- بادئ الموضوع anjam
- تاريخ البدء
- 891
MAAX
عضوشرف
غير متصل
يا هلاااا بك
ركبي الفلاش واعملي التالي
ركبي الفلاش واعملي التالي
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
مرااااااااااااااااحب
ComboFix 08-09-26.01 - Mfc 09/26/2008 23:41:21.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.276 [GMT 3:00]
Running from: C:\Documents and Settings\Mfc\My Documents\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\1t6yxlxx.cmd
F:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-09-21 16:37 --------- d-----w C:\Documents and Settings\Mfc\Application Data\dogcampjoy
2008-09-21 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB
2008-09-21 16:35 --------- d-----w C:\Program Files\dogcampjoy
2008-09-21 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
2008-09-18 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-18 00:24 --------- d-----w C:\Documents and Settings\Mfc\Application Data\cleaner
2008-09-07 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 13:15 --------- d-----w C:\Documents and Settings\Mfc\Application Data\Media Player Classic
2008-09-02 21:21 --------- d-----w C:\Program Files\GetData
2008-08-30 08:17 --------- d-----w C:\Program Files\MSN Messenger
2008-08-30 08:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-27 07:29 --------- d-----w C:\Program Files\Play89
2008-08-14 17:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-12 18:25 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-11 08:52 --------- d-----w C:\Program Files\ESET
2008-08-09 07:28 --------- d-----w C:\Documents and Settings\Mfc\Application Data\ESET
2008-08-09 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-08 01:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-06 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping
2005-02-11 09:52 157,056 ----a-w C:\WINDOWS\inf\tifm21.sys
2004-12-01 14:55 22,488 ----a-w C:\WINDOWS\inf\btcusb.sys
2004-11-05 08:39 82,148 ----a-w C:\WINDOWS\inf\VcommMgr.sys
2004-11-02 16:27 773,565 ----a-r C:\WINDOWS\inf\ialmnt5.sys
2004-11-02 16:26 819,259 ----a-r C:\WINDOWS\inf\ialmdd5.dll
2004-11-02 16:19 61,440 ----a-r C:\WINDOWS\inf\iAlmCoIn_v3943.dll
2004-11-02 16:19 512,000 ----a-r C:\WINDOWS\inf\ialmgdev.dll
2004-11-02 16:19 49,152 ----a-r C:\WINDOWS\inf\ialmrem.dll
2004-11-02 16:19 37,951 ----a-r C:\WINDOWS\inf\ialmrnt5.dll
2004-11-02 16:19 164,475 ----a-r C:\WINDOWS\inf\ialmdev5.dll
2004-11-02 16:19 100,924 ----a-r C:\WINDOWS\inf\ialmdnt5.dll
2004-11-02 16:17 2,289,664 ----a-r C:\WINDOWS\inf\ialmgicd.dll
2004-11-02 16:04 69,632 ----a-r C:\WINDOWS\inf\oemdspif.dll
2004-11-02 16:04 163,840 ----a-r C:\WINDOWS\inf\igfxres.dll
2004-11-02 16:04 114,688 ----a-r C:\WINDOWS\inf\igfxzoom.exe
2004-11-02 16:03 36,864 ----a-r C:\WINDOWS\inf\igfxexps.dll
2004-11-02 16:03 225,280 ----a-r C:\WINDOWS\inf\igfxpph.dll
2004-11-02 16:03 155,648 ----a-r C:\WINDOWS\inf\igfxtray.exe
2004-11-02 16:03 106,496 ----a-r C:\WINDOWS\inf\igfxext.exe
2004-11-02 16:02 45,056 ----a-r C:\WINDOWS\inf\igfxdgps.dll
2004-11-02 16:02 225,280 ----a-r C:\WINDOWS\inf\igfxeud.dll
