تقرير الهايجاك

جنوبي الهوى · 28 نوفمبر 2008

السلام عليكم ورحمة الله وبركاته
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:57:47 م, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Semtech\Semtech Pointing Device\iact.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [XP-BFD659DD] C:\WINDOWS\system32\XP-BFD659DD.EXE
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: ،،،،،،.lnk = C:\WINDOWS\system32\XP-BFD659DD.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BE66BB1-4BCC-4D69-8672-52FD24121774}: NameServer = 172.10.0.1 91.142.48.48
O17 - HKLM\System\CCS\Services\Tcpip\..\{E422ED2B-D445-459F-98C6-C2310C2CAAD6}: NameServer = 192.168.70.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iact - Unknown owner - C:\Program Files\Semtech\Semtech Pointing Device\iact.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 3584 bytes

AbOdy · 28 نوفمبر 2008

في عندك بعض الأصابات

==============

(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

بالأنتظار لعمل المطلوب

جنوبي الهوى · 28 نوفمبر 2008

ComboFix 08-11-27.01 - BVX-Messi 11/28/2008 18:11:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.285 [GMT 2:00]
Running from: c:\documents and settings\BVX-Messi\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\BVX-ME~1\LOCALS~1\Temp\E_4
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\internet.fne
c:\windows\system32\krnln.fnr
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 17:29 --------- d-----w c:\program files\USB Disk Security
2008-11-27 17:22 194,012 --sh--w c:\windows\system32\winscreg.exe
2008-11-27 17:22 194,010 ----a-w c:\windows\system32\1C78BB8.EXE
2008-11-27 16:44 193,500 ----a-w c:\windows\system32\33984D.EXE
2008-11-27 16:44 193,490 --sh--w c:\windows\system32\winqcreg.exe
2008-11-27 15:54 --------- d-----w c:\program files\microsoft frontpage
2008-11-27 15:46 208,346 ----a-w c:\documents and settings\BVX-Messi\skp66.exe
2008-11-27 13:57 --------- d-----w c:\program files\Trend Micro
2008-11-27 09:53 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-26 11:12 --------- d-----w c:\program files\dvbdream
2008-11-26 10:52 --------- d-----w c:\documents and settings\BVX-Messi\Application Data\MiniDm
2008-11-24 21:06 208,338 ------w c:\windows\system32\bndmss.exe
2008-11-24 19:53 194,010 --sh--w c:\windows\system32\winrcreg.exe
2008-11-24 16:05 --------- d-----w c:\program files\Foffanna©
2008-11-23 21:15 --------- d-----w c:\program files\Common Files\Elecard
2008-11-22 09:29 --------- d-----w c:\documents and settings\BVX-Messi\Application Data\IEPro
2008-11-20 10:16 36,892 ----a-w c:\windows\bassmod.dll
2008-11-20 10:13 --------- d-----w c:\program files\eBook Workshop
2008-11-19 13:36 --------- d-----w c:\program files\MSNTweaker
2008-11-18 12:15 --------- d-----w c:\program files\GlobFX
2008-11-17 16:01 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-16 16:10 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-16 16:07 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-16 15:53 --------- d-----w c:\program files\Semtech
2008-11-16 15:51 --------- d-----w c:\program files\Synaptics
2008-11-16 15:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 15:48 --------- d-----w c:\program files\Marvell
2008-11-16 15:45 17,119 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-16 15:45 --------- d-----w c:\documents and settings\BVX-Messi\Application Data\Intel
2008-11-16 15:44 --------- d-----w c:\program files\Intel
2008-11-16 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-11-16 15:36 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-16 15:36 --------- d-----w c:\program files\ATI Technologies
2008-11-15 11:23 --------- d-----w c:\program files\CCleaner
2006-11-25 12:11 180,190 --sh--r c:\windows\system32\fooool.exe
.

------- Sigcheck -------

05/05/2008 11:45 AM 665600 44aea5a47244ff2611f9b3926dea6fa2 c:\windows\system32\wininet.dll

01/27/2008 04:04 PM 1524224 e24cd37d23a71dbb9a484a50eb255462 c:\windows\explorer.exe

04/14/2008 07:42 PM 288734 d8473d3f42d0c7e295503b7ddba288c0 c:\windows\system32\wuauclt.exe

