ComboFix 08-02.05.3 - Stars 02/10/2008 18:49:20.3 - NTFSx86
[center]Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.655 [GMT 3:00]
Running from: C:\Documents and Settings\Stars\سطح المكتب\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 15:50 5,488,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-10 15:50 434,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-10 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-10 15:39 78,284 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-10 15:39 43,676 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-10 15:04 --------- d-----w C:\Documents and Settings\Stars\Application Data\DMCache
2008-02-10 14:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-10 12:43 --------- d-----w C:\Program Files\Universal Share Downloader
2008-02-10 02:01 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-02-10 02:01 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-02-10 02:01 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-02-10 02:01 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-02-10 02:01 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-02-10 02:01 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-02-10 02:01 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-02-10 02:01 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-02-10 02:01 --------- d-----w C:\Program Files\Real_SC
2008-02-10 01:59 --------- d-----w C:\Program Files\FairStars Audio Converter
2008-02-10 01:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-09 22:41 --------- d-----w C:\Documents and Settings\Stars\Application Data\IDM
2008-02-09 21:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 21:36 --------- d-----w C:\Program Files\Nokia
2008-02-09 21:36 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-09 21:21 --------- d-----w C:\Program Files\Internet Download Manager
2008-02-09 19:34 6,106 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-09 19:34 53,167 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-09 19:19 --------- d-----w C:\Program Files\Popup Blocker
2008-02-09 18:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 16:50 --------- d-----w C:\Documents and Settings\Stars\Application Data\PC Suite
2008-02-09 16:36 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-02-09 16:36 1,949,184 ----a-w C:\WINDOWS\system32\logonui.exe
2008-02-09 16:31 91,648 ----a-w C:\WINDOWS\system32\cabview.dll
2008-02-09 16:31 841,216 ----a-w C:\WINDOWS\system32\rasdlg.dll
2008-02-09 16:31 83,968 ----a-w C:\WINDOWS\system32\charmap.exe
2008-02-09 16:31 81,408 ----a-w C:\WINDOWS\system32\icmui.dll
2008-02-09 16:31 80,384 ----a-w C:\WINDOWS\system32\mydocs.dll
2008-02-09 16:31 80,216 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-02-09 16:31 8,192 ----a-w C:\WINDOWS\system32\wpabaln.exe
2008-02-09 16:31 78,336 ----a-w C:\WINDOWS\system32\rtcshare.exe
2008-02-09 16:31 75,776 ----a-w C:\WINDOWS\system32\magnify.exe
2008-02-09 16:31 749,568 ----a-w C:\WINDOWS\system32\wiashext.dll
2008-02-09 16:31 732,160 ----a-w C:\WINDOWS\system32\mstsc.exe
2008-02-09 16:31 72,704 ----a-w C:\WINDOWS\system32\winchat.exe
2008-02-09 16:31 70,656 ----a-w C:\WINDOWS\notepad.exe
2008-02-09 16:31 67,584 ----a-w C:\WINDOWS\system32\batmeter.dll
2008-02-09 16:31 6,210,048 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-02-09 16:31 59,392 ----a-w C:\WINDOWS\system32\sendmail.dll
2008-02-09 16:31 587,776 ----a-w C:\WINDOWS\system32\shimgvw.dll
2008-02-09 16:31 57,344 ----a-w C:\WINDOWS\system32\narrator.exe
2008-02-09 16:31 55,296 ----a-w C:\WINDOWS\system32\migpwd.exe
2008-02-09 16:31 53,248 ----a-w C:\WINDOWS\system32\utilman.exe
2008-02-09 16:31 52,224 ----a-w C:\WINDOWS\system32\syncapp.exe
2008-02-09 16:31 501,760 ----a-w C:\WINDOWS\system32\cmdial32.dll
2008-02-09 16:31 489,472 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
2008-02-09 16:31 474,112 ----a-w C:\WINDOWS\system32\zipfldr.dll
2008-02-09 16:31 45,056 ----a-w C:\WINDOWS\system32\rcimlby.exe
2008-02-09 16:31 441,856 ----a-w C:\WINDOWS\system32\sol.exe
2008-02-09 16:31 440,320 ----a-w C:\WINDOWS\system32\freecell.exe
2008-02-09 16:31 401,920 ----a-w C:\WINDOWS\system32\fontext.dll
2008-02-09 16:31 391,680 ----a-w C:\WINDOWS\system32\cmd.exe
2008-02-09 16:31 391,680 ----a-w C:\kmd.exe