2004-11-02 16:02 151,552 ----a-r C:\WINDOWS\inf\igfxdiag.exe
2004-11-02 16:01 503,808 ----a-r C:\WINDOWS\inf\igfxcfg.exe
2004-11-02 15:59 348,160 ----a-r C:\WINDOWS\inf\igfxsrvc.dll
2004-11-02 15:59 131,072 ----a-r C:\WINDOWS\inf\igfxhk.dll
2004-11-02 15:59 126,976 ----a-r C:\WINDOWS\inf\hkcmd.exe
2004-11-02 15:58 86,016 ----a-r C:\WINDOWS\inf\igfxdo.dll
2004-11-02 15:58 139,264 ----a-r C:\WINDOWS\inf\igfxdev.dll
2004-11-02 15:58 118,784 ----a-r C:\WINDOWS\inf\hccutils.dll
2004-11-02 15:58 1,245,184 ----a-r C:\WINDOWS\inf\igfxress.dll
2004-10-29 18:48 3,222,784 ----a-r C:\WINDOWS\inf\w29n51.sys
2004-10-28 14:37 1,270,572 ----a-r C:\WINDOWS\inf\AGRSM.sys
2004-10-27 13:57 2,284,864 ----a-w C:\WINDOWS\inf\ALCXWDM.SYS
2004-10-19 10:40 28,207 ----a-w C:\WINDOWS\inf\BTHidMgr.sys
2004-10-19 10:37 61,312 ----a-w C:\WINDOWS\inf\VComm.sys
2004-10-19 08:39 20,096 ----a-w C:\WINDOWS\inf\blueletaudio.sys
2004-10-15 10:20 458,752 ----a-r C:\WINDOWS\inf\w29NCPA.dll
2004-09-21 15:18 7,680 ----a-w C:\WINDOWS\inf\btinstall.dll
2004-09-21 15:18 11,604 ----a-w C:\WINDOWS\inf\vbtenum.sys
2004-09-21 15:15 10,804 ----a-w C:\WINDOWS\inf\BtNetDrv.sys
2004-09-07 14:23 156,672 ----a-w C:\WINDOWS\inf\RTLCPAPI.dll
2004-08-04 00:56 74,752 ----a-w C:\WINDOWS\inf\storprop.dll
2004-08-03 23:05 61,824 ----a-w C:\WINDOWS\inf\nic1394.sys
2004-08-03 23:05 60,800 ----a-w C:\WINDOWS\inf\arp1394.sys
2004-08-03 23:05 52,224 ----a-w C:\WINDOWS\inf\dmutil.dll
2004-08-03 23:05 20,992 ----a-w C:\WINDOWS\inf\hid.dll
2004-08-03 23:05 2,056,832 ----a-w C:\WINDOWS\inf\ntkrnlpa.exe
2004-08-03 22:59 57,472 ----a-w C:\WINDOWS\inf\redbook.sys
2004-08-03 22:56 8,704 ----a-w C:\WINDOWS\inf\batt.dll
2004-08-03 22:56 7,168 ----a-w C:\WINDOWS\inf\hccoin.dll
2004-08-03 22:56 30,208 ----a-w C:\WINDOWS\inf\bthserv.dll
2004-08-03 22:56 29,184 ----a-w C:\WINDOWS\inf\sdhcinst.dll
2004-08-03 22:56 20,992 ----a-w C:\WINDOWS\inf\bthci.dll
2004-08-03 22:56 193,024 ----a-w C:\WINDOWS\inf\fsquirt.exe
2004-08-03 22:56 108,032 ----a-w C:\WINDOWS\inf\wshbth.dll
2004-08-03 21:56 74,240 ----a-w C:\WINDOWS\inf\usbui.dll
2004-08-03 21:56 4,096 ----a-w C:\WINDOWS\inf\ksuser.dll
2004-08-03 21:56 23,552 ----a-w C:\WINDOWS\inf\wdmaud.drv
2004-08-03 21:20 2,180,992 ----a-w C:\WINDOWS\inf\ntoskrnl.exe
2004-08-03 21:10 61,056 ----a-w C:\WINDOWS\inf\ohci1394.sys
2004-08-03 21:10 53,248 ----a-w C:\WINDOWS\inf\1394bus.sys
2004-08-03 21:08 36,224 ----a-w C:\WINDOWS\inf\hidclass.sys
2004-08-03 21:08 24,960 ----a-w C:\WINDOWS\inf\hidparse.sys
2004-08-03 21:07 67,584 ----a-w C:\WINDOWS\inf\sdbus.sys
2004-08-03 21:07 119,936 ----a-w C:\WINDOWS\inf\pcmcia.sys
2004-08-03 21:00 41,856 ----a-w C:\WINDOWS\inf\imapi.sys
2004-08-03 20:59 49,536 ----a-w C:\WINDOWS\inf\cdrom.sys
2004-08-03 20:59 36,352 ----a-w C:\WINDOWS\inf\disk.sys
2004-08-03 20:59 131,968 ----a-w C:\WINDOWS\inf\hal.dll
2004-08-03 20:58 24,576 ----a-w C:\WINDOWS\inf\kbdclass.sys
2004-08-03 20:15 82,944 ----a-w C:\WINDOWS\inf\wdmaud.sys
2004-08-03 20:15 60,800 ----a-w C:\WINDOWS\inf\sysaudio.sys
2004-08-03 20:15 145,792 ----a-w C:\WINDOWS\inf\portcls.sys
