- بادئ الموضوع mariam
- تاريخ البدء
- 1,066
MAAX
عضوشرف
غير متصل
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
BOYKA
زيزوومى مبدع
غير متصل
أداة PRT (Perlovga Removal Tool) 2.0
هي لاازلة الفيروس temp2.exeوملحقاته و host.exe و svchost.exe و xcopy.exe و temp1.exe و autorun.inf
للتحميل
هي لاازلة الفيروس temp2.exeوملحقاته و host.exe و svchost.exe و xcopy.exe و temp1.exe و autorun.inf
للتحميل
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : BOYKA
تأييد
0
السلام عليكم ورحمة الله
انا عندي نفس مشكلة الاخت ونزلت الاداة
وهذا التقرير
ComboFix 08-09-16.01 - mido 09/17/2008 7:50:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1525 [GMT 3:00]
Running from: C:\Documents and Settings\mido\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 29
pv: No matching processes found
'XCOPY' is not recognized as an internal or external command
/wow section - STAGE 30
'XCOPY' is not recognized as an internal or external command
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 04:59 44,251,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-17 04:57 1,455,648 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-17 04:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-17 04:56 --------- d-----w C:\Documents and Settings\mido\Application Data\DMCache
2008-09-17 04:55 609,908 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-17 04:55 25,930 -c--a-w C:\WINDOWS\system32\drivers\FLockXP.sys
2008-09-17 04:55 142,640 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-17 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-17 02:53 --------- d-----w C:\Program Files\UnH Solutions
2008-09-17 02:47 --------- d-----w C:\Program Files\GlobFX
2008-09-17 00:05 --------- d-----w C:\Program Files\GVR
2008-09-16 23:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 22:43 2,632 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-14 17:02 --------- d-----w C:\Program Files\URUSoft
2008-09-11 20:46 --------- d-----w C:\Program Files\PicaView32
2008-09-11 20:41 --------- d-----w C:\Documents and Settings\mido\Application Data\Thinstall
2008-09-11 20:35 --------- d-----w C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2008-09-09 18:22 --------- d-----w C:\Program Files\BitComet
2008-09-07 23:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-07 23:25 --------- d-----w C:\Program Files\ACD Systems
2008-09-07 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-29 07:58 35,328 ----a-w C:\WINDOWS\system32\cygz.dll
2008-08-29 07:58 35,328 ----a-w C:\WINDOWS\cygz.dll
2008-08-29 07:58 1,126,281 ----a-w C:\WINDOWS\system32\cygwin1.dll
2008-08-29 07:58 1,126,281 ----a-w C:\WINDOWS\cygwin1.dll
2008-08-22 03:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 03:37 --------- d-----w C:\Program Files\Paragon Software
2008-08-22 03:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-08-15 04:55 --------- d-----w C:\Program Files\Driver Magician
2008-08-15 02:58 --------- d-----w C:\Program Files\ma-config.com
2008-08-15 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-15 02:33 --------- d-s---w C:\Documents and Settings\All Users\Application Data\Memeo
2008-08-15 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-14 00:22 --------- d-----w C:\Program Files\Wf
2008-08-09 14:55 --------- d-----w C:\Documents and Settings\mido\Application Data\IDM
2008-08-09 02:18 --------- d-----w C:\Program Files\Unlocker
2008-08-08 02:03 --------- d-----w C:\Documents and Settings\mido\Application Data\GeoVid
2008-08-08 02:01 --------- d-----w C:\Program Files\GeoVid
