- بادئ الموضوع Scan
- تاريخ البدء
- 1,003
البارون
زيزوومى فضى
- إنضم
- 1 مارس 2008
- المشاركات
- 13,588
- مستوى التفاعل
- 506
- النقاط
- 920
غير متصل
عطل برامج الحمايه
حمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
حمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : البارون
تأييد
0
الآمل الطائر
مطرود
غير متصل
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
اعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
لقرب متابع
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
اعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
لقرب متابع
التعديل الأخير بواسطة المشرف:
توقيع : الآمل الطائر
تأييد
0
ComboFix 08-10-03.06 - user 10/04/2008 16:11:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.444 [GMT 3:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 13:13 16,655 ----a-w C:\WINDOWS\system32\drivers\PDoor.sys
2008-10-04 13:11 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-10-04 10:24 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 10:24 --------- d-----w C:\Documents and Settings\user\Application Data\Malwarebytes
2008-10-04 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-03 14:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-03 14:18 --------- d-----w C:\Documents and Settings\user\Application Data\TechSmith
2008-10-03 13:58 --------- d-----w C:\Program Files\LowRateVoip
2008-10-03 12:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-03 11:47 --------- d-----w C:\Documents and Settings\user\Application Data\DemoCreator
2008-10-03 11:44 --------- d-----w C:\Program Files\Wondershare
2008-10-03 11:44 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-10-03 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-10-03 10:22 --------- d-----w C:\Program Files\FolderVault
2008-10-03 10:21 --------- d-----w C:\Documents and Settings\user\Application Data\BitDefender
2008-10-03 10:16 --------- d-----w C:\Program Files\internet download manger
2008-10-03 10:11 --------- d-----w C:\Documents and Settings\user\Application Data\DMCache
2008-10-02 18:42 --------- d-----w C:\Documents and Settings\user\Application Data\IDM
2008-10-02 18:27 --------- d-----w C:\Documents and Settings\user\Application Data\Software Informer
2008-10-02 12:24 --------- d-----w C:\Program Files\Windows Live
2008-10-02 10:23 --------- d-----w C:\Program Files\Free Download Manager
2008-10-01 18:19 --------- d-----w C:\Program Files\Software Informer
2008-09-30 18:11 --------- d-----w C:\Documents and Settings\user\Application Data\Openjugs
2008-09-30 18:10 --------- d-----w C:\Program Files\Openjugs
2008-09-30 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\aim rect help creative
2008-09-30 18:09 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-29 16:54 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-09-29 10:12 --------- d-----w C:\Program Files\Folder Lock
2008-09-29 10:05 22,304 ----a-w C:\WINDOWS\system32\drivers\HMFAxCore17c9122d7f83b6346d9804d1c31f929a.sys
2008-09-28 17:30 --------- d-----w C:\Program Files\LimeWire
2008-09-28 15:46 --------- d-----w C:\Program Files\weblin
2008-09-28 15:46 --------- d-----w C:\Documents and Settings\user\Application Data\zweitgeist
2008-09-28 15:16 --------- d-----w C:\Documents and Settings\user\Application Data\Thinstall
2008-09-27 18:45 --------- d-----w C:\Program Files\MSN Pictures Displayer
2008-09-27 18:44 --------- d-----w C:\Documents and Settings\user\Application Data\MSN Pictures Displayer
2008-09-27 17:33 --------- d-----w C:\Documents and Settings\user\Application Data\LowRateVoip
2008-09-27 17:21 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-27 17:21 --------- d-----w C:\Program Files\Windows Live Favorites
2008-09-27 17:20 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-27 10:10 --------- d-----w C:\Program Files\Stardock
2008-09-26 18:31 --------- d-----w C:\Program Files\Webcam and Screen Recorder
2008-09-26 16:14 --------- d-----w C:\Program Files\Winamp
2008-09-26 15:55 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-09-26 15:53 88 --sh--r C:\Documents and Settings\All Users\Application Data\CB1B2D471E.sys
2008-09-26 15:53 --------- d-----w C:\Documents and Settings\user\Application Data\Corel
2008-09-26 15:44 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-26 15:44 --------- d-----w C:\Program Files\ACD Systems
2008-09-26 15:36 --------- d-----w C:\Program Files\UltraISO
2008-09-26 15:36 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-09-26 14:40 --------- d-----w C:\Documents and Settings\user\Application Data\Winamp
2008-09-26 14:30 --------- d-----w C:\Program Files\Winamp Toolbar
2008-09-26 14:30 --------- d-----w C:\Program Files\Winamp Remote
2008-09-26 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-09-26 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-09-26 13:47 --------- d-----w C:\Program Files\Flock
2008-09-26 13:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-25 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 08:20 --------- d-----w C:\Program Files\InterVideo
