- بادئ الموضوع nsnas999
- تاريخ البدء
- 1,428
sport
زيزوومى مبدع
غير متصل
هلا اخوي
======
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
ثم
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
======
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
ثم
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : sport
تأييد
0
مكافح
زيزوومى مميز
غير متصل
على العموم... التروجان هذا مكتشف من قبل مختبر الكاسبر سكاي في 16 أوكتوبر 2008 وهذا هو الرابط:
نصيحتي نزّل آخر إصدار من البرنامج وحدثه وراح ينحذف بإذن الله...
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
نصيحتي نزّل آخر إصدار من البرنامج وحدثه وراح ينحذف بإذن الله...
تأييد
0
ComboFix 08-10-11.04 - Administrator 10/12/2008 20:52:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.667 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\My Documents\مقدمة\Desktop_.ini
C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\sys_dll.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 17:47 --------- d-----w C:\Program Files\BitDefender
2008-10-12 05:15 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-10-12 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-12 02:52 --------- d-----w C:\Program Files\ESET
2008-10-12 02:42 --------- d-----w C:\Program Files\True Sword 5
2008-10-12 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-12 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
2008-10-12 02:21 --------- d-----w C:\Program Files\Uninstall Tool
2008-10-12 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-10-12 01:28 --------- d-----w C:\Program Files\Hotspot_Shield
2008-10-11 23:10 --------- d-----w C:\Program Files\LtUcx
2008-10-11 21:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\True Sword
2008-10-11 21:17 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-10-11 15:25 --------- d-----w C:\Program Files\Paltalk Messenger
2008-10-11 15:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-11 00:12 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-10-10 23:47 --------- d-----w C:\Program Files\Lavasoft
2008-10-10 23:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-10 21:39 --------- d-----w C:\Program Files\Rescue Pro
2008-10-10 21:39 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-10 19:37 69,632 ----a-w C:\WINDOWS\system32\hzrMain.exe
2008-10-10 19:37 36,864 ----a-w C:\WINDOWS\system32\hzrService.exe
2008-10-10 19:37 32,768 ----a-w C:\WINDOWS\system32\hzrTray.exe
2008-10-10 19:37 15,360 ----a-w C:\WINDOWS\system32\hzrController.exe
2008-10-10 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-10 19:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-10-10 18:24 --------- d-----w C:\Program Files\AxBx
2008-10-10 18:22 --------- d-----w C:\Program Files\The Cleaner
2008-10-10 17:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-10-10 17:31 --------- d-----w C:\Program Files\Webroot
2008-10-10 17:31 --------- d-----w C:\Program Files\AskSBar
2008-10-10 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-10-10 17:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-10-10 16:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-10 16:01 --------- d-----w C:\Program Files\Trojan Remover
2008-10-10 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-10 15:42 --------- d-----w C:\Program Files\Spyware Terminator
2008-10-10 15:33 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-10 15:33 --------- d-----w C:\Program Files\Crawler
2008-10-10 14:49 --------- d-----w C:\Program Files\Enigma Software Group
2008-10-10 14:36 --------- d-----w C:\Program Files\XoftSpySE
2008-10-10 14:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hide IP NG
2008-10-09 08:57 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 04:02 --------- d-----w C:\Program Files\Mass Downloader
2008-10-08 21:43 --------- d-----w C:\Program Files\AV Vcs 6.0
2008-10-08 21:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\zweitgeist
2008-10-08 21:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-08 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-10-08 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-10-08 21:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Products
2008-10-08 21:17 --------- d-----w C:\Program Files\Ashampoo
2008-10-08 21:05 --------- d-----w C:\Program Files\CCleaner
2008-10-08 20:38 --------- d-----w C:\Program Files\Java
2008-10-08 20:35 --------- d-----w C:\Program Files\Common Files\Java
2008-10-08 20:21 --------- d-----w C:\Program Files\The Cleaner Demo
2008-10-08 19:46 --------- d-----w C:\Program Files\GVR
2008-10-08 01:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-10-08 00:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-10-07 23:35 5,376 ----a-w C:\WINDOWS\system32\drivers\MS1000.sys
2008-10-07 17:29 67,645 ----a-w C:\WINDOWS\system32\drivers\pshook11.sys
2008-10-07 17:29 --------- d-----w C:\Program Files\Spyware Nuker
2008-10-07 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-07 15:44 --------- d-----w C:\Program Files\MSN Messenger
2008-10-07 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-07 12:23 --------- d-----w C:\Program Files\Camfrog