2004-08-03 20:14 52,736 ----a-w C:\WINDOWS\inf\i8042prt.sys
2004-08-03 20:10 85,376 ----a-w C:\WINDOWS\inf\NABTSFEC.sys
2004-08-03 20:10 59,648 ----a-w C:\WINDOWS\inf\rfcomm.sys
2004-08-03 20:10 274,304 ----a-w C:\WINDOWS\inf\bthport.sys
2004-08-03 20:10 19,328 ----a-w C:\WINDOWS\inf\WSTCODEC.SYS
2004-08-03 20:10 18,944 ----a-w C:\WINDOWS\inf\BTHUSB.SYS
2004-08-03 20:10 17,024 ----a-w C:\WINDOWS\inf\CCDECODE.sys
.
((((((((((((((((((((((((((((( snapshot@Sun 08-31-2008_ 6.55.54.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-16 14:03:17 335,464 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-14 09:32:33 334,664 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-28 13:41:39 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-26 19:26:35 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-28 13:41:39 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-26 19:26:35 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-27 07:45:37 405,508 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-09-18 20:12:10 856,100 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 02:00 PM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [11/30/2004 12:36 PM 1945600]
"Scr base"="C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe" [09/21/2008 07:35 PM 498176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/27/2008 10:13 AM 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/27/2008 10:15 AM 180269]
"Option Bib Logo Log"="C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Poke Iso.exe" [09/26/2008 10:22 PM 829952]
"BluetoothAuthenticationAgent"="bthprops.cpl" [12/31/2002 02:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [12/31/2002 02:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-14 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.jxvd"= JetMPVx.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 10/30/2003 07:46 PM 192512 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 12/31/2002 02:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 11/02/2004 06:59 PM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 11/02/2004 07:03 PM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/27/2008 10:13 AM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 11/02/2004 08:24 PM 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/27/2008 10:24 AM 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 03/27/2008 10:15 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mfc\Application Data\Mozilla\Firefox\Profiles\e78pqbbf.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-26 23:42:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g?e
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/26/2008 23:42:50
ComboFix-quarantined-files.txt 2008-09-26 20:42:28
ComboFix2.txt 2008-09-26 20:38:45
ComboFix3.txt 2008-09-18 20:42:35
ComboFix4.txt 2008-09-17 23:47:36
ComboFix5.txt 2008-09-26 20:41:13
Pre-Run: 12,496,117,760 bytes free
Post-Run: 12,487,942,144 bytes free
215
ComboFix 08-09-26.01 - Mfc 09/26/2008 23:41:21.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.276 [GMT 3:00]
