فاهد فاهد
زيزوومى مبدع
غير متصل
- بادئ الموضوع فاهد فاهد
- تاريخ البدء
- 3,852
ابو الحـسن
زيزوومى مبدع
- إنضم
- 22 أكتوبر 2007
- المشاركات
- 1,039
- مستوى التفاعل
- 12
- النقاط
- 630
غير متصل
السلام عليكم
اعتقد فايروس لاني بحثت عنه بالانترنت ومافي معلومات عنه
اعتقد فايروس لاني بحثت عنه بالانترنت ومافي معلومات عنه
توقيع : ابو الحـسن
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
خلينا نشوف التقرير
حمل هذه الأداة
إذا انتهى التحميل >>>> دبل كلك >>>>>انتظر ثواني
سيظهر لك تقرير في مستند نص >>>>> انسخه والصقه في ردك القاادم...
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
إذا انتهى التحميل >>>> دبل كلك >>>>>انتظر ثواني
سيظهر لك تقرير في مستند نص >>>>> انسخه والصقه في ردك القاادم...
توقيع : AbOdy
تأييد
0
فاهد فاهد
زيزوومى مبدع
غير متصل
حياكم الله وجزاكم الله خير على تنظيم المنتدى الرائع طبعا بمبدعيييييييييييه
والنص طويل شوي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:12:40 م, on 12/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrives\DrvIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
C:\Program Files\zaker\Thaker.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\VistaDrives\DrvIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FortKnoxPersonalFirewall] "C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnoxGUI.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe (User 'Default user')
O4 - Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe
O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8858 bytes
والنص طويل شوي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:12:40 م, on 12/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrives\DrvIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
C:\Program Files\zaker\Thaker.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\VistaDrives\DrvIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FortKnoxPersonalFirewall] "C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnoxGUI.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe (User 'Default user')
O4 - Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe
O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8858 bytes
توقيع : فاهد فاهد
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
حدد القيم واحذفها
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ثم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ثم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد
0
فاهد فاهد
زيزوومى مبدع
غير متصل
التقريررررر
ComboFix 08-08-11.01 - Administrator 08/12/2008 15:12:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.2035 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#Shareds\LZLNYHBL\interclick.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#Shareds\LZLNYHBL\interclick.com\ud.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 12:14 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-12 12:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-08-12 11:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberScrub
2008-08-12 11:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cleaner
2008-08-12 10:55 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-12 07:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-12 07:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitDefender
2008-08-11 10:39 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-11 10:39 --------- d-----w C:\Program Files\Ashampoo
2008-08-11 08:57 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-08-11 08:57 --------- d-----w C:\Program Files\BitDefender
2008-08-10 20:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-10 18:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-10 17:35 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-08-10 11:01 --------- d-----w C:\Program Files\Mayoko
2008-08-09 19:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-09 19:22 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-09 18:22 --------- d-----w C:\Program Files\VerbAce Research
2008-08-09 17:26 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-09 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-09 12:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 11:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-09 10:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-09 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-09 10:24 --------- d-----w C:\Program Files\BitComet
2008-08-09 10:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\COWON
2008-08-07 13:00 --------- d-----w C:\Program Files\Mv2Player
2008-08-07 12:17 --------- d-----w C:\Program Files\JAP