2008-10-07 09:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-10-07 09:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Camfrog
2008-10-07 09:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-10-07 09:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-10-07 09:29 --------- d-----w C:\Program Files\Common Files\Skype
2008-10-05 23:35 --------- d-----w C:\Program Files\INAC
2008-10-05 23:31 --------- d-----w C:\Program Files\Google
2008-10-05 23:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit
2008-10-05 20:06 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-10-03 09:11 --------- d-----w C:\Program Files\AskPBar
2008-10-03 09:10 --------- d-----w C:\Program Files\Tube Explorer
2008-10-03 09:10 --------- d-----w C:\Program Files\speed-bit
2008-10-03 09:10 --------- d-----w C:\Program Files\cafe
2008-10-03 09:10 --------- d-----w C:\Program Files\Common Files\Akamai
2008-10-03 09:10 --------- d-----w C:\Program Files\cFosSpeed
2008-10-03 09:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cafe
2008-10-03 09:09 --------- d-----w C:\Program Files\ProgDVB
2008-10-03 09:08 --------- d-----w C:\Program Files\weblin
2008-10-03 09:07 --------- d-----w C:\Program Files\Winamp
2008-10-03 08:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Avant Profiles
2008-10-01 12:12 5,680 ----a-w C:\WINDOWS\system32\drivers\psntkd20.sys
2008-10-01 11:55 --------- d-----w C:\Program Files\DFX
2008-10-01 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tiger Install
2008-10-01 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\cafe(2)
2008-09-20 16:55 --------- d-----w C:\Program Files\streamtofile.com
2008-09-20 14:33 --------- d-----w C:\Program Files\JlgSolera
2008-09-20 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\VOWSoft
2008-09-20 14:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VOWSoft
2008-09-16 14:31 --------- d-----w C:\Program Files\Conduit
2008-09-11 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-09 21:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 21:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-22 17:32 --------- d-----w C:\Program Files\Winamp Remote
2008-08-22 16:58 --------- d-----w C:\Program Files\VoiceMaskPro
2008-08-22 15:09 --------- d-----w C:\Program Files\FileRescue Pro
2008-06-01 12:52 88 --sh--r C:\WINDOWS\system32\0841AD8B24.sys
2007-07-13 18:18 80 --sh--r C:\WINDOWS\system32\248BAD4108.dll
2008-06-01 12:52 2,672 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
10/12/2008 04:28 AM 1569304 --a------ C:\Program Files\Hotspot_Shield\tbHot1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "C:\Program Files\Hotspot_Shield\tbHot1.dll" [10/12/2008 04:28 AM 1569304]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "C:\Program Files\Hotspot_Shield\tbHot1.dll" [10/12/2008 04:28 AM 1569304]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hazard Shield"="C:\WINDOWS\system32\hzrTray.exe" [10/10/2008 10:37 PM 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/30/2008 05:13 PM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 05:42 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [04/14/2008 05:42 AM 53760 C:\WINDOWS\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ir32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.ir31"= C:\WINDOWS\system32\ir32_32.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.l3codec"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Tarjim Tool.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorkiller
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Guards
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zweitgeist Assistant
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
--a------ 11/20/2006 11:19 AM 81920 C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 04/14/2008 05:42 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 11/29/2007 06:53 PM 4568576 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 02/10/2007 03:40 PM 20480 C:\WINDOWS\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GVR4]
--a------ 12/23/2007 09:47 PM 77824 C:\Program Files\GVR\GVR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hazard Shield]
--a------ 10/10/2008 10:37 PM 32768 C:\WINDOWS\system32\hzrTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/14/2008 05:42 AM 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 10/23/2007 03:47 AM 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
--a------ 03/05/2007 09:45 PM 2726912 C:\PC-Checkup\PCCheckUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 09/19/2006 09:07 AM 827392 C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 08/22/2008 06:02 PM 2729584 C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 09/10/2008 05:16 PM 864256 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 01/04/2008 08:56 PM 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 10/10/2008 06:33 PM 1783808 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 06/10/2008 04:27 AM 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 11/12/2007 03:45 AM 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThePrivacyGuard]