04/14/2008 07:42 PM 203746 8fa8ee10428af904876bd5ee251cf410 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@Thu 11-27-2008_18.04.10.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-11-09 08:19:26 88,358 ----a-r c:\windows\AGRSMMSG.exe
+ 2004-11-09 08:19:26 267,746 ----a-r c:\windows\AGRSMMSG.exe
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 340,958 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 06:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 06:00:00 267,742 ----a-w c:\windows\fdsv.exe
- 2000-08-31 06:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 06:00:00 258,522 ----a-w c:\windows\grep.exe
- 2001-08-24 03:00:00 277,472 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
+ 2001-08-24 03:00:00 99,840 ----a-w c:\windows\pchealth\helpctr\binaries\helphost.exe
- 2001-08-24 03:00:00 212,950 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
+ 2001-08-24 03:00:00 35,328 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
- 2000-08-31 06:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 06:00:00 276,448 ----a-w c:\windows\sed.exe
- 2000-08-31 06:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 06:00:00 314,336 ----a-w c:\windows\SWSC.exe
- 2000-08-31 06:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2000-08-31 06:00:00 390,110 ----a-w c:\windows\SWXCACLS.exe
- 2001-08-24 03:00:00 197,082 ----a-w c:\windows\system32\arp.exe
+ 2001-08-24 03:00:00 19,456 ----a-w c:\windows\system32\arp.exe
- 2001-08-24 03:00:00 209,880 ----a-w c:\windows\system32\asr_ldm.exe
+ 2001-08-24 03:00:00 32,256 ----a-w c:\windows\system32\asr_ldm.exe
- 2004-12-07 12:59:24 425,984 ----a-w c:\windows\system32\ati2evxx.exe
+ 2004-12-07 12:59:24 603,616 ----a-w c:\windows\system32\ati2evxx.exe
- 2001-08-24 03:00:00 182,232 ----a-w c:\windows\system32\bootok.exe
+ 2001-08-24 03:00:00 4,608 ----a-w c:\windows\system32\bootok.exe
- 2001-08-24 03:00:00 182,744 ----a-w c:\windows\system32\bootvrfy.exe
+ 2001-08-24 03:00:00 5,120 ----a-w c:\windows\system32\bootvrfy.exe
+ 2001-08-24 03:00:00 12,498 -c--a-w c:\windows\system32\dllcache\append.exe
+ 2001-08-24 03:00:00 19,456 -c--a-w c:\windows\system32\dllcache\arp.exe
+ 2001-08-24 03:00:00 32,256 -c--a-w c:\windows\system32\dllcache\asr_ldm.exe
+ 2008-04-14 17:42:14 588,800 -c--a-w c:\windows\system32\dllcache\autochk.exe
+ 2008-04-14 17:42:14 602,624 -c--a-w c:\windows\system32\dllcache\autoconv.exe
+ 2008-04-14 17:42:14 580,608 -c--a-w c:\windows\system32\dllcache\autofmt.exe
+ 2008-04-14 17:42:14 11,264 -c--a-w c:\windows\system32\dllcache\autolfn.exe
+ 2001-08-24 03:00:00 42,577 -c--a-w c:\windows\system32\dllcache\bckgzm.exe
+ 2001-08-24 03:00:00 4,608 -c--a-w c:\windows\system32\dllcache\bootok.exe
+ 2001-08-24 03:00:00 5,120 -c--a-w c:\windows\system32\dllcache\bootvrfy.exe
+ 2001-08-24 03:00:00 12,288 -c--a-w c:\windows\system32\dllcache\cb32.exe
+ 2001-08-24 03:00:00 42,575 -c--a-w c:\windows\system32\dllcache\chkrzm.exe
+ 2001-08-24 03:00:00 20,634 -c--a-w c:\windows\system32\dllcache\debug.exe
+ 2008-04-14 10:24:52 53,840 -c--a-w c:\windows\system32\dllcache\dosx.exe
+ 2001-08-24 03:00:00 28,112 -c--a-w c:\windows\system32\dllcache\drwatson.exe
+ 2001-08-17 20:36:42 55,296 -c--a-w c:\windows\system32\dllcache\dvdplay.exe
+ 2001-08-24 03:00:00 12,642 -c--a-w c:\windows\system32\dllcache\edlin.exe
+ 2001-08-24 03:00:00 8,424 -c--a-w c:\windows\system32\dllcache\exe2bin.exe
+ 2001-08-24 03:00:00 14,848 -c--a-w c:\windows\system32\dllcache\fc.exe
+ 2008-04-14 03:42:22 193,024 -c--a-w c:\windows\system32\dllcache\fsquirt.exe
+ 2001-08-24 03:00:00 24,576 -c--a-w c:\windows\system32\dllcache\gdi.exe
+ 2001-08-24 03:00:00 99,840 -c--a-w c:\windows\system32\dllcache\helphost.exe
+ 2001-08-24 03:00:00 42,573 -c--a-w c:\windows\system32\dllcache\hrtzzm.exe
+ 2001-08-24 03:00:00 73,728 -c--a-w c:\windows\system32\dllcache\icwtutor.exe
+ 2001-08-24 03:00:00 16,384 -c--a-w c:\windows\system32\dllcache\isignup.exe
+ 2008-04-14 10:23:14 92,224 -c--a-w c:\windows\system32\dllcache\krnl386.exe
+ 2001-08-24 03:00:00 9,728 -c--a-w c:\windows\system32\dllcache\label.exe
+ 2001-08-24 03:00:00 29,696 -c--a-w c:\windows\system32\dllcache\lights.exe
+ 2008-04-14 17:42:26 75,264 -c--a-w c:\windows\system32\dllcache\locator.exe
+ 2001-08-24 03:00:00 5,120 -c--a-w c:\windows\system32\dllcache\lodctr.exe
+ 2008-04-14 17:42:26 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-04-14 17:42:26 59,392 -c--a-w c:\windows\system32\dllcache\logman.exe
+ 2001-08-24 03:00:00 15,360 -c--a-w c:\windows\system32\dllcache\logoff.exe
+ 2001-08-24 03:00:00 6,144 -c--a-w c:\windows\system32\dllcache\lpq.exe
+ 2001-08-24 03:00:00 8,192 -c--a-w c:\windows\system32\dllcache\lpr.exe
+ 2008-04-14 17:42:26 72,704 -c--a-w c:\windows\system32\dllcache\magnify.exe
+ 2008-04-14 17:42:26 57,344 -c--a-w c:\windows\system32\dllcache\makecab.exe
+ 2001-08-24 03:00:00 39,274 -c--a-w c:\windows\system32\dllcache\mem.exe
+ 2008-04-14 17:42:26 1,414,656 -c--a-w c:\windows\system32\dllcache\mmc.exe
+ 2008-04-14 17:42:26 33,792 -c--a-w c:\windows\system32\dllcache\mmcperf.exe
+ 2008-04-14 17:42:26 32,768 -c--a-w c:\windows\system32\dllcache\mnmsrvc.exe
