- بادئ الموضوع Dr k5
- تاريخ البدء
- 987
وعليكم السلام ورحمة الله
حمل هذا البرنامج
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم[/B]
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم[/B]
التعديل الأخير بواسطة المشرف:
تأييد
0
Dr k5
زيزوومي نشيط
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:33:25 ص, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\docume~1\it\applic~1\32find\proxy loud film.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\برنامج زين لتزين المشاركات\KingoOo_Smile.exe
C:\DOCUME~1\it\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.11.191.11:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.254
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 5428 bytes
Scan saved at 04:33:25 ص, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\docume~1\it\applic~1\32find\proxy loud film.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\برنامج زين لتزين المشاركات\KingoOo_Smile.exe
C:\DOCUME~1\it\LOCALS~1\Temp\ir_ext_temp_0\autorun.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.11.191.11:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.254
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 5428 bytes
توقيع : Dr k5
تأييد
0
Dr k5
زيزوومي نشيط
غير متصل
ComboFix 08-06-30.2 - it 07/02/2008 9:57:23.1 - NTFSx86
Running from: C:\Documents and Settings\it\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\artools.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 06:56 --------- d-----w C:\Documents and Settings\it\Application Data\DMCache
2008-07-02 04:52 --------- d-----w C:\Program Files\MPlayer for Windows
2008-07-02 02:29 --------- d-----w C:\Program Files\TechSmith
2008-07-02 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-02 02:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 00:53 --------- d-----w C:\Program Files\Common Files\delet
2008-07-01 04:20 --------- d-----w C:\Program Files\Java
2008-06-29 15:43 --------- d-----w C:\Program Files\Real_SC
2008-06-29 15:23 --------- d-----w C:\Documents and Settings\it\Application Data\Ashampoo
2008-06-28 08:24 --------- d-----w C:\Program Files\Paltalk Messenger
2008-06-27 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-27 22:19 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-06-27 21:31 --------- d-----w C:\Program Files\Ela-Salaty
2008-06-27 05:34 --------- d-----w C:\Program Files\Microsoft Works
2008-06-27 04:42 --------- d-----w C:\Program Files\Project1
2008-06-27 04:35 --------- d-----w C:\Program Files\Hotspot_Shield
2008-06-27 04:35 --------- d-----w C:\Program Files\Google
2008-06-27 04:35 --------- d-----w C:\Program Files\Conduit
2008-06-25 06:11 --------- d-----w C:\Documents and Settings\it\Application Data\Pegtop
2008-06-25 05:59 --------- d-----w C:\Program Files\Hotspot Shield
2008-06-25 04:33 --------- d-----w C:\Program Files\Windows Updates Downloader
2008-06-24 22:05 286,720 ------w C:\WINDOWS\Setup1.exe
2008-06-24 22:04 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-23 17:30 --------- d-----w C:\Program Files\Easy GIF Animator
2008-06-23 03:19 153,600 ----a-w C:\WINDOWS\system32\TLBINF32.DLL
2008-06-21 22:20 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-21 22:20 --------- d-----w C:\Program Files\Common Files\Real
2008-06-21 22:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-21 21:14 --------- d-----w C:\Program Files\FTPRush
2008-06-21 19:11 --------- d-----w C:\Documents and Settings\it\Application Data\TuneUp Software
2008-06-21 17:58 --------- d-----w C:\Documents and Settings\it\Application Data\FTPRush
2008-06-21 11:58 69,632 ----a-w C:\WINDOWS\uinst001.exe
2008-06-21 10:44 --------- d-----w C:\Documents and Settings\it\Application Data\Creative
2008-06-21 10:35 --------- d-----w C:\Program Files\PROnetworks
2008-06-21 10:13 --------- d-----w C:\Program Files\MSN Messenger
2008-06-21 10:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-21 10:12 --------- d-----w C:\Program Files\Windows Live
2008-06-21 10:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-21 09:48 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-21 09:40 --------- d-----w C:\Program Files\MSBuild
2008-06-21 09:36 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-21 08:05 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-21 07:58 --------- d-----w C:\Program Files\SEO Studio
2008-06-21 07:57 --------- d-----w C:\Program Files\Real
2008-06-21 05:40 --------- d-----w C:\Documents and Settings\it\Application Data\Paltalk
2008-06-20 00:11 --------- d-----w C:\Documents and Settings\it\Application Data\32Find
2008-06-19 23:57 --------- d-----w C:\Program Files\Common Files\PCCamera
2008-06-19 23:57 --------- d-----w C:\Program Files\Circle Developement
2008-06-19 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Long slow road itch
2008-06-19 07:50 --------- d-----w C:\Documents and Settings\it\Application Data\IDM
2008-06-19 07:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-06-19 07:01 --------- d-----w C:\Documents and Settings\it\Application Data\Media Player Classic
