satfast
زيزوومى مبدع
غير متصل
- بادئ الموضوع satfast
- تاريخ البدء
satfast
زيزوومى مبدع
غير متصل
وهذا تقرير الكمبوفكس
ComboFix 08-12-01.03 - anw 12/03/2008 1:21:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1561 [GMT 4.5:30]
Running from: c:\documents and settings\anw\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Storm3.exe
c:\windows\system32\MPG4c32.dll
c:\windows\system32\msssc.dll
c:\windows\system32\regedit.exe
c:\windows\system32\rnplf19.dll
c:\windows\system32\winio.vxd
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 20:49 --------- d-----w c:\documents and settings\anw\Application Data\DMCache
2008-12-02 20:48 --------- d-----w c:\documents and settings\anw\Application Data\IDM
2008-12-02 19:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 19:40 --------- d-----w c:\program files\Internet Download Manager
2008-12-02 19:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-02 18:14 --------- d-----w c:\documents and settings\anw\Application Data\U3
2008-12-02 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-02 16:18 --------- d-----w c:\documents and settings\anw\Application Data\EAST Technologies
2008-12-02 02:50 --------- d-----w c:\documents and settings\anw\Application Data\Thinstall
2008-12-02 02:12 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-12-01 20:32 --------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems
2008-12-01 12:55 --------- d-----w c:\program files\Dream Aquarium
2008-11-30 22:48 --------- d-----w c:\program files\قاموس صخر الجديد
2008-11-30 17:14 --------- d-----w c:\program files\PDF Suite
2008-11-30 17:03 --------- d-----w c:\documents and settings\anw\Application Data\Hide IP NG
2008-11-30 17:02 --------- d-----w c:\program files\XP Codec Pack
2008-11-30 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-30 17:01 --------- d-----w c:\documents and settings\anw\Application Data\Codemonster
2008-11-30 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\channels
2008-11-30 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\10015
2008-11-30 16:58 --------- d-----w c:\documents and settings\anw\Application Data\uTorrent
2008-11-30 16:57 --------- d-----w c:\program files\SWF-AVI-GIF Converter
2008-11-30 16:57 --------- d-----w c:\program files\Magic Image Resizer
2008-11-30 16:57 --------- d-----w c:\documents and settings\All Users\Application Data\Storm
2008-11-30 16:56 --------- d-----w c:\program files\Wondershare
2008-11-30 16:56 --------- d-----w c:\program files\VSO
2008-11-30 16:54 --------- d-----w c:\program files\Hospital Hustle
2008-11-30 16:54 --------- d-----w c:\program files\FinalUninstaller
2008-11-30 16:40 --------- d-----w c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility
2008-11-30 13:08 --------- d-----w c:\documents and settings\anw\Application Data\McAfee
2008-11-30 00:21 --------- d-----w c:\program files\SpiritPyre Extensions
2008-11-29 23:12 --------- d-----w c:\documents and settings\anw\Application Data\Skype
2008-11-29 14:27 --------- d-----w c:\documents and settings\anw\Application Data\GameInvest
2008-11-29 01:44 --------- d-----w c:\documents and settings\anw\Application Data\Camfrog
2008-11-29 00:17 --------- d-----w c:\documents and settings\anw\Application Data\VitySoft
2008-11-29 00:12 --------- d-----w c:\program files\Java
2008-11-28 20:01 --------- d-----w c:\documents and settings\All Users\Application Data\Vso
2008-11-28 19:57 --------- d-----w c:\documents and settings\anw\Application Data\Vso
2008-11-28 18:42 --------- d-----w c:\program files\Secure PC Solutions
2008-11-28 03:32 --------- d-----w c:\documents and settings\NetworkService\Application Data\Application Data
2008-11-28 02:10 --------- d-----w c:\documents and settings\anw\Application Data\URSoft
2008-11-27 23:52 --------- d-----w c:\program files\WallCal
2008-11-27 23:41 --------- d-----w c:\program files\Ringz Studio
2008-11-27 23:41 --------- d-----w c:\program files\Common Files\Real
2008-11-27 23:38 --------- d-----w c:\program files\Reference Assemblies
2008-11-27 16:58 --------- d-----w c:\program files\Video DVD Maker
2008-11-27 16:58 --------- d-----w c:\program files\Speed4WEB
2008-11-27 16:58 --------- d-----w c:\program files\Reshade
