بنت ابوها
زيزوومي نشيط
غير متصل
من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
أرجو افادتي ربي يحفظكم .. وماذا يجب علي فعله
حملت هذي الآداه
حملت هذي الآداه
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
و هذا التقريرComboFix 08-04-14.2 - DELL 04/17/2008 3:03:01.2 - NTFSx86
Running from: C:\??????????????????????????????????????????????? ?s and Settings\DELL\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-13 21:59 --------- d-----w C:\Program Files\Google
2008-04-13 21:18 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\CyberScrub
2008-04-13 21:14 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\cleaner
2008-04-04 02:23 --------- d-----w C:\Program Files\BitZipperSearch
2008-04-04 02:23 --------- d-----w C:\Program Files\BitZipper
2008-04-04 02:23 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\McAfee.com
2008-04-04 02:22 --------- d-----w C:\Program Files\McAfee.com
2008-04-04 02:10 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\Administrator\Application Data\MSN6
2008-04-04 02:02 616,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 02:02 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-04 02:02 3,284 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 02:02 1,388 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-04 02:01 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\Kaspersky Lab(2)
2008-04-03 23:30 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-03 23:30 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-03-27 11:28 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\BitZipper
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 18:32 --------- d-----w C:\Program Files\MSN Messenger
2008-03-16 15:00 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\Messenger Plus!
2008-02-24 16:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 16:28 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-24 12:12 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\AdobeUM
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 00:17 0 ----a-w C:\osy3.sys
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper ******s\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
01/17/2008 05:35 AM 1502232 --a------ C:\Program Files\BitZipperSearch\tbBit1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= "C:\Program Files\BitZipperSearch\tbBit1.dll" [01/17/2008 05:35 AM 1502232]
[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= C:\Program Files\BitZipperSearch\tbBit1.dll [01/17/2008 05:35 AM 1502232]
[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 11:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [04/30/2004 01:15 AM 90169]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 PM 122880 C:\WINDOWS\BCMSMMSG.exe]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [05/29/2003 04:32 AM 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/27/2004 12:01 AM 4632576]
"nwiz"="nwiz.exe" [10/27/2004 12:01 AM 921600 C:\WINDOWS\system32\nwiz.exe]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [09/22/2005 06:29 PM 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [01/11/2006 12:05 PM 212992]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [09/18/2003 04:39 AM 212992]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [08/03/2005 12:47 PM 2966528]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/22/2007 04:58 AM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [08/04/2004 11:56 AM 15360]
C:\??????????????????????????????????????????????? ?s and Settings\DELL\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Ela-Salaty.lnk - C:\??????????????????????????????????????????????? ?s and Settings\DELL\My ????????????????????????????????????????????????s\ Salaty.exe [2006-07-22 04:57:20 4739584]
C:\??????????????????????????????????????????????? ?s and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-27 04:13:54 561213]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 01/12/2004 05:55 PM 110592 C:\WINDOWS\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [11/23/2002 07:01 AM]
*Newly Created Service* - CATCHME
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-04-17 03:05:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\m chInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc24.tmp"
.
Completion time: 04/17/2008 3:07:16
ComboFix-quarantined-files.txt 2008-04-16 23:07:06
Pre-Run: 10,968,412,160 bytes free
Post-Run: 10,958,860,288 bytes free
.
2008-04-10 20:14:49 --- E O F ---
Running from: C:\??????????????????????????????????????????????? ?s and Settings\DELL\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-13 21:59 --------- d-----w C:\Program Files\Google
2008-04-13 21:18 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\CyberScrub
2008-04-13 21:14 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\cleaner
2008-04-04 02:23 --------- d-----w C:\Program Files\BitZipperSearch
2008-04-04 02:23 --------- d-----w C:\Program Files\BitZipper
2008-04-04 02:23 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\McAfee.com
2008-04-04 02:22 --------- d-----w C:\Program Files\McAfee.com
2008-04-04 02:10 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\Administrator\Application Data\MSN6
2008-04-04 02:02 616,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 02:02 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-04 02:02 3,284 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 02:02 1,388 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-04 02:01 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\Kaspersky Lab(2)
2008-04-03 23:30 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-03 23:30 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-03-27 11:28 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\BitZipper
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 18:32 --------- d-----w C:\Program Files\MSN Messenger
2008-03-16 15:00 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\Messenger Plus!
2008-02-24 16:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 16:28 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-24 12:12 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\AdobeUM
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 00:17 0 ----a-w C:\osy3.sys
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper ******s\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
01/17/2008 05:35 AM 1502232 --a------ C:\Program Files\BitZipperSearch\tbBit1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= "C:\Program Files\BitZipperSearch\tbBit1.dll" [01/17/2008 05:35 AM 1502232]
[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= C:\Program Files\BitZipperSearch\tbBit1.dll [01/17/2008 05:35 AM 1502232]
[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 11:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [04/30/2004 01:15 AM 90169]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 PM 122880 C:\WINDOWS\BCMSMMSG.exe]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [05/29/2003 04:32 AM 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/27/2004 12:01 AM 4632576]
"nwiz"="nwiz.exe" [10/27/2004 12:01 AM 921600 C:\WINDOWS\system32\nwiz.exe]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [09/22/2005 06:29 PM 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [01/11/2006 12:05 PM 212992]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [09/18/2003 04:39 AM 212992]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [08/03/2005 12:47 PM 2966528]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/22/2007 04:58 AM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [08/04/2004 11:56 AM 15360]
C:\??????????????????????????????????????????????? ?s and Settings\DELL\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Ela-Salaty.lnk - C:\??????????????????????????????????????????????? ?s and Settings\DELL\My ????????????????????????????????????????????????s\ Salaty.exe [2006-07-22 04:57:20 4739584]
C:\??????????????????????????????????????????????? ?s and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-27 04:13:54 561213]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 01/12/2004 05:55 PM 110592 C:\WINDOWS\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [11/23/2002 07:01 AM]
*Newly Created Service* - CATCHME
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-04-17 03:05:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\m chInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc24.tmp"
.
Completion time: 04/17/2008 3:07:16
ComboFix-quarantined-files.txt 2008-04-16 23:07:06
Pre-Run: 10,968,412,160 bytes free
Post-Run: 10,958,860,288 bytes free
.
2008-04-10 20:14:49 --- E O F ---

