- بادئ الموضوع Dr k5
- تاريخ البدء
- 929
dяăģôŋ
ذيبان
غير متصل
عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
حمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
Dr k5
زيزوومي نشيط
غير متصل
تقرير الهايجاك
-----------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:00:42 م, on 18/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\runouce.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\AppServ\Apache\Apache.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\AppServ\Apache\Apache.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\Programs\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.254
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Glue Active.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ooze dupe] C:\DOCUME~1\itk8.net\APPLIC~1\MEOWAM~1\Joychin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
-------------------------- النـــهـآيــه--------------------------
-----------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:00:42 م, on 18/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\runouce.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\AppServ\Apache\Apache.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\AppServ\Apache\Apache.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\Programs\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.254
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Glue Active.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ooze dupe] C:\DOCUME~1\itk8.net\APPLIC~1\MEOWAM~1\Joychin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
-------------------------- النـــهـآيــه--------------------------
توقيع : Dr k5
تأييد
0
Dr k5
زيزوومي نشيط
غير متصل
تقرير ComboFix
-----------------------
ComboFix 08-08-10.06 - itk8.net 09/18/2008 23:05:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.586 [GMT 3:00]
Running from: D:\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\System\ado\readme.eml
C:\Program Files\NetMeeting\readme.eml
C:\WINDOWS\system32\runouce.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 19:59 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\DMCache
2008-09-18 19:13 419 ----a-w C:\Documents and Settings\itk8.net\catchme.zip
2008-09-18 07:13 --------- d-----w C:\Program Files\Java
2008-09-18 06:55 --------- d-----w C:\Program Files\UltraISO
2008-09-18 06:55 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-09-18 05:28 --------- d-----w C:\Program Files\Rapid PHP 2008
2008-09-18 05:28 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-18 00:12 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\IDM
2008-09-17 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 23:01 --------- d-----w C:\Program Files\Zend
2008-09-17 22:19 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Blumentals
2008-09-17 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-16 05:12 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-16 05:09 --------- d-----w C:\Program Files\Zoom Player
2008-09-16 04:24 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\cleaner
2008-09-15 19:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-15 06:10 --------- d-----w C:\Program Files\2BrightSparks
2008-09-15 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\2BrightSparks
2008-09-15 05:46 76,284 ----a-w C:\WINDOWS\uinst001.exe
2008-09-15 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-15 05:08 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\GRETECH
2008-09-14 23:47 --------- d-----w C:\Program Files\GRETECH
2008-09-14 23:33 --------- d-----w C:\Program Files\Nokia
2008-09-14 23:33 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-14 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-14 19:01 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Meow amok sect
2008-09-14 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Long slow road itch
2008-09-14 18:59 --------- d-----w C:\Program Files\Meow amok sect
2008-09-14 02:03 --------- d-----w C:\Program Files\Hotspot_Shield
2008-09-14 02:03 --------- d-----w C:\Program Files\Conduit
2008-09-13 08:07 --------- d-----w C:\Program Files\Common Files\delet
2008-09-13 04:04 --------- d-----w C:\Program Files\Control Manager
2008-09-11 21:02 --------- d-----w C:\Program Files\Hotspot Shield
2008-09-11 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-10 04:35 --------- d-----w C:\Program Files\QuickTime
2008-09-09 21:24 --------- d-----w C:\Program Files\BrOnZ Patch Pro
2008-09-06 03:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-04 02:29 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-01 22:28 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Thinstall
2008-08-31 08:41 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Datalayer
2008-08-31 08:15 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Nokia
2008-08-31 08:08 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-31 08:08 --------- d-----w C:\Program Files\DIFX
2008-08-31 08:08 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-31 08:08 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\PC Suite