2008-11-27 16:58 --------- d-----w c:\program files\MultiTranse
2008-11-27 12:07 --------- d-----w c:\program files\Megaplex Madness - Now Playing
2008-11-27 05:03 --------- d-----w c:\program files\Windows Updates Downloader
2008-11-26 15:49 --------- d-----w c:\documents and settings\anw\Application Data\DepositFiles Uploader
2008-11-26 14:58 --------- d-----w c:\program files\BurstCopy
2008-11-26 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\BurstCopy Labs
2008-11-26 06:41 --------- d-----w c:\program files\FairStars Audio Converter
2008-11-26 06:41 --------- d-----w c:\documents and settings\anw\Application Data\FairStars Audio Converter
2008-11-25 17:27 --------- d-----w c:\documents and settings\anw\Application Data\Hyperz
2008-11-25 16:15 --------- d-----w c:\documents and settings\anw\Application Data\AntsSoft
2008-11-25 16:14 --------- d-----w c:\program files\SWFText
2008-11-25 00:20 --------- d-----w c:\program files\Software
2008-11-24 21:12 --------- d-----w c:\program files\Radar Screensaver
2008-11-24 11:48 --------- d-----w c:\program files\Apple Software Update
2008-11-24 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-24 00:48 --------- d-----w c:\program files\Spy Cleaner Platinum
2008-11-24 00:47 --------- d-----w c:\documents and settings\anw\Application Data\ThumbsPlus
2008-11-24 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\ThumbsPlus
2008-11-22 12:28 --------- d-----w c:\program files\Google
2008-11-21 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\ATI MMC
2008-11-21 11:40 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-21 11:40 47,360 ----a-w c:\documents and settings\anw\Application Data\pcouffin.sys
2008-11-21 05:19 --------- d-----w c:\program files\bfgclient
2008-11-21 01:30 --------- d-----w c:\program files\Ultra DVD Creator
2008-11-20 23:42 --------- d-----w c:\program files\Teorex
2008-11-20 18:58 --------- d-----w c:\program files\Common Files\xing shared
2008-11-20 18:57 --------- d-----w c:\program files\PhotoDreamr
2008-11-20 14:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-19 14:16 --------- d--h--w c:\documents and settings\anw\Application Data\IFBuilder
2008-11-19 14:16 --------- d-----w c:\program files\IncrediFace
2008-11-18 22:22 --------- d-----w c:\program files\IObit
2008-11-18 22:22 --------- d-----w c:\documents and settings\anw\Application Data\IObit
2008-11-17 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-17 20:50 --------- d-----w c:\program files\NCH Swift Sound
2008-11-17 19:49 --------- d-----w c:\program files\uTorrent Turbo Booster
2008-11-17 19:33 --------- d-----w c:\program files\ACW
2008-11-17 16:37 --------- d-----w c:\program files\RealDrawPRO4
2008-11-17 16:01 --------- d-----w c:\program files\Godlike Developers
2008-11-17 13:13 --------- d-----w c:\program files\uTorrent
2008-11-17 04:54 --------- d-----w c:\program files\Thumbs7
2008-11-17 04:44 --------- d-----w c:\documents and settings\anw\Application Data\Apple Computer
2008-11-17 04:40 --------- d-----w c:\program files\QuickTime
2008-11-17 04:39 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-17 03:27 --------- d-----w c:\documents and settings\anw\Application Data\Outerspace Software
2008-11-17 01:29 --------- d-----w c:\program files\SourceTec
2008-11-17 01:02 --------- d-----w c:\documents and settings\anw\Application Data\Eltima Software
2008-11-17 01:01 --------- d-----w c:\program files\FOX Video Converter
2008-11-16 23:48 --------- d-----w c:\program files\Luxand
2008-11-16 23:37 --------- d-----w c:\program files\My Video Converter
2008-11-16 23:08 --------- d-----w c:\program files\WinAVI MP4 Converter
2008-11-16 22:44 --------- d-----w c:\documents and settings\anw\Application Data\4Media Software Studio
2008-11-16 22:43 --------- d-----w c:\program files\4Media