+ 2008-04-14 17:42:28 143,360 -c--a-w c:\windows\system32\dllcache\mobsync.exe
+ 2001-08-24 03:00:00 8,192 -c--a-w c:\windows\system32\dllcache\mountvol.exe
+ 2008-04-14 17:42:28 123,392 -c--a-w c:\windows\system32\dllcache\mplay32.exe
+ 2008-04-14 17:42:28 4,639 -c--a-w c:\windows\system32\dllcache\mplayer2.exe
+ 2001-08-24 03:00:00 22,016 -c--a-w c:\windows\system32\dllcache\mpnotify.exe
+ 2008-04-14 17:42:28 19,968 -c--a-w c:\windows\system32\dllcache\mqbkup.exe
+ 2008-04-14 17:42:28 4,608 -c--a-w c:\windows\system32\dllcache\mqsvc.exe
+ 2008-04-14 17:42:28 117,248 -c--a-w c:\windows\system32\dllcache\mqtgsvc.exe
+ 2001-08-24 03:00:00 12,800 -c--a-w c:\windows\system32\dllcache\mrinfo.exe
+ 2008-04-14 17:42:28 6,144 -c--a-w c:\windows\system32\dllcache\msdtc.exe
+ 2001-08-24 03:00:00 20,992 -c--a-w c:\windows\system32\dllcache\msg.exe
+ 2001-08-24 03:00:00 126,976 -c--a-w c:\windows\system32\dllcache\mshearts.exe
+ 2008-04-14 17:42:28 29,184 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2008-04-14 17:42:30 78,848 -c--a-w c:\windows\system32\dllcache\msiexec.exe
+ 2001-08-24 03:00:00 39,936 -c--a-w c:\windows\system32\dllcache\msinfo32.exe
+ 2001-08-24 03:00:00 6,656 -c--a-w c:\windows\system32\dllcache\msswchx.exe
+ 2001-08-24 03:00:00 20,480 -c--a-w c:\windows\system32\dllcache\nbtstat.exe
+ 2001-08-24 03:00:00 7,052 -c--a-w c:\windows\system32\dllcache\nlsfunc.exe
+ 2001-08-24 03:00:00 35,328 -c--a-w c:\windows\system32\dllcache\notiflag.exe
+ 2008-04-14 17:42:32 1,200,640 -c--a-w c:\windows\system32\dllcache\ntbackup.exe
+ 2008-04-14 17:51:44 2,065,792 -c--a-w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-04-13 22:57:54 2,188,928 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2001-08-24 03:00:00 31,744 -c--a-w c:\windows\system32\dllcache\ntsd.exe
+ 2008-04-14 17:42:32 420,864 -c--a-w c:\windows\system32\dllcache\ntvdm.exe
+ 2001-08-24 03:00:00 3,252 -c--a-w c:\windows\system32\dllcache\nw16.exe
+ 2001-08-24 03:00:00 126,464 -c--a-w c:\windows\system32\dllcache\nwscript.exe
+ 2008-04-14 17:42:32 32,768 -c--a-w c:\windows\system32\dllcache\odbcad32.exe
+ 2008-04-14 17:42:32 69,632 -c--a-w c:\windows\system32\dllcache\odbcconf.exe
+ 2008-04-14 17:42:32 67,584 -c--a-w c:\windows\system32\dllcache\opnfiles.exe
+ 2008-04-14 17:42:32 215,552 -c--a-w c:\windows\system32\dllcache\osk.exe
+ 2001-08-24 03:00:00 40,448 -c--a-w c:\windows\system32\dllcache\osuninst.exe
+ 2008-04-14 17:42:32 58,368 -c--a-w c:\windows\system32\dllcache\packager.exe
+ 2001-08-24 03:00:00 21,504 -c--a-w c:\windows\system32\dllcache\pathping.exe
+ 2001-08-24 03:00:00 15,360 -c--a-w c:\windows\system32\dllcache\pentnt.exe
+ 2008-04-14 17:42:32 15,872 -c--a-w c:\windows\system32\dllcache\perfmon.exe
+ 2008-04-14 17:42:32 17,920 -c--a-w c:\windows\system32\dllcache\ping.exe
+ 2001-08-24 03:00:00 33,280 -c--a-w c:\windows\system32\dllcache\ping6.exe
+ 2008-04-14 17:42:32 49,152 -c--a-w c:\windows\system32\dllcache\powercfg.exe
+ 2001-08-24 03:00:00 9,216 -c--a-w c:\windows\system32\dllcache\print.exe
+ 2008-04-14 17:42:32 109,568 -c--a-w c:\windows\system32\dllcache\progman.exe
+ 2008-04-14 17:42:34 50,176 -c--a-w c:\windows\system32\dllcache\proquota.exe
+ 2008-04-14 17:42:34 9,216 -c--a-w c:\windows\system32\dllcache\proxycfg.exe
+ 2001-08-24 03:00:00 16,896 -c--a-w c:\windows\system32\dllcache\qappsrv.exe
+ 2008-04-14 17:42:34 19,968 -c--a-w c:\windows\system32\dllcache\qprocess.exe
+ 2001-08-24 03:00:00 22,016 -c--a-w c:\windows\system32\dllcache\qwinsta.exe
+ 2001-08-24 03:00:00 11,776 -c--a-w c:\windows\system32\dllcache\rasautou.exe
+ 2001-08-24 03:00:00 11,264 -c--a-w c:\windows\system32\dllcache\rasdial.exe
+ 2008-04-14 17:42:34 56,832 -c--a-w c:\windows\system32\dllcache\rasphone.exe
+ 2008-04-14 17:42:34 35,840 -c--a-w c:\windows\system32\dllcache\rcimlby.exe
+ 2008-04-14 17:42:34 21,504 -c--a-w c:\windows\system32\dllcache\rcp.exe
+ 2008-04-14 17:42:34 62,976 -c--a-w c:\windows\system32\dllcache\rdpclip.exe
+ 2008-04-14 17:42:34 13,824 -c--a-w c:\windows\system32\dllcache\rdsaddin.exe
+ 2008-04-14 17:42:34 67,072 -c--a-w c:\windows\system32\dllcache\rdshost.exe
+ 2001-08-24 03:00:00 7,168 -c--a-w c:\windows\system32\dllcache\recover.exe
+ 2008-04-14 10:22:30 3,338 -c--a-w c:\windows\system32\dllcache\redir.exe
+ 2008-04-14 17:42:34 50,176 -c--a-w c:\windows\system32\dllcache\reg.exe
+ 2001-08-24 03:00:00 3,584 -c--a-w c:\windows\system32\dllcache\regedt32.exe
+ 2001-08-24 03:00:00 33,792 -c--a-w c:\windows\system32\dllcache\regini.exe
+ 2008-04-14 17:42:34 11,776 -c--a-w c:\windows\system32\dllcache\regsvr32.exe
+ 2001-08-24 03:00:00 4,608 -c--a-w c:\windows\system32\dllcache\regwiz.exe
+ 2001-08-24 03:00:00 32,768 -c--a-w c:\windows\system32\dllcache\relog.exe
+ 2001-08-24 03:00:00 12,800 -c--a-w c:\windows\system32\dllcache\replace.exe
+ 2001-08-24 03:00:00 9,728 -c--a-w c:\windows\system32\dllcache\reset.exe
+ 2008-04-14 17:42:34 13,824 -c--a-w c:\windows\system32\dllcache\rexec.exe
+ 2001-08-24 03:00:00 19,968 -c--a-w c:\windows\system32\dllcache\route.exe
+ 2001-08-24 03:00:00 25,600 -c--a-w c:\windows\system32\dllcache\routemon.exe
+ 2008-04-14 17:42:34 14,848 -c--a-w c:\windows\system32\dllcache\rsh.exe