--a------ 04/05/2007 02:32 PM 2128896 C:\Program Files\The Privacy Guard\ThePrivacyGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 05/30/2008 05:13 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 08/19/2008 08:08 PM 914512 C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
--a------ 03/10/2007 02:43 PM 270336 C:\WINDOWS\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 05/21/2004 02:56 PM 57344 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a--c--- 06/17/2004 06:43 PM 2550272 C:\WINDOWS\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 03/18/2004 01:10 AM 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 04/16/2007 03:28 PM 577536 C:\WINDOWS\soundman.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17616:TCP"= 17616:TCP:BitComet 17616 TCP
"17616:UDP"= 17616:UDP:BitComet 17616 UDP
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [10/10/2008 06:33 PM 141312]
R2 HazardShield;HazardShield;C:\WINDOWS\system32\hzrController.exe [10/10/2008 10:37 PM 15360]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [08/22/2008 06:02 PM 35584]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [04/14/2008 05:42 AM 14336]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [12/10/2002 09:11 AM 6852]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [08/22/2008 06:02 PM 280184]
S3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [ ]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [03/30/2008 09:13 AM 306432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [01/08/2008 01:31 PM]
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [06/03/2007 01:42 PM]
.
- - - - ORPHANS REMOVED - - - -
BHO-{9dbf8a26-4cab-45b6-8e5e-92f1a18aa271} - (no file)
WebBrowser-{9DBF8A26-4CAB-45B6-8E5E-92F1A18AA271} - (no file)
MSConfigStartUp-ares - G:\Ares\Ares.exe
MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
MSConfigStartUp-HiChatter - C:\Program Files\HiChatter Messenger\HiChater.exe
MSConfigStartUp-HP Software Update - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-RRT-Auto - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.750\RRT.exe
MSConfigStartUp-SBAMTray - C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
MSConfigStartUp-SWN2 - C:\Program Files\Spyware Nuker\swnxt.exe
MSConfigStartUp-Device Detector - DevDetect.exe
MSConfigStartUp-DLD - (no file)
MSConfigStartUp-Sweeper - (no file)
MSConfigStartUp-www.cproxy - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iofcqm2r.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.camfrog.com/search.php?q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.orbitdownloader.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-12 20:54:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AxPsHook11]
"ImagePath"="\??\"
.
Completion time: 10/12/2008 20:55:59
ComboFix-quarantined-files.txt 2008-10-12 17:55:55
Pre-Run: 22,089,515,008 bytes free
Post-Run: 22,945,177,600 bytes free
298 --- E O F --- 2008-10-10 11:05:22
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.667 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\My Documents\مقدمة\Desktop_.ini
C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\kjkkj.bak1
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\sys_dll.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 17:47 --------- d-----w C:\Program Files\BitDefender
2008-10-12 05:15 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-10-12 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-12 02:52 --------- d-----w C:\Program Files\ESET
2008-10-12 02:42 --------- d-----w C:\Program Files\True Sword 5
2008-10-12 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-12 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
2008-10-12 02:21 --------- d-----w C:\Program Files\Uninstall Tool
2008-10-12 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-10-12 01:28 --------- d-----w C:\Program Files\Hotspot_Shield
2008-10-11 23:10 --------- d-----w C:\Program Files\LtUcx
2008-10-11 21:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\True Sword
2008-10-11 21:17 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-10-11 15:25 --------- d-----w C:\Program Files\Paltalk Messenger
2008-10-11 15:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-11 00:12 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-10-10 23:47 --------- d-----w C:\Program Files\Lavasoft
2008-10-10 23:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-10 21:39 --------- d-----w C:\Program Files\Rescue Pro
2008-10-10 21:39 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-10 19:37 69,632 ----a-w C:\WINDOWS\system32\hzrMain.exe
2008-10-10 19:37 36,864 ----a-w C:\WINDOWS\system32\hzrService.exe
2008-10-10 19:37 32,768 ----a-w C:\WINDOWS\system32\hzrTray.exe
2008-10-10 19:37 15,360 ----a-w C:\WINDOWS\system32\hzrController.exe
2008-10-10 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-10 19:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-10-10 18:24 --------- d-----w C:\Program Files\AxBx
2008-10-10 18:22 --------- d-----w C:\Program Files\The Cleaner
2008-10-10 17:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-10-10 17:31 --------- d-----w C:\Program Files\Webroot
