جهازي خرف ومرفق التقرير ارجو المساعده "::؟.

  • بادئ الموضوع بادئ الموضوع third
  • تاريخ البدء تاريخ البدء
  • المشاهدات 913
T

third

زيزوومي جديد
إنضم
4 سبتمبر 2007
المشاركات
78
مستوى التفاعل
24
النقاط
90
الإقامة
الرياض
غير متصل
السلام عليكم ورحمة الله وبركاته

انا بعد ماركبا برنامج MIRC جهازي بدا بالتخريف وتم حذفه ومثل ماهو ارجو مساعدتكم ::

كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:31, on 10/9/2008
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\8BallClub\GameService.bin
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\program files\relevantknowledge\rlvknlg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL]http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [URL]http://codecs.r8.org/[/URL]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime ) - [URL]http://appldnld.apple.com.edgesuite.net/.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/URL]
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - [URL]http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[/URL]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [URL]http://download.bitdefender.com/resources/scan8/oscan8.cab[/URL]
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://209.11.244.34/IMSCP/talk.cab[/URL]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [URL]http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221357939593[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL]
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - [URL]http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll[/URL]
O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 9927 bytes


وهذا تقرير الكمبو وان شاء الله خير لان بدا يحذف حاجات شكلها مهمة
كود: 
ComboFix 08-10-10.01 - user 2008-10-09 20:06:05.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1256.1.1033.18.1516 [GMT 3:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
 * Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\user\Application Data\inst.exe
C:\RECYCLER\ADAPT_Installer.exe
C:\WINDOWS\1.bat
C:\WINDOWS\regedit.com
C:\WINDOWS\ShellIcon32.dll
C:\WINDOWS\system32\1.txt
C:\WINDOWS\system32\taskmgr.com
G:\install.exe
----- BITS: Possible infected sites -----
hxxp://www.8ballclub.com
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF

(((((((((((((((((((((((((   Files Created from 2008-09-10 to 2008-10-10  )))))))))))))))))))))))))))))))
.
2008-10-08 22:44 . 2008-10-08 22:44 0 --a------ C:\WINDOWS\BlueFoxStudio_Video_3gp.INI
2008-10-08 22:43 . 2008-10-08 22:43 <DIR> d-------- C:\Temp
2008-10-08 22:42 . 2008-10-08 22:42 <DIR> d-------- C:\Program Files\Bluefox Studio
2008-10-08 22:35 . 2008-10-08 23:43 <DIR> d-------- C:\Program Files\RelevantKnowledge
2008-10-08 22:34 . 2008-10-08 22:34 <DIR> d-------- C:\Program Files\Agogo FLV to 3GP Converter
2008-10-08 16:29 . 2008-10-08 16:30 <DIR> d-------- C:\Program Files\Lingobit Localizer
2008-10-08 16:29 . 2008-10-08 16:29 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-10-08 16:29 . 2008-09-26 12:45 1,249,334 --a------ C:\WINDOWS\system32\cxlibw-1-6.dll
2008-10-08 16:22 . 2008-10-08 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-08 16:21 . 2008-10-08 16:22 <DIR> d-------- C:\Program Files\CCleaner
2008-10-07 22:49 . 2008-10-07 23:05 <DIR> d-------- C:\Program Files\MassSender
2008-10-06 20:28 . 2008-10-06 20:29 4,411 --a------ C:\inde1x.php
2008-10-05 17:11 . 2008-10-08 17:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\mIRC
2008-10-05 16:23 . 2008-10-05 16:23 <DIR> d-------- C:\Program Files\Bonjour
2008-10-02 13:22 . 2008-10-02 13:22 <DIR> d-------- C:\mysqlfast
2008-10-02 13:22 . 2001-12-09 06:12 737,096 --a------ C:\cygwin1.dll
2008-10-02 13:20 . 2008-10-02 13:20 <DIR> d-------- C:\mysqlfast_4
2008-10-02 13:20 . 2008-10-02 13:20 276,401 --a------ C:\mysqlfast.rar
2008-10-02 13:20 . 2003-05-01 14:51 20,112 --a------ C:\mysqlfast.exe
2008-10-01 18:11 . 2008-10-01 18:11 <DIR> d-------- C:\Program Files\G-Lock Software
2008-09-29 16:10 . 2008-09-29 16:10 90,662 --a------ C:\a -zzz.dic
2008-09-29 16:10 . 2008-09-29 16:10 659 --a------ C:\a -zzz.rar
2008-09-29 14:21 . 2008-09-29 14:21 <DIR> d-------- C:\Documents and Settings\user\.webrenderer
2008-09-28 04:45 . 2008-09-28 04:45 64 --a------ C:\HDD0SerialData.hddserial
2008-09-27 05:54 . 2008-09-27 05:54 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-26 12:51 . 2008-09-26 12:52 98,765,427 --a------ C:\num.dic
2008-09-26 06:00 . 2008-09-26 13:21 <DIR> d-------- C:\Fraps
2008-09-25 17:25 . 2008-10-08 21:10 <DIR> d-------- C:\Program Files\8BallClub
2008-09-25 17:22 . 2008-09-25 17:27 <DIR> d-------- C:\Program Files\Play89
2008-09-25 14:46 . 2008-09-25 14:46 <DIR> d-------- C:\Documents and Settings\TEMP
2008-09-25 14:44 . 2007-10-31 00:32 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-21 00:44 . 2008-09-21 00:44 <DIR> d-------- C:\Program Files\Sun
2008-09-16 02:43 . 2008-09-16 02:43 49 -ra------ C:\WINDOWS\amunres.lsl
2008-09-15 01:37 . 2008-09-15 01:37 <DIR> d-------- C:\Program Files\Faronics
2008-09-15 01:37 . 2008-09-15 01:37 16,299,862 --------- C:\$Persi0.sys
2008-09-15 01:37 . 2007-06-28 20:39 65,536 --a------ C:\WINDOWS\system32\LogonDll.dll
2008-09-15 00:59 . 2008-09-15 00:59 <DIR> d-------- C:\Program Files\Sandboxie
2008-09-15 00:37 . 2008-09-15 00:38 <DIR> dr------- C:\Program Files\TypingMaster
2008-09-15 00:37 . 2008-09-15 00:38 <DIR> d-------- C:\Documents and Settings\user\Application Data\TypingMaster7
2008-09-14 22:31 . 2008-09-14 22:31 <DIR> d-------- C:\Program Files\Mr.Ahmad
2008-09-14 05:04 . 2008-09-14 05:04 <DIR> d-------- C:\WINDOWS\kdefense
2008-09-14 05:04 . 2008-09-14 05:04 846,336 --a------ C:\WINDOWS\system32\kdfinj.dll
2008-09-14 05:04 . 2008-09-16 02:47 722,472 --a------ C:\WINDOWS\system32\kdfmgr.exe
2008-09-14 05:04 . 2008-09-16 02:47 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-09-14 05:04 . 2008-09-16 02:47 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2008-09-14 05:04 . 2008-09-16 02:47 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2008-09-14 05:00 . 2008-09-14 05:00 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-09-14 04:59 . 2008-10-07 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-09-14 04:59 . 2008-09-14 04:58 144,912 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-14 04:59 . 2008-09-14 04:58 50,192 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-09-14 04:59 . 2008-09-14 04:58 49,680 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-09-14 04:58 . 2008-09-14 04:58 1,195,448 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2008-09-14 04:58 . 2008-09-14 04:58 661,808 --a------ C:\WINDOWS\system32\UfWSC.cpl
2008-09-14 04:58 . 2008-09-14 04:58 334,352 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-09-14 04:58 . 2008-09-14 04:58 205,328 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-09-14 04:58 . 2008-09-14 04:58 80,400 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2008-09-14 04:58 . 2008-09-14 04:58 36,368 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-09-14 04:57 . 2008-10-10 20:11 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-14 04:17 . 2008-09-14 04:17 <DIR> d-------- C:\Program Files\WinASO
2008-09-14 01:06 . 2008-09-14 01:06 <DIR> d-------- C:\WINDOWS\system32\%ProductRoot%
2008-09-14 00:38 . 2008-09-14 00:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Notepad++
2008-09-14 00:07 . 2008-09-14 00:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IDM
2008-09-14 00:07 . 2008-09-16 02:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DMCache
2008-09-13 22:55 . 2008-09-13 22:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-09-13 22:49 . 2008-09-13 22:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\URSoft