+ 2001-08-24 03:00:00 49,152 -c--a-w c:\windows\system32\dllcache\rsm.exe
+ 2001-08-24 03:00:00 24,576 -c--a-w c:\windows\system32\dllcache\rsmsink.exe
+ 2001-08-24 03:00:00 49,152 -c--a-w c:\windows\system32\dllcache\rsmui.exe
+ 2008-04-14 17:42:34 107,520 -c--a-w c:\windows\system32\dllcache\rsnotify.exe
+ 2001-08-24 03:00:00 62,976 -c--a-w c:\windows\system32\dllcache\rsopprov.exe
+ 2001-08-24 03:00:00 132,608 -c--a-w c:\windows\system32\dllcache\rsvp.exe
+ 2008-04-14 17:42:34 77,312 -c--a-w c:\windows\system32\dllcache\rtcshare.exe
+ 2001-08-24 03:00:00 16,384 -c--a-w c:\windows\system32\dllcache\runas.exe
+ 2008-04-14 17:42:34 14,336 -c--a-w c:\windows\system32\dllcache\runonce.exe
+ 2001-08-24 03:00:00 42,574 -c--a-w c:\windows\system32\dllcache\rvsezm.exe
+ 2001-08-24 03:00:00 15,872 -c--a-w c:\windows\system32\dllcache\rwinsta.exe
+ 2001-08-24 03:00:00 36,864 -c--a-w c:\windows\system32\dllcache\sapisvr.exe
+ 2008-04-14 17:42:34 13,312 -c--a-w c:\windows\system32\dllcache\savedump.exe
+ 2001-08-24 03:00:00 31,232 -c--a-w c:\windows\system32\dllcache\sc.exe
+ 2008-04-14 17:42:34 95,744 -c--a-w c:\windows\system32\dllcache\scardsvr.exe
+ 2008-04-14 17:42:36 121,856 -c--a-w c:\windows\system32\dllcache\sctasks.exe
+ 2008-04-14 17:42:36 77,312 -c--a-w c:\windows\system32\dllcache\sdbinst.exe
+ 2008-04-14 17:42:36 18,944 -c--a-w c:\windows\system32\dllcache\secedit.exe
+ 2008-04-14 17:42:36 141,312 -c--a-w c:\windows\system32\dllcache\sessmgr.exe
+ 2008-04-14 17:42:36 31,232 -c--a-w c:\windows\system32\dllcache\sethc.exe
+ 2008-04-14 17:42:36 23,040 -c--a-w c:\windows\system32\dllcache\setup.exe
+ 2008-04-14 17:42:36 32,768 -c--a-w c:\windows\system32\dllcache\setupn.exe
+ 2001-08-24 03:00:00 9,728 -c--a-w c:\windows\system32\dllcache\sfc.exe
+ 2001-08-24 03:00:00 14,848 -c--a-w c:\windows\system32\dllcache\shadow.exe
+ 2001-08-24 03:00:00 42,573 -c--a-w c:\windows\system32\dllcache\shvlzm.exe
+ 2001-08-24 00:00:00 138,752 -c--a-w c:\windows\system32\dllcache\sndvol32.exe
+ 2001-08-24 03:00:00 56,832 -c--a-w c:\windows\system32\dllcache\sol.exe
+ 2001-08-24 03:00:00 9,728 -c--a-w c:\windows\system32\dllcache\sprestrt.exe
+ 2001-08-24 03:00:00 47,104 -c--a-w c:\windows\system32\dllcache\srdiag.exe
+ 2001-08-24 03:00:00 9,216 -c--a-w c:\windows\system32\dllcache\subst.exe
+ 2001-08-24 03:00:00 51,200 -c--a-w c:\windows\system32\dllcache\syncapp.exe
+ 2001-08-24 03:00:00 18,896 -c--a-w c:\windows\system32\dllcache\sysedit.exe
+ 2001-08-24 03:00:00 36,864 -c--a-w c:\windows\system32\dllcache\syskey.exe
+ 2001-08-24 03:00:00 3,072 -c--a-w c:\windows\system32\dllcache\systray.exe
+ 2001-08-24 03:00:00 15,360 -c--a-w c:\windows\system32\dllcache\taskman.exe
+ 2001-08-24 03:00:00 12,288 -c--a-w c:\windows\system32\dllcache\tcmsetup.exe
+ 2001-08-24 03:00:00 19,456 -c--a-w c:\windows\system32\dllcache\tcpsvcs.exe
+ 2001-08-24 03:00:00 16,896 -c--a-w c:\windows\system32\dllcache\tftp.exe
+ 2001-08-24 03:00:00 31,744 -c--a-w c:\windows\system32\dllcache\tracert6.exe
+ 2001-08-24 03:00:00 14,848 -c--a-w c:\windows\system32\dllcache\tscon.exe
+ 2001-08-24 03:00:00 14,848 -c--a-w c:\windows\system32\dllcache\tsdiscon.exe
+ 2001-08-24 03:00:00 16,384 -c--a-w c:\windows\system32\dllcache\tskill.exe
+ 2001-08-24 03:00:00 16,896 -c--a-w c:\windows\system32\dllcache\tsshutdn.exe
+ 2001-08-24 03:00:00 49,680 -c--a-w c:\windows\system32\dllcache\twunk_16.exe
+ 2001-08-24 03:00:00 25,600 -c--a-w c:\windows\system32\dllcache\twunk_32.exe
+ 2001-08-24 03:00:00 36,352 -c--a-w c:\windows\system32\dllcache\typeperf.exe
+ 2001-08-24 03:00:00 4,096 -c--a-w c:\windows\system32\dllcache\unlodctr.exe
+ 2001-08-24 03:00:00 16,896 -c--a-w c:\windows\system32\dllcache\unsecapp.exe
+ 2001-08-24 03:00:00 47,872 -c--a-w c:\windows\system32\dllcache\user.exe
+ 2001-08-17 20:37:00 77,891 -c--a-w c:\windows\system32\dllcache\usrmlnka.exe
+ 2001-08-17 20:37:00 61,508 -c--a-w c:\windows\system32\dllcache\usrprbda.exe
+ 2001-08-17 20:37:00 69,700 -c--a-w c:\windows\system32\dllcache\usrshuta.exe
+ 2001-08-24 03:00:00 98,304 -c--a-w c:\windows\system32\dllcache\verifier.exe
+ 2001-08-24 03:00:00 33,792 -c--a-w c:\windows\system32\dllcache\vssadmin.exe
+ 2001-08-24 03:00:00 49,664 -c--a-w c:\windows\system32\dllcache\w32tm.exe
+ 2001-08-24 03:00:00 12,288 -c--a-w c:\windows\system32\dllcache\wb32.exe
+ 2001-08-24 03:00:00 35,328 -c--a-w c:\windows\system32\dllcache\winchat.exe
+ 2001-08-24 03:00:00 256,192 -c--a-w c:\windows\system32\dllcache\winhelp.exe
+ 2001-08-24 03:00:00 8,192 -c--a-w c:\windows\system32\dllcache\winhstb.exe
+ 2001-08-24 03:00:00 13,312 -c--a-w c:\windows\system32\dllcache\winmgmt.exe
+ 2001-08-24 03:00:00 119,808 -c--a-w c:\windows\system32\dllcache\winmine.exe
+ 2001-08-24 03:00:00 11,776 -c--a-w c:\windows\system32\dllcache\winmsd.exe
+ 2001-08-24 03:00:00 2,112 -c--a-w c:\windows\system32\dllcache\winspool.exe
+ 2001-08-24 03:00:00 2,736 -c--a-w c:\windows\system32\dllcache\wowdeb.exe
+ 2001-08-24 03:00:00 10,368 -c--a-w c:\windows\system32\dllcache\wowexec.exe
+ 2001-08-24 03:00:00 5,632 -c--a-w c:\windows\system32\dllcache\write.exe