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [11/27/2008 04:51 PM 184320]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [11/27/2008 04:36 PM 139264]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [11/27/2008 04:51 PM 278528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 12:30 PM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [11/27/2008 04:05 PM 5792768]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [12/02/2008 08:28 PM 4734976]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [11/25/2008 09:19 AM 1013680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/27/2008 04:50 PM 413696]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [11/27/2008 04:51 PM 217088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/30/2008 05:34 PM 259600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [12/02/2008 08:21 PM 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [11/29/2008 04:42 AM 210328]
"DrvIcon"="c:\windows\waleder\DrvIcon.exe" [07/04/2007 11:29 PM 122880]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [04/14/2008 12:30 PM 59392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"RunNarrator"="Narrator.exe" [04/14/2008 12:30 PM 53760 c:\windows\system32\narrator.exe]
c:\documents and settings\anw\Start Menu\Programs\Startup\
Vienna DrvIcon.lnk - c:\windows\waleder\DrvIcon.exe [2008-11-21 122880]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Priority.vbs [2006-12-26 476]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2008-10-29 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.YU12"= ATIYUV12.DLL
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^naviscope.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Priority.vbs]
backup=c:\windows\pss\Priority.vbsCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFServiceEngine]
--a------ 06/25/2008 08:39 PM 393216 c:\program files\PDF Suite\PDFServiceEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp]
--a------ 08/18/2008 10:59 PM 565760 c:\program files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweeper.exe]
--a------ 11/27/2008 04:36 PM 249856 c:\program files\History Sweeper\sweeper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 03/27/2008 09:01 PM 111928 c:\program files\SweetIM\Messenger\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 11/30/2008 05:34 PM 259600 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MagicWhiteboard\\MagicWhiteboard.exe"=
"c:\\Documents and Settings\\anw\\Desktop\\USDownloader uploaded by Shrief 2008\\USDownloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\PROGRA~1\\Ringz Studio\\Storm Codec\\Stormser.exe"=
"c:\\Program Files\\Ringz Studio\\Storm Codec\\Storm.exe"=
"c:\\Program Files\\Ringz Studio\\Storm Codec\\stormliv.exe"=
"c:\\Documents and Settings\\anw\\Desktop\\skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\RegCure\\RegCure.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\REALTEK RTL8187 Wireless LAN Driver and Utility\\RtWLan.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"=
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\hpkmlg.sys []
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-10-29 73216]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-09-26 21920]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2008-10-29 349184]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-11-28 16896]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-10-29 194304]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys [2008-10-29 13532]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" []
S4 Stormser;Stormser;c:\progra~1\Ringz Studio\Storm Codec\Stormser.exe [2008-11-28 991232]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39034c97-a9c2-11dd-813a-001279632890}]
\SheLl\AutOPlaY\cOMmanD - H:\vxuc.pif
\SheLl\AutoRun\command - H:\vxuc.pif
\SheLl\explOrE\COmMAnd - H:\vxuc.pif
\SheLl\opeN\COMmANd - H:\vxuc.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3426dc8-a599-11dd-811d-00c0ca1baab5}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
s of the 'Scheduled Tasks' folder
2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [11/27/2008 04:39 PM]
2008-12-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [11/27/2008 04:39 PM]
2008-11-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [11/27/2008 04:39 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
MSConfigStartUp-SmartRAM - c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-12-03 01:24:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 12/03/2008 1:28:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-02 20:58:02
Pre-Run: 42,022,248,448 bytes free