Running from: C:\Documents and Settings\Mfc\My Documents\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\1t6yxlxx.cmd
F:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-09-21 16:37 --------- d-----w C:\Documents and Settings\Mfc\Application Data\dogcampjoy
2008-09-21 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB
2008-09-21 16:35 --------- d-----w C:\Program Files\dogcampjoy
2008-09-21 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Wait Find Browse New
2008-09-18 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-18 00:24 --------- d-----w C:\Documents and Settings\Mfc\Application Data\cleaner
2008-09-07 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 13:15 --------- d-----w C:\Documents and Settings\Mfc\Application Data\Media Player Classic
2008-09-02 21:21 --------- d-----w C:\Program Files\GetData
2008-08-30 08:17 --------- d-----w C:\Program Files\MSN Messenger
2008-08-30 08:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-27 07:29 --------- d-----w C:\Program Files\Play89
2008-08-14 17:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-12 18:25 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-11 08:52 --------- d-----w C:\Program Files\ESET
2008-08-09 07:28 --------- d-----w C:\Documents and Settings\Mfc\Application Data\ESET
2008-08-09 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-08 01:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-06 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ball mapi owns ping
2005-02-11 09:52 157,056 ----a-w C:\WINDOWS\inf\tifm21.sys
2004-12-01 14:55 22,488 ----a-w C:\WINDOWS\inf\btcusb.sys
2004-11-05 08:39 82,148 ----a-w C:\WINDOWS\inf\VcommMgr.sys
2004-11-02 16:27 773,565 ----a-r C:\WINDOWS\inf\ialmnt5.sys
2004-11-02 16:26 819,259 ----a-r C:\WINDOWS\inf\ialmdd5.dll
2004-11-02 16:19 61,440 ----a-r C:\WINDOWS\inf\iAlmCoIn_v3943.dll
2004-11-02 16:19 512,000 ----a-r C:\WINDOWS\inf\ialmgdev.dll
2004-11-02 16:19 49,152 ----a-r C:\WINDOWS\inf\ialmrem.dll
2004-11-02 16:19 37,951 ----a-r C:\WINDOWS\inf\ialmrnt5.dll
2004-11-02 16:19 164,475 ----a-r C:\WINDOWS\inf\ialmdev5.dll
2004-11-02 16:19 100,924 ----a-r C:\WINDOWS\inf\ialmdnt5.dll
2004-11-02 16:17 2,289,664 ----a-r C:\WINDOWS\inf\ialmgicd.dll
2004-11-02 16:04 69,632 ----a-r C:\WINDOWS\inf\oemdspif.dll
2004-11-02 16:04 163,840 ----a-r C:\WINDOWS\inf\igfxres.dll
2004-11-02 16:04 114,688 ----a-r C:\WINDOWS\inf\igfxzoom.exe
2004-11-02 16:03 36,864 ----a-r C:\WINDOWS\inf\igfxexps.dll
2004-11-02 16:03 225,280 ----a-r C:\WINDOWS\inf\igfxpph.dll
2004-11-02 16:03 155,648 ----a-r C:\WINDOWS\inf\igfxtray.exe
2004-11-02 16:03 106,496 ----a-r C:\WINDOWS\inf\igfxext.exe
2004-11-02 16:02 45,056 ----a-r C:\WINDOWS\inf\igfxdgps.dll
2004-11-02 16:02 225,280 ----a-r C:\WINDOWS\inf\igfxeud.dll
2004-11-02 16:02 151,552 ----a-r C:\WINDOWS\inf\igfxdiag.exe
2004-11-02 16:01 503,808 ----a-r C:\WINDOWS\inf\igfxcfg.exe
2004-11-02 15:59 348,160 ----a-r C:\WINDOWS\inf\igfxsrvc.dll
2004-11-02 15:59 131,072 ----a-r C:\WINDOWS\inf\igfxhk.dll
2004-11-02 15:59 126,976 ----a-r C:\WINDOWS\inf\hkcmd.exe