2008-08-08 02:01 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-08-06 20:41 --------- d-----w C:\Program Files\Speed Video Converter
2008-08-06 20:26 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 20:15 --------- d-----w C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2008-08-06 20:03 --------- d-----w C:\Program Files\Pegasys Inc
2008-08-04 14:18 --------- d-----w C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
2008-08-03 11:53 --------- d-----w C:\Program Files\RM to MP3 Converter
2008-08-01 20:13 --------- d-----w C:\Program Files\Chameleon Systems
2008-08-01 16:51 --------- d-----w C:\Program Files\Star Downloader
2008-07-29 01:21 --------- d-----w C:\Program Files\WIDCOMM
2008-07-26 20:01 --------- d-----w C:\Program Files\NextSecurity.NET
2008-07-26 18:34 --------- d-----w C:\Program Files\Real Alternative
2008-07-26 18:33 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-26 18:30 --------- d-----w C:\Program Files\Ace Utilities
2008-07-26 18:03 --------- d-----w C:\Program Files\UltraISO
2008-07-26 18:03 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-07-26 18:02 --------- d-----w C:\Program Files\Smart Projects
2008-07-26 17:42 --------- d-----w C:\Program Files\Alcohol Soft
2008-07-26 17:29 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-26 17:29 --------- d-----w C:\Documents and Settings\mido\Application Data\NCH Swift Sound
2008-07-26 17:23 --------- d-----w C:\Program Files\Acoustica MP3 Audio Mixer
2008-07-26 17:19 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-07-26 17:19 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-07-26 17:19 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-07-26 17:19 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-07-26 17:18 --------- d-----w C:\Program Files\Ozone
2008-07-26 17:15 --------- d-----w C:\Program Files\WinAVI Video Converter 7.7
2008-07-26 16:47 --------- d-----w C:\Program Files\Thomson SpeedTouch
2008-07-26 16:46 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-26 16:08 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-07-10 10:46 920,088 -c--a-w C:\WINDOWS\system32\igxpun.exe
2008-06-27 06:08 147,456 ----a-w C:\WINDOWS\system32\igfxCoIn_v4964.dll
2008-06-27 05:48 3,113,472 ----a-w C:\WINDOWS\system32\igxpdx32.dll
2008-06-27 05:48 2,144,352 ----a-w C:\WINDOWS\system32\igxpdv32.dll
2008-06-27 05:48 1,445,112 ----a-w C:\WINDOWS\system32\igkrng400.bin
2008-06-27 05:46 57,344 ----a-w C:\WINDOWS\system32\igxprd32.dll
2008-06-27 05:46 152,064 ----a-w C:\WINDOWS\system32\igxpgd32.dll
2008-06-27 05:19 2,412,544 ----a-w C:\WINDOWS\system32\ig4icd32.dll
2008-06-27 05:19 2,027,520 ----a-w C:\WINDOWS\system32\ig4dev32.dll
2008-06-27 05:13 630,784 ----a-w C:\WINDOWS\system32\igfxcfg.exe
2008-06-27 05:11 204,800 ----a-w C:\WINDOWS\system32\igfxpph.dll
2008-06-27 05:11 163,840 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-06-27 05:11 143,360 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-06-27 05:10 51,712 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
2008-06-27 05:10 249,856 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
2008-06-27 05:10 24,576 ----a-w C:\WINDOWS\system32\igfxexps.dll
2008-06-27 05:10 212,992 ----a-w C:\WINDOWS\system32\igfxdev.dll
2008-06-27 05:10 167,936 ----a-w C:\WINDOWS\system32\igfxext.exe
2008-06-27 05:10 163,840 ----a-w C:\WINDOWS\system32\igfxzoom.exe
2008-06-27 05:10 135,168 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-06-27 05:10 135,168 ----a-w C:\WINDOWS\system32\igfxdo.dll
2008-06-27 05:10 106,496 ----a-w C:\WINDOWS\system32\hccutils.dll
2008-06-27 05:09 5,697,536 ----a-w C:\WINDOWS\system32\igfxress.dll
.