2008-06-19 06:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-19 06:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-19 06:39 155,995 ----a-w C:\WINDOWS\java\Packages\FRLRVHN5.ZIP
2008-06-19 06:32 --------- d-----w C:\Program Files\VideoCAM GE111
2008-06-19 06:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-19 01:37 --------- d-----w C:\Program Files\Creative
2008-06-19 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-06-19 00:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-19 00:55 --------- d-----w C:\Program Files\Common Files\L&H
2008-06-19 00:50 --------- d-----w C:\Program Files\32Find
2008-06-19 00:49 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-19 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-18 23:29 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-18 23:24 4,096 --sh--r C:\WINDOWS\system32\runouce.exe
2008-06-18 23:23 --------- d-----w C:\Program Files\Common Files\Java
2008-06-18 23:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-14 17:59 271,616 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,285,632 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [06/19/2008 09:48 AM 939516]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Runonce"="C:\WINDOWS\system32\runouce.exe" [06/19/2008 02:24 AM 4096]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/22/2008 01:20 AM 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
08/12/2005 05:25 AM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^it^قائمة ابدأ^البرامج^بدء التشغيل^Ela-Salaty.lnk]
path=C:\Documents and Settings\it\قائمة ابدأ\البرامج\بدء التشغيل\Ela-Salaty.lnk
backup=C:\WINDOWS\pss\Ela-Salaty.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 06/19/2008 09:48 AM 939516 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Programs\\LeapFTP\\LeapFTP.exe"=
*Newly Created Service* - CATCHME
*Newly Created Service* - HTTPFILTER
.
s of the 'Scheduled Tasks' folder
"2008-07-02 01:00:00 C:\WINDOWS\Tasks\ACB850F391C7C287.job"
- c:\docume~1\it\applic~1\32find\proxy loud film.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-Super Screen Capture - C:\DOCUME~1\it\LOCALS~1\Temp\RarSFX0\Super Screen Capture\SSCapture.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-07-02 09:58:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Runonce = C:\WINDOWS\system32\runouce.exe?^??????????????q???????????????????q????????????<???]???'??|???w???w???w????0u?????????|???????????????????????????????|,??|!???x??????????|D???????????????????????????????????????????????????????????????????????????????Z?C
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 07/02/2008 9:59:32
ComboFix-quarantined-files.txt 2008-07-02 06:59:27
Pre-Run: 69,970,890,752 bytes free
Post-Run: 69,992,554,496 bytes free
160 --- E O F --- 2008-06-28 00:01:10
Running from: C:\Documents and Settings\it\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\artools.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 06:56 --------- d-----w C:\Documents and Settings\it\Application Data\DMCache
2008-07-02 04:52 --------- d-----w C:\Program Files\MPlayer for Windows
2008-07-02 02:29 --------- d-----w C:\Program Files\TechSmith
2008-07-02 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-02 02:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 00:53 --------- d-----w C:\Program Files\Common Files\delet
2008-07-01 04:20 --------- d-----w C:\Program Files\Java
2008-06-29 15:43 --------- d-----w C:\Program Files\Real_SC
2008-06-29 15:23 --------- d-----w C:\Documents and Settings\it\Application Data\Ashampoo
2008-06-28 08:24 --------- d-----w C:\Program Files\Paltalk Messenger
2008-06-27 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-27 22:19 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-06-27 21:31 --------- d-----w C:\Program Files\Ela-Salaty
2008-06-27 05:34 --------- d-----w C:\Program Files\Microsoft Works
2008-06-27 04:42 --------- d-----w C:\Program Files\Project1
2008-06-27 04:35 --------- d-----w C:\Program Files\Hotspot_Shield
2008-06-27 04:35 --------- d-----w C:\Program Files\Google
2008-06-27 04:35 --------- d-----w C:\Program Files\Conduit
2008-06-25 06:11 --------- d-----w C:\Documents and Settings\it\Application Data\Pegtop
2008-06-25 05:59 --------- d-----w C:\Program Files\Hotspot Shield
2008-06-25 04:33 --------- d-----w C:\Program Files\Windows Updates Downloader
2008-06-24 22:05 286,720 ------w C:\WINDOWS\Setup1.exe
2008-06-24 22:04 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-23 17:30 --------- d-----w C:\Program Files\Easy GIF Animator
2008-06-23 03:19 153,600 ----a-w C:\WINDOWS\system32\TLBINF32.DLL
2008-06-21 22:20 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-21 22:20 --------- d-----w C:\Program Files\Common Files\Real
2008-06-21 22:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-21 21:14 --------- d-----w C:\Program Files\FTPRush
2008-06-21 19:11 --------- d-----w C:\Documents and Settings\it\Application Data\TuneUp Software