2008-08-07 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-07 00:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ESET
2008-08-07 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 00:01 --------- d-----w C:\Program Files\Windows Live
2008-08-06 11:34 46,536 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-08-05 10:55 --------- d-----w C:\Program Files\Hotspot_Shield
2008-08-05 10:55 --------- d-----w C:\Program Files\Conduit
2008-08-05 09:56 --------- d-----w C:\Program Files\JavaSoft
2008-08-05 01:05 --------- d-----w C:\Program Files\WinAVI VideoConverter
2008-08-04 05:25 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-04 05:17 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-04 05:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-04 01:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-08-02 09:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-08-02 08:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-08-02 00:33 155,995 ----a-w C:\WINDOWS\java\Packages\HVTNTZXN.ZIP
2008-08-02 00:28 172,032 ------w C:\WINDOWS\Setup1.exe
2008-08-02 00:28 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-02 00:27 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-02 00:27 --------- d-----w C:\Program Files\Google
2008-08-02 00:27 --------- d-----w C:\Program Files\DivX
2008-08-02 00:26 --------- d-----w C:\Program Files\Abuwalid
2008-08-02 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-01 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-01 23:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-01 22:12 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-01 22:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-01 22:07 --------- d-----w C:\Program Files\UltraISO
2008-08-01 22:07 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-08-01 22:03 --------- d-----w C:\Program Files\Real
2008-08-01 22:03 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-01 22:03 --------- d-----w C:\Program Files\Common Files\Real
2008-08-01 22:00 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-01 21:59 --------- d-----w C:\Program Files\AAQ
2008-08-01 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-01 21:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GRETECH
2008-08-01 21:58 --------- d-----w C:\Program Files\GRETECH
2008-08-01 21:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-01 21:41 --------- d-----w C:\Program Files\USB Disk Security
2008-08-01 21:41 --------- d-----w C:\Program Files\Uninstaller 2008
2008-08-01 21:41 --------- d-----w C:\Program Files\Total Video Converter
2008-08-01 21:41 --------- d-----w C:\Program Files\ImageShack
2008-08-01 21:41 --------- d-----w C:\Program Files\Foxit Reader
2008-08-01 21:41 --------- d-----w C:\Program Files\dictionary
2008-08-01 21:41 --------- d-----w C:\Program Files\CCleaner
2008-08-01 21:41 --------- d-----w C:\Program Files\Avant Browser
2008-08-01 21:41 --------- d-----w C:\Program Files\Ava Find
2008-08-01 21:41 --------- d-----w C:\Program Files\Adobe Photoshop CS
2008-07-18 18:39 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-07-03 19:34 2,833,920 ----a-w C:\WINDOWS\system32\logonui.exe
2008-07-03 04:13 70,144 ----a-w C:\WINDOWS\system32\notepad.exe
2008-07-03 04:13 70,144 ----a-w C:\WINDOWS\NOTEPAD.EXE
2008-07-01 20:13 8,192 ----a-w C:\WINDOWS\system32\streamci.dll
2008-07-01 19:52 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-01 19:52 139,264 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-07-01 19:48 1,297,408 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-07-01 02:56 3,134,464 ----a-w C:\WINDOWS\system32\msgina.dll
2008-07-01 02:56 1,550,336 ----a-w C:\WINDOWS\explorer.exe
2008-07-01 02:56 1,098,752 ----a-w C:\WINDOWS\system32\shimgvw.dll
2008-07-01 02:54 883,200 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
2008-07-01 02:54 769,024 ----a-w C:\WINDOWS\system32\wiashext.dll
2008-07-01 02:54 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
2008-07-01 02:53 905,216 ----a-w C:\WINDOWS\system32\zipfldr.dll
2008-07-01 02:53 594,432 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-07-01 02:53 384,000 ----a-w C:\WINDOWS\system32\themeui.dll
2008-07-01 02:53 218,624 ----a-w C:\WINDOWS\system32\taskmgr.exe
2008-07-01 02:53 192,512 ----a-w C:\WINDOWS\system32\sndvol32.exe
2008-07-01 02:53 182,272 ----a-w C:\WINDOWS\system32\sysocmgr.exe
2008-07-01 02:53 180,224 ----a-w C:\WINDOWS\system32\sndrec32.exe
2008-07-01 02:53 152,576 ----a-w C:\WINDOWS\system32\st.dll
2008-07-01 02:53 1,230,848 ----a-w C:\WINDOWS\system32\rasdlg.dll
.