2008-08-31 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-31 01:36 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\TuneUp Software
2008-08-30 18:23 --------- d-----w C:\Program Files\malaksoft
2008-08-29 17:43 --------- d-----w C:\Program Files\LtUcx
2008-08-29 08:32 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-27 02:45 --------- d-----w C:\Program Files\Micro-Sys Software
2008-08-27 02:45 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Micro-Sys
2008-08-26 08:43 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\CyberScrub
2008-08-26 06:10 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Media Player Classic
2008-08-26 04:45 --------- d-----w C:\Program Files\Gadwin Systems
2008-08-25 19:19 --------- d-----w C:\Program Files\Microsoft Works
2008-08-25 12:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-25 12:52 --------- d-----w C:\Program Files\Reemo
2008-08-23 02:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-22 23:55 --------- d-----w C:\Program Files\Apple Software Update
2008-08-22 23:55 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Apple Computer
2008-08-22 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-22 23:39 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-22 23:39 --------- d-----w C:\Program Files\Common Files\Real
2008-08-22 16:12 --------- d-----w C:\Program Files\Internet Download Manager(2)
2008-08-22 16:12 --------- d-----w C:\Program Files\Aston
2008-08-22 16:12 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\IDM(2)
2008-08-22 16:12 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Aston
2008-08-22 07:48 --------- d-----w C:\Program Files\Windows Live
2008-08-21 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-21 04:33 --------- d-----w C:\Program Files\Real
2008-08-21 04:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-20 21:19 --------- d-----w C:\Program Files\Circle Developement
2008-08-20 21:09 --------- d-----w C:\Program Files\Common Files\Java
2008-08-20 21:06 --------- d-----w C:\Program Files\Common Files\L&H
2008-08-20 21:05 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-20 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpeakyChat
2008-08-20 19:06 --------- d-----w C:\Program Files\Creative
2008-08-20 19:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-08-20 18:18 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\FlashFXP
2008-08-20 17:45 --------- d-----w C:\Program Files\Intel
2008-08-20 17:30 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@Thu 09-18-2008_22.18.26.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-18 19:13:20 1,660 ----a-w C:\WINDOWS\bthservsdp.dat
+ 2008-09-18 20:05:57 1,660 ----a-w C:\WINDOWS\bthservsdp.dat
- 2008-09-18 18:25:07 39,982 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2008-09-18 20:03:24 39,982 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-09-18 18:25:07 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-18 20:03:24 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-18 18:25:07 251,478 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2008-09-18 20:03:24 251,478 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-09-18 18:25:07 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-18 20:03:24 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooze dupe"="C:\DOCUME~1\itk8.net\APPLIC~1\MEOWAM~1\Joychin.exe" [09/14/2008 09:59 PM 526844]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/15/2008 08:39 AM 937900]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Runonce"="C:\WINDOWS\system32\runouce.exe" [09/18/2008 11:10 PM 10748]
"ROAD ITCH AMOK PING"="C:\Documents and Settings\All Users\Application Data\Long slow road itch\Glue Active.exe" [09/15/2008 10:29 AM 2740728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 151436]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1640956]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMyDoc"= 0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
08/12/2005 05:25 AM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^itk8.net^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma.lnk]
path=C:\Documents and Settings\itk8.net\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^itk8.net^قائمة ابدأ^البرامج^بدء التشغيل^FindOnClick Tray Icon.lnk]
path=C:\Documents and Settings\itk8.net\قائمة ابدأ\البرامج\بدء التشغيل\FindOnClick Tray Icon.lnk
backup=C:\WINDOWS\pss\FindOnClick Tray Icon.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 04/14/2008 06:59 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro]
--------- 08/26/2008 07:46 AM 522748 C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-r------- 10/08/2004 03:27 AM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-r------- 10/08/2004 03:31 AM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
--------- 08/23/2008 02:38 AM 76284 C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/14/2008 06:59 PM 1701884 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze dupe]