2008-09-25 08:20 --------- d-----w C:\Program Files\Common Files\Protexis
2008-09-25 08:20 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-09-25 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-09-25 08:19 --------- d-----w C:\Program Files\Corel
2008-09-25 07:25 --------- d-----w C:\Program Files\Sun
2008-09-25 07:25 --------- d-----w C:\Program Files\Java
2008-09-25 07:12 --------- d-----w C:\Program Files\Common Files\Java
2008-09-25 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Flock
2008-09-25 06:08 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-25 06:06 --------- d-----w C:\Documents and Settings\user\Application Data\URSoft
2008-09-25 05:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-25 04:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-25 04:22 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 04:22 --------- d-----w C:\Program Files\CCleaner
2008-09-24 10:41 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-24 10:41 --------- d-----w C:\Documents and Settings\user\Application Data\TuneUp Software
2008-09-24 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-24 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TopLang
2008-09-24 02:28 --------- d-----w C:\Program Files\Real_SC
2008-09-24 02:28 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-09-24 02:28 --------- d-----w C:\Program Files\AVG
2008-09-20 22:07 --------- d-----w C:\Documents and Settings\user\Application Data\Ahead
2008-09-14 04:55 --------- d-----w C:\Program Files\Password Door
2008-09-12 14:18 --------- d-----w C:\Program Files\System
2008-09-12 03:44 --------- d-----w C:\Program Files\BitDefender
2008-09-12 03:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-11 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-11 09:49 --------- d-----w C:\Documents and Settings\user\Application Data\InterVoip
2008-09-11 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-10 22:59 --------- d-----w C:\Program Files\Circle Developement
2008-09-10 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-10 14:12 --------- d-----w C:\Program Files\Longman Paper
2008-09-09 21:07 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 21:07 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 16:06 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 10:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-07 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-07 12:30 --------- d-----w C:\Program Files\TechSmith
2008-09-05 13:04 --------- d-----w C:\Documents and Settings\user\Application Data\skypePM
2008-08-26 21:17 --------- d-----w C:\Documents and Settings\user\Application Data\Yahoo!
2008-08-13 11:14 --------- d-----w C:\Documents and Settings\user\Application Data\Apple Computer
.
((((((((((((((((((((((((((((( snapshot@Sat 10-04-2008_16.05.25.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-04 13:01:59 70,824 ----a-w C:\WINDOWS\system32\PDoor.dat
+ 2008-10-04 13:13:34 70,824 ----a-w C:\WINDOWS\system32\PDoor.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [07/16/2008 11:51 PM 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:07 AM 15360]
"Optionflag"="C:\DOCUME~1\user\APPLIC~1\Openjugs\Cake Regs.exe" [09/30/2008 09:10 PM 491008]
"LowRateVoip"="C:\Program Files\LowRateVoip\LowRateVoip.exe" [01/25/2008 04:36 PM 8897848]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [08/30/2007 05:43 PM 4670704]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [04/01/2008 04:54 AM 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [08/10/2008 11:53 PM 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/11/2008 09:21 PM 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM 282624]
"Password Door Loader"="C:\PROGRA~1\PASSWO~1\tlpd.exe" [11/13/2006 05:59 PM 30208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [08/04/2008 02:02 AM 36352]
"Help Creative Meow City"="C:\Documents and Settings\All Users\Application Data\aim rect help creative\Face blue.exe" [10/04/2008 12:00 PM 835584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 04:07 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [06/23/2008 07:57 PM 124928 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 147456]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-09-27 4708864]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-03 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 9.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 9.lnk
backup=C:\WINDOWS\pss\SnagIt 9.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 10:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 04:07 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Help Creative Meow City]
--a------ 08/26/2008 12:27 PM 1099776 C:\Documents and Settings\All Users\Application Data\aim rect help creative\win bait.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 10/16/2002 10:05 AM 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 10/16/2002 10:18 AM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 06/28/2007 09:14 AM 270648 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 10/13/2004 07:24 PM 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 07/09/2001 08:50 PM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optionflag]