Post-Run: 41,682,919,424 bytes free
297 --- E O F --- 2008-11-04 15:23:12
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1561 [GMT 4.5:30]
Running from: c:\documents and settings\anw\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Storm3.exe
c:\windows\system32\MPG4c32.dll
c:\windows\system32\msssc.dll
c:\windows\system32\regedit.exe
c:\windows\system32\rnplf19.dll
c:\windows\system32\winio.vxd
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 20:49 --------- d-----w c:\documents and settings\anw\Application Data\DMCache
2008-12-02 20:48 --------- d-----w c:\documents and settings\anw\Application Data\IDM
2008-12-02 19:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 19:40 --------- d-----w c:\program files\Internet Download Manager
2008-12-02 19:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-02 18:14 --------- d-----w c:\documents and settings\anw\Application Data\U3
2008-12-02 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-02 16:18 --------- d-----w c:\documents and settings\anw\Application Data\EAST Technologies
2008-12-02 02:50 --------- d-----w c:\documents and settings\anw\Application Data\Thinstall
2008-12-02 02:12 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-12-01 20:32 --------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems
2008-12-01 12:55 --------- d-----w c:\program files\Dream Aquarium
2008-11-30 22:48 --------- d-----w c:\program files\قاموس صخر الجديد
2008-11-30 17:14 --------- d-----w c:\program files\PDF Suite
2008-11-30 17:03 --------- d-----w c:\documents and settings\anw\Application Data\Hide IP NG
2008-11-30 17:02 --------- d-----w c:\program files\XP Codec Pack
2008-11-30 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-30 17:01 --------- d-----w c:\documents and settings\anw\Application Data\Codemonster
2008-11-30 17:00 --------- d-----w c:\documents and settings\All Users\Application Data\channels
2008-11-30 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\10015
2008-11-30 16:58 --------- d-----w c:\documents and settings\anw\Application Data\uTorrent
2008-11-30 16:57 --------- d-----w c:\program files\SWF-AVI-GIF Converter
2008-11-30 16:57 --------- d-----w c:\program files\Magic Image Resizer
2008-11-30 16:57 --------- d-----w c:\documents and settings\All Users\Application Data\Storm
2008-11-30 16:56 --------- d-----w c:\program files\Wondershare
2008-11-30 16:56 --------- d-----w c:\program files\VSO
2008-11-30 16:54 --------- d-----w c:\program files\Hospital Hustle
2008-11-30 16:54 --------- d-----w c:\program files\FinalUninstaller
2008-11-30 16:40 --------- d-----w c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility
2008-11-30 13:08 --------- d-----w c:\documents and settings\anw\Application Data\McAfee
2008-11-30 00:21 --------- d-----w c:\program files\SpiritPyre Extensions
2008-11-29 23:12 --------- d-----w c:\documents and settings\anw\Application Data\Skype
2008-11-29 14:27 --------- d-----w c:\documents and settings\anw\Application Data\GameInvest
2008-11-29 01:44 --------- d-----w c:\documents and settings\anw\Application Data\Camfrog
2008-11-29 00:17 --------- d-----w c:\documents and settings\anw\Application Data\VitySoft
2008-11-29 00:12 --------- d-----w c:\program files\Java
2008-11-28 20:01 --------- d-----w c:\documents and settings\All Users\Application Data\Vso
2008-11-28 19:57 --------- d-----w c:\documents and settings\anw\Application Data\Vso
2008-11-28 18:42 --------- d-----w c:\program files\Secure PC Solutions
2008-11-28 03:32 --------- d-----w c:\documents and settings\NetworkService\Application Data\Application Data
2008-11-28 02:10 --------- d-----w c:\documents and settings\anw\Application Data\URSoft
2008-11-27 23:52 --------- d-----w c:\program files\WallCal
2008-11-27 23:41 --------- d-----w c:\program files\Ringz Studio
2008-11-27 23:41 --------- d-----w c:\program files\Common Files\Real
2008-11-27 23:38 --------- d-----w c:\program files\Reference Assemblies
2008-11-27 16:58 --------- d-----w c:\program files\Video DVD Maker
2008-11-27 16:58 --------- d-----w c:\program files\Speed4WEB
2008-11-27 16:58 --------- d-----w c:\program files\Reshade
2008-11-27 16:58 --------- d-----w c:\program files\MultiTranse