------- Sigcheck -------
11/20/2007 02:00 AM 577536 7a540726ca75e1e988d56ab69925ba79 C:\WINDOWS\system32\user32.dll
11/20/2007 02:00 AM 775680 8edf4adb83f61a351cbbbd2fd88433ae C:\WINDOWS\system32\wininet.dll
11/20/2007 02:00 AM 2182144 a09c144d8d5a460b8ebfa56f913715d2 C:\WINDOWS\system32\ntkrnlpa.exe
11/20/2007 02:00 AM 2302464 465e3e1178812be755634457f4a778bf C:\WINDOWS\system32\ntoskrnl.exe
11/20/2007 02:00 AM 1647616 3d8a3ba32663082a2256f0eb986c3025 C:\WINDOWS\explorer.exe
11/20/2007 02:00 AM 40448 e00dfa816fa5521eb44c5d63109de2a9 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [08/29/2007 06:24 PM 1232384]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [06/13/2008 09:01 AM 932864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/20/2007 02:00 AM 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [10/05/2006 04:56 PM 280779]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [11/20/2007 02:00 AM 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [11/20/2007 02:00 AM 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [11/20/2007 02:00 AM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [11/20/2007 02:00 AM 455168]
"DisplayManager"="C:\WINDOWS\AT11.exe" [02/17/2002 11:35 AM 69632]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/27/2008 08:11 AM 143360]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/27/2008 08:11 AM 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/27/2008 08:10 AM 135168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [05/19/2007 10:36 PM 218640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [11/20/2007 02:00 AM 40448]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [08/29/2007 06:24 PM 1232384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [11/20/2007 02:00 AM 99840 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^mido^Start Menu^Programs^Startup^Styler.lnk]
backup=C:\WINDOWS\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a--c--- 09/19/2004 08:27 AM 65536 C:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 11/09/2006 03:07 PM 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a--c--- 09/07/2006 09:19 AM 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 10/17/2007 01:30 AM 16855552 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15972:TCP"= 15972:TCP:BitComet 15972 TCP
"15972:UDP"= 15972:UDP:BitComet 15972 UDP
R0 FILELOCK;FILELOCK;C:\WINDOWS\system32\Drivers\FLOCKXP.SYS [09/17/2008 07:55 AM 25930]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [01/21/2008 05:43 PM 39472]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [07/25/2008 08:57 PM 191656]
S3 NSPacket;NextSecurity Packet Driver;C:\WINDOWS\system32\drivers\nspacket.sys [12/06/2004 08:08 PM 32768]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [06/13/2008 08:59 AM 30464]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [06/13/2008 08:59 AM 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [06/13/2008 08:59 AM 40320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-diagnostics - C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\mido\Application Data\Mozilla\Firefox\Profiles\78vomvb8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ar
fficial
.
.
------- File Associations -------
.
txtfile=C:\WINDOWS\notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-17 07:57:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 09/17/2008 8:01:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 05:01:17
Pre-Run: 10,465,767,424 bytes free
Post-Run: 10,587,320,320 bytes free
258
ورمضان كريم
انا عندي نفس مشكلة الاخت ونزلت الاداة
وهذا التقرير
ComboFix 08-09-16.01 - mido 09/17/2008 7:50:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1525 [GMT 3:00]
Running from: C:\Documents and Settings\mido\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 29
pv: No matching processes found
'XCOPY' is not recognized as an internal or external command
/wow section - STAGE 30
'XCOPY' is not recognized as an internal or external command
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 04:59 44,251,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-17 04:57 1,455,648 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-17 04:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-17 04:56 --------- d-----w C:\Documents and Settings\mido\Application Data\DMCache
2008-09-17 04:55 609,908 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-17 04:55 25,930 -c--a-w C:\WINDOWS\system32\drivers\FLockXP.sys
2008-09-17 04:55 142,640 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-17 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-17 02:53 --------- d-----w C:\Program Files\UnH Solutions
2008-09-17 02:47 --------- d-----w C:\Program Files\GlobFX
2008-09-17 00:05 --------- d-----w C:\Program Files\GVR
2008-09-16 23:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 22:43 2,632 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-14 17:02 --------- d-----w C:\Program Files\URUSoft
2008-09-11 20:46 --------- d-----w C:\Program Files\PicaView32
2008-09-11 20:41 --------- d-----w C:\Documents and Settings\mido\Application Data\Thinstall