+ 2001-08-24 03:00:00 32,256 -c--a-w c:\windows\system32\dllcache\wupdmgr.exe
+ 2001-08-24 03:00:00 36,937 -c--a-w c:\windows\system32\dllcache\zclientm.exe
- 2001-08-24 03:00:00 232,920 ----a-w c:\windows\system32\dvdplay.exe
+ 2001-08-17 20:36:42 55,296 ----a-w c:\windows\system32\dvdplay.exe
- 2008-04-14 17:42:22 370,656 ----a-w c:\windows\system32\fsquirt.exe
+ 2008-04-14 03:42:22 193,024 ----a-w c:\windows\system32\fsquirt.exe
- 2001-08-24 03:00:00 187,354 ----a-w c:\windows\system32\label.exe
+ 2001-08-24 03:00:00 9,728 ----a-w c:\windows\system32\label.exe
- 2001-08-24 03:00:00 207,324 ----a-w c:\windows\system32\lights.exe
+ 2001-08-24 03:00:00 29,696 ----a-w c:\windows\system32\lights.exe
- 2008-04-14 17:42:26 252,892 ----a-w c:\windows\system32\locator.exe
+ 2008-04-14 17:42:26 75,264 ----a-w c:\windows\system32\locator.exe
- 2001-08-24 03:00:00 182,748 ----a-w c:\windows\system32\lodctr.exe
+ 2001-08-24 03:00:00 5,120 ----a-w c:\windows\system32\lodctr.exe
- 2006-10-18 18:03:58 278,488 ----a-w c:\windows\system32\logagent.exe
+ 2008-04-14 17:42:26 103,936 ----a-w c:\windows\system32\logagent.exe
- 2008-04-14 17:42:26 237,018 ----a-w c:\windows\system32\logman.exe
+ 2008-04-14 17:42:26 59,392 ----a-w c:\windows\system32\logman.exe
- 2001-08-24 03:00:00 192,994 ----a-w c:\windows\system32\logoff.exe
+ 2001-08-24 03:00:00 15,360 ----a-w c:\windows\system32\logoff.exe
- 2001-08-24 03:00:00 183,772 ----a-w c:\windows\system32\lpq.exe
+ 2001-08-24 03:00:00 6,144 ----a-w c:\windows\system32\lpq.exe
- 2001-08-24 03:00:00 185,814 ----a-w c:\windows\system32\lpr.exe
+ 2001-08-24 03:00:00 8,192 ----a-w c:\windows\system32\lpr.exe
- 2008-04-14 17:42:26 250,324 ----a-w c:\windows\system32\magnify.exe
+ 2008-04-14 17:42:26 72,704 ----a-w c:\windows\system32\magnify.exe
- 2008-04-14 17:42:26 234,970 ----a-w c:\windows\system32\makecab.exe
+ 2008-04-14 17:42:26 57,344 ----a-w c:\windows\system32\makecab.exe
- 2008-04-14 17:42:26 1,592,280 ----a-w c:\windows\system32\mmc.exe
+ 2008-04-14 17:42:26 1,414,656 ----a-w c:\windows\system32\mmc.exe
- 2008-04-14 17:42:26 211,418 ----a-w c:\windows\system32\mmcperf.exe
+ 2008-04-14 17:42:26 33,792 ----a-w c:\windows\system32\mmcperf.exe
- 2008-04-14 17:42:26 210,396 ----a-w c:\windows\system32\mnmsrvc.exe
+ 2008-04-14 17:42:26 32,768 ----a-w c:\windows\system32\mnmsrvc.exe
- 2008-04-14 17:42:28 320,984 ----a-w c:\windows\system32\mobsync.exe
+ 2008-04-14 17:42:28 143,360 ----a-w c:\windows\system32\mobsync.exe
- 2001-08-24 03:00:00 185,820 ----a-w c:\windows\system32\mountvol.exe
+ 2001-08-24 03:00:00 8,192 ----a-w c:\windows\system32\mountvol.exe
- 2008-04-14 17:42:28 301,012 ----a-w c:\windows\system32\mplay32.exe
+ 2008-04-14 17:42:28 123,392 ----a-w c:\windows\system32\mplay32.exe
- 2001-08-24 03:00:00 199,646 ----a-w c:\windows\system32\mpnotify.exe
+ 2001-08-24 03:00:00 22,016 ----a-w c:\windows\system32\mpnotify.exe
- 2008-04-14 17:42:28 197,596 ----a-w c:\windows\system32\mqbkup.exe
+ 2008-04-14 17:42:28 19,968 ----a-w c:\windows\system32\mqbkup.exe
- 2008-04-14 17:42:28 294,878 ----a-w c:\windows\system32\mqtgsvc.exe
+ 2008-04-14 17:42:28 117,248 ----a-w c:\windows\system32\mqtgsvc.exe
- 2001-08-24 03:00:00 190,428 ----a-w c:\windows\system32\mrinfo.exe
+ 2001-08-24 03:00:00 12,800 ----a-w c:\windows\system32\mrinfo.exe
- 2008-04-14 17:42:28 183,766 ----a-w c:\windows\system32\msdtc.exe
+ 2008-04-14 17:42:28 6,144 ----a-w c:\windows\system32\msdtc.exe
- 2001-08-24 03:00:00 198,618 ----a-w c:\windows\system32\msg.exe
+ 2001-08-24 03:00:00 20,992 ----a-w c:\windows\system32\msg.exe
- 2001-08-24 03:00:00 304,600 ----a-w c:\windows\system32\mshearts.exe
+ 2001-08-24 03:00:00 126,976 ----a-w c:\windows\system32\mshearts.exe
- 2008-04-14 17:42:28 206,810 ----a-w c:\windows\system32\mshta.exe
+ 2008-04-14 17:42:28 29,184 ----a-w c:\windows\system32\mshta.exe
- 2008-04-14 17:42:30 256,474 ----a-w c:\windows\system32\msiexec.exe
+ 2008-04-14 17:42:30 78,848 ----a-w c:\windows\system32\msiexec.exe
- 2001-08-24 03:00:00 184,278 ----a-w c:\windows\system32\msswchx.exe
+ 2001-08-24 03:00:00 6,656 ----a-w c:\windows\system32\msswchx.exe
- 2001-08-24 03:00:00 198,108 ----a-w c:\windows\system32\nbtstat.exe
+ 2001-08-24 03:00:00 20,480 ----a-w c:\windows\system32\nbtstat.exe
- 2008-04-14 17:42:32 1,378,264 ----a-w c:\windows\system32\ntbackup.exe
+ 2008-04-14 17:42:32 1,200,640 ----a-w c:\windows\system32\ntbackup.exe
- 2008-05-30 07:56:51 2,343,424 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-04-13 22:57:54 2,188,928 ----a-w c:\windows\system32\ntoskrnl.exe
- 2001-08-24 03:00:00 209,362 ----a-w c:\windows\system32\ntsd.exe
+ 2001-08-24 03:00:00 31,744 ----a-w c:\windows\system32\ntsd.exe
- 2008-04-14 17:42:32 598,492 ----a-w c:\windows\system32\ntvdm.exe
+ 2008-04-14 17:42:32 420,864 ----a-w c:\windows\system32\ntvdm.exe
- 2001-08-24 03:00:00 304,084 ----a-w c:\windows\system32\nwscript.exe
+ 2001-08-24 03:00:00 126,464 ----a-w c:\windows\system32\nwscript.exe
- 2008-04-14 17:42:32 210,392 ----a-w c:\windows\system32\odbcad32.exe
+ 2008-04-14 17:42:32 32,768 ----a-w c:\windows\system32\odbcad32.exe
- 2008-04-14 17:42:32 247,256 ----a-w c:\windows\system32\odbcconf.exe