2008-09-13 22:48 . 2008-09-13 22:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-13 22:17 . 2008-09-13 22:28 <DIR> d-------- C:\Documents and Settings\user\.housecall6.6
2008-09-12 00:35 . 2008-09-16 02:41 <DIR> d-------- C:\Program Files\AV Vcs 4.0 DIAMOND
2008-09-12 00:35 . 2004-11-14 06:01 6,852 --a------ C:\WINDOWS\system32\drivers\Vcs.sys
2008-09-12 00:08 . 2008-09-12 00:08 <DIR> d-------- C:\Documents and Settings\user\Application Data\Screaming Bee
2008-09-12 00:08 . 2008-09-12 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Screaming Bee
2008-09-11 06:30 . 2008-09-16 02:44 <DIR> d-------- C:\Documents and Settings\All Users\Remote Desktop Control 2
2008-09-11 02:25 . 2008-09-11 21:02 1,078,377 --a------ C:\WINDOWS\20080626018.mp4
2008-09-11 02:08 . 2008-09-16 02:43 <DIR> d-------- C:\Program Files\SCREEN2EXE
2008-09-11 00:08 . 2008-09-11 00:08 <DIR> d-------- C:\Program Files\Zend
2008-09-11 00:08 . 2003-04-17 22:57 207 --------- C:\WINDOWS\zend_encoder.dat
2008-09-10 09:37 . 2008-09-10 09:37 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 17:12 --------- d-----w C:\Documents and Settings\user\Application Data\DMCache
2008-10-09 16:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-08 19:44 --------- d-----w C:\Documents and Settings\user\Application Data\TeraCopy
2008-10-08 14:02 --------- d-----w C:\Program Files\phpDesigner 2008
2008-10-08 13:34 --------- d-----w C:\Program Files\SWiSHvideo
2008-10-08 13:21 --------- d-----w C:\Program Files\Yahoo!
2008-10-05 13:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-04 14:17 --------- d-----w C:\Documents and Settings\user\Application Data\Thinstall
2008-10-01 16:52 --------- d-----w C:\Documents and Settings\user\Application Data\codeblocks
2008-09-28 09:30 --------- d-----w C:\Program Files\efs
2008-09-20 21:44 --------- d-----w C:\Program Files\Java
2008-09-14 02:00 --------- d-----w C:\Program Files\Trend Micro
2008-09-14 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-13 21:53 --------- d-----w C:\Program Files\Google
2008-09-10 22:11 --------- d-----w C:\Documents and Settings\user\Application Data\PE Explorer
2008-09-10 21:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-10 21:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 20:01 --------- d-----w C:\Program Files\Foxit Reader
2008-09-06 23:29 --------- d-----w C:\Program Files\AAQ
2008-09-06 23:19 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-09-06 23:19 --------- d-----w C:\Program Files\Adobe Media Player
2008-09-06 22:32 --------- d-----w C:\Program Files\Waseet3
2008-09-06 18:55 --------- d-----w C:\Program Files\Electric Rain
2008-09-06 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-06 01:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-06 00:21 --------- d--h--r C:\Documents and Settings\user\Application Data\yahoo!
2008-09-05 23:10 --------- d-----w C:\Program Files\AoA Audio Extractor
2008-09-05 23:00 --------- d-----w C:\Program Files\Absolute Video to Audio Converter
2008-09-05 22:18 --------- d-----w C:\Program Files\Paint.NET
2008-09-05 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-05 21:24 --------- d-----w C:\Program Files\Adobe_Flash_CS3_Portable
2008-09-05 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-05 10:52 --------- d-----w C:\Program Files\Magic Swf2Gif
2008-09-05 03:31 --------- d-----w C:\Documents and Settings\user\Application Data\GeoVid
2008-09-05 03:29 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-09-05 03:20 --------- d-----w C:\Program Files\AVI-GIF
2008-09-05 02:28 --------- d-----w C:\Program Files\Image Icon Converter
2008-09-05 02:25 --------- d-----w C:\Program Files\Pic2Ico
2008-09-05 01:27 --------- d-----w C:\Program Files\QuickTime
2008-09-05 01:26 --------- d-----w C:\Program Files\Apple Software Update
2008-09-05 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-05 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-05 00:45 --------- d-----w C:\Program Files\illiminable
2008-09-05 00:11 --------- d-----w C:\Program Files\AVI MPEG RM WMV Splitter
2008-09-05 00:05 --------- d-----w C:\Program Files\ImTOO
2008-09-04 23:59 --------- d-----w C:\Program Files\AVI MPEG RM WMV Joiner
2008-09-04 13:29 --------- d-----w C:\Program Files\e-jihad3
2008-09-03 10:20 --------- d-----w C:\Program Files\Microsoft Games
2008-09-03 09:28 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-09-03 09:28 --------- d-----w C:\Documents and Settings\user\Application Data\teamspeak2
2008-09-03 09:09 --------- d-----w C:\Program Files\IVAO
2008-08-31 20:47 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-08-31 20:47 249,856 ------w C:\WINDOWS\Setup1.exe
2008-08-30 16:21 --------- d-----w C:\Program Files\Foxit Software
2008-08-30 16:20 --------- d-----w C:\Program Files\Conduit
2008-08-30 11:11 --------- d-----w C:\Program Files\FSFlyingSchool
2008-08-29 02:20 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent
2008-08-28 04:45 --------- d-----w C:\Documents and Settings\user\Application Data\IDM
2008-08-25 11:28 --------- d-----w C:\Program Files\NCH Swift Sound
2008-08-25 05:05 --------- d-----w C:\Documents and Settings\user\Application Data\phpDesigner 2008
2008-08-25 04:16 --------- d-----w C:\Program Files\PHP Rocket Addin
2008-08-23 02:23 --------- d-----w C:\Program Files\BreakPoint Software
2008-08-17 05:07 --------- d-----w C:\Program Files\Real Alternative
2008-08-14 23:05 --------- d-----w C:\Program Files\uTorrent