--a------ 09/14/2008 09:59 PM 526844 C:\DOCUME~1\itk8.net\APPLIC~1\MEOWAM~1\Joychin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--------- 11/08/2006 01:27 PM 228860 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--------- 03/11/2003 04:24 PM 92668 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--------- 06/10/2008 04:27 AM 151436 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 08/23/2008 02:38 AM 192548 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 04/14/2008 07:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
-----------------------
ComboFix 08-08-10.06 - itk8.net 09/18/2008 23:05:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.586 [GMT 3:00]
Running from: D:\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\System\ado\readme.eml
C:\Program Files\NetMeeting\readme.eml
C:\WINDOWS\system32\runouce.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 19:59 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\DMCache
2008-09-18 19:13 419 ----a-w C:\Documents and Settings\itk8.net\catchme.zip
2008-09-18 07:13 --------- d-----w C:\Program Files\Java
2008-09-18 06:55 --------- d-----w C:\Program Files\UltraISO
2008-09-18 06:55 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-09-18 05:28 --------- d-----w C:\Program Files\Rapid PHP 2008
2008-09-18 05:28 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-18 00:12 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\IDM
2008-09-17 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 23:01 --------- d-----w C:\Program Files\Zend
2008-09-17 22:19 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Blumentals
2008-09-17 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-16 05:12 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-16 05:09 --------- d-----w C:\Program Files\Zoom Player
2008-09-16 04:24 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\cleaner
2008-09-15 19:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-15 06:10 --------- d-----w C:\Program Files\2BrightSparks
2008-09-15 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\2BrightSparks
2008-09-15 05:46 76,284 ----a-w C:\WINDOWS\uinst001.exe
2008-09-15 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-15 05:08 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\GRETECH
2008-09-14 23:47 --------- d-----w C:\Program Files\GRETECH
2008-09-14 23:33 --------- d-----w C:\Program Files\Nokia
2008-09-14 23:33 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-14 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-14 19:01 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Meow amok sect
2008-09-14 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Long slow road itch
2008-09-14 18:59 --------- d-----w C:\Program Files\Meow amok sect
2008-09-14 02:03 --------- d-----w C:\Program Files\Hotspot_Shield
2008-09-14 02:03 --------- d-----w C:\Program Files\Conduit
2008-09-13 08:07 --------- d-----w C:\Program Files\Common Files\delet
2008-09-13 04:04 --------- d-----w C:\Program Files\Control Manager
2008-09-11 21:02 --------- d-----w C:\Program Files\Hotspot Shield
2008-09-11 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-10 04:35 --------- d-----w C:\Program Files\QuickTime
2008-09-09 21:24 --------- d-----w C:\Program Files\BrOnZ Patch Pro
2008-09-06 03:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-04 02:29 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-01 22:28 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Thinstall
2008-08-31 08:41 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Datalayer
2008-08-31 08:15 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Nokia
2008-08-31 08:08 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-31 08:08 --------- d-----w C:\Program Files\DIFX
2008-08-31 08:08 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-31 08:08 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\PC Suite
2008-08-31 08:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-31 01:36 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\TuneUp Software
2008-08-30 18:23 --------- d-----w C:\Program Files\malaksoft
2008-08-29 17:43 --------- d-----w C:\Program Files\LtUcx
2008-08-29 08:32 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-08-27 02:45 --------- d-----w C:\Program Files\Micro-Sys Software
2008-08-27 02:45 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Micro-Sys
2008-08-26 08:43 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\CyberScrub
2008-08-26 06:10 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Media Player Classic
2008-08-26 04:45 --------- d-----w C:\Program Files\Gadwin Systems
2008-08-25 19:19 --------- d-----w C:\Program Files\Microsoft Works
2008-08-25 12:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-25 12:52 --------- d-----w C:\Program Files\Reemo
2008-08-23 02:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-22 23:55 --------- d-----w C:\Program Files\Apple Software Update