2008-02-09 16:31 388,096 ----a-w C:\WINDOWS\system32\themeui.dll
2008-02-09 16:31 359,936 ----a-w C:\WINDOWS\system32\mspaint.exe
2008-02-09 16:31 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe
2008-02-09 16:31 331,776 ----a-w C:\WINDOWS\system32\mstask.dll
2008-02-09 16:31 32,768 ----a-w C:\WINDOWS\hh.exe
2008-02-09 16:31 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
2008-02-09 16:31 31,744 ----a-w C:\WINDOWS\system32\stimon.exe
2008-02-09 16:31 293,376 ----a-w C:\WINDOWS\system32\osk.exe
2008-02-09 16:31 259,584 ----a-w C:\WINDOWS\system32\sndrec32.exe
2008-02-09 16:31 225,280 ----a-w C:\WINDOWS\regedit.exe
2008-02-09 16:31 222,208 ----a-w C:\WINDOWS\system32\taskmgr.exe
2008-02-09 16:31 218,624 ----a-w C:\WINDOWS\system32\syncui.dll
2008-02-09 16:31 200,192 ----a-w C:\WINDOWS\system32\moricons.dll
2008-02-09 16:31 200,192 ----a-w C:\WINDOWS\system32\credui.dll
2008-02-09 16:31 2,254,848 ----a-w C:\WINDOWS\system32\netl.dll
2008-02-09 16:31 189,440 ----a-w C:\WINDOWS\system32\photowiz.dll
2008-02-09 16:31 185,856 ----a-w C:\WINDOWS\system32\accwiz.exe
2008-02-09 16:31 168,448 ----a-w C:\WINDOWS\system32\mobsync.exe
2008-02-09 16:31 159,744 ----a-w C:\WINDOWS\system32\netid.dll
2008-02-09 16:31 159,232 ----a-w C:\WINDOWS\system32\sndvol32.exe
2008-02-09 16:31 151,552 ----a-w C:\WINDOWS\system32\wscript.exe
2008-02-09 16:31 139,264 ----a-w C:\WINDOWS\system32\stobject.dll
2008-02-09 16:31 131,072 ----a-w C:\WINDOWS\system32\mycomput.dll
2008-02-09 16:31 131,072 ----a-w C:\WINDOWS\system32\mshearts.exe
2008-02-09 16:31 130,048 ----a-w C:\WINDOWS\system32\hotplug.dll
2008-02-09 16:31 122,880 ----a-w C:\WINDOWS\system32\winmine.exe
2008-02-09 16:31 117,760 ----a-w C:\WINDOWS\system32\calc.exe
2008-02-09 16:31 116,224 ----a-w C:\WINDOWS\system32\cleanmgr.exe
2008-02-09 16:31 105,984 ----a-w C:\WINDOWS\system32\dfrgres.dll
2008-02-09 16:31 103,424 ----a-w C:\WINDOWS\system32\shrpubw.exe
2008-02-09 16:31 100,864 ----a-w C:\WINDOWS\system32\ahui.exe
2008-02-09 16:31 1,979,392 ----a-w C:\WINDOWS\system32\spider.exe
2008-02-09 16:31 1,655,296 ----a-w C:\WINDOWS\explorer.exe
2008-02-09 16:31 1,476,096 ----a-w C:\WINDOWS\system32\msgina.dll
2008-02-09 16:31 1,404,416 ----a-w C:\WINDOWS\system32\cards.dll
2008-02-09 16:31 1,107,456 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-02-09 15:21 --------- d-----w C:\Documents and Settings\Stars\Application Data\Nokia Multimedia Player
2008-02-09 14:33 --------- d-----w C:\Program Files\DIFX
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]
"Eggs comp"="C:\DOCUME~1\Stars\APPLIC~1\LIST4B~1\First anti one.exe" [02/08/2008 01:36 PM 447488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [07/06/2007 02:08 AM 16380416 C:\WINDOWS\RTHDCPL.EXE]
"TPSMain"="TPSMain.exe" [05/31/2005 09:00 PM 282624 C:\WINDOWS\system32\TPSMain.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 12:43 AM 227856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/08/2008 05:05 AM 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM 40048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/07/2007 11:05 PM 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/07/2007 11:04 PM 162584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/07/2007 05:35 PM 1294336]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [02/25/2007 09:55 PM]
R3 FwLnk;FwLnk Driver;C:\WINDOWS\system32\DRIVERS\FwLnk.sys [04/04/2007 03:56 AM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM]
.
s of the 'Scheduled Tasks' folder
"2008-02-10 15:00:00 C:\WINDOWS\Tasks\AFB1D67E918A46D2.job"
- c:\docume~1\stars\applic~1\list4b~1\Secondboobdale.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2008-02-10 18:50:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 02/10/2008 18:51:02
ComboFix-quarantined-files.txt 2008-02-10 15:50:59
ComboFix2.txt 2008-02-10 15:36:31
ComboFix3.txt 2008-02-10 15:16:22
.
2008-02-10 14:03:04 --- E O F --- [/center]
هي جتك الملعونه :blbyeh::blbyeh:
بالعادة تروح بعد اعادة تشغيل الجهاز اكثر من مرره[/center]
هلااا فيك اخوي عبدالله
التقرير مافيه شئ يبين سبب مشكلة الرسالة ذي
----------------------------------------
وبودي تفحص عن برامج التجسس والبرامج الدعائيه
على هذا الرابط وارفق التقرير بردك القادم
من بعد اذن الغالي زيزووم
جرب هذه الطريقة لإزالة الرسالة