2008-08-14 00:55 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-12 07:39 --------- d-----w C:\Documents and Settings\user\Application Data\vlc
2008-08-12 07:36 --------- d-----w C:\Program Files\VideoLAN
2008-08-12 06:57 --------- d-----w C:\Documents and Settings\user\Application Data\Apple Computer
2008-08-11 22:20 --------- d-----w C:\Program Files\Common Files\ChaosGroup
2008-08-11 21:53 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-08-11 21:51 --------- d-----w C:\Program Files\Autodesk
2008-08-11 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-08-11 20:59 --------- d-----w C:\Program Files\Uplink
2008-08-11 20:18 --------- d-----w C:\Program Files\Wing IDE 3.1
2008-08-11 20:15 --------- d-----w C:\Program Files\Chaos Group
2008-08-11 18:29 347,667 ----a-w C:\mysqlfast_4.zip
2008-08-11 14:24 --------- d-----w C:\Program Files\Nmap
2008-08-11 14:15 --------- d-----w C:\Documents and Settings\user\Application Data\Dev-Cpp
2008-08-11 14:09 73,728 ----a-w C:\WINDOWS\Alasma Uninstaller.exe
2008-07-31 07:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 07:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 07:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-16 01:44 1,447,733 ----a-w C:\bamcompile1.21.zip
2008-07-12 05:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 05:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 05:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-05 02:15 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys
.
[code]<pre>
----a-w            75,100 2007-07-21 15:19:32  C:\Program Files\Dictionary\uninstall dictionary .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-10-31 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-14 497008]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-06-13 2594224]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-14 970808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-31 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-14 497008]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2007-06-28 20:39 65536 C:\WINDOWS\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
backup=C:\WINDOWS\pss\DynDNS Updater Tray Icon.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2007-10-31 00:32 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a--c--- 2008-06-13 18:04 2594224 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-10-31 00:32 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 22:46 13529088 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"SQLWriter"=2 (0x2)
"NVSvc"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Tenable Nessus"=2 (0x2)
"mi-raysat_3dsMax2009_32"=2 (0x2)
"mi-raysat_3dsMax2008_32"=2 (0x2)
"XAMPP"=2 (0x2)
"sp_rssrv"=2 (0x2)
"rpcapd"=3 (0x3)
"idsvc"=3 (0x3)
"HotspotShieldService"=2 (0x2)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"DynDNS Updater"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"a2AntiMalware"=2 (0x2)
"RDC-Host"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Security Activity Dashboard Service"=2 (0x2)
"SbieSvc"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\netcat\\nc.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\8BallClub\\GameDirector.exe"=
"c:\\program files\\relevantknowledge\\rlvknlg.exe"=
R0 DeepFrz;DeepFrz;C:\WINDOWS\system32\drivers\DeepFrz.sys [2007-06-28 131472]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2008-06-21 3026]
R2 AcuWVSScheduler;Acunetix WVS Scheduler;C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe [2006-07-17 571904]
R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe [2007-06-21 652800]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2007-10-31 14336]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2004-11-14 6852]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
S3 BCUMXMIDI;BCUMXMIDI;C:\WINDOWS\system32\Drivers\bumxmidi.sys [2006-01-12 22752]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2007-04-20 74240]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [ ]
S4 DynDNS Updater;DynDNS Updater;C:\Program Files\DynDNS Updater\DynUpSvc.exe [2008-06-23 65536]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-06-02 86016]
S4 Security Activity Dashboard Service;Security Activity Dashboard Service;C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2008-08-14 181584]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-13 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\docopen.exe Legal_Disclaimer.htm
*Newly Created Service* - HELPSVC
.
s of the 'Scheduled Tasks' folder
2008-10-03 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
2008-09-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\cd3ul6yo.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1048306&SearchSource=3&q=
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Pure Codec\Real\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Virtools\3D Life Player\nppl3260.dll
FF -: plugin - C:\Program Files\Virtools\3D Life Player\nprpjplug.dll
FF -: plugin - C:\Program Files\Virtools\3D Life Player\npvirtools.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-10 20:11:50
Windows 5.1.2600 Service Pack 3, v.3244 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\LogonDll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
.
**************************************************************************
.
Completion time: 2008-10-10 20:17:47 - machine was rebooted
Pre-Run: 11,889,958,912 bytes free
Post-Run: 11,848,642,560 bytes free
370
[/CODE]