------- Sigcheck -------
07/01/2008 05:56 AM 1550336 8b32164ba0d813886f00724795f47eb6 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/15/2008 03:00 PM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 05:42 PM 2606512]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="C:\WINDOWS\VistaDrives\DrvIcon.exe" [07/04/2007 09:59 PM 45056]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/05/2006 11:54 PM 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/05/2006 11:54 PM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/05/2006 11:54 PM 118784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/02/2008 01:03 AM 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 04:46 PM 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [05/23/2008 07:16 PM 368640]
"RTHDCPL"="RTHDCPL.EXE" [12/05/2006 11:55 PM 16005120 C:\WINDOWS\RTHDCPL.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [12/05/2006 11:54 PM 88204 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [04/15/2008 03:00 PM 136192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/15/2008 03:00 PM 15360]
C:\Documents and Settings\Administrator\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Thaker.lnk - C:\Program Files\zaker\Thaker.exe [2008-08-02 00:40:16 1343488]
C:\Documents and Settings\Administrator\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Thaker.lnk - C:\Program Files\zaker\Thaker.exe [2008-08-02 00:40:16 1343488]
C:\Documents and Settings\Administrator\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Thaker.lnk - C:\Program Files\zaker\Thaker.exe [2008-08-02 00:40:16 1343488]
C:\Documents and Settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
VerbAce-Pro Startup Agent.lnk - C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe [2008-08-09 21:22:21 229376]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11677:TCP"= 11677:TCP:BitComet 11677 TCP
"11677:UDP"= 11677:UDP:BitComet 11677 UDP
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [06/02/2008 04:16 PM]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [12/05/2006 11:54 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM]
S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Administrator\Local Settings\TEMP\DrvFltIp []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-08-11 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-FortKnoxPersonalFirewall - C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnoxGUI.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R1 -: HKCU-Internet Settings,ProxyOverride = local;<local>
R1 -: HKCU-Internet Settings,ProxyServer = 127.0.0.1:4001
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 -: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 -: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-12 15:14:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Administrator\Local Settings\TEMP\ASFWHide"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Administrator\Local Settings\TEMP\DrvFltIp"
.
Completion time: 08/12/2008 15:15:53
ComboFix-quarantined-files.txt 2008-08-12 12:15:50
Pre-Run: 64,920,944,640 bytes free
Post-Run: 64,912,707,584 bytes free
227 --- E O F --- 2008-08-07 13:29:44
وكتب الملف تم حذفه ؟
ComboFix 08-08-11.01 - Administrator 08/12/2008 15:12:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.2035 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#Shareds\LZLNYHBL\interclick.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#Shareds\LZLNYHBL\interclick.com\ud.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 12:14 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-12 12:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-08-12 11:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberScrub
2008-08-12 11:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cleaner
2008-08-12 10:55 --------- d-----w C:\Program Files\Internet Download Manager
2008-08-12 07:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-08-12 07:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitDefender
2008-08-11 10:39 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-11 10:39 --------- d-----w C:\Program Files\Ashampoo
2008-08-11 08:57 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-08-11 08:57 --------- d-----w C:\Program Files\BitDefender
2008-08-10 20:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-10 18:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-10 17:35 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-08-10 11:01 --------- d-----w C:\Program Files\Mayoko
2008-08-09 19:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-09 19:22 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-09 18:22 --------- d-----w C:\Program Files\VerbAce Research
2008-08-09 17:26 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-09 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-09 12:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 11:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-09 10:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-09 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-09 10:24 --------- d-----w C:\Program Files\BitComet