2008-11-27 12:07 --------- d-----w c:\program files\Megaplex Madness - Now Playing
2008-11-27 05:03 --------- d-----w c:\program files\Windows Updates Downloader
2008-11-26 15:49 --------- d-----w c:\documents and settings\anw\Application Data\DepositFiles Uploader
2008-11-26 14:58 --------- d-----w c:\program files\BurstCopy
2008-11-26 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\BurstCopy Labs
2008-11-26 06:41 --------- d-----w c:\program files\FairStars Audio Converter
2008-11-26 06:41 --------- d-----w c:\documents and settings\anw\Application Data\FairStars Audio Converter
2008-11-25 17:27 --------- d-----w c:\documents and settings\anw\Application Data\Hyperz
2008-11-25 16:15 --------- d-----w c:\documents and settings\anw\Application Data\AntsSoft
2008-11-25 16:14 --------- d-----w c:\program files\SWFText
2008-11-25 00:20 --------- d-----w c:\program files\Software
2008-11-24 21:12 --------- d-----w c:\program files\Radar Screensaver
2008-11-24 11:48 --------- d-----w c:\program files\Apple Software Update
2008-11-24 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-24 00:48 --------- d-----w c:\program files\Spy Cleaner Platinum
2008-11-24 00:47 --------- d-----w c:\documents and settings\anw\Application Data\ThumbsPlus
2008-11-24 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\ThumbsPlus
2008-11-22 12:28 --------- d-----w c:\program files\Google
2008-11-21 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\ATI MMC
2008-11-21 11:40 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-21 11:40 47,360 ----a-w c:\documents and settings\anw\Application Data\pcouffin.sys
2008-11-21 05:19 --------- d-----w c:\program files\bfgclient
2008-11-21 01:30 --------- d-----w c:\program files\Ultra DVD Creator
2008-11-20 23:42 --------- d-----w c:\program files\Teorex
2008-11-20 18:58 --------- d-----w c:\program files\Common Files\xing shared
2008-11-20 18:57 --------- d-----w c:\program files\PhotoDreamr
2008-11-20 14:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-19 14:16 --------- d--h--w c:\documents and settings\anw\Application Data\IFBuilder
2008-11-19 14:16 --------- d-----w c:\program files\IncrediFace
2008-11-18 22:22 --------- d-----w c:\program files\IObit
2008-11-18 22:22 --------- d-----w c:\documents and settings\anw\Application Data\IObit
2008-11-17 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-17 20:50 --------- d-----w c:\program files\NCH Swift Sound
2008-11-17 19:49 --------- d-----w c:\program files\uTorrent Turbo Booster
2008-11-17 19:33 --------- d-----w c:\program files\ACW
2008-11-17 16:37 --------- d-----w c:\program files\RealDrawPRO4
2008-11-17 16:01 --------- d-----w c:\program files\Godlike Developers
2008-11-17 13:13 --------- d-----w c:\program files\uTorrent
2008-11-17 04:54 --------- d-----w c:\program files\Thumbs7
2008-11-17 04:44 --------- d-----w c:\documents and settings\anw\Application Data\Apple Computer
2008-11-17 04:40 --------- d-----w c:\program files\QuickTime
2008-11-17 04:39 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-17 03:27 --------- d-----w c:\documents and settings\anw\Application Data\Outerspace Software
2008-11-17 01:29 --------- d-----w c:\program files\SourceTec
2008-11-17 01:02 --------- d-----w c:\documents and settings\anw\Application Data\Eltima Software
2008-11-17 01:01 --------- d-----w c:\program files\FOX Video Converter
2008-11-16 23:48 --------- d-----w c:\program files\Luxand
2008-11-16 23:37 --------- d-----w c:\program files\My Video Converter
2008-11-16 23:08 --------- d-----w c:\program files\WinAVI MP4 Converter
2008-11-16 22:44 --------- d-----w c:\documents and settings\anw\Application Data\4Media Software Studio
2008-11-16 22:43 --------- d-----w c:\program files\4Media
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [11/27/2008 04:51 PM 184320]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [11/27/2008 04:36 PM 139264]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [11/27/2008 04:51 PM 278528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 12:30 PM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [11/27/2008 04:05 PM 5792768]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [12/02/2008 08:28 PM 4734976]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [11/25/2008 09:19 AM 1013680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/27/2008 04:50 PM 413696]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [11/27/2008 04:51 PM 217088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [11/30/2008 05:34 PM 259600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [12/02/2008 08:21 PM 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [11/29/2008 04:42 AM 210328]