2008-09-11 20:35 --------- d-----w C:\Program Files\Allok AVI to DVD SVCD VCD Converter
2008-09-09 18:22 --------- d-----w C:\Program Files\BitComet
2008-09-07 23:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-07 23:25 --------- d-----w C:\Program Files\ACD Systems
2008-09-07 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-29 07:58 35,328 ----a-w C:\WINDOWS\system32\cygz.dll
2008-08-29 07:58 35,328 ----a-w C:\WINDOWS\cygz.dll
2008-08-29 07:58 1,126,281 ----a-w C:\WINDOWS\system32\cygwin1.dll
2008-08-29 07:58 1,126,281 ----a-w C:\WINDOWS\cygwin1.dll
2008-08-22 03:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 03:37 --------- d-----w C:\Program Files\Paragon Software
2008-08-22 03:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-08-15 04:55 --------- d-----w C:\Program Files\Driver Magician
2008-08-15 02:58 --------- d-----w C:\Program Files\ma-config.com
2008-08-15 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-15 02:33 --------- d-s---w C:\Documents and Settings\All Users\Application Data\Memeo
2008-08-15 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-14 00:22 --------- d-----w C:\Program Files\Wf
2008-08-09 14:55 --------- d-----w C:\Documents and Settings\mido\Application Data\IDM
2008-08-09 02:18 --------- d-----w C:\Program Files\Unlocker
2008-08-08 02:03 --------- d-----w C:\Documents and Settings\mido\Application Data\GeoVid
2008-08-08 02:01 --------- d-----w C:\Program Files\GeoVid
2008-08-08 02:01 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-08-06 20:41 --------- d-----w C:\Program Files\Speed Video Converter
2008-08-06 20:26 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 20:15 --------- d-----w C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2008-08-06 20:03 --------- d-----w C:\Program Files\Pegasys Inc
2008-08-04 14:18 --------- d-----w C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
2008-08-03 11:53 --------- d-----w C:\Program Files\RM to MP3 Converter
2008-08-01 20:13 --------- d-----w C:\Program Files\Chameleon Systems
2008-08-01 16:51 --------- d-----w C:\Program Files\Star Downloader
2008-07-29 01:21 --------- d-----w C:\Program Files\WIDCOMM
2008-07-26 20:01 --------- d-----w C:\Program Files\NextSecurity.NET
2008-07-26 18:34 --------- d-----w C:\Program Files\Real Alternative
2008-07-26 18:33 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-26 18:30 --------- d-----w C:\Program Files\Ace Utilities
2008-07-26 18:03 --------- d-----w C:\Program Files\UltraISO
2008-07-26 18:03 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-07-26 18:02 --------- d-----w C:\Program Files\Smart Projects
2008-07-26 17:42 --------- d-----w C:\Program Files\Alcohol Soft
2008-07-26 17:29 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-26 17:29 --------- d-----w C:\Documents and Settings\mido\Application Data\NCH Swift Sound
2008-07-26 17:23 --------- d-----w C:\Program Files\Acoustica MP3 Audio Mixer
2008-07-26 17:19 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-07-26 17:19 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-07-26 17:19 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-07-26 17:19 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-07-26 17:18 --------- d-----w C:\Program Files\Ozone
2008-07-26 17:15 --------- d-----w C:\Program Files\WinAVI Video Converter 7.7
2008-07-26 16:47 --------- d-----w C:\Program Files\Thomson SpeedTouch
2008-07-26 16:46 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-26 16:08 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-07-10 10:46 920,088 -c--a-w C:\WINDOWS\system32\igxpun.exe
2008-06-27 06:08 147,456 ----a-w C:\WINDOWS\system32\igfxCoIn_v4964.dll
2008-06-27 05:48 3,113,472 ----a-w C:\WINDOWS\system32\igxpdx32.dll
2008-06-27 05:48 2,144,352 ----a-w C:\WINDOWS\system32\igxpdv32.dll
2008-06-27 05:48 1,445,112 ----a-w C:\WINDOWS\system32\igkrng400.bin
2008-06-27 05:46 57,344 ----a-w C:\WINDOWS\system32\igxprd32.dll
2008-06-27 05:46 152,064 ----a-w C:\WINDOWS\system32\igxpgd32.dll
2008-06-27 05:19 2,412,544 ----a-w C:\WINDOWS\system32\ig4icd32.dll
2008-06-27 05:19 2,027,520 ----a-w C:\WINDOWS\system32\ig4dev32.dll
2008-06-27 05:13 630,784 ----a-w C:\WINDOWS\system32\igfxcfg.exe
2008-06-27 05:11 204,800 ----a-w C:\WINDOWS\system32\igfxpph.dll
2008-06-27 05:11 163,840 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-06-27 05:11 143,360 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-06-27 05:10 51,712 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
2008-06-27 05:10 249,856 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
2008-06-27 05:10 24,576 ----a-w C:\WINDOWS\system32\igfxexps.dll
2008-06-27 05:10 212,992 ----a-w C:\WINDOWS\system32\igfxdev.dll
2008-06-27 05:10 167,936 ----a-w C:\WINDOWS\system32\igfxext.exe
2008-06-27 05:10 163,840 ----a-w C:\WINDOWS\system32\igfxzoom.exe
2008-06-27 05:10 135,168 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-06-27 05:10 135,168 ----a-w C:\WINDOWS\system32\igfxdo.dll
2008-06-27 05:10 106,496 ----a-w C:\WINDOWS\system32\hccutils.dll
2008-06-27 05:09 5,697,536 ----a-w C:\WINDOWS\system32\igfxress.dll
.