انتظركم ::
 

توقيع : third
ترتيب حسب التاريخ ترتيب حسب الأصوات
والله يا وخيي ما اعرف:er: <اجل وش تبين خاشه :d:

لو اعرف من عنوني :b:

بس شفت الموضوع محد رد عليه قلت ارد عليك :q:

ان شاء الله يساعدونك .. بالتوفيق :king:
 
توقيع : miss.paris
تأييد 0
miss.paris قال:
والله يا وخيي ما اعرف:er: <اجل وش تبين خاشه :d:

لو اعرف من عنوني :b:

بس شفت الموضوع محد رد عليه قلت ارد عليك :q:

ان شاء الله يساعدونك .. بالتوفيق :king:
أنقر للتوسيع...

شكرا اختي على مرورك واسعدني وانتظر الاخوان
 
توقيع : third
تأييد 0
احذف هذه القيم

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe


واحذف التولبيرات من اضافة وازالة
 
توقيع : فارس الملاك
تأييد 0
الله يعطيك الف عافية وتم الحذف وكل شيء وهذا تقريري الجديد

كود: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:56, on 10/10/2008
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime ) - [URL]http://appldnld.apple.com.edgesuite.net/.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/URL]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [URL]http://download.bitdefender.com/resources/scan8/oscan8.cab[/URL]
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - [URL]http://209.11.244.34/IMSCP/talk.cab[/URL]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [URL]http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221357939593[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL]
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - [URL]http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll[/URL]
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 8660 bytes
 
توقيع : third
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى