.
((((((((((((((((((((((((((((( snapshot@Sun 08-31-2008_ 6.55.54.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-16 14:03:17 335,464 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-14 09:32:33 334,664 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-28 13:41:39 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-17 22:54:40 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-28 13:41:39 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-17 22:54:40 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 02:00 PM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [11/30/2004 12:36 PM 1945600]
"Scr base"="C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe" [08/30/2008 11:17 AM 460800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/27/2008 10:13 AM 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/27/2008 10:15 AM 180269]
"BluetoothAuthenticationAgent"="bthprops.cpl" [12/31/2002 02:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [12/31/2002 02:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-14 20:01:48 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.jxvd"= JetMPVx.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 10/30/2003 07:46 PM 192512 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 12/31/2002 02:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 11/02/2004 06:59 PM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 11/02/2004 07:03 PM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/27/2008 10:13 AM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 11/02/2004 08:24 PM 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/27/2008 10:24 AM 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 03/27/2008 10:15 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4539F2EB-32C3-1FC1-2ED5-65D4F733611A}]
C:\Temp\Ogif\msn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FCC56C63-3EDE-23B3-7C2E-8652555947CD}]
C:\MSN.exe
.
s of the 'Scheduled Tasks' folder
2008-09-17 C:\WINDOWS\Tasks\B1304CEA98ABC41A.job
- c:\docume~1\mfc\applic~1\dogcam~1\Move Start Hold.exe [08/30/2008 11:19 AM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mfc\Application Data\Mozilla\Firefox\Profiles\e78pqbbf.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-18 02:44:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 09/18/2008 2:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 23:47:29
ComboFix2.txt 2008-08-31 03:56:18
Pre-Run: 11,886,809,088 bytes free
Post-Run: 12,728,233,984 bytes free
229
ComboFix 08-08-30.03 - Mfc 09/18/2008 2:43:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.258 [GMT 3:00]
Running from: C:\Documents and Settings\Mfc\My Documents\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\msn.exe
C:\WINDOWS\cmsetac.dll
C:\WINDOWS\KB8888239.log
C:\WINDOWS\msn.exe
C:\WINDOWS\ntdtcstp.dll
C:\WINDOWS\system32\server.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 04:40 33,388 ----a-w C:\msngr.exe
2008-09-15 22:11 112,128 ----a-w C:\dos.pif
2008-09-15 19:54 66,560 ----a-w C:\WINDOWS\twmsico.dll
2008-09-07 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 13:15 --------- d-----w C:\Documents and Settings\Mfc\Application Data\Media Player Classic
2008-09-02 21:21 --------- d-----w C:\Program Files\GetData
2008-08-30 08:19 --------- d-----w C:\Documents and Settings\Mfc\Application Data\dogcampjoy
2008-08-30 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
2008-08-30 08:17 --------- d-----w C:\Program Files\MSN Messenger
2008-08-30 08:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 08:17 --------- d-----w C:\Program Files\dogcampjoy
2008-08-28 13:35 --------- d-----w C:\Documents and Settings\Mfc\Application Data\cleaner
