الازرق الجنوبي
زيزوومى فعال
غير متصل
اخواني مبدعي زيزوم دخلت مو قع اليوم وطبعا هي لقافه مني.اعترف بالحق
المهم فجاءة اشوف الكاسبر 7 انتي فايروس يخبرني عن صفحات ملغومه بعدها بداء جهازي بالخربطه.
قبل كذا كان جهازي يحمل التحديثات من ميكروسفت طبيعي االان لا استطيع.
وهذه صور النظام المستخدم بجهازي
عموما اخواني هذا تقرير
اداة الكومبو فيكس
ComboFix 08-07-21.2 - Free User 07/22/2008 23:28:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.198 [GMT 2:00]
Running from: C:\Documents and Settings\Free User\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cMpYaccf.ini
C:\WINDOWS\system32\cMpYaccf.ini2
C:\WINDOWS\system32\fccaYpMc.dll
C:\WINDOWS\system32\iwksplem.ini
C:\WINDOWS\system32\jkkJbxYq.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\khfDtQHb.dll
C:\WINDOWS\system32\melpskwi.dll
C:\WINDOWS\system32\nnnljkLf.dll
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\xxywVlIy.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 21:41 9,257,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-22 21:41 300,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-22 21:40 32,312 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-22 21:40 137,564 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-22 20:34 94,848 ----a-w C:\WINDOWS\system32\fmkccmlf.dll
2008-07-22 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-22 15:20 --------- d-----w C:\Program Files\MSECache
2008-07-22 14:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-22 13:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-22 13:58 --------- d-----w C:\Program Files\Macromedia
2008-07-22 13:58 --------- d-----w C:\Program Files\Common Files\Vbox
2008-07-22 13:37 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-22 09:00 --------- d-----w C:\Program Files\AIMP MMC PRO
2008-07-19 15:25 98,304 ----a-w C:\WINDOWS\system32\viscomtran.dll
2008-07-19 15:24 94,208 ----a-w C:\WINDOWS\system32\viscomaudiodata.dll
2008-07-19 09:28 --------- d-----w C:\Program Files\IE Image Extensions
2008-07-18 23:00 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-07-17 07:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-16 02:14 --------- d-----w C:\Program Files\IEPro
2008-07-15 23:38 --------- d-----w C:\Documents and Settings\Free User\Application Data\CyberLink
2008-07-15 22:25 --------- d-----w C:\Program Files\Circle Developement
2008-07-15 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-15 02:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-15 02:09 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-07-15 02:09 --------- d-----w C:\Program Files\Adverts
2008-07-15 00:21 --------- d-----w C:\Documents and Settings\Free User\Application Data\MiniDm
2008-07-15 00:07 --------- d-----w C:\Program Files\Windows Live
2008-07-14 23:30 --------- d-----w C:\Documents and Settings\Free User\Application Data\IEPro
2008-07-14 19:34 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-07-14 19:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-14 19:21 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-14 19:00 --------- d-----w C:\Program Files\Ozone
2008-07-14 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-14 18:28 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-07-14 18:10 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-14 18:10 --------- d-----w C:\Program Files\Real
2008-07-14 18:10 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-14 18:10 --------- d-----w C:\Program Files\Common Files\Real
2008-07-14 18:04 --------- d-----w C:\Documents and Settings\Free User\Application Data\GRETECH
2008-07-14 16:43 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-14 16:43 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-14 16:43 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-14 15:31 --------- d-----w C:\Program Files\Hotspot Shield
2008-07-14 15:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-14 15:22 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-14 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-14 15:17 --------- d-----w C:\Program Files\CyberLink
2008-07-14 15:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 15:14 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-07-14 15:11 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-07-14 15:10 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-14 15:10 172,032 ------w C:\WINDOWS\Setup1.exe
2008-07-14 15:09 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-14 15:03 155,995 ----a-w C:\WINDOWS\java\Packages\6I3P7LFB.ZIP
2008-07-14 15:00 --------- d-----w C:\Program Files\GRETECH
2008-07-14 15:00 --------- d-----w C:\Program Files\Google
2008-07-14 14:59 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-07-14 14:59 --------- d-----w C:\Program Files\Ares
2008-07-14 14:58 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-14 14:58 --------- d-----w C:\Program Files\Ahead
2008-07-14 14:48 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-14 11:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-14 11:05 --------- d-----w C:\Documents and Settings\Free User\Application Data\Media Player Classic