2008-10-10 17:31 --------- d-----w C:\Program Files\AskSBar
2008-10-10 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-10-10 17:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-10-10 16:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-10 16:01 --------- d-----w C:\Program Files\Trojan Remover
2008-10-10 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-10 15:42 --------- d-----w C:\Program Files\Spyware Terminator
2008-10-10 15:33 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-10 15:33 --------- d-----w C:\Program Files\Crawler
2008-10-10 14:49 --------- d-----w C:\Program Files\Enigma Software Group
2008-10-10 14:36 --------- d-----w C:\Program Files\XoftSpySE
2008-10-10 14:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Hide IP NG
2008-10-09 08:57 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 04:02 --------- d-----w C:\Program Files\Mass Downloader
2008-10-08 21:43 --------- d-----w C:\Program Files\AV Vcs 6.0
2008-10-08 21:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\zweitgeist
2008-10-08 21:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-08 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-10-08 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-10-08 21:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Products
2008-10-08 21:17 --------- d-----w C:\Program Files\Ashampoo
2008-10-08 21:05 --------- d-----w C:\Program Files\CCleaner
2008-10-08 20:38 --------- d-----w C:\Program Files\Java
2008-10-08 20:35 --------- d-----w C:\Program Files\Common Files\Java
2008-10-08 20:21 --------- d-----w C:\Program Files\The Cleaner Demo
2008-10-08 19:46 --------- d-----w C:\Program Files\GVR
2008-10-08 01:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-10-08 00:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-10-07 23:35 5,376 ----a-w C:\WINDOWS\system32\drivers\MS1000.sys
2008-10-07 17:29 67,645 ----a-w C:\WINDOWS\system32\drivers\pshook11.sys
2008-10-07 17:29 --------- d-----w C:\Program Files\Spyware Nuker
2008-10-07 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-07 15:44 --------- d-----w C:\Program Files\MSN Messenger
2008-10-07 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-07 12:23 --------- d-----w C:\Program Files\Camfrog
2008-10-07 09:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-10-07 09:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Camfrog
2008-10-07 09:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-10-07 09:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-10-07 09:29 --------- d-----w C:\Program Files\Common Files\Skype
2008-10-05 23:35 --------- d-----w C:\Program Files\INAC
2008-10-05 23:31 --------- d-----w C:\Program Files\Google
2008-10-05 23:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit
2008-10-05 20:06 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-10-03 09:11 --------- d-----w C:\Program Files\AskPBar
2008-10-03 09:10 --------- d-----w C:\Program Files\Tube Explorer
2008-10-03 09:10 --------- d-----w C:\Program Files\speed-bit
2008-10-03 09:10 --------- d-----w C:\Program Files\cafe
2008-10-03 09:10 --------- d-----w C:\Program Files\Common Files\Akamai
2008-10-03 09:10 --------- d-----w C:\Program Files\cFosSpeed
2008-10-03 09:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cafe
2008-10-03 09:09 --------- d-----w C:\Program Files\ProgDVB
2008-10-03 09:08 --------- d-----w C:\Program Files\weblin
2008-10-03 09:07 --------- d-----w C:\Program Files\Winamp
2008-10-03 08:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Avant Profiles
2008-10-01 12:12 5,680 ----a-w C:\WINDOWS\system32\drivers\psntkd20.sys
2008-10-01 11:55 --------- d-----w C:\Program Files\DFX
2008-10-01 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tiger Install
2008-10-01 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\cafe(2)
2008-09-20 16:55 --------- d-----w C:\Program Files\streamtofile.com
2008-09-20 14:33 --------- d-----w C:\Program Files\JlgSolera
2008-09-20 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\VOWSoft
2008-09-20 14:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VOWSoft
2008-09-16 14:31 --------- d-----w C:\Program Files\Conduit
2008-09-11 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-09 21:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 21:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-22 17:32 --------- d-----w C:\Program Files\Winamp Remote
2008-08-22 16:58 --------- d-----w C:\Program Files\VoiceMaskPro
2008-08-22 15:09 --------- d-----w C:\Program Files\FileRescue Pro
2008-06-01 12:52 88 --sh--r C:\WINDOWS\system32\0841AD8B24.sys
2007-07-13 18:18 80 --sh--r C:\WINDOWS\system32\248BAD4108.dll
2008-06-01 12:52 2,672 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