2008-08-27 07:29 --------- d-----w C:\Program Files\Play89
2008-08-14 17:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-12 18:25 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-11 08:52 --------- d-----w C:\Program Files\ESET
2008-08-09 07:28 --------- d-----w C:\Documents and Settings\Mfc\Application Data\ESET
2008-08-09 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-08 01:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-06 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping
2008-07-23 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB
2008-07-23 04:26 --------- d-----w C:\Program Files\RealDrawPRO4
2008-07-17 07:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-17 02:45 --------- d-----w C:\Documents and Settings\Mfc\Application Data\TeamViewer
2005-02-11 09:52 157,056 ----a-w C:\WINDOWS\inf\tifm21.sys
2004-12-01 14:55 22,488 ----a-w C:\WINDOWS\inf\btcusb.sys
2004-11-05 08:39 82,148 ----a-w C:\WINDOWS\inf\VcommMgr.sys
2004-11-02 16:27 773,565 ----a-r C:\WINDOWS\inf\ialmnt5.sys
2004-11-02 16:26 819,259 ----a-r C:\WINDOWS\inf\ialmdd5.dll
2004-11-02 16:19 61,440 ----a-r C:\WINDOWS\inf\iAlmCoIn_v3943.dll
2004-11-02 16:19 512,000 ----a-r C:\WINDOWS\inf\ialmgdev.dll
2004-11-02 16:19 49,152 ----a-r C:\WINDOWS\inf\ialmrem.dll
2004-11-02 16:19 37,951 ----a-r C:\WINDOWS\inf\ialmrnt5.dll
2004-11-02 16:19 164,475 ----a-r C:\WINDOWS\inf\ialmdev5.dll
2004-11-02 16:19 100,924 ----a-r C:\WINDOWS\inf\ialmdnt5.dll
2004-11-02 16:17 2,289,664 ----a-r C:\WINDOWS\inf\ialmgicd.dll
2004-11-02 16:04 69,632 ----a-r C:\WINDOWS\inf\oemdspif.dll
2004-11-02 16:04 163,840 ----a-r C:\WINDOWS\inf\igfxres.dll
2004-11-02 16:04 114,688 ----a-r C:\WINDOWS\inf\igfxzoom.exe
2004-11-02 16:03 36,864 ----a-r C:\WINDOWS\inf\igfxexps.dll
2004-11-02 16:03 225,280 ----a-r C:\WINDOWS\inf\igfxpph.dll
2004-11-02 16:03 155,648 ----a-r C:\WINDOWS\inf\igfxtray.exe
2004-11-02 16:03 106,496 ----a-r C:\WINDOWS\inf\igfxext.exe
2004-11-02 16:02 45,056 ----a-r C:\WINDOWS\inf\igfxdgps.dll
2004-11-02 16:02 225,280 ----a-r C:\WINDOWS\inf\igfxeud.dll
2004-11-02 16:02 151,552 ----a-r C:\WINDOWS\inf\igfxdiag.exe
2004-11-02 16:01 503,808 ----a-r C:\WINDOWS\inf\igfxcfg.exe
2004-11-02 15:59 348,160 ----a-r C:\WINDOWS\inf\igfxsrvc.dll
2004-11-02 15:59 131,072 ----a-r C:\WINDOWS\inf\igfxhk.dll
2004-11-02 15:59 126,976 ----a-r C:\WINDOWS\inf\hkcmd.exe
2004-11-02 15:58 86,016 ----a-r C:\WINDOWS\inf\igfxdo.dll
2004-11-02 15:58 139,264 ----a-r C:\WINDOWS\inf\igfxdev.dll
2004-11-02 15:58 118,784 ----a-r C:\WINDOWS\inf\hccutils.dll
2004-11-02 15:58 1,245,184 ----a-r C:\WINDOWS\inf\igfxress.dll
2004-10-29 18:48 3,222,784 ----a-r C:\WINDOWS\inf\w29n51.sys
2004-10-28 14:37 1,270,572 ----a-r C:\WINDOWS\inf\AGRSM.sys
2004-10-27 13:57 2,284,864 ----a-w C:\WINDOWS\inf\ALCXWDM.SYS
2004-10-19 10:40 28,207 ----a-w C:\WINDOWS\inf\BTHidMgr.sys
2004-10-19 10:37 61,312 ----a-w C:\WINDOWS\inf\VComm.sys
2004-10-19 08:39 20,096 ----a-w C:\WINDOWS\inf\blueletaudio.sys
2004-10-15 10:20 458,752 ----a-r C:\WINDOWS\inf\w29NCPA.dll
2004-09-21 15:18 7,680 ----a-w C:\WINDOWS\inf\btinstall.dll
2004-09-21 15:18 11,604 ----a-w C:\WINDOWS\inf\vbtenum.sys
2004-09-21 15:15 10,804 ----a-w C:\WINDOWS\inf\BtNetDrv.sys
2004-09-07 14:23 156,672 ----a-w C:\WINDOWS\inf\RTLCPAPI.dll
2004-08-04 00:56 74,752 ----a-w C:\WINDOWS\inf\storprop.dll
2004-08-03 23:05 61,824 ----a-w C:\WINDOWS\inf\nic1394.sys
2004-08-03 23:05 60,800 ----a-w C:\WINDOWS\inf\arp1394.sys
2004-08-03 23:05 52,224 ----a-w C:\WINDOWS\inf\dmutil.dll
2004-08-03 23:05 20,992 ----a-w C:\WINDOWS\inf\hid.dll
2004-08-03 23:05 2,056,832 ----a-w C:\WINDOWS\inf\ntkrnlpa.exe