2004-11-02 15:58 86,016 ----a-r C:\WINDOWS\inf\igfxdo.dll
2004-11-02 15:58 139,264 ----a-r C:\WINDOWS\inf\igfxdev.dll
2004-11-02 15:58 118,784 ----a-r C:\WINDOWS\inf\hccutils.dll
2004-11-02 15:58 1,245,184 ----a-r C:\WINDOWS\inf\igfxress.dll
2004-10-29 18:48 3,222,784 ----a-r C:\WINDOWS\inf\w29n51.sys
2004-10-28 14:37 1,270,572 ----a-r C:\WINDOWS\inf\AGRSM.sys
2004-10-27 13:57 2,284,864 ----a-w C:\WINDOWS\inf\ALCXWDM.SYS
2004-10-19 10:40 28,207 ----a-w C:\WINDOWS\inf\BTHidMgr.sys
2004-10-19 10:37 61,312 ----a-w C:\WINDOWS\inf\VComm.sys
2004-10-19 08:39 20,096 ----a-w C:\WINDOWS\inf\blueletaudio.sys
2004-10-15 10:20 458,752 ----a-r C:\WINDOWS\inf\w29NCPA.dll
2004-09-21 15:18 7,680 ----a-w C:\WINDOWS\inf\btinstall.dll
2004-09-21 15:18 11,604 ----a-w C:\WINDOWS\inf\vbtenum.sys
2004-09-21 15:15 10,804 ----a-w C:\WINDOWS\inf\BtNetDrv.sys
2004-09-07 14:23 156,672 ----a-w C:\WINDOWS\inf\RTLCPAPI.dll
2004-08-04 00:56 74,752 ----a-w C:\WINDOWS\inf\storprop.dll
2004-08-03 23:05 61,824 ----a-w C:\WINDOWS\inf\nic1394.sys
2004-08-03 23:05 60,800 ----a-w C:\WINDOWS\inf\arp1394.sys
2004-08-03 23:05 52,224 ----a-w C:\WINDOWS\inf\dmutil.dll
2004-08-03 23:05 20,992 ----a-w C:\WINDOWS\inf\hid.dll
2004-08-03 23:05 2,056,832 ----a-w C:\WINDOWS\inf\ntkrnlpa.exe
2004-08-03 22:59 57,472 ----a-w C:\WINDOWS\inf\redbook.sys
2004-08-03 22:56 8,704 ----a-w C:\WINDOWS\inf\batt.dll
2004-08-03 22:56 7,168 ----a-w C:\WINDOWS\inf\hccoin.dll
2004-08-03 22:56 30,208 ----a-w C:\WINDOWS\inf\bthserv.dll
2004-08-03 22:56 29,184 ----a-w C:\WINDOWS\inf\sdhcinst.dll
2004-08-03 22:56 20,992 ----a-w C:\WINDOWS\inf\bthci.dll
2004-08-03 22:56 193,024 ----a-w C:\WINDOWS\inf\fsquirt.exe
2004-08-03 22:56 108,032 ----a-w C:\WINDOWS\inf\wshbth.dll
2004-08-03 21:56 74,240 ----a-w C:\WINDOWS\inf\usbui.dll
2004-08-03 21:56 4,096 ----a-w C:\WINDOWS\inf\ksuser.dll
2004-08-03 21:56 23,552 ----a-w C:\WINDOWS\inf\wdmaud.drv
2004-08-03 21:20 2,180,992 ----a-w C:\WINDOWS\inf\ntoskrnl.exe
2004-08-03 21:10 61,056 ----a-w C:\WINDOWS\inf\ohci1394.sys
2004-08-03 21:10 53,248 ----a-w C:\WINDOWS\inf\1394bus.sys
2004-08-03 21:08 36,224 ----a-w C:\WINDOWS\inf\hidclass.sys
2004-08-03 21:08 24,960 ----a-w C:\WINDOWS\inf\hidparse.sys
2004-08-03 21:07 67,584 ----a-w C:\WINDOWS\inf\sdbus.sys
2004-08-03 21:07 119,936 ----a-w C:\WINDOWS\inf\pcmcia.sys
2004-08-03 21:00 41,856 ----a-w C:\WINDOWS\inf\imapi.sys
2004-08-03 20:59 49,536 ----a-w C:\WINDOWS\inf\cdrom.sys
2004-08-03 20:59 36,352 ----a-w C:\WINDOWS\inf\disk.sys
2004-08-03 20:59 131,968 ----a-w C:\WINDOWS\inf\hal.dll
2004-08-03 20:58 24,576 ----a-w C:\WINDOWS\inf\kbdclass.sys
2004-08-03 20:15 82,944 ----a-w C:\WINDOWS\inf\wdmaud.sys
2004-08-03 20:15 60,800 ----a-w C:\WINDOWS\inf\sysaudio.sys
2004-08-03 20:15 145,792 ----a-w C:\WINDOWS\inf\portcls.sys
2004-08-03 20:14 52,736 ----a-w C:\WINDOWS\inf\i8042prt.sys
2004-08-03 20:10 85,376 ----a-w C:\WINDOWS\inf\NABTSFEC.sys
2004-08-03 20:10 59,648 ----a-w C:\WINDOWS\inf\rfcomm.sys
2004-08-03 20:10 274,304 ----a-w C:\WINDOWS\inf\bthport.sys
2004-08-03 20:10 19,328 ----a-w C:\WINDOWS\inf\WSTCODEC.SYS