2008-08-09 10:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\COWON
2008-08-07 13:00 --------- d-----w C:\Program Files\Mv2Player
2008-08-07 12:17 --------- d-----w C:\Program Files\JAP
2008-08-07 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-07 00:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ESET
2008-08-07 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-07 00:01 --------- d-----w C:\Program Files\Windows Live
2008-08-06 11:34 46,536 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-08-05 10:55 --------- d-----w C:\Program Files\Hotspot_Shield
2008-08-05 10:55 --------- d-----w C:\Program Files\Conduit
2008-08-05 09:56 --------- d-----w C:\Program Files\JavaSoft
2008-08-05 01:05 --------- d-----w C:\Program Files\WinAVI VideoConverter
2008-08-04 05:25 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-04 05:17 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-04 05:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-04 01:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-08-02 09:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-08-02 08:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-08-02 00:33 155,995 ----a-w C:\WINDOWS\java\Packages\HVTNTZXN.ZIP
2008-08-02 00:28 172,032 ------w C:\WINDOWS\Setup1.exe
2008-08-02 00:28 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-08-02 00:27 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-02 00:27 --------- d-----w C:\Program Files\Google
2008-08-02 00:27 --------- d-----w C:\Program Files\DivX
2008-08-02 00:26 --------- d-----w C:\Program Files\Abuwalid
2008-08-02 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-01 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-01 23:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-01 22:12 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-01 22:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-01 22:07 --------- d-----w C:\Program Files\UltraISO
2008-08-01 22:07 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-08-01 22:03 --------- d-----w C:\Program Files\Real
2008-08-01 22:03 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-01 22:03 --------- d-----w C:\Program Files\Common Files\Real
2008-08-01 22:00 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-01 21:59 --------- d-----w C:\Program Files\AAQ
2008-08-01 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-01 21:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GRETECH
2008-08-01 21:58 --------- d-----w C:\Program Files\GRETECH
2008-08-01 21:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-01 21:41 --------- d-----w C:\Program Files\USB Disk Security
2008-08-01 21:41 --------- d-----w C:\Program Files\Uninstaller 2008
2008-08-01 21:41 --------- d-----w C:\Program Files\Total Video Converter
2008-08-01 21:41 --------- d-----w C:\Program Files\ImageShack
2008-08-01 21:41 --------- d-----w C:\Program Files\Foxit Reader
2008-08-01 21:41 --------- d-----w C:\Program Files\dictionary
2008-08-01 21:41 --------- d-----w C:\Program Files\CCleaner
2008-08-01 21:41 --------- d-----w C:\Program Files\Avant Browser
2008-08-01 21:41 --------- d-----w C:\Program Files\Ava Find
2008-08-01 21:41 --------- d-----w C:\Program Files\Adobe Photoshop CS
2008-07-18 18:39 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-07-03 19:34 2,833,920 ----a-w C:\WINDOWS\system32\logonui.exe
2008-07-03 04:13 70,144 ----a-w C:\WINDOWS\system32\notepad.exe
2008-07-03 04:13 70,144 ----a-w C:\WINDOWS\NOTEPAD.EXE
2008-07-01 20:13 8,192 ----a-w C:\WINDOWS\system32\streamci.dll
2008-07-01 19:52 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-01 19:52 139,264 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-07-01 19:48 1,297,408 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-07-01 02:56 3,134,464 ----a-w C:\WINDOWS\system32\msgina.dll
2008-07-01 02:56 1,550,336 ----a-w C:\WINDOWS\explorer.exe
2008-07-01 02:56 1,098,752 ----a-w C:\WINDOWS\system32\shimgvw.dll
2008-07-01 02:54 883,200 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
2008-07-01 02:54 769,024 ----a-w C:\WINDOWS\system32\wiashext.dll
2008-07-01 02:54 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
2008-07-01 02:53 905,216 ----a-w C:\WINDOWS\system32\zipfldr.dll
2008-07-01 02:53 594,432 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-07-01 02:53 384,000 ----a-w C:\WINDOWS\system32\themeui.dll
2008-07-01 02:53 218,624 ----a-w C:\WINDOWS\system32\taskmgr.exe
2008-07-01 02:53 192,512 ----a-w C:\WINDOWS\system32\sndvol32.exe
2008-07-01 02:53 182,272 ----a-w C:\WINDOWS\system32\sysocmgr.exe
2008-07-01 02:53 180,224 ----a-w C:\WINDOWS\system32\sndrec32.exe
2008-07-01 02:53 152,576 ----a-w C:\WINDOWS\system32\st.dll
2008-07-01 02:53 1,230,848 ----a-w C:\WINDOWS\system32\rasdlg.dll
.