2004-08-03 22:59 57,472 ----a-w C:\WINDOWS\inf\redbook.sys
2004-08-03 22:56 8,704 ----a-w C:\WINDOWS\inf\batt.dll
2004-08-03 22:56 7,168 ----a-w C:\WINDOWS\inf\hccoin.dll
2004-08-03 22:56 30,208 ----a-w C:\WINDOWS\inf\bthserv.dll
2004-08-03 22:56 29,184 ----a-w C:\WINDOWS\inf\sdhcinst.dll
2004-08-03 22:56 20,992 ----a-w C:\WINDOWS\inf\bthci.dll
2004-08-03 22:56 193,024 ----a-w C:\WINDOWS\inf\fsquirt.exe
2004-08-03 22:56 108,032 ----a-w C:\WINDOWS\inf\wshbth.dll
2004-08-03 21:56 74,240 ----a-w C:\WINDOWS\inf\usbui.dll
2004-08-03 21:56 4,096 ----a-w C:\WINDOWS\inf\ksuser.dll
2004-08-03 21:56 23,552 ----a-w C:\WINDOWS\inf\wdmaud.drv
2004-08-03 21:20 2,180,992 ----a-w C:\WINDOWS\inf\ntoskrnl.exe
2004-08-03 21:10 61,056 ----a-w C:\WINDOWS\inf\ohci1394.sys
2004-08-03 21:10 53,248 ----a-w C:\WINDOWS\inf\1394bus.sys
2004-08-03 21:08 36,224 ----a-w C:\WINDOWS\inf\hidclass.sys
2004-08-03 21:08 24,960 ----a-w C:\WINDOWS\inf\hidparse.sys
2004-08-03 21:07 67,584 ----a-w C:\WINDOWS\inf\sdbus.sys
2004-08-03 21:07 119,936 ----a-w C:\WINDOWS\inf\pcmcia.sys
2004-08-03 21:00 41,856 ----a-w C:\WINDOWS\inf\imapi.sys
2004-08-03 20:59 49,536 ----a-w C:\WINDOWS\inf\cdrom.sys
2004-08-03 20:59 36,352 ----a-w C:\WINDOWS\inf\disk.sys
2004-08-03 20:59 131,968 ----a-w C:\WINDOWS\inf\hal.dll
2004-08-03 20:58 24,576 ----a-w C:\WINDOWS\inf\kbdclass.sys
2004-08-03 20:15 82,944 ----a-w C:\WINDOWS\inf\wdmaud.sys
2004-08-03 20:15 60,800 ----a-w C:\WINDOWS\inf\sysaudio.sys
2004-08-03 20:15 145,792 ----a-w C:\WINDOWS\inf\portcls.sys
2004-08-03 20:14 52,736 ----a-w C:\WINDOWS\inf\i8042prt.sys
2004-08-03 20:10 85,376 ----a-w C:\WINDOWS\inf\NABTSFEC.sys
2004-08-03 20:10 59,648 ----a-w C:\WINDOWS\inf\rfcomm.sys
.
((((((((((((((((((((((((((((( snapshot@Sun 08-31-2008_ 6.55.54.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-16 14:03:17 335,464 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-14 09:32:33 334,664 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-28 13:41:39 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-17 22:54:40 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-28 13:41:39 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-17 22:54:40 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 02:00 PM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [11/30/2004 12:36 PM 1945600]
"Scr base"="C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe" [08/30/2008 11:17 AM 460800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/27/2008 10:13 AM 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/27/2008 10:15 AM 180269]
"BluetoothAuthenticationAgent"="bthprops.cpl" [12/31/2002 02:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [12/31/2002 02:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-14 20:01:48 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.jxvd"= JetMPVx.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 10/30/2003 07:46 PM 192512 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 12/31/2002 02:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 11/02/2004 06:59 PM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 11/02/2004 07:03 PM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/27/2008 10:13 AM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 11/02/2004 08:24 PM 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/27/2008 10:24 AM 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 03/27/2008 10:15 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4539F2EB-32C3-1FC1-2ED5-65D4F733611A}]
C:\Temp\Ogif\msn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FCC56C63-3EDE-23B3-7C2E-8652555947CD}]
C:\MSN.exe
.