"DrvIcon"="c:\windows\waleder\DrvIcon.exe" [07/04/2007 11:29 PM 122880]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [04/14/2008 12:30 PM 59392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"RunNarrator"="Narrator.exe" [04/14/2008 12:30 PM 53760 c:\windows\system32\narrator.exe]
c:\documents and settings\anw\Start Menu\Programs\Startup\
Vienna DrvIcon.lnk - c:\windows\waleder\DrvIcon.exe [2008-11-21 122880]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Priority.vbs [2006-12-26 476]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2008-10-29 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.YU12"= ATIYUV12.DLL
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^naviscope.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Priority.vbs]
backup=c:\windows\pss\Priority.vbsCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFServiceEngine]
--a------ 06/25/2008 08:39 PM 393216 c:\program files\PDF Suite\PDFServiceEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp]
--a------ 08/18/2008 10:59 PM 565760 c:\program files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweeper.exe]
--a------ 11/27/2008 04:36 PM 249856 c:\program files\History Sweeper\sweeper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 03/27/2008 09:01 PM 111928 c:\program files\SweetIM\Messenger\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 11/30/2008 05:34 PM 259600 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MagicWhiteboard\\MagicWhiteboard.exe"=
"c:\\Documents and Settings\\anw\\Desktop\\USDownloader uploaded by Shrief 2008\\USDownloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\PROGRA~1\\Ringz Studio\\Storm Codec\\Stormser.exe"=
"c:\\Program Files\\Ringz Studio\\Storm Codec\\Storm.exe"=
"c:\\Program Files\\Ringz Studio\\Storm Codec\\stormliv.exe"=
"c:\\Documents and Settings\\anw\\Desktop\\skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\RegCure\\RegCure.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\REALTEK RTL8187 Wireless LAN Driver and Utility\\RtWLan.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"=
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\hpkmlg.sys []
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-10-29 73216]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-09-26 21920]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2008-10-29 349184]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-11-28 16896]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-10-29 194304]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys [2008-10-29 13532]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" []
S4 Stormser;Stormser;c:\progra~1\Ringz Studio\Storm Codec\Stormser.exe [2008-11-28 991232]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39034c97-a9c2-11dd-813a-001279632890}]
\SheLl\AutOPlaY\cOMmanD - H:\vxuc.pif
\SheLl\AutoRun\command - H:\vxuc.pif
\SheLl\explOrE\COmMAnd - H:\vxuc.pif
\SheLl\opeN\COMmANd - H:\vxuc.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3426dc8-a599-11dd-811d-00c0ca1baab5}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
s of the 'Scheduled Tasks' folder
2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [11/27/2008 04:39 PM]
2008-12-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [11/27/2008 04:39 PM]
2008-11-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [11/27/2008 04:39 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
MSConfigStartUp-SmartRAM - c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-12-03 01:24:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 12/03/2008 1:28:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-02 20:58:02
Pre-Run: 42,022,248,448 bytes free
Post-Run: 41,682,919,424 bytes free
297 --- E O F --- 2008-11-04 15:23:12
توقيع : satfast
تأييد
0