2008-08-22 23:55 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Apple Computer
2008-08-22 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-08-22 23:39 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-22 23:39 --------- d-----w C:\Program Files\Common Files\Real
2008-08-22 16:12 --------- d-----w C:\Program Files\Internet Download Manager(2)
2008-08-22 16:12 --------- d-----w C:\Program Files\Aston
2008-08-22 16:12 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\IDM(2)
2008-08-22 16:12 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\Aston
2008-08-22 07:48 --------- d-----w C:\Program Files\Windows Live
2008-08-21 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-21 04:33 --------- d-----w C:\Program Files\Real
2008-08-21 04:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-20 21:19 --------- d-----w C:\Program Files\Circle Developement
2008-08-20 21:09 --------- d-----w C:\Program Files\Common Files\Java
2008-08-20 21:06 --------- d-----w C:\Program Files\Common Files\L&H
2008-08-20 21:05 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-20 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpeakyChat
2008-08-20 19:06 --------- d-----w C:\Program Files\Creative
2008-08-20 19:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-08-20 18:18 --------- d-----w C:\Documents and Settings\itk8.net\Application Data\FlashFXP
2008-08-20 17:45 --------- d-----w C:\Program Files\Intel
2008-08-20 17:30 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@Thu 09-18-2008_22.18.26.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-18 19:13:20 1,660 ----a-w C:\WINDOWS\bthservsdp.dat
+ 2008-09-18 20:05:57 1,660 ----a-w C:\WINDOWS\bthservsdp.dat
- 2008-09-18 18:25:07 39,982 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2008-09-18 20:03:24 39,982 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-09-18 18:25:07 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-18 20:03:24 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-18 18:25:07 251,478 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2008-09-18 20:03:24 251,478 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-09-18 18:25:07 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-18 20:03:24 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooze dupe"="C:\DOCUME~1\itk8.net\APPLIC~1\MEOWAM~1\Joychin.exe" [09/14/2008 09:59 PM 526844]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/15/2008 08:39 AM 937900]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Runonce"="C:\WINDOWS\system32\runouce.exe" [09/18/2008 11:10 PM 10748]
"ROAD ITCH AMOK PING"="C:\Documents and Settings\All Users\Application Data\Long slow road itch\Glue Active.exe" [09/15/2008 10:29 AM 2740728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 151436]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1640956]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMyDoc"= 0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
08/12/2005 05:25 AM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^itk8.net^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma.lnk]
path=C:\Documents and Settings\itk8.net\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^itk8.net^قائمة ابدأ^البرامج^بدء التشغيل^FindOnClick Tray Icon.lnk]
path=C:\Documents and Settings\itk8.net\قائمة ابدأ\البرامج\بدء التشغيل\FindOnClick Tray Icon.lnk
backup=C:\WINDOWS\pss\FindOnClick Tray Icon.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 04/14/2008 06:59 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro]
--------- 08/26/2008 07:46 AM 522748 C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-r------- 10/08/2004 03:27 AM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-r------- 10/08/2004 03:31 AM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
--------- 08/23/2008 02:38 AM 76284 C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/14/2008 06:59 PM 1701884 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze dupe]
--a------ 09/14/2008 09:59 PM 526844 C:\DOCUME~1\itk8.net\APPLIC~1\MEOWAM~1\Joychin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--------- 11/08/2006 01:27 PM 228860 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--------- 03/11/2003 04:24 PM 92668 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--------- 06/10/2008 04:27 AM 151436 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 08/23/2008 02:38 AM 192548 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 04/14/2008 07:00 PM 110592 C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f50f17a7-8297-11dd-ba73-000000005aad}]
\Shell\AutoRun\command - I:\setupSNK.exe
.
s of the 'Scheduled Tasks' folder
2008-09-18 C:\WINDOWS\Tasks\AA26763A9185EB22.job
- c:\docume~1\itk8.net\applic~1\meowam~1\IdleShimIso.exe [09/14/2008 10:01 PM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\itk8.net\Application Data\Mozilla\Firefox\Profiles\olaugiov.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://ar.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ar
fficial
\Shell\AutoRun\command - I:\setupSNK.exe
.