2004-08-03 20:10 18,944 ----a-w C:\WINDOWS\inf\BTHUSB.SYS
2004-08-03 20:10 17,024 ----a-w C:\WINDOWS\inf\CCDECODE.sys
.
((((((((((((((((((((((((((((( snapshot@Sun 08-31-2008_ 6.55.54.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-16 14:03:17 335,464 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-14 09:32:33 334,664 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-28 13:41:39 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-26 19:26:35 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-28 13:41:39 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-26 19:26:35 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-27 07:45:37 405,508 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-09-18 20:12:10 856,100 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 02:00 PM 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [11/30/2004 12:36 PM 1945600]
"Scr base"="C:\DOCUME~1\Mfc\APPLIC~1\DOGCAM~1\bone noun date.exe" [09/21/2008 07:35 PM 498176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/27/2008 10:13 AM 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/27/2008 10:15 AM 180269]
"Option Bib Logo Log"="C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Poke Iso.exe" [09/26/2008 10:22 PM 829952]
"BluetoothAuthenticationAgent"="bthprops.cpl" [12/31/2002 02:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [12/31/2002 02:00 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-14 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.jxvd"= JetMPVx.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 10/30/2003 07:46 PM 192512 C:\Program Files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 12/31/2002 02:00 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 11/02/2004 06:59 PM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 11/02/2004 07:03 PM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/27/2008 10:13 AM 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 11/02/2004 08:24 PM 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/27/2008 10:24 AM 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 03/27/2008 10:15 AM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mfc\Application Data\Mozilla\Firefox\Profiles\e78pqbbf.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-09-26 23:42:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g?e
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 09/26/2008 23:42:50
ComboFix-quarantined-files.txt 2008-09-26 20:42:28
ComboFix2.txt 2008-09-26 20:38:45
ComboFix3.txt 2008-09-18 20:42:35
ComboFix4.txt 2008-09-17 23:47:36
ComboFix5.txt 2008-09-26 20:41:13
Pre-Run: 12,496,117,760 bytes free
Post-Run: 12,487,942,144 bytes free
215
توقيع : anjam
تأييد
0
البارون
زيزوومى فضى
- إنضم
- 1 مارس 2008
- المشاركات
- 13,588
- مستوى التفاعل
- 506
- النقاط
- 920
غير متصل
جرب ذحين نجم اشبك الفلاشه
وخذ موضوع الاخ ابراهيم
وهذا موضوع الاخ زيزوم
وخذ موضوع الاخ ابراهيم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وهذا موضوع الاخ زيزوم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : البارون
تأييد
0
