بنت ابوها

زيزوومي نشيط
إنضم
4 أبريل 2008
المشاركات
124
مستوى التفاعل
0
النقاط
170
الإقامة
س
غير متصل
أرجو افادتي ربي يحفظكم .. وماذا يجب علي فعله
حملت هذي الآداه
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
و هذا التقرير​

ComboFix 08-04-14.2 - DELL 04/17/2008 3:03:01.2 - NTFSx86
Running from: C:\??????????????????????????????????????????????? ?s and Settings\DELL\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-13 21:59 --------- d-----w C:\Program Files\Google
2008-04-13 21:18 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\CyberScrub
2008-04-13 21:14 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\cleaner
2008-04-04 02:23 --------- d-----w C:\Program Files\BitZipperSearch
2008-04-04 02:23 --------- d-----w C:\Program Files\BitZipper
2008-04-04 02:23 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\McAfee.com
2008-04-04 02:22 --------- d-----w C:\Program Files\McAfee.com
2008-04-04 02:10 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\Administrator\Application Data\MSN6
2008-04-04 02:02 616,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 02:02 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-04 02:02 3,284 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 02:02 1,388 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-04 02:01 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\Kaspersky Lab(2)
2008-04-03 23:30 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-03 23:30 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-03-27 11:28 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\BitZipper
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 18:32 --------- d-----w C:\Program Files\MSN Messenger
2008-03-16 15:00 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\Messenger Plus!
2008-02-24 16:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 16:28 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-24 12:12 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\AdobeUM
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 00:17 0 ----a-w C:\osy3.sys
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper ******s\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
01/17/2008 05:35 AM 1502232 --a------ C:\Program Files\BitZipperSearch\tbBit1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= "C:\Program Files\BitZipperSearch\tbBit1.dll" [01/17/2008 05:35 AM 1502232]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= C:\Program Files\BitZipperSearch\tbBit1.dll [01/17/2008 05:35 AM 1502232]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 11:56 AM 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [04/30/2004 01:15 AM 90169]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 PM 122880 C:\WINDOWS\BCMSMMSG.exe]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [05/29/2003 04:32 AM 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/27/2004 12:01 AM 4632576]
"nwiz"="nwiz.exe" [10/27/2004 12:01 AM 921600 C:\WINDOWS\system32\nwiz.exe]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [09/22/2005 06:29 PM 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [01/11/2006 12:05 PM 212992]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [09/18/2003 04:39 AM 212992]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [08/03/2005 12:47 PM 2966528]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/22/2007 04:58 AM 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [08/04/2004 11:56 AM 15360]

C:\??????????????????????????????????????????????? ?s and Settings\DELL\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Ela-Salaty.lnk - C:\??????????????????????????????????????????????? ?s and Settings\DELL\My ????????????????????????????????????????????????s\ Salaty.exe [2006-07-22 04:57:20 4739584]

C:\??????????????????????????????????????????????? ?s and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-27 04:13:54 561213]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 01/12/2004 05:55 PM 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [11/23/2002 07:01 AM]

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-04-17 03:05:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\m chInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc24.tmp"
.
Completion time: 04/17/2008 3:07:16
ComboFix-quarantined-files.txt 2008-04-16 23:07:06

Pre-Run: 10,968,412,160 bytes free
Post-Run: 10,958,860,288 bytes free
.
2008-04-10 20:14:49 --- E O F ---
progress.gif
 

التقرير سليم

بالتوفيق
 
الله يغفر لك .. ماقصرت
 
عودة
أعلى