------- Sigcheck -------
11/20/2007 02:00 AM 577536 7a540726ca75e1e988d56ab69925ba79 C:\WINDOWS\system32\user32.dll
11/20/2007 02:00 AM 775680 8edf4adb83f61a351cbbbd2fd88433ae C:\WINDOWS\system32\wininet.dll
11/20/2007 02:00 AM 2182144 a09c144d8d5a460b8ebfa56f913715d2 C:\WINDOWS\system32\ntkrnlpa.exe
11/20/2007 02:00 AM 2302464 465e3e1178812be755634457f4a778bf C:\WINDOWS\system32\ntoskrnl.exe
11/20/2007 02:00 AM 1647616 3d8a3ba32663082a2256f0eb986c3025 C:\WINDOWS\explorer.exe
11/20/2007 02:00 AM 40448 e00dfa816fa5521eb44c5d63109de2a9 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [08/29/2007 06:24 PM 1232384]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [06/13/2008 09:01 AM 932864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/20/2007 02:00 AM 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [10/05/2006 04:56 PM 280779]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [11/20/2007 02:00 AM 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [11/20/2007 02:00 AM 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [11/20/2007 02:00 AM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [11/20/2007 02:00 AM 455168]
"DisplayManager"="C:\WINDOWS\AT11.exe" [02/17/2002 11:35 AM 69632]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/27/2008 08:11 AM 143360]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/27/2008 08:11 AM 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/27/2008 08:10 AM 135168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [05/19/2007 10:36 PM 218640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [11/20/2007 02:00 AM 40448]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [08/29/2007 06:24 PM 1232384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [11/20/2007 02:00 AM 99840 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^mido^Start Menu^Programs^Startup^Styler.lnk]
backup=C:\WINDOWS\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a--c--- 09/19/2004 08:27 AM 65536 C:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 11/09/2006 03:07 PM 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a--c--- 09/07/2006 09:19 AM 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 10/17/2007 01:30 AM 16855552 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15972:TCP"= 15972:TCP:BitComet 15972 TCP
"15972:UDP"= 15972:UDP:BitComet 15972 UDP
R0 FILELOCK;FILELOCK;C:\WINDOWS\system32\Drivers\FLOCKXP.SYS [09/17/2008 07:55 AM 25930]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [01/21/2008 05:43 PM 39472]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [07/25/2008 08:57 PM 191656]
S3 NSPacket;NextSecurity Packet Driver;C:\WINDOWS\system32\drivers\nspacket.sys [12/06/2004 08:08 PM 32768]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [06/13/2008 08:59 AM 30464]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [06/13/2008 08:59 AM 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [06/13/2008 08:59 AM 40320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-diagnostics - C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\mido\Application Data\Mozilla\Firefox\Profiles\78vomvb8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ar
fficial.
.
------- File Associations -------
.
txtfile=C:\WINDOWS\notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-09-17 07:57:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 09/17/2008 8:01:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-17 05:01:17
Pre-Run: 10,465,767,424 bytes free
Post-Run: 10,587,320,320 bytes free
258
ورمضان كريم
تأييد
0
غير متصل
عطني تقرير لا هنت
بعد التحميل => شغل البرنامج
Do a system scan and save a log file
يطلع لك تقرير => انسخه والصقه بردك القادم
ويستحسن لو ترفعه على رابط
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد التحميل => شغل البرنامج
Do a system scan and save a log file
يطلع لك تقرير => انسخه والصقه بردك القادم
ويستحسن لو ترفعه على رابط
توقيع : Juve Guard
تأييد
0
أمي اليمن
زيزوومي نشيط
- إنضم
- 23 يناير 2008
- المشاركات
- 174
- مستوى التفاعل
- 1
- النقاط
- 200
- الإقامة
- جـــــــــــــــــــده اموت فيها
غير متصل
راجع
مثبــت:
مثبــت:
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : أمي اليمن
تأييد
0