--a------ 09/30/2008 09:10 PM 491008 C:\DOCUME~1\user\APPLIC~1\Openjugs\Cake Regs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 04/27/2007 09:41 AM 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 05/24/2008 03:58 PM 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 07/11/2008 09:21 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 08/30/2007 05:43 PM 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 04/25/2003 03:53 AM 54784 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\eGames\\Mini Car Racing\\Game\\WCDEMO.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 HMFAxCore17c9122d7f83b6346d9804d1c31f929a;HMFAxCore17c9122d7f83b6346d9804d1c31f929a;C:\WINDOWS\system32\drivers\HMFAxCore17c9122d7f83b6346d9804d1c31f929a.sys [09/29/2008 01:05 PM 22304]
R1 PasswordDoor;PasswordDoor;C:\WINDOWS\system32\drivers\PDoor.sys [10/04/2008 04:13 PM 16655]
R2 PSI_SVC_2;Protexis Licensing V2;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [07/24/2007 11:15 AM 185632]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [04/17/2007 08:09 PM 11032]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 04:07 AM 14336]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [ ]
S3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [08/12/2008 06:40 PM 108864]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [09/24/2008 01:41 PM 355584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4779367-62cc-11dd-adb6-001b11b12e1a}]
\Shell\AutoRun\command - E:\ekugb3.bat
\Shell\explore\Command - E:\ekugb3.bat
\Shell\open\Command - E:\ekugb3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5423a41-619f-11dd-adad-001b11b12e1a}]
\Shell\AutoRun\command - y82td3td.com
\Shell\explore\Command - y82td3td.com
\Shell\open\Command - y82td3td.com
.
s of the 'Scheduled Tasks' folder
2008-10-04 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2008-10-04 C:\WINDOWS\Tasks\A0893D7791B6B12F.job
- c:\docume~1\user\applic~1\openjugs\castarmyjunk.exe [09/30/2008 09:11 PM]
2008-10-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [06/03/2007 01:42 PM]
2008-10-04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [10/19/2007 11:20 AM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gw8ywkp7.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-04 16:14:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Password Door Loader = C:\PROGRA~1\PASSWO~1\tlpd.exe??????????
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 10/04/2008 16:16:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-04 13:16:49
ComboFix2.txt 2008-10-04 13:05:57
Pre-Run: 18,778,906,624 bytes free
Post-Run: 18,767,990,784 bytes free
277 --- E O F --- 2008-09-29 01:39:53
هذا التقرير الأول
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.444 [GMT 3:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 13:13 16,655 ----a-w C:\WINDOWS\system32\drivers\PDoor.sys
2008-10-04 13:11 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-10-04 10:24 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 10:24 --------- d-----w C:\Documents and Settings\user\Application Data\Malwarebytes
2008-10-04 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-03 14:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-03 14:18 --------- d-----w C:\Documents and Settings\user\Application Data\TechSmith
2008-10-03 13:58 --------- d-----w C:\Program Files\LowRateVoip
2008-10-03 12:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-03 11:47 --------- d-----w C:\Documents and Settings\user\Application Data\DemoCreator
2008-10-03 11:44 --------- d-----w C:\Program Files\Wondershare
2008-10-03 11:44 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-10-03 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-10-03 10:22 --------- d-----w C:\Program Files\FolderVault
2008-10-03 10:21 --------- d-----w C:\Documents and Settings\user\Application Data\BitDefender
2008-10-03 10:16 --------- d-----w C:\Program Files\internet download manger
2008-10-03 10:11 --------- d-----w C:\Documents and Settings\user\Application Data\DMCache
2008-10-02 18:42 --------- d-----w C:\Documents and Settings\user\Application Data\IDM
2008-10-02 18:27 --------- d-----w C:\Documents and Settings\user\Application Data\Software Informer
2008-10-02 12:24 --------- d-----w C:\Program Files\Windows Live
2008-10-02 10:23 --------- d-----w C:\Program Files\Free Download Manager
2008-10-01 18:19 --------- d-----w C:\Program Files\Software Informer
2008-09-30 18:11 --------- d-----w C:\Documents and Settings\user\Application Data\Openjugs
2008-09-30 18:10 --------- d-----w C:\Program Files\Openjugs
2008-09-30 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\aim rect help creative
