- بادئ الموضوع sailor
- تاريخ البدء
- 836
KinXG BlacK
زيزوومى متألق
غير متصل
عطل استعادة النظام
جهاز الكمبيوتر
ثم
خصائص
استعادة النظام
بعدها بتجيك رساله وافق عليه
ثم
( 1 )
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : KinXG BlacK
تأييد
0
الله يعطيك العافية
هذا التقرير الاول
ComboFix 08-08-08.08 - sailor 08/09/2008 20:32:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.617 [GMT 3:00]
Running from: C:\Documents and Settings\sailor\Desktop\الفايرس\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\vb6lib.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 17:33 319,520 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-09 17:33 3,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-09 17:33 13,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-09 17:33 1,426,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-09 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-09 14:58 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-09 14:42 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-08-09 14:42 --------- d-----w C:\Program Files\Abadisoft
2008-08-08 14:12 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-04 16:36 --------- d-----w C:\Documents and Settings\sailor\Application Data\Thinstall
2008-08-03 20:03 --------- d-----w C:\Program Files\Dylo's Adventure
2008-08-03 20:03 --------- d-----w C:\Documents and Settings\sailor\Application Data\uTorrent
2008-08-03 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM
2008-08-03 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-08-03 19:26 --------- d-----w C:\Program Files\uTorrent
2008-08-03 19:11 --------- d-----w C:\Program Files\OneKeySoft
2008-07-31 17:08 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-30 19:59 --------- d-----w C:\Program Files\DFX
2008-07-30 19:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-30 13:26 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-30 13:26 --------- d-----w C:\Documents and Settings\sailor\Application Data\TuneUp Software
2008-07-30 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-30 13:24 --------- d-----w C:\Program Files\USB Disk Security
2008-07-28 13:46 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-07-26 06:11 --------- d-----w C:\Program Files\3GP Player
2008-07-26 05:18 --------- d-----w C:\Documents and Settings\sailor\Application Data\zzMicroWorld_Anti_Virus
2008-07-26 00:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-26 00:13 --------- d-----w C:\Documents and Settings\sailor\Application Data\Nero
2008-07-25 01:48 --------- d-----w C:\Documents and Settings\sailor\Application Data\Apple Computer
2008-07-25 00:59 --------- d-----w C:\Program Files\Ozone
2008-07-21 23:02 --------- d-----w C:\Program Files\ProgDVB
2008-07-21 20:41 --------- d-----w C:\Program Files\DVBViewerTE
2008-07-21 20:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-21 20:40 --------- d-----w C:\Program Files\TechniSat DVB
2008-07-21 20:40 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-07-21 20:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-20 18:33 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-20 18:32 --------- d--h--w C:\Program Files\Zero G Registry
2008-07-20 18:19 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-07-19 23:25 --------- d-----w C:\Program Files\mqreeb
2008-07-19 23:24 --------- d-----w C:\Program Files\Nero
2008-07-19 23:24 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-19 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-19 23:22 --------- d-----w C:\Program Files\zyzoom_filters
2008-07-19 23:21 --------- d-----w C:\Program Files\QuickTime
2008-07-19 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-19 23:19 --------- d-----w C:\Program Files\Winamp
2008-07-19 23:18 --------- d-----w C:\Documents and Settings\sailor\Application Data\Winamp
2008-07-19 23:17 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-19 23:15 --------- d-----w C:\Program Files\Common Files\Real
2008-07-19 23:14 --------- d-----w C:\Program Files\Real
2008-07-19 23:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-19 23:07 --------- d-----w C:\Program Files\Windows Live
2008-07-19 23:06 --------- d-----w C:\Program Files\Java
2008-07-19 23:06 --------- d-----w C:\Program Files\Common Files\Java
2008-07-19 20:31 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-19 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 20:16 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.