s of the 'Scheduled Tasks' folder
2008-09-17 C:\WINDOWS\Tasks\B1304CEA98ABC41A.job
- c:\docume~1\mfc\applic~1\dogcam~1\Move Start Hold.exe [08/30/2008 11:19 AM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mfc\Application Data\Mozilla\Firefox\Profiles\e78pqbbf.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-09-18 02:44:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 09/18/2008 2:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 23:47:29
ComboFix2.txt 2008-08-31 03:56:18
Pre-Run: 11,886,809,088 bytes free
Post-Run: 12,728,233,984 bytes free
229
توقيع : anjam
تأييد
0
التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:14:36 ص, on 18/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Mfc\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Scr base] C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
--
End of file - 4130 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:14:36 ص, on 18/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Mfc\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Scr base] C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
--
End of file - 4130 bytes
توقيع : anjam
تأييد
0
MAAX
عضوشرف
غير متصل
احذفي هذي القيمة
O4 - HKCU\..\Run: [Scr base] C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe
ثم نظفي الجهاز
O4 - HKCU\..\Run: [Scr base] C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe
ثم نظفي الجهاز
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
تأييد
0
MAAX
عضوشرف
غير متصل
مااااكس
انا حذفت برنامج الحمايه
ابغى واحد خطيير
اخطر شي :d:
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
MAAX
عضوشرف
غير متصل
رابط مباشر
شرح التثبيت
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح التثبيت
شرح بالفيديو
المفاتيح
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
المفاتيح
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
التقرير الجديد
ComboFix 08-09-16.05 - Mfc 09/18/2008 23:38:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.278 [GMT 3:00]
Running from: C:\Documents and Settings\Mfc\My Documents\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 20:11 --------- d-----w C:\Documents and Settings\Mfc\Application Data\Grisoft
2008-09-18 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-18 00:24 --------- d-----w C:\Documents and Settings\Mfc\Application Data\cleaner
2008-09-07 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 13:15 --------- d-----w C:\Documents and Settings\Mfc\Application Data\Media Player Classic
2008-09-02 21:21 --------- d-----w C:\Program Files\GetData
2008-08-30 08:19 --------- d-----w C:\Documents and Settings\Mfc\Application Data\dogcampjoy
2008-08-30 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
2008-08-30 08:17 --------- d-----w C:\Program Files\MSN Messenger
2008-08-30 08:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 08:17 --------- d-----w C:\Program Files\dogcampjoy
2008-08-27 07:29 --------- d-----w C:\Program Files\Play89
2008-08-14 17:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-12 18:25 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-11 08:52 --------- d-----w C:\Program Files\ESET
2008-08-09 07:28 --------- d-----w C:\Documents and Settings\Mfc\Application Data\ESET
2008-08-09 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-08 01:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-06 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping
2008-07-23 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB
2008-07-23 04:26 --------- d-----w C:\Program Files\RealDrawPRO4
2005-02-11 09:52 157,056 ----a-w C:\WINDOWS\inf\tifm21.sys
2004-12-01 14:55 22,488 ----a-w C:\WINDOWS\inf\btcusb.sys
2004-11-05 08:39 82,148 ----a-w C:\WINDOWS\inf\VcommMgr.sys
2004-11-02 16:27 773,565 ----a-r C:\WINDOWS\inf\ialmnt5.sys
2004-11-02 16:26 819,259 ----a-r C:\WINDOWS\inf\ialmdd5.dll
2004-11-02 16:19 61,440 ----a-r C:\WINDOWS\inf\iAlmCoIn_v3943.dll
2004-11-02 16:19 512,000 ----a-r C:\WINDOWS\inf\ialmgdev.dll
2004-11-02 16:19 49,152 ----a-r C:\WINDOWS\inf\ialmrem.dll
2004-11-02 16:19 37,951 ----a-r C:\WINDOWS\inf\ialmrnt5.dll
2004-11-02 16:19 164,475 ----a-r C:\WINDOWS\inf\ialmdev5.dll
2004-11-02 16:19 100,924 ----a-r C:\WINDOWS\inf\ialmdnt5.dll
2004-11-02 16:17 2,289,664 ----a-r C:\WINDOWS\inf\ialmgicd.dll
2004-11-02 16:04 69,632 ----a-r C:\WINDOWS\inf\oemdspif.dll
2004-11-02 16:04 163,840 ----a-r C:\WINDOWS\inf\igfxres.dll
2004-11-02 16:04 114,688 ----a-r C:\WINDOWS\inf\igfxzoom.exe
2004-11-02 16:03 36,864 ----a-r C:\WINDOWS\inf\igfxexps.dll
2004-11-02 16:03 225,280 ----a-r C:\WINDOWS\inf\igfxpph.dll
2004-11-02 16:03 155,648 ----a-r C:\WINDOWS\inf\igfxtray.exe
2004-11-02 16:03 106,496 ----a-r C:\WINDOWS\inf\igfxext.exe
2004-11-02 16:02 45,056 ----a-r C:\WINDOWS\inf\igfxdgps.dll
2004-11-02 16:02 225,280 ----a-r C:\WINDOWS\inf\igfxeud.dll
2004-11-02 16:02 151,552 ----a-r C:\WINDOWS\inf\igfxdiag.exe
2004-11-02 16:01 503,808 ----a-r C:\WINDOWS\inf\igfxcfg.exe
2004-11-02 15:59 348,160 ----a-r C:\WINDOWS\inf\igfxsrvc.dll
2004-11-02 15:59 131,072 ----a-r C:\WINDOWS\inf\igfxhk.dll
2004-11-02 15:59 126,976 ----a-r C:\WINDOWS\inf\hkcmd.exe
2004-11-02 15:58 86,016 ----a-r C:\WINDOWS\inf\igfxdo.dll
2004-11-02 15:58 139,264 ----a-r C:\WINDOWS\inf\igfxdev.dll
2004-11-02 15:58 118,784 ----a-r C:\WINDOWS\inf\hccutils.dll
2004-11-02 15:58 1,245,184 ----a-r C:\WINDOWS\inf\igfxress.dll
2004-10-29 18:48 3,222,784 ----a-r C:\WINDOWS\inf\w29n51.sys
2004-10-28 14:37 1,270,572 ----a-r C:\WINDOWS\inf\AGRSM.sys
2004-10-27 13:57 2,284,864 ----a-w C:\WINDOWS\inf\ALCXWDM.SYS
2004-10-19 10:40 28,207 ----a-w C:\WINDOWS\inf\BTHidMgr.sys
2004-10-19 10:37 61,312 ----a-w C:\WINDOWS\inf\VComm.sys
2004-10-19 08:39 20,096 ----a-w C:\WINDOWS\inf\blueletaudio.sys
2004-10-15 10:20 458,752 ----a-r C:\WINDOWS\inf\w29NCPA.dll
2004-09-21 15:18 7,680 ----a-w C:\WINDOWS\inf\btinstall.dll
2004-09-21 15:18 11,604 ----a-w C:\WINDOWS\inf\vbtenum.sys
2004-09-21 15:15 10,804 ----a-w C:\WINDOWS\inf\BtNetDrv.sys
2004-09-07 14:23 156,672 ----a-w C:\WINDOWS\inf\RTLCPAPI.dll
2004-08-04 00:56 74,752 ----a-w C:\WINDOWS\inf\storprop.dll
2004-08-03 23:05 61,824 ----a-w C:\WINDOWS\inf\nic1394.sys
2004-08-03 23:05 60,800 ----a-w C:\WINDOWS\inf\arp1394.sys
2004-08-03 23:05 52,224 ----a-w C:\WINDOWS\inf\dmutil.dll
2004-08-03 23:05 20,992 ----a-w C:\WINDOWS\inf\hid.dll
2004-08-03 23:05 2,056,832 ----a-w C:\WINDOWS\inf\ntkrnlpa.exe
2004-08-03 22:59 57,472 ----a-w C:\WINDOWS\inf\redbook.sys
2004-08-03 22:56 8,704 ----a-w C:\WINDOWS\inf\batt.dll
2004-08-03 22:56 7,168 ----a-w C:\WINDOWS\inf\hccoin.dll
2004-08-03 22:56 30,208 ----a-w C:\WINDOWS\inf\bthserv.dll
2004-08-03 22:56 29,184 ----a-w C:\WINDOWS\inf\sdhcinst.dll
2004-08-03 22:56 20,992 ----a-w C:\WINDOWS\inf\bthci.dll
2004-08-03 22:56 193,024 ----a-w C:\WINDOWS\inf\fsquirt.exe
2004-08-03 22:56 108,032 ----a-w C:\WINDOWS\inf\wshbth.dll
2004-08-03 21:56 74,240 ----a-w C:\WINDOWS\inf\usbui.dll
2004-08-03 21:56 4,096 ----a-w C:\WINDOWS\inf\ksuser.dll
2004-08-03 21:56 23,552 ----a-w C:\WINDOWS\inf\wdmaud.drv
2004-08-03 21:20 2,180,992 ----a-w C:\WINDOWS\inf\ntoskrnl.exe
2004-08-03 21:10 61,056 ----a-w C:\WINDOWS\inf\ohci1394.sys
2004-08-03 21:10 53,248 ----a-w C:\WINDOWS\inf\1394bus.sys
2004-08-03 21:08 36,224 ----a-w C:\WINDOWS\inf\hidclass.sys
2004-08-03 21:08 24,960 ----a-w C:\WINDOWS\inf\hidparse.sys
2004-08-03 21:07 67,584 ----a-w C:\WINDOWS\inf\sdbus.sys
2004-08-03 21:07 119,936 ----a-w C:\WINDOWS\inf\pcmcia.sys
2004-08-03 21:00 41,856 ----a-w C:\WINDOWS\inf\imapi.sys
2004-08-03 20:59 49,536 ----a-w C:\WINDOWS\inf\cdrom.sys
2004-08-03 20:59 36,352 ----a-w C:\WINDOWS\inf\disk.sys
2004-08-03 20:59 131,968 ----a-w C:\WINDOWS\inf\hal.dll
2004-08-03 20:58 24,576 ----a-w C:\WINDOWS\inf\kbdclass.sys
2004-08-03 20:15 82,944 ----a-w C:\WINDOWS\inf\wdmaud.sys
2004-08-03 20:15 60,800 ----a-w C:\WINDOWS\inf\sysaudio.sys
2004-08-03 20:15 145,792 ----a-w C:\WINDOWS\inf\portcls.sys
2004-08-03 20:14 52,736 ----a-w C:\WINDOWS\inf\i8042prt.sys
2004-08-03 20:10 85,376 ----a-w C:\WINDOWS\inf\NABTSFEC.sys
2004-08-03 20:10 59,648 ----a-w C:\WINDOWS\inf\rfcomm.sys
2004-08-03 20:10 274,304 ----a-w C:\WINDOWS\inf\bthport.sys
2004-08-03 20:10 19,328 ----a-w C:\WINDOWS\inf\WSTCODEC.SYS
2004-08-03 20:10 18,944 ----a-w C:\WINDOWS\inf\BTHUSB.SYS
.