10/12/2008 04:28 AM 1569304 --a------ C:\Program Files\Hotspot_Shield\tbHot1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "C:\Program Files\Hotspot_Shield\tbHot1.dll" [10/12/2008 04:28 AM 1569304]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "C:\Program Files\Hotspot_Shield\tbHot1.dll" [10/12/2008 04:28 AM 1569304]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hazard Shield"="C:\WINDOWS\system32\hzrTray.exe" [10/10/2008 10:37 PM 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/30/2008 05:13 PM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 05:42 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [04/14/2008 05:42 AM 53760 C:\WINDOWS\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ir32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.ir31"= C:\WINDOWS\system32\ir32_32.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.l3codec"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Tarjim Tool.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorkiller
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIA2006
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Guards
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zweitgeist Assistant
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
--a------ 11/20/2006 11:19 AM 81920 C:\Program Files\AnchorFree\bin\ctrl\AFController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 04/14/2008 05:42 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 11/29/2007 06:53 PM 4568576 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 02/10/2007 03:40 PM 20480 C:\WINDOWS\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GVR4]
--a------ 12/23/2007 09:47 PM 77824 C:\Program Files\GVR\GVR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hazard Shield]
--a------ 10/10/2008 10:37 PM 32768 C:\WINDOWS\system32\hzrTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/14/2008 05:42 AM 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 10/23/2007 03:47 AM 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
--a------ 03/05/2007 09:45 PM 2726912 C:\PC-Checkup\PCCheckUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 09/19/2006 09:07 AM 827392 C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 08/22/2008 06:02 PM 2729584 C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 09/10/2008 05:16 PM 864256 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 01/04/2008 08:56 PM 5367664 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 10/10/2008 06:33 PM 1783808 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 06/10/2008 04:27 AM 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 11/12/2007 03:45 AM 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThePrivacyGuard]
--a------ 04/05/2007 02:32 PM 2128896 C:\Program Files\The Privacy Guard\ThePrivacyGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 05/30/2008 05:13 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 08/19/2008 08:08 PM 914512 C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
--a------ 03/10/2007 02:43 PM 270336 C:\WINDOWS\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 05/21/2004 02:56 PM 57344 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a--c--- 06/17/2004 06:43 PM 2550272 C:\WINDOWS\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 03/18/2004 01:10 AM 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 04/16/2007 03:28 PM 577536 C:\WINDOWS\soundman.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17616:TCP"= 17616:TCP:BitComet 17616 TCP
"17616:UDP"= 17616:UDP:BitComet 17616 UDP
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [10/10/2008 06:33 PM 141312]
R2 HazardShield;HazardShield;C:\WINDOWS\system32\hzrController.exe [10/10/2008 10:37 PM 15360]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [08/22/2008 06:02 PM 35584]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [04/14/2008 05:42 AM 14336]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [12/10/2002 09:11 AM 6852]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [08/22/2008 06:02 PM 280184]
S3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [ ]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [03/30/2008 09:13 AM 306432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-10-10 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [01/08/2008 01:31 PM]
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [06/03/2007 01:42 PM]
.
- - - - ORPHANS REMOVED - - - -
BHO-{9dbf8a26-4cab-45b6-8e5e-92f1a18aa271} - (no file)
WebBrowser-{9DBF8A26-4CAB-45B6-8E5E-92F1A18AA271} - (no file)
MSConfigStartUp-ares - G:\Ares\Ares.exe
MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
MSConfigStartUp-HiChatter - C:\Program Files\HiChatter Messenger\HiChater.exe
MSConfigStartUp-HP Software Update - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-RRT-Auto - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.750\RRT.exe
MSConfigStartUp-SBAMTray - C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
MSConfigStartUp-SWN2 - C:\Program Files\Spyware Nuker\swnxt.exe
MSConfigStartUp-Device Detector - DevDetect.exe
MSConfigStartUp-DLD - (no file)
MSConfigStartUp-Sweeper - (no file)
MSConfigStartUp-www.cproxy - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iofcqm2r.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.camfrog.com/search.php?q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.orbitdownloader.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-12 20:54:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\AxPsHook11]
"ImagePath"="\??\"
.