------- Sigcheck -------
08/03/2004 11:18 PM 2148352 671209f4ab2d06de3b11e402ad40ddf7 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 03:00 PM 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/20/2008 02:14 AM 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 06:13 AM 385024]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [02/12/2004 01:08 AM 61440]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [04/09/2004 06:33 PM 184320]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [01/07/2004 01:02 PM 49152]
"USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [07/13/2008 11:26 PM 753664]
"viruscleaner"="C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" [12/18/2007 06:10 PM 552960]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"RTHDCPL"="RTHDCPL.EXE" [04/01/2006 12:31 PM 14820864 C:\WINDOWS\RTHDCPL.EXE]
"Resume copy"="copyfstq.exe" [03/24/2002 02:54 PM 46080 C:\WINDOWS\COPYFSTQ.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]
C:\Documents and Settings\sailor\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 14:16:30 98304]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-07-21 23:40:36 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=
"C:\\Program Files\\ProgDVB\\ProgDVB.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [07/19/2002 08:10 AM]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 03:00 PM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [10/13/2004 12:56 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [07/30/2008 04:26 PM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
2008-08-08 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [12/21/2007 03:17 PM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R1 -: HKCU-Internet Settings,ProxyOverride = local
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: الدليل السريع - C:\WINDOWS\ww80.html
O9 -: {46012075-ED62-464b-9554-AD0BEC35D1EC} -
O9 -: {46012076-ED62-464b-9554-AD0BEC35D1EC}
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-09 20:35:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\SetConfig.exe
.
**************************************************************************
.
Completion time: 08/09/2008 20:39:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 17:39:00
Pre-Run: 201,333,080,064 bytes free
Post-Run: 201,340,141,568 bytes free
172 --- E O F --- 2008-07-25 00:53:36
هذا التقرير الاول
ComboFix 08-08-08.08 - sailor 08/09/2008 20:32:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.617 [GMT 3:00]
Running from: C:\Documents and Settings\sailor\Desktop\الفايرس\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\vb6lib.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 17:33 319,520 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-09 17:33 3,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-09 17:33 13,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-09 17:33 1,426,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-09 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-09 14:58 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-09 14:42 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-08-09 14:42 --------- d-----w C:\Program Files\Abadisoft
2008-08-08 14:12 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-04 16:36 --------- d-----w C:\Documents and Settings\sailor\Application Data\Thinstall
2008-08-03 20:03 --------- d-----w C:\Program Files\Dylo's Adventure
2008-08-03 20:03 --------- d-----w C:\Documents and Settings\sailor\Application Data\uTorrent
2008-08-03 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM
2008-08-03 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-08-03 19:26 --------- d-----w C:\Program Files\uTorrent
2008-08-03 19:11 --------- d-----w C:\Program Files\OneKeySoft
2008-07-31 17:08 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-30 19:59 --------- d-----w C:\Program Files\DFX
2008-07-30 19:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-30 13:26 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-30 13:26 --------- d-----w C:\Documents and Settings\sailor\Application Data\TuneUp Software
2008-07-30 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-30 13:24 --------- d-----w C:\Program Files\USB Disk Security
2008-07-28 13:46 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-07-26 06:11 --------- d-----w C:\Program Files\3GP Player
2008-07-26 05:18 --------- d-----w C:\Documents and Settings\sailor\Application Data\zzMicroWorld_Anti_Virus
2008-07-26 00:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-26 00:13 --------- d-----w C:\Documents and Settings\sailor\Application Data\Nero
2008-07-25 01:48 --------- d-----w C:\Documents and Settings\sailor\Application Data\Apple Computer
2008-07-25 00:59 --------- d-----w C:\Program Files\Ozone
2008-07-21 23:02 --------- d-----w C:\Program Files\ProgDVB
2008-07-21 20:41 --------- d-----w C:\Program Files\DVBViewerTE
2008-07-21 20:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-21 20:40 --------- d-----w C:\Program Files\TechniSat DVB
2008-07-21 20:40 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-07-21 20:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-20 18:33 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-20 18:32 --------- d--h--w C:\Program Files\Zero G Registry
2008-07-20 18:19 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-07-19 23:25 --------- d-----w C:\Program Files\mqreeb
2008-07-19 23:24 --------- d-----w C:\Program Files\Nero
2008-07-19 23:24 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-19 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-19 23:22 --------- d-----w C:\Program Files\zyzoom_filters
2008-07-19 23:21 --------- d-----w C:\Program Files\QuickTime
2008-07-19 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-19 23:19 --------- d-----w C:\Program Files\Winamp
2008-07-19 23:18 --------- d-----w C:\Documents and Settings\sailor\Application Data\Winamp
2008-07-19 23:17 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-19 23:15 --------- d-----w C:\Program Files\Common Files\Real
2008-07-19 23:14 --------- d-----w C:\Program Files\Real
2008-07-19 23:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-19 23:07 --------- d-----w C:\Program Files\Windows Live
2008-07-19 23:06 --------- d-----w C:\Program Files\Java
2008-07-19 23:06 --------- d-----w C:\Program Files\Common Files\Java
2008-07-19 20:31 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-19 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 20:16 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.