2008-06-21 17:58 --------- d-----w C:\Documents and Settings\it\Application Data\FTPRush
2008-06-21 11:58 69,632 ----a-w C:\WINDOWS\uinst001.exe
2008-06-21 10:44 --------- d-----w C:\Documents and Settings\it\Application Data\Creative
2008-06-21 10:35 --------- d-----w C:\Program Files\PROnetworks
2008-06-21 10:13 --------- d-----w C:\Program Files\MSN Messenger
2008-06-21 10:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-21 10:12 --------- d-----w C:\Program Files\Windows Live
2008-06-21 10:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-21 09:48 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-21 09:40 --------- d-----w C:\Program Files\MSBuild
2008-06-21 09:36 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-21 08:05 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-21 07:58 --------- d-----w C:\Program Files\SEO Studio
2008-06-21 07:57 --------- d-----w C:\Program Files\Real
2008-06-21 05:40 --------- d-----w C:\Documents and Settings\it\Application Data\Paltalk
2008-06-20 00:11 --------- d-----w C:\Documents and Settings\it\Application Data\32Find
2008-06-19 23:57 --------- d-----w C:\Program Files\Common Files\PCCamera
2008-06-19 23:57 --------- d-----w C:\Program Files\Circle Developement
2008-06-19 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Long slow road itch
2008-06-19 07:50 --------- d-----w C:\Documents and Settings\it\Application Data\IDM
2008-06-19 07:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-06-19 07:01 --------- d-----w C:\Documents and Settings\it\Application Data\Media Player Classic
2008-06-19 06:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-19 06:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-19 06:39 155,995 ----a-w C:\WINDOWS\java\Packages\FRLRVHN5.ZIP
2008-06-19 06:32 --------- d-----w C:\Program Files\VideoCAM GE111
2008-06-19 06:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-19 01:37 --------- d-----w C:\Program Files\Creative
2008-06-19 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-06-19 00:55 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-19 00:55 --------- d-----w C:\Program Files\Common Files\L&H
2008-06-19 00:50 --------- d-----w C:\Program Files\32Find
2008-06-19 00:49 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-19 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-18 23:29 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-18 23:24 4,096 --sh--r C:\WINDOWS\system32\runouce.exe
2008-06-18 23:23 --------- d-----w C:\Program Files\Common Files\Java
2008-06-18 23:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-14 17:59 271,616 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,285,632 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [06/19/2008 09:48 AM 939516]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Runonce"="C:\WINDOWS\system32\runouce.exe" [06/19/2008 02:24 AM 4096]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/22/2008 01:20 AM 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
08/12/2005 05:25 AM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^it^قائمة ابدأ^البرامج^بدء التشغيل^Ela-Salaty.lnk]
path=C:\Documents and Settings\it\قائمة ابدأ\البرامج\بدء التشغيل\Ela-Salaty.lnk
backup=C:\WINDOWS\pss\Ela-Salaty.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 06/19/2008 09:48 AM 939516 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Programs\\LeapFTP\\LeapFTP.exe"=
*Newly Created Service* - CATCHME
*Newly Created Service* - HTTPFILTER
.
s of the 'Scheduled Tasks' folder
"2008-07-02 01:00:00 C:\WINDOWS\Tasks\ACB850F391C7C287.job"
- c:\docume~1\it\applic~1\32find\proxy loud film.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-Super Screen Capture - C:\DOCUME~1\it\LOCALS~1\Temp\RarSFX0\Super Screen Capture\SSCapture.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-07-02 09:58:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Runonce = C:\WINDOWS\system32\runouce.exe?^??????????????q???????????????????q????????????<???]???'??|???w???w???w????0u?????????|???????????????????????????????|,??|!???x??????????|D???????????????????????????????????????????????????????????????????????????????Z?C
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 07/02/2008 9:59:32
ComboFix-quarantined-files.txt 2008-07-02 06:59:27
Pre-Run: 69,970,890,752 bytes free
Post-Run: 69,992,554,496 bytes free
160 --- E O F --- 2008-06-28 00:01:10
توقيع : Dr k5
تأييد
0
KinXG BlacK
زيزوومى متألق
غير متصل
احذف القيم التالية
c:\docume~1\it\applic~1\32find\proxy loud film.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 212.11.191.11:8080
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
طريقة الحذف
.png)
.png)
عطل استعادة النظام
جهاز الكمبيوتر
كليك يمين
خصائص
استعادة النظام
كليك يمين
خصائص
استعادة النظام
ضع علامة صح أمام ايقاف ااستعادة النظام ..إلخ
تطبق ....بيطلع لك تخذير ...اختر نعم ...
ثم موافق ..
ثم موافق ..
---------------------------
شغل جميع الملفات فيه وإذا طلب اضافة شئ للمحرر التسجيل
اختر ..نعم
أعد التشغيل
التقرير الثاني
توقيع : KinXG BlacK
تأييد
0