+ 2008-04-14 17:42:32 69,632 ----a-w c:\windows\system32\odbcconf.exe
- 2008-04-14 17:42:32 245,212 ----a-w c:\windows\system32\openfiles.exe
+ 2008-04-14 17:42:32 67,584 ----a-w c:\windows\system32\openfiles.exe
- 2008-04-14 17:42:32 393,182 ----a-w c:\windows\system32\osk.exe
+ 2008-04-14 17:42:32 215,552 ----a-w c:\windows\system32\osk.exe
- 2001-08-24 03:00:00 218,076 ----a-w c:\windows\system32\osuninst.exe
+ 2001-08-24 03:00:00 40,448 ----a-w c:\windows\system32\osuninst.exe
- 2008-04-14 17:42:32 235,992 ----a-w c:\windows\system32\packager.exe
+ 2008-04-14 17:42:32 58,368 ----a-w c:\windows\system32\packager.exe
- 2001-08-24 03:00:00 199,132 ----a-w c:\windows\system32\pathping.exe
+ 2001-08-24 03:00:00 21,504 ----a-w c:\windows\system32\pathping.exe
- 2001-08-24 03:00:00 192,992 ----a-w c:\windows\system32\pentnt.exe
+ 2001-08-24 03:00:00 15,360 ----a-w c:\windows\system32\pentnt.exe
- 2008-11-27 16:01:35 59,050 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-28 14:43:40 59,050 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-27 16:01:35 392,750 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-28 14:43:40 392,750 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-14 17:42:32 193,496 ----a-w c:\windows\system32\perfmon.exe
+ 2008-04-14 17:42:32 15,872 ----a-w c:\windows\system32\perfmon.exe
- 2008-04-14 17:42:32 195,542 ----a-w c:\windows\system32\ping.exe
+ 2008-04-14 17:42:32 17,920 ----a-w c:\windows\system32\ping.exe
- 2001-08-24 03:00:00 210,904 ----a-w c:\windows\system32\ping6.exe
+ 2001-08-24 03:00:00 33,280 ----a-w c:\windows\system32\ping6.exe
- 2008-04-14 17:42:32 226,772 ----a-w c:\windows\system32\powercfg.exe
+ 2008-04-14 17:42:32 49,152 ----a-w c:\windows\system32\powercfg.exe
- 2001-08-24 03:00:00 186,844 ----a-w c:\windows\system32\print.exe
+ 2001-08-24 03:00:00 9,216 ----a-w c:\windows\system32\print.exe
- 2008-04-14 17:42:34 227,806 ----a-w c:\windows\system32\proquota.exe
+ 2008-04-14 17:42:34 50,176 ----a-w c:\windows\system32\proquota.exe
- 2008-04-14 17:42:34 186,844 ----a-w c:\windows\system32\proxycfg.exe
+ 2008-04-14 17:42:34 9,216 ----a-w c:\windows\system32\proxycfg.exe
- 2001-08-24 03:00:00 194,518 ----a-w c:\windows\system32\qappsrv.exe
+ 2001-08-24 03:00:00 16,896 ----a-w c:\windows\system32\qappsrv.exe
- 2008-04-14 17:42:34 197,598 ----a-w c:\windows\system32\qprocess.exe
+ 2008-04-14 17:42:34 19,968 ----a-w c:\windows\system32\qprocess.exe
- 2001-08-24 03:00:00 199,644 ----a-w c:\windows\system32\qwinsta.exe
+ 2001-08-24 03:00:00 22,016 ----a-w c:\windows\system32\qwinsta.exe
- 2001-08-24 03:00:00 189,400 ----a-w c:\windows\system32\rasautou.exe
+ 2001-08-24 03:00:00 11,776 ----a-w c:\windows\system32\rasautou.exe
- 2001-08-24 03:00:00 188,890 ----a-w c:\windows\system32\rasdial.exe
+ 2001-08-24 03:00:00 11,264 ----a-w c:\windows\system32\rasdial.exe
- 2008-04-14 17:42:34 234,456 ----a-w c:\windows\system32\rasphone.exe
+ 2008-04-14 17:42:34 56,832 ----a-w c:\windows\system32\rasphone.exe
- 2008-04-14 17:42:34 213,458 ----a-w c:\windows\system32\rcimlby.exe
+ 2008-04-14 17:42:34 35,840 ----a-w c:\windows\system32\rcimlby.exe
- 2008-04-14 17:42:34 199,126 ----a-w c:\windows\system32\rcp.exe
+ 2008-04-14 17:42:34 21,504 ----a-w c:\windows\system32\rcp.exe
- 2008-04-14 17:42:34 240,606 ----a-w c:\windows\system32\rdpclip.exe
+ 2008-04-14 17:42:34 62,976 ----a-w c:\windows\system32\rdpclip.exe
- 2008-04-14 17:42:34 191,454 ----a-w c:\windows\system32\rdsaddin.exe
+ 2008-04-14 17:42:34 13,824 ----a-w c:\windows\system32\rdsaddin.exe
- 2008-04-14 17:42:34 244,694 ----a-w c:\windows\system32\rdshost.exe
+ 2008-04-14 17:42:34 67,072 ----a-w c:\windows\system32\rdshost.exe
- 2008-04-14 17:42:34 227,804 ----a-w c:\windows\system32\reg.exe
+ 2008-04-14 17:42:34 50,176 ----a-w c:\windows\system32\reg.exe
- 2001-08-24 03:00:00 181,208 ----a-w c:\windows\system32\regedt32.exe
+ 2001-08-24 03:00:00 3,584 ----a-w c:\windows\system32\regedt32.exe
- 2001-08-24 03:00:00 211,414 ----a-w c:\windows\system32\regini.exe
+ 2001-08-24 03:00:00 33,792 ----a-w c:\windows\system32\regini.exe
- 2008-04-14 17:42:34 189,408 ----a-w c:\windows\system32\regsvr32.exe
+ 2008-04-14 17:42:34 11,776 ----a-w c:\windows\system32\regsvr32.exe
- 2001-08-24 03:00:00 182,234 ----a-w c:\windows\system32\regwiz.exe
+ 2001-08-24 03:00:00 4,608 ----a-w c:\windows\system32\regwiz.exe
- 2001-08-24 03:00:00 210,398 ----a-w c:\windows\system32\relog.exe
+ 2001-08-24 03:00:00 32,768 ----a-w c:\windows\system32\relog.exe
- 2001-08-24 03:00:00 190,428 ----a-w c:\windows\system32\replace.exe
+ 2001-08-24 03:00:00 12,800 ----a-w c:\windows\system32\replace.exe
- 2001-08-24 03:00:00 187,350 ----a-w c:\windows\system32\reset.exe
+ 2001-08-24 03:00:00 9,728 ----a-w c:\windows\system32\reset.exe
- 2008-04-14 17:42:34 191,448 ----a-w c:\windows\system32\rexec.exe
+ 2008-04-14 17:42:34 13,824 ----a-w c:\windows\system32\rexec.exe
- 2001-08-24 03:00:00 197,590 ----a-w c:\windows\system32\route.exe
+ 2001-08-24 03:00:00 19,968 ----a-w c:\windows\system32\route.exe
- 2001-08-24 03:00:00 203,224 ----a-w c:\windows\system32\routemon.exe
+ 2001-08-24 03:00:00 25,600 ----a-w c:\windows\system32\routemon.exe