------- Sigcheck -------
08/03/2004 11:18 PM 2148352 671209f4ab2d06de3b11e402ad40ddf7 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 03:00 PM 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/20/2008 02:14 AM 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 06:13 AM 385024]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [02/12/2004 01:08 AM 61440]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [04/09/2004 06:33 PM 184320]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [01/07/2004 01:02 PM 49152]
"USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [07/13/2008 11:26 PM 753664]
"viruscleaner"="C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" [12/18/2007 06:10 PM 552960]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"RTHDCPL"="RTHDCPL.EXE" [04/01/2006 12:31 PM 14820864 C:\WINDOWS\RTHDCPL.EXE]
"Resume copy"="copyfstq.exe" [03/24/2002 02:54 PM 46080 C:\WINDOWS\COPYFSTQ.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]
C:\Documents and Settings\sailor\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 14:16:30 98304]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-07-21 23:40:36 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=
"C:\\Program Files\\ProgDVB\\ProgDVB.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [07/19/2002 08:10 AM]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 03:00 PM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [10/13/2004 12:56 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/08/2007 09:52 AM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [07/30/2008 04:26 PM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
2008-08-08 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [12/21/2007 03:17 PM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R1 -: HKCU-Internet Settings,ProxyOverride = local
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: الدليل السريع - C:\WINDOWS\ww80.html
O9 -: {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O9 -: {46012076-ED62-464b-9554-AD0BEC35D1EC}
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-08-09 20:35:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\SetConfig.exe
.
**************************************************************************
.
Completion time: 08/09/2008 20:39:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 17:39:00
Pre-Run: 201,333,080,064 bytes free
Post-Run: 201,340,141,568 bytes free
172 --- E O F --- 2008-07-25 00:53:36
تأييد
0
تقرير للهايجاك
Logfile of HijackThis v1.99.1
Scan saved at 08:41:17 م, on 09/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\sailor\Desktop\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [viruscleaner] "C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" h
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp color LaserJet 2550 PCL 6" -n 1 -l 1025 -sl 120000
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Logfile of HijackThis v1.99.1
Scan saved at 08:41:17 م, on 09/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\sailor\Desktop\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [viruscleaner] "C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" h
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp color LaserJet 2550 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp color LaserJet 2550 PCL 6" -n 1 -l 1025 -sl 120000
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: الدليل السريع - C:\WINDOWS\ww80.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
تأييد
0
KinXG BlacK
زيزوومى متألق
غير متصل
احذف التالي
O9 - Extra button: الدليل - {46012075-ED62-464b-9554-AD0BEC35D1EC} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(file missing)O9 - Extra button: (no name) - {46012076-ED62-464b-9554-AD0BEC35D1EC} - C:\WINDOWS\system32\shdocvw.dll
طريقة الحذف
ثم نزلهالاداة لتنظيف الجهاز
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم
وعطنا الأخبــــار
توقيع : KinXG BlacK
تأييد
0