2008-09-30 18:09 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-29 16:54 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-09-29 10:12 --------- d-----w C:\Program Files\Folder Lock
2008-09-29 10:05 22,304 ----a-w C:\WINDOWS\system32\drivers\HMFAxCore17c9122d7f83b6346d9804d1c31f929a.sys
2008-09-28 17:30 --------- d-----w C:\Program Files\LimeWire
2008-09-28 15:46 --------- d-----w C:\Program Files\weblin
2008-09-28 15:46 --------- d-----w C:\Documents and Settings\user\Application Data\zweitgeist
2008-09-28 15:16 --------- d-----w C:\Documents and Settings\user\Application Data\Thinstall
2008-09-27 18:45 --------- d-----w C:\Program Files\MSN Pictures Displayer
2008-09-27 18:44 --------- d-----w C:\Documents and Settings\user\Application Data\MSN Pictures Displayer
2008-09-27 17:33 --------- d-----w C:\Documents and Settings\user\Application Data\LowRateVoip
2008-09-27 17:21 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-27 17:21 --------- d-----w C:\Program Files\Windows Live Favorites
2008-09-27 17:20 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-27 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-27 10:10 --------- d-----w C:\Program Files\Stardock
2008-09-26 18:31 --------- d-----w C:\Program Files\Webcam and Screen Recorder
2008-09-26 16:14 --------- d-----w C:\Program Files\Winamp
2008-09-26 15:55 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-09-26 15:53 88 --sh--r C:\Documents and Settings\All Users\Application Data\CB1B2D471E.sys
2008-09-26 15:53 --------- d-----w C:\Documents and Settings\user\Application Data\Corel
2008-09-26 15:44 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-26 15:44 --------- d-----w C:\Program Files\ACD Systems
2008-09-26 15:36 --------- d-----w C:\Program Files\UltraISO
2008-09-26 15:36 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-09-26 14:40 --------- d-----w C:\Documents and Settings\user\Application Data\Winamp
2008-09-26 14:30 --------- d-----w C:\Program Files\Winamp Toolbar
2008-09-26 14:30 --------- d-----w C:\Program Files\Winamp Remote
2008-09-26 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-09-26 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-09-26 13:47 --------- d-----w C:\Program Files\Flock
2008-09-26 13:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-25 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 08:20 --------- d-----w C:\Program Files\InterVideo
2008-09-25 08:20 --------- d-----w C:\Program Files\Common Files\Protexis
2008-09-25 08:20 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-09-25 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-09-25 08:19 --------- d-----w C:\Program Files\Corel
2008-09-25 07:25 --------- d-----w C:\Program Files\Sun
2008-09-25 07:25 --------- d-----w C:\Program Files\Java
2008-09-25 07:12 --------- d-----w C:\Program Files\Common Files\Java
2008-09-25 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Flock
2008-09-25 06:08 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-25 06:06 --------- d-----w C:\Documents and Settings\user\Application Data\URSoft
2008-09-25 05:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-25 04:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-25 04:22 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 04:22 --------- d-----w C:\Program Files\CCleaner
2008-09-24 10:41 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-24 10:41 --------- d-----w C:\Documents and Settings\user\Application Data\TuneUp Software
2008-09-24 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-24 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TopLang
2008-09-24 02:28 --------- d-----w C:\Program Files\Real_SC
2008-09-24 02:28 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-09-24 02:28 --------- d-----w C:\Program Files\AVG
2008-09-20 22:07 --------- d-----w C:\Documents and Settings\user\Application Data\Ahead
2008-09-14 04:55 --------- d-----w C:\Program Files\Password Door
2008-09-12 14:18 --------- d-----w C:\Program Files\System
2008-09-12 03:44 --------- d-----w C:\Program Files\BitDefender
2008-09-12 03:10 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-11 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-11 09:49 --------- d-----w C:\Documents and Settings\user\Application Data\InterVoip
2008-09-11 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-10 22:59 --------- d-----w C:\Program Files\Circle Developement
2008-09-10 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-10 14:12 --------- d-----w C:\Program Files\Longman Paper
2008-09-09 21:07 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 21:07 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 16:06 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 10:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-07 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-07 12:30 --------- d-----w C:\Program Files\TechSmith
2008-09-05 13:04 --------- d-----w C:\Documents and Settings\user\Application Data\skypePM
2008-08-26 21:17 --------- d-----w C:\Documents and Settings\user\Application Data\Yahoo!