- 2008-04-14 17:42:34 192,474 ----a-w c:\windows\system32\rsh.exe
+ 2008-04-14 17:42:34 14,848 ----a-w c:\windows\system32\rsh.exe
- 2001-08-24 03:00:00 226,780 ----a-w c:\windows\system32\rsm.exe
+ 2001-08-24 03:00:00 49,152 ----a-w c:\windows\system32\rsm.exe
- 2001-08-24 03:00:00 202,204 ----a-w c:\windows\system32\rsmsink.exe
+ 2001-08-24 03:00:00 24,576 ----a-w c:\windows\system32\rsmsink.exe
- 2001-08-24 03:00:00 226,776 ----a-w c:\windows\system32\rsmui.exe
+ 2001-08-24 03:00:00 49,152 ----a-w c:\windows\system32\rsmui.exe
- 2008-04-14 17:42:34 285,142 ----a-w c:\windows\system32\rsnotify.exe
+ 2008-04-14 17:42:34 107,520 ----a-w c:\windows\system32\rsnotify.exe
- 2001-08-24 03:00:00 240,600 ----a-w c:\windows\system32\rsopprov.exe
+ 2001-08-24 03:00:00 62,976 ----a-w c:\windows\system32\rsopprov.exe
- 2001-08-24 03:00:00 310,234 ----a-w c:\windows\system32\rsvp.exe
+ 2001-08-24 03:00:00 132,608 ----a-w c:\windows\system32\rsvp.exe
- 2008-04-14 17:42:34 254,944 ----a-w c:\windows\system32\rtcshare.exe
+ 2008-04-14 17:42:34 77,312 ----a-w c:\windows\system32\rtcshare.exe
- 2001-08-24 03:00:00 194,006 ----a-w c:\windows\system32\runas.exe
+ 2001-08-24 03:00:00 16,384 ----a-w c:\windows\system32\runas.exe
- 2008-04-14 17:42:34 191,956 ----a-w c:\windows\system32\runonce.exe
+ 2008-04-14 17:42:34 14,336 ----a-w c:\windows\system32\runonce.exe
- 2001-08-24 03:00:00 193,498 ----a-w c:\windows\system32\rwinsta.exe
+ 2001-08-24 03:00:00 15,872 ----a-w c:\windows\system32\rwinsta.exe
- 2008-04-14 17:42:34 190,934 ----a-w c:\windows\system32\savedump.exe
+ 2008-04-14 17:42:34 13,312 ----a-w c:\windows\system32\savedump.exe
- 2001-08-24 03:00:00 208,856 ----a-w c:\windows\system32\sc.exe
+ 2001-08-24 03:00:00 31,232 ----a-w c:\windows\system32\sc.exe
- 2008-04-14 17:42:34 273,364 ----a-w c:\windows\system32\scardsvr.exe
+ 2008-04-14 17:42:34 95,744 ----a-w c:\windows\system32\scardsvr.exe
- 2008-04-14 17:42:36 299,478 ----a-w c:\windows\system32\schtasks.exe
+ 2008-04-14 17:42:36 121,856 ----a-w c:\windows\system32\schtasks.exe
- 2008-04-14 17:42:36 254,944 ----a-w c:\windows\system32\sdbinst.exe
+ 2008-04-14 17:42:36 77,312 ----a-w c:\windows\system32\sdbinst.exe
- 2008-04-14 17:42:36 196,566 ----a-w c:\windows\system32\secedit.exe
+ 2008-04-14 17:42:36 18,944 ----a-w c:\windows\system32\secedit.exe
- 2008-04-14 17:42:36 318,944 ----a-w c:\windows\system32\sessmgr.exe
+ 2008-04-14 17:42:36 141,312 ----a-w c:\windows\system32\sessmgr.exe
- 2008-04-14 17:42:36 208,854 ----a-w c:\windows\system32\sethc.exe
+ 2008-04-14 17:42:36 31,232 ----a-w c:\windows\system32\sethc.exe
- 2008-04-14 17:42:36 200,672 ----a-w c:\windows\system32\setup.exe
+ 2008-04-14 17:42:36 23,040 ----a-w c:\windows\system32\setup.exe
- 2008-04-14 17:42:36 210,392 ----a-w c:\windows\system32\setupn.exe
+ 2008-04-14 17:42:36 32,768 ----a-w c:\windows\system32\setupn.exe
- 2001-08-24 03:00:00 259,546 ----a-w c:\windows\system32\usrmlnka.exe
+ 2001-08-17 20:37:00 77,891 ----a-w c:\windows\system32\usrmlnka.exe
- 2001-08-24 03:00:00 243,162 ----a-w c:\windows\system32\usrprbda.exe
+ 2001-08-17 20:37:00 61,508 ----a-w c:\windows\system32\usrprbda.exe
- 2001-08-24 03:00:00 251,354 ----a-w c:\windows\system32\usrshuta.exe
+ 2001-08-17 20:37:00 69,700 ----a-w c:\windows\system32\usrshuta.exe
- 2001-08-24 03:00:00 185,822 ----a-w c:\windows\system32\winhlp32.exe
+ 2001-08-24 03:00:00 8,192 ----a-w c:\windows\system32\winhlp32.exe
- 2001-08-24 03:00:00 192,984 ----a-w c:\windows\TASKMAN.EXE
+ 2001-08-24 03:00:00 15,360 ----a-w c:\windows\taskman.exe
- 2001-08-24 03:00:00 203,232 ----a-w c:\windows\twunk_32.exe
+ 2001-08-24 03:00:00 25,600 ----a-w c:\windows\twunk_32.exe
- 2000-08-31 06:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 06:00:00 226,778 ----a-w c:\windows\VFIND.exe
- 2000-08-31 06:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 06:00:00 245,726 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 07:42 PM 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [04/14/2008 05:42 AM 1872860]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [09/23/2008 05:21 PM 798720]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [04/14/2008 07:42 PM 347614]
"Barsaka"="explorer.exe" [01/27/2008 04:04 PM 1524224 c:\windows\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 07:42 PM 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
10/15/2004 11:27 AM 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iact]
c:\program files\Semtech\Semtech Pointing Device\\iact user [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 12/07/2004 09:10 PM 521694 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
--a------ 10/15/2004 11:31 AM 533984 c:\program files\Intel\Wireless\Bin\EOUWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 10/15/2004 11:27 AM 562654 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/14/2008 05:42 AM 1872860 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 11/09/2004 10:19 AM 267746 c:\windows\AGRSMMSG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\bndmss.exe"=
"c:\\Documents and Settings\\BVX-Messi\\skp66.exe"=skp66.exe
"skp66.exe"= skp66.exe:BNDMSS