2008-07-13 10:55 --------- d-----w C:\Program Files\CONEXANT
2008-07-13 09:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 02:12 AM 15360]
"ares"="C:\Program Files\Ares\Ares.exe" [04/12/2007 01:50 AM 947200]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [07/15/2008 04:09 AM 190024]
"msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/14/2008 08:10 PM 185896]
"fc2ab99c"="C:\WINDOWS\system32\fmkccmlf.dll" [07/22/2008 10:34 PM 94848]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 12:43 AM 227856]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 02:12 AM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 02:12 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:00 734872]
«©م، ¢¬نïé Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:00 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [08/17/2001 03:57 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [04/13/2008 08:36 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 08:52 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c22f43-511d-11dd-9f29-000b6b593805}]
\Shell\AutoRun\command - feulihl.exe
\Shell\explore\Command - feulihl.exe
\Shell\open\Command - feulihl.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.hanen3.com/vb/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Copy Image - C:\Program Files\IE Image Extensions\ie_image_1.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Open Image In New Window - C:\Program Files\IE Image Extensions\ie_image_2.htm
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-07-22 23:41:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\fmkccmlf.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 07/22/2008 23:46:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 21:46:14
Pre-Run: 31,068,381,184 bytes free
Post-Run: 31,371,657,216 bytes free
197 --- E O F --- 2008-07-17 08:18:12
وهذا تقرير الهاي جاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:46 م, on 22/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\IEPro\MiniDM.exe
C:\Documents and Settings\Free User\My Documents\My Downloads\Zyzoom_HijackThis(1).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fc2ab99c] rundll32.exe "C:\WINDOWS\system32\fmkccmlf.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Copy Image - C:\Program Files\IE Image Extensions\ie_image_1.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image In New Window - C:\Program Files\IE Image Extensions\ie_image_2.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 6647 bytes
المهم فجاءة اشوف الكاسبر 7 انتي فايروس يخبرني عن صفحات ملغومه بعدها بداء جهازي بالخربطه.
قبل كذا كان جهازي يحمل التحديثات من ميكروسفت طبيعي االان لا استطيع.
وهذه صور النظام المستخدم بجهازي
عموما اخواني هذا تقرير
اداة الكومبو فيكس
ComboFix 08-07-21.2 - Free User 07/22/2008 23:28:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.198 [GMT 2:00]
Running from: C:\Documents and Settings\Free User\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cMpYaccf.ini
C:\WINDOWS\system32\cMpYaccf.ini2
C:\WINDOWS\system32\fccaYpMc.dll
C:\WINDOWS\system32\iwksplem.ini
C:\WINDOWS\system32\jkkJbxYq.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\khfDtQHb.dll
C:\WINDOWS\system32\melpskwi.dll
C:\WINDOWS\system32\nnnljkLf.dll
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\system32\xxywVlIy.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 21:41 9,257,504 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-22 21:41 300,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-22 21:40 32,312 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-22 21:40 137,564 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-22 20:34 94,848 ----a-w C:\WINDOWS\system32\fmkccmlf.dll
2008-07-22 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-22 15:20 --------- d-----w C:\Program Files\MSECache
2008-07-22 14:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-22 13:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-22 13:58 --------- d-----w C:\Program Files\Macromedia
2008-07-22 13:58 --------- d-----w C:\Program Files\Common Files\Vbox
2008-07-22 13:37 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-22 09:00 --------- d-----w C:\Program Files\AIMP MMC PRO
2008-07-19 15:25 98,304 ----a-w C:\WINDOWS\system32\viscomtran.dll
2008-07-19 15:24 94,208 ----a-w C:\WINDOWS\system32\viscomaudiodata.dll
2008-07-19 09:28 --------- d-----w C:\Program Files\IE Image Extensions
2008-07-18 23:00 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-07-17 07:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-16 02:14 --------- d-----w C:\Program Files\IEPro
2008-07-15 23:38 --------- d-----w C:\Documents and Settings\Free User\Application Data\CyberLink
2008-07-15 22:25 --------- d-----w C:\Program Files\Circle Developement
2008-07-15 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-15 02:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-15 02:09 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-07-15 02:09 --------- d-----w C:\Program Files\Adverts