2008-08-13 11:14 --------- d-----w C:\Documents and Settings\user\Application Data\Apple Computer
.
((((((((((((((((((((((((((((( snapshot@Sat 10-04-2008_16.05.25.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-04 13:01:59 70,824 ----a-w C:\WINDOWS\system32\PDoor.dat
+ 2008-10-04 13:13:34 70,824 ----a-w C:\WINDOWS\system32\PDoor.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [07/16/2008 11:51 PM 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:07 AM 15360]
"Optionflag"="C:\DOCUME~1\user\APPLIC~1\Openjugs\Cake Regs.exe" [09/30/2008 09:10 PM 491008]
"LowRateVoip"="C:\Program Files\LowRateVoip\LowRateVoip.exe" [01/25/2008 04:36 PM 8897848]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [08/30/2007 05:43 PM 4670704]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [04/01/2008 04:54 AM 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [08/10/2008 11:53 PM 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/11/2008 09:21 PM 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM 282624]
"Password Door Loader"="C:\PROGRA~1\PASSWO~1\tlpd.exe" [11/13/2006 05:59 PM 30208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [08/04/2008 02:02 AM 36352]
"Help Creative Meow City"="C:\Documents and Settings\All Users\Application Data\aim rect help creative\Face blue.exe" [10/04/2008 12:00 PM 835584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 04:07 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [06/23/2008 07:57 PM 124928 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 147456]
MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-09-27 4708864]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-03 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 9.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 9.lnk
backup=C:\WINDOWS\pss\SnagIt 9.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 10:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 04:07 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Help Creative Meow City]
--a------ 08/26/2008 12:27 PM 1099776 C:\Documents and Settings\All Users\Application Data\aim rect help creative\win bait.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 10/16/2002 10:05 AM 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 10/16/2002 10:18 AM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 06/28/2007 09:14 AM 270648 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 10/13/2004 07:24 PM 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 07/09/2001 08:50 PM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optionflag]
--a------ 09/30/2008 09:10 PM 491008 C:\DOCUME~1\user\APPLIC~1\Openjugs\Cake Regs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 04/27/2007 09:41 AM 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 05/24/2008 03:58 PM 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 07/11/2008 09:21 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 08/30/2007 05:43 PM 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 04/25/2003 03:53 AM 54784 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\eGames\\Mini Car Racing\\Game\\WCDEMO.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 HMFAxCore17c9122d7f83b6346d9804d1c31f929a;HMFAxCore17c9122d7f83b6346d9804d1c31f929a;C:\WINDOWS\system32\drivers\HMFAxCore17c9122d7f83b6346d9804d1c31f929a.sys [09/29/2008 01:05 PM 22304]
R1 PasswordDoor;PasswordDoor;C:\WINDOWS\system32\drivers\PDoor.sys [10/04/2008 04:13 PM 16655]
R2 PSI_SVC_2;Protexis Licensing V2;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [07/24/2007 11:15 AM 185632]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [04/17/2007 08:09 PM 11032]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 04:07 AM 14336]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [ ]
S3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [08/12/2008 06:40 PM 108864]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [09/24/2008 01:41 PM 355584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4779367-62cc-11dd-adb6-001b11b12e1a}]
\Shell\AutoRun\command - E:\ekugb3.bat
\Shell\explore\Command - E:\ekugb3.bat
\Shell\open\Command - E:\ekugb3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5423a41-619f-11dd-adad-001b11b12e1a}]
\Shell\AutoRun\command - y82td3td.com
\Shell\explore\Command - y82td3td.com
\Shell\open\Command - y82td3td.com
.