R2 iact;iact;c:\program files\Semtech\Semtech Pointing Device\iact.exe [12/17/2004 6:50:42 AM 179712]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [11/16/2008 5:38:43 PM 1268800]
R3 vadd;Value-added filter;c:\windows\system32\DRIVERS\vadd.sys [12/17/2004 7:54:04 AM 43008]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45dfb7bd-b567-11dd-ae35-0012f0504e97}]
\Shell\AutoRun\command - E:\fooool.exe
\Shell\explore\Command - E:\fooool.exe
\Shell\open\Command - E:\fooool.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-XP-BFD659DD - c:\windows\system32\XP-BFD659DD.EXE

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\BVX-Messi\Application Data\Mozilla\Firefox\Profiles\wowesbdt.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-11-28 18:12:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 11/28/2008 18:13:15
ComboFix-quarantined-files.txt 2008-11-28 16:12:56
ComboFix2.txt 2008-11-27 16:04:50

Pre-Run: 35,830,185,984 bytes free
Post-Run: 35,832,860,672 bytes free

555

جنوبي الهوى · 28 نوفمبر 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:17:06 م, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Semtech\Semtech Pointing Device\iact.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: ،،،،،،.lnk = C:\WINDOWS\system32\XP-BFD659DD.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BE66BB1-4BCC-4D69-8672-52FD24121774}: NameServer = 172.10.0.1 91.142.48.48
O17 - HKLM\System\CCS\Services\Tcpip\..\{E422ED2B-D445-459F-98C6-C2310C2CAAD6}: NameServer = 192.168.70.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iact - Unknown owner - C:\Program Files\Semtech\Semtech Pointing Device\iact.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 3624 bytes

AbOdy · 28 نوفمبر 2008

طيب اخوي لاهنت بالنسبه للتقرير الثاني حدد القيم واحذفها

O4 - HKLM\..\Run: [Barsaka] explorer.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: ،،،،،،.lnk = C:\WINDOWS\system32\XP-BFD659DD.EXE

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

بعد عمل المطلوب عطني هايجاك جديد

جنوبي الهوى · 28 نوفمبر 2008

تفضل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:56:13 م, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Semtech\Semtech Pointing Device\iact.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\BVX-Messi\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\BVX-Messi\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BE66BB1-4BCC-4D69-8672-52FD24121774}: NameServer = 172.10.0.1 91.142.48.48
O17 - HKLM\System\CCS\Services\Tcpip\..\{E422ED2B-D445-459F-98C6-C2310C2CAAD6}: NameServer = 192.168.70.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iact - Unknown owner - C:\Program Files\Semtech\Semtech Pointing Device\iact.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 3456 bytes

AbOdy · 28 نوفمبر 2008

جهازك عسل ..

هل تواجه مشاكل ,,؟؟

جنوبي الهوى · 28 نوفمبر 2008

AbOdy قال:
جهازك عسل ..

هل تواجه مشاكل ,,؟؟

الحمدلله ما في مشاكل مب:hh:

AbOdy · 28 نوفمبر 2008

بالتوفيق لك يارب

تقرير الهايجاك

جنوبي الهوى

زيزوومى مميز

توقيع : جنوبي الهوى

AbOdy

عضو شرف

توقيع : AbOdy

جنوبي الهوى

زيزوومى مميز

توقيع : جنوبي الهوى

جنوبي الهوى

زيزوومى مميز

توقيع : جنوبي الهوى

AbOdy

عضو شرف

توقيع : AbOdy

جنوبي الهوى

زيزوومى مميز

توقيع : جنوبي الهوى

AbOdy

عضو شرف

توقيع : AbOdy

جنوبي الهوى

زيزوومى مميز

توقيع : جنوبي الهوى

AbOdy

عضو شرف

توقيع : AbOdy

NTLite Business 2025.8.10552 X64