((((((((((((((((((((((((((((( snapshot@Sun 08-31-2008_ 6.55.54.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-16 14:03:17 335,464 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-14 09:32:33 334,664 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-28 13:41:39 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-18 20:17:30 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-28 13:41:39 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-18 20:17:30 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-27 07:45:37 405,508 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-09-18 20:12:10 856,100 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 02:00 PM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [11/30/2004 12:36 PM 1945600]
"Scr base"="C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe" [08/30/2008 11:17 AM 460800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/27/2008 10:13 AM 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/27/2008 10:15 AM 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 12:25 PM 6731312]
"BluetoothAuthenticationAgent"="bthprops.cpl" [12/31/2002 02:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [12/31/2002 02:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-14 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.jxvd"= JetMPVx.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 10/30/2003 07:46 PM 192512 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 12/31/2002 02:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 11/02/2004 06:59 PM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 11/02/2004 07:03 PM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/27/2008 10:13 AM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 11/02/2004 08:24 PM 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/27/2008 10:24 AM 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 03/27/2008 10:15 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mfc\Application Data\Mozilla\Firefox\Profiles\e78pqbbf.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-18 23:40:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g?e
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/18/2008 23:42:35
ComboFix-quarantined-files.txt 2008-09-18 20:42:26
ComboFix2.txt 2008-09-17 23:47:36
ComboFix3.txt 2008-08-31 03:56:18
Pre-Run: 12,941,938,688 bytes free
Post-Run: 12,961,243,136 bytes free
209
ComboFix 08-09-16.05 - Mfc 09/18/2008 23:38:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.278 [GMT 3:00]
Running from: C:\Documents and Settings\Mfc\My Documents\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 20:11 --------- d-----w C:\Documents and Settings\Mfc\Application Data\Grisoft
2008-09-18 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-18 00:24 --------- d-----w C:\Documents and Settings\Mfc\Application Data\cleaner
2008-09-07 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 13:15 --------- d-----w C:\Documents and Settings\Mfc\Application Data\Media Player Classic
2008-09-02 21:21 --------- d-----w C:\Program Files\GetData
2008-08-30 08:19 --------- d-----w C:\Documents and Settings\Mfc\Application Data\dogcampjoy
2008-08-30 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
2008-08-30 08:17 --------- d-----w C:\Program Files\MSN Messenger
2008-08-30 08:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 08:17 --------- d-----w C:\Program Files\dogcampjoy
2008-08-27 07:29 --------- d-----w C:\Program Files\Play89
2008-08-14 17:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-12 18:25 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-11 08:52 --------- d-----w C:\Program Files\ESET
2008-08-09 07:28 --------- d-----w C:\Documents and Settings\Mfc\Application Data\ESET