s of the 'Scheduled Tasks' folder
2008-09-18 C:\WINDOWS\Tasks\AA26763A9185EB22.job
- c:\docume~1\itk8.net\applic~1\meowam~1\IdleShimIso.exe [09/14/2008 10:01 PM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\itk8.net\Application Data\Mozilla\Firefox\Profiles\olaugiov.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://ar.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ar
fficial**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-18 23:07:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Runonce = C:\WINDOWS\system32\runouce.exe?^??|x???????0??|????????????????????\??|?x?|????<???@??|???|???w???wO??wh???0u??????0??|????????????????h???@??????????|l$?|!???x???????0??|D???????????????????????????????????????????????????????????????????`???d???h???ZZ@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 09/18/2008 23:13:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-18 20:12:52
ComboFix2.txt 2008-09-18 19:19:58
Pre-Run: 62,674,354,176 bytes free
Post-Run: 62,625,714,176 bytes free
253 --- E O F --- 2008-09-18 20:13:01
-------------------------- النــ:i:ــهـآيــه-------------------------
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-09-18 23:07:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Runonce = C:\WINDOWS\system32\runouce.exe?^??|x???????0??|????????????????????\??|?x?|????<???@??|???|???w???wO??wh???0u??????0??|????????????????h???@??????????|l$?|!???x???????0??|D???????????????????????????????????????????????????????????????????`???d???h???ZZ@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 09/18/2008 23:13:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-18 20:12:52
ComboFix2.txt 2008-09-18 19:19:58
Pre-Run: 62,674,354,176 bytes free
Post-Run: 62,625,714,176 bytes free
253 --- E O F --- 2008-09-18 20:13:01
-------------------------- النــ:i:ــهـآيــه-------------------------
توقيع : Dr k5
تأييد
0
dяăģôŋ
ذيبان
غير متصل
حدد التالى
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Glue Active.exe
O4 - HKCU\..\Run: [ooze dupe] C:\DOCUME~1\itk8.net\APPLIC~1\MEOWAM~1\Joychin.exe
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وتقرير اخر
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Glue Active.exe
O4 - HKCU\..\Run: [ooze dupe] C:\DOCUME~1\itk8.net\APPLIC~1\MEOWAM~1\Joychin.exe
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وتقرير اخر
التعديل الأخير بواسطة المشرف:
تأييد
0
Dr k5
زيزوومي نشيط
غير متصل
Logfile of HijackThis v1.99.1
Scan saved at 11:50:20 م, on 19/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache\Apache.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\UltraISO\UltraISO.exe
D:\Downloads\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.254
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CInterceptor - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Scan saved at 11:50:20 م, on 19/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache\Apache.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\mysql\bin\mysqld-nt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\UltraISO\UltraISO.exe
D:\Downloads\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.254
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CInterceptor - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
توقيع : Dr k5
تأييد
0
dяăģôŋ
ذيبان
غير متصل
احذف البرنامج التالى يدويا من اضافة وازالة الرامج
C:\Program Files\UltraISO\UltraISO.exe
.............................................
وبالهيجاك احذف التالى
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
......................................................
ملاحضه مانى شايف برامج حمايه بتقريرك
.....................................................
واعمل تقريرجديد
C:\Program Files\UltraISO\UltraISO.exe
.............................................
وبالهيجاك احذف التالى
O4 - HKLM\..\Run: [Runonce] C:\WINDOWS\system32\runouce.exe
......................................................
ملاحضه مانى شايف برامج حمايه بتقريرك
.....................................................
واعمل تقريرجديد
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
اخي الحبيب ممكن توضح مشكلتك بالظبط متى تظهر هذه الرسالة يعني من تريد تفتح صفحة نت او ماذا ؟؟؟؟؟؟
توقيع : السّاجد لله
تأييد
0