s of the 'Scheduled Tasks' folder
2008-10-04 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [06/20/2008 09:09 AM]
2008-10-04 C:\WINDOWS\Tasks\A0893D7791B6B12F.job
- c:\docume~1\user\applic~1\openjugs\castarmyjunk.exe [09/30/2008 09:11 PM]
2008-10-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [06/03/2007 01:42 PM]
2008-10-04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [10/19/2007 11:20 AM]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gw8ywkp7.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-04 16:14:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Password Door Loader = C:\PROGRA~1\PASSWO~1\tlpd.exe??????????
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 10/04/2008 16:16:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-04 13:16:49
ComboFix2.txt 2008-10-04 13:05:57
Pre-Run: 18,778,906,624 bytes free
Post-Run: 18,767,990,784 bytes free
277 --- E O F --- 2008-09-29 01:39:53
هذا التقرير الأول
توقيع : Scan
تأييد
0
بس لوحظ الأتي
وهذه بعد
وهذا الي طلع وشو بعد
وتقرير الهايجاك
هذا هو
Logfile of HijackThis v1.99.1
Scan saved at 04:23:04 م, on 04/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PASSWO~1\tlpd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Password Door Loader] C:\PROGRA~1\PASSWO~1\tlpd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Application Data\aim rect help creative\Face blue.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Optionflag] C:\DOCUME~1\user\APPLIC~1\Openjugs\Cake Regs.exe
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
وهذه بعد
وهذا الي طلع وشو بعد
وتقرير الهايجاك
هذا هو
Logfile of HijackThis v1.99.1
Scan saved at 04:23:04 م, on 04/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PASSWO~1\tlpd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Password Door Loader] C:\PROGRA~1\PASSWO~1\tlpd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Application Data\aim rect help creative\Face blue.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Optionflag] C:\DOCUME~1\user\APPLIC~1\Openjugs\Cake Regs.exe
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
توقيع : Scan
تأييد
0
البارون
زيزوومى فضى
- إنضم
- 1 مارس 2008
- المشاركات
- 13,588
- مستوى التفاعل
- 506
- النقاط
- 920
غير متصل
احذف هالقيم
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKCU\..\Run: [Optionflag] C:\DOCUME~1\user\APPLIC~1\Openjugs\Cake Regs.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
واحذف اي TOOLBAR من اضافة وازالة البرامج
استخدم هذه الاداة للتنظيف
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وبعدها تقرير هايجاك جديد
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKCU\..\Run: [Optionflag] C:\DOCUME~1\user\APPLIC~1\Openjugs\Cake Regs.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
واحذف اي TOOLBAR من اضافة وازالة البرامج
استخدم هذه الاداة للتنظيف
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وبعدها تقرير هايجاك جديد
توقيع : البارون
تأييد
0
تم عمل المطلوب
وهذاالتقرير المطلوب ..
Logfile of HijackThis v1.99.1
Scan saved at 04:30:29 م, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PASSWO~1\tlpd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LowRateVoip\LowRateVoip.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.547\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Password Door Loader] C:\PROGRA~1\PASSWO~1\tlpd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Application Data\aim rect help creative\Face blue.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\user\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\user\Application Data\CyberScrub\Privacy Suite"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
هل هناك أي مشكلة ؟
وهذاالتقرير المطلوب ..
Logfile of HijackThis v1.99.1
Scan saved at 04:30:29 م, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PASSWO~1\tlpd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LowRateVoip\LowRateVoip.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.547\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Password Door Loader] C:\PROGRA~1\PASSWO~1\tlpd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Application Data\aim rect help creative\Face blue.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\user\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\user\Application Data\CyberScrub\Privacy Suite"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
هل هناك أي مشكلة ؟
توقيع : Scan
تأييد
0