2008-08-09 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-08 01:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-06 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping
2008-07-23 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB
2008-07-23 04:26 --------- d-----w C:\Program Files\RealDrawPRO4
2005-02-11 09:52 157,056 ----a-w C:\WINDOWS\inf\tifm21.sys
2004-12-01 14:55 22,488 ----a-w C:\WINDOWS\inf\btcusb.sys
2004-11-05 08:39 82,148 ----a-w C:\WINDOWS\inf\VcommMgr.sys
2004-11-02 16:27 773,565 ----a-r C:\WINDOWS\inf\ialmnt5.sys
2004-11-02 16:26 819,259 ----a-r C:\WINDOWS\inf\ialmdd5.dll
2004-11-02 16:19 61,440 ----a-r C:\WINDOWS\inf\iAlmCoIn_v3943.dll
2004-11-02 16:19 512,000 ----a-r C:\WINDOWS\inf\ialmgdev.dll
2004-11-02 16:19 49,152 ----a-r C:\WINDOWS\inf\ialmrem.dll
2004-11-02 16:19 37,951 ----a-r C:\WINDOWS\inf\ialmrnt5.dll
2004-11-02 16:19 164,475 ----a-r C:\WINDOWS\inf\ialmdev5.dll
2004-11-02 16:19 100,924 ----a-r C:\WINDOWS\inf\ialmdnt5.dll
2004-11-02 16:17 2,289,664 ----a-r C:\WINDOWS\inf\ialmgicd.dll
2004-11-02 16:04 69,632 ----a-r C:\WINDOWS\inf\oemdspif.dll
2004-11-02 16:04 163,840 ----a-r C:\WINDOWS\inf\igfxres.dll
2004-11-02 16:04 114,688 ----a-r C:\WINDOWS\inf\igfxzoom.exe
2004-11-02 16:03 36,864 ----a-r C:\WINDOWS\inf\igfxexps.dll
2004-11-02 16:03 225,280 ----a-r C:\WINDOWS\inf\igfxpph.dll
2004-11-02 16:03 155,648 ----a-r C:\WINDOWS\inf\igfxtray.exe
2004-11-02 16:03 106,496 ----a-r C:\WINDOWS\inf\igfxext.exe
2004-11-02 16:02 45,056 ----a-r C:\WINDOWS\inf\igfxdgps.dll
2004-11-02 16:02 225,280 ----a-r C:\WINDOWS\inf\igfxeud.dll
2004-11-02 16:02 151,552 ----a-r C:\WINDOWS\inf\igfxdiag.exe
2004-11-02 16:01 503,808 ----a-r C:\WINDOWS\inf\igfxcfg.exe
2004-11-02 15:59 348,160 ----a-r C:\WINDOWS\inf\igfxsrvc.dll
2004-11-02 15:59 131,072 ----a-r C:\WINDOWS\inf\igfxhk.dll
2004-11-02 15:59 126,976 ----a-r C:\WINDOWS\inf\hkcmd.exe
2004-11-02 15:58 86,016 ----a-r C:\WINDOWS\inf\igfxdo.dll
2004-11-02 15:58 139,264 ----a-r C:\WINDOWS\inf\igfxdev.dll
2004-11-02 15:58 118,784 ----a-r C:\WINDOWS\inf\hccutils.dll
2004-11-02 15:58 1,245,184 ----a-r C:\WINDOWS\inf\igfxress.dll
2004-10-29 18:48 3,222,784 ----a-r C:\WINDOWS\inf\w29n51.sys
2004-10-28 14:37 1,270,572 ----a-r C:\WINDOWS\inf\AGRSM.sys
2004-10-27 13:57 2,284,864 ----a-w C:\WINDOWS\inf\ALCXWDM.SYS
2004-10-19 10:40 28,207 ----a-w C:\WINDOWS\inf\BTHidMgr.sys
2004-10-19 10:37 61,312 ----a-w C:\WINDOWS\inf\VComm.sys
2004-10-19 08:39 20,096 ----a-w C:\WINDOWS\inf\blueletaudio.sys
2004-10-15 10:20 458,752 ----a-r C:\WINDOWS\inf\w29NCPA.dll
2004-09-21 15:18 7,680 ----a-w C:\WINDOWS\inf\btinstall.dll
2004-09-21 15:18 11,604 ----a-w C:\WINDOWS\inf\vbtenum.sys
2004-09-21 15:15 10,804 ----a-w C:\WINDOWS\inf\BtNetDrv.sys
2004-09-07 14:23 156,672 ----a-w C:\WINDOWS\inf\RTLCPAPI.dll
2004-08-04 00:56 74,752 ----a-w C:\WINDOWS\inf\storprop.dll
2004-08-03 23:05 61,824 ----a-w C:\WINDOWS\inf\nic1394.sys
2004-08-03 23:05 60,800 ----a-w C:\WINDOWS\inf\arp1394.sys
2004-08-03 23:05 52,224 ----a-w C:\WINDOWS\inf\dmutil.dll
2004-08-03 23:05 20,992 ----a-w C:\WINDOWS\inf\hid.dll
2004-08-03 23:05 2,056,832 ----a-w C:\WINDOWS\inf\ntkrnlpa.exe
2004-08-03 22:59 57,472 ----a-w C:\WINDOWS\inf\redbook.sys
2004-08-03 22:56 8,704 ----a-w C:\WINDOWS\inf\batt.dll
2004-08-03 22:56 7,168 ----a-w C:\WINDOWS\inf\hccoin.dll
2004-08-03 22:56 30,208 ----a-w C:\WINDOWS\inf\bthserv.dll
2004-08-03 22:56 29,184 ----a-w C:\WINDOWS\inf\sdhcinst.dll
2004-08-03 22:56 20,992 ----a-w C:\WINDOWS\inf\bthci.dll
2004-08-03 22:56 193,024 ----a-w C:\WINDOWS\inf\fsquirt.exe
2004-08-03 22:56 108,032 ----a-w C:\WINDOWS\inf\wshbth.dll
2004-08-03 21:56 74,240 ----a-w C:\WINDOWS\inf\usbui.dll
2004-08-03 21:56 4,096 ----a-w C:\WINDOWS\inf\ksuser.dll