2008-07-15 00:21 --------- d-----w C:\Documents and Settings\Free User\Application Data\MiniDm
2008-07-15 00:07 --------- d-----w C:\Program Files\Windows Live
2008-07-14 23:30 --------- d-----w C:\Documents and Settings\Free User\Application Data\IEPro
2008-07-14 19:34 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-07-14 19:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-14 19:21 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-14 19:00 --------- d-----w C:\Program Files\Ozone
2008-07-14 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-14 18:28 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-07-14 18:10 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-14 18:10 --------- d-----w C:\Program Files\Real
2008-07-14 18:10 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-14 18:10 --------- d-----w C:\Program Files\Common Files\Real
2008-07-14 18:04 --------- d-----w C:\Documents and Settings\Free User\Application Data\GRETECH
2008-07-14 16:43 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-14 16:43 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-14 16:43 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-14 15:31 --------- d-----w C:\Program Files\Hotspot Shield
2008-07-14 15:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-14 15:22 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-14 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-14 15:17 --------- d-----w C:\Program Files\CyberLink
2008-07-14 15:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-14 15:14 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-07-14 15:11 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-07-14 15:10 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-14 15:10 172,032 ------w C:\WINDOWS\Setup1.exe
2008-07-14 15:09 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-14 15:03 155,995 ----a-w C:\WINDOWS\java\Packages\6I3P7LFB.ZIP
2008-07-14 15:00 --------- d-----w C:\Program Files\GRETECH
2008-07-14 15:00 --------- d-----w C:\Program Files\Google
2008-07-14 14:59 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-07-14 14:59 --------- d-----w C:\Program Files\Ares
2008-07-14 14:58 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-14 14:58 --------- d-----w C:\Program Files\Ahead
2008-07-14 14:48 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-14 11:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-14 11:05 --------- d-----w C:\Documents and Settings\Free User\Application Data\Media Player Classic
2008-07-13 10:55 --------- d-----w C:\Program Files\CONEXANT
2008-07-13 09:46 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 02:12 AM 15360]
"ares"="C:\Program Files\Ares\Ares.exe" [04/12/2007 01:50 AM 947200]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [07/15/2008 04:09 AM 190024]
"msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/14/2008 08:10 PM 185896]
"fc2ab99c"="C:\WINDOWS\system32\fmkccmlf.dll" [07/22/2008 10:34 PM 94848]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 12:43 AM 227856]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 02:12 AM 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 02:12 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:00 734872]
«©م، ¢¬نïé Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:00 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [08/17/2001 03:57 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [04/13/2008 08:36 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 08:52 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c22f43-511d-11dd-9f29-000b6b593805}]
\Shell\AutoRun\command - feulihl.exe
\Shell\explore\Command - feulihl.exe
\Shell\open\Command - feulihl.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.hanen3.com/vb/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Copy Image - C:\Program Files\IE Image Extensions\ie_image_1.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Open Image In New Window - C:\Program Files\IE Image Extensions\ie_image_2.htm
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-07-22 23:41:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\fmkccmlf.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 07/22/2008 23:46:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 21:46:14
Pre-Run: 31,068,381,184 bytes free
Post-Run: 31,371,657,216 bytes free
197 --- E O F --- 2008-07-17 08:18:12
وهذا تقرير الهاي جاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:46 م, on 22/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\IEPro\MiniDM.exe
C:\Documents and Settings\Free User\My Documents\My Downloads\Zyzoom_HijackThis(1).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fc2ab99c] rundll32.exe "C:\WINDOWS\system32\fmkccmlf.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Copy Image - C:\Program Files\IE Image Extensions\ie_image_1.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image In New Window - C:\Program Files\IE Image Extensions\ie_image_2.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 6647 bytes