------- Sigcheck -------
07/01/2008 05:56 AM 1550336 8b32164ba0d813886f00724795f47eb6 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/15/2008 03:00 PM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/14/2008 05:42 PM 2606512]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="C:\WINDOWS\VistaDrives\DrvIcon.exe" [07/04/2007 09:59 PM 45056]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/05/2006 11:54 PM 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/05/2006 11:54 PM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/05/2006 11:54 PM 118784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/02/2008 01:03 AM 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 04:46 PM 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [05/23/2008 07:16 PM 368640]
"RTHDCPL"="RTHDCPL.EXE" [12/05/2006 11:55 PM 16005120 C:\WINDOWS\RTHDCPL.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [12/05/2006 11:54 PM 88204 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [04/15/2008 03:00 PM 136192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/15/2008 03:00 PM 15360]
C:\Documents and Settings\Administrator\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Thaker.lnk - C:\Program Files\zaker\Thaker.exe [2008-08-02 00:40:16 1343488]
C:\Documents and Settings\Administrator\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Thaker.lnk - C:\Program Files\zaker\Thaker.exe [2008-08-02 00:40:16 1343488]
C:\Documents and Settings\Administrator\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Thaker.lnk - C:\Program Files\zaker\Thaker.exe [2008-08-02 00:40:16 1343488]
C:\Documents and Settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
VerbAce-Pro Startup Agent.lnk - C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe [2008-08-09 21:22:21 229376]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11677:TCP"= 11677:TCP:BitComet 11677 TCP
"11677:UDP"= 11677:UDP:BitComet 11677 UDP
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [06/02/2008 04:16 PM]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [12/05/2006 11:54 PM]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM]
S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Administrator\Local Settings\TEMP\DrvFltIp []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-08-11 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-FortKnoxPersonalFirewall - C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnoxGUI.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
R1 -: HKCU-Internet Settings,ProxyOverride = local;<local>
R1 -: HKCU-Internet Settings,ProxyServer = 127.0.0.1:4001
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 -: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 -: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-08-12 15:14:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Administrator\Local Settings\TEMP\ASFWHide"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Administrator\Local Settings\TEMP\DrvFltIp"
.
Completion time: 08/12/2008 15:15:53
ComboFix-quarantined-files.txt 2008-08-12 12:15:50
Pre-Run: 64,920,944,640 bytes free
Post-Run: 64,912,707,584 bytes free
227 --- E O F --- 2008-08-07 13:29:44
وكتب الملف تم حذفه ؟
توقيع : فاهد فاهد
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
طيب الحين ارفع تقرير هايجاك للتأكد من سلامة التقرير
إذا انتهى التحميل >>>> دبل كلك >>>>>انتظر ثواني
سيظهر لك تقرير في مستند نص >>>>> انسخه والصقه في ردك القاادم...
_____________________________________________
ودي اسألك هالملف Drvlcon.exe الي تقول عنه وين يطلع لك وما هو مساره يعني وين موقعه في الجهاز ؟؟
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
إذا انتهى التحميل >>>> دبل كلك >>>>>انتظر ثواني
سيظهر لك تقرير في مستند نص >>>>> انسخه والصقه في ردك القاادم...
_____________________________________________
ودي اسألك هالملف Drvlcon.exe الي تقول عنه وين يطلع لك وما هو مساره يعني وين موقعه في الجهاز ؟؟
توقيع : AbOdy
تأييد
0
فاهد فاهد
زيزوومى مبدع
غير متصل
التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:30:36 م, on 12/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VistaDrives\DrvIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
C:\Program Files\zaker\Thaker.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\VistaDrives\DrvIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe (User 'Default user')
O4 - Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe
O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 7553 bytes
وسامحني اتعبتك معي يالغالي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:30:36 م, on 12/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VistaDrives\DrvIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
C:\Program Files\zaker\Thaker.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\VistaDrives\DrvIcon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe (User 'Default user')
O4 - Startup: Thaker.lnk = C:\Program Files\zaker\Thaker.exe
O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 7553 bytes
وسامحني اتعبتك معي يالغالي
توقيع : فاهد فاهد
تأييد
0