Completion time: 10/12/2008 20:55:59
ComboFix-quarantined-files.txt 2008-10-12 17:55:55
Pre-Run: 22,089,515,008 bytes free
Post-Run: 22,945,177,600 bytes free
298 --- E O F --- 2008-10-10 11:05:22
تأييد
0
هذا التقرير الثاني
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:34, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hzrController.exe
C:\WINDOWS\system32\hzrService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Reader - {3C24A589-43D7-4CA2-AACE-30424985B955} - C:\Program Files\LatestSoft\Internet Explorer Reader\VoiceBar.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [Hazard Shield] C:\WINDOWS\system32\hzrTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download Video -
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CD605C-404E-4515-9D63-E84D07D4A2BB}: NameServer = 158.43.240.4,212.127.151.92
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HazardShield - Unknown owner - C:\WINDOWS\system32\hzrController.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8907 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:34, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hzrController.exe
C:\WINDOWS\system32\hzrService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\Administrator\Desktop\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Reader - {3C24A589-43D7-4CA2-AACE-30424985B955} - C:\Program Files\LatestSoft\Internet Explorer Reader\VoiceBar.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [Hazard Shield] C:\WINDOWS\system32\hzrTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download Video -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CD605C-404E-4515-9D63-E84D07D4A2BB}: NameServer = 158.43.240.4,212.127.151.92
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HazardShield - Unknown owner - C:\WINDOWS\system32\hzrController.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8907 bytes
تأييد
0
غير متصل
التقرير شبه سليم
عندك العلوم الطيبه هذي امسحها
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Reader - {3C24A589-43D7-4CA2-AACE-30424985B955} - C:\Program Files\LatestSoft\Internet Explorer Reader\VoiceBar.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CD605C-404E-4515-9D63-E84D07D4A2BB}: NameServer =
ملاحظه
ترا القيم هذي كلها من اولها الى اخرها خرطي
اذا بغيت تختصر الوقت وتحذفهم
ادخل على لوحة التحكم بعدين اضافة او ازالة برامج
واحذف اي تولبار موجود بالقائمه
بعدها عطني تقرير جديد عشان نغسل جهازك من الخرابيط هذي
المهم
مشكلتك ما لها أثر بالتقرير هذا
جرب تحدث الكاسبر لآخر تحديث
بعدين ادخل على الوضع الآمن وافحص جهازك فحص كامل
وخله يحذف اي فيروس يلقاه
بعدها اعد التشغيل وادخل على الوضع الطبيعي ورد لنا
هل النتايج سليمه او لا
بانتظار ,, هذا اذا ما نمت بعد :d:
عندك العلوم الطيبه هذي امسحها
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: IE Reader - {3C24A589-43D7-4CA2-AACE-30424985B955} - C:\Program Files\LatestSoft\Internet Explorer Reader\VoiceBar.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {8C159DFD-DC9C-4077-B3B6-114A8D64B6D2} (UserAuthenticate Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6CD605C-404E-4515-9D63-E84D07D4A2BB}: NameServer =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ملاحظه
ترا القيم هذي كلها من اولها الى اخرها خرطي
اذا بغيت تختصر الوقت وتحذفهم
ادخل على لوحة التحكم بعدين اضافة او ازالة برامج
واحذف اي تولبار موجود بالقائمه
بعدها عطني تقرير جديد عشان نغسل جهازك من الخرابيط هذي
المهم
مشكلتك ما لها أثر بالتقرير هذا
جرب تحدث الكاسبر لآخر تحديث
بعدين ادخل على الوضع الآمن وافحص جهازك فحص كامل
وخله يحذف اي فيروس يلقاه
بعدها اعد التشغيل وادخل على الوضع الطبيعي ورد لنا
هل النتايج سليمه او لا
بانتظار ,, هذا اذا ما نمت بعد :d:
توقيع : Juve Guard
تأييد
0