2004-08-03 21:56 23,552 ----a-w C:\WINDOWS\inf\wdmaud.drv
2004-08-03 21:20 2,180,992 ----a-w C:\WINDOWS\inf\ntoskrnl.exe
2004-08-03 21:10 61,056 ----a-w C:\WINDOWS\inf\ohci1394.sys
2004-08-03 21:10 53,248 ----a-w C:\WINDOWS\inf\1394bus.sys
2004-08-03 21:08 36,224 ----a-w C:\WINDOWS\inf\hidclass.sys
2004-08-03 21:08 24,960 ----a-w C:\WINDOWS\inf\hidparse.sys
2004-08-03 21:07 67,584 ----a-w C:\WINDOWS\inf\sdbus.sys
2004-08-03 21:07 119,936 ----a-w C:\WINDOWS\inf\pcmcia.sys
2004-08-03 21:00 41,856 ----a-w C:\WINDOWS\inf\imapi.sys
2004-08-03 20:59 49,536 ----a-w C:\WINDOWS\inf\cdrom.sys
2004-08-03 20:59 36,352 ----a-w C:\WINDOWS\inf\disk.sys
2004-08-03 20:59 131,968 ----a-w C:\WINDOWS\inf\hal.dll
2004-08-03 20:58 24,576 ----a-w C:\WINDOWS\inf\kbdclass.sys
2004-08-03 20:15 82,944 ----a-w C:\WINDOWS\inf\wdmaud.sys
2004-08-03 20:15 60,800 ----a-w C:\WINDOWS\inf\sysaudio.sys
2004-08-03 20:15 145,792 ----a-w C:\WINDOWS\inf\portcls.sys
2004-08-03 20:14 52,736 ----a-w C:\WINDOWS\inf\i8042prt.sys
2004-08-03 20:10 85,376 ----a-w C:\WINDOWS\inf\NABTSFEC.sys
2004-08-03 20:10 59,648 ----a-w C:\WINDOWS\inf\rfcomm.sys
2004-08-03 20:10 274,304 ----a-w C:\WINDOWS\inf\bthport.sys
2004-08-03 20:10 19,328 ----a-w C:\WINDOWS\inf\WSTCODEC.SYS
2004-08-03 20:10 18,944 ----a-w C:\WINDOWS\inf\BTHUSB.SYS
.
((((((((((((((((((((((((((((( snapshot@Sun 08-31-2008_ 6.55.54.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-16 14:03:17 335,464 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-14 09:32:33 334,664 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-28 13:41:39 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-18 20:17:30 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-28 13:41:39 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-18 20:17:30 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-27 07:45:37 405,508 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-09-18 20:12:10 856,100 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 02:00 PM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [11/30/2004 12:36 PM 1945600]
"Scr base"="C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe" [08/30/2008 11:17 AM 460800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/27/2008 10:13 AM 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/27/2008 10:15 AM 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 12:25 PM 6731312]
"BluetoothAuthenticationAgent"="bthprops.cpl" [12/31/2002 02:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [12/31/2002 02:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-14 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.jxvd"= JetMPVx.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 10/30/2003 07:46 PM 192512 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 12/31/2002 02:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 11/02/2004 06:59 PM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 11/02/2004 07:03 PM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/27/2008 10:13 AM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 11/02/2004 08:24 PM 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/27/2008 10:24 AM 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 03/27/2008 10:15 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mfc\Application Data\Mozilla\Firefox\Profiles\e78pqbbf.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-09-18 23:40:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g?e
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/18/2008 23:42:35
ComboFix-quarantined-files.txt 2008-09-18 20:42:26
ComboFix2.txt 2008-09-17 23:47:36
ComboFix3.txt 2008-08-31 03:56:18
Pre-Run: 12,941,938,688 bytes free
Post-Run: 12,961,243,136 bytes free
209
توقيع : anjam
تأييد
0