السلام عليكم
مشكلتي ان النت مايفتح عندي
اتصال دي اس ال والكل يفتح عنده وانا الحين داخله من جهاز اخوي
ياليت تساعدوني هذي صوره
وهذا الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:33:28 ص, on 21/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\BURAQ\Desktop\برامج\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8755 bytes
_________________________________________________________
________________________________________________________
وجربت اسوي له fix
وهذا تقرير
ComboFix 08-10-19.04 - BURAQ 10/21/2008 3:18:12.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.592 [GMT -7:00]
Running from: C:\Documents and Settings\BURAQ\My Documents\Bluetooth Exchange Folder\ComboFix\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Resources\Themes\coco\Shell\Desktop_.ini
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 08:44 3,764 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-21 08:44 202,528 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-21 08:44 1,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-21 08:44 1,244 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-20 16:23 --------- d-----w C:\Program Files\Desktop Icon Toy
2008-10-19 07:10 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\CyberScrub
2008-10-19 07:09 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\cleaner
2008-10-18 09:22 1,630,208 ----a-w C:\WINDOWS\system32\ULTRA SURF 9.9 BY OWL.exe
2008-10-15 03:18 --------- d-----w C:\Program Files\Netlog Video Tool
2008-10-15 02:06 --------- d-----w C:\Program Files\Netlog Photo Tool
2008-10-14 22:58 90,112 ----a-w C:\WINDOWS\DUMP5217.tmp
2008-10-07 01:24 --------- d-----w C:\Program Files\Mobily Connect Card
2008-10-04 02:55 --------- d-----w C:\Program Files\DCETools
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-02 01:52 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\CyberLink
2008-10-01 21:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-01 21:18 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-01 21:18 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-01 03:11 --------- d-----w C:\Program Files\Save Flash
2008-09-27 09:27 --------- d-----w C:\Program Files\LtUcx
2008-09-25 09:23 --------- d-----w C:\Program Files\iVocalize Web Conference 4
2008-09-25 07:17 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\Media Player Classic
2008-09-22 08:42 --------- d-----w C:\Program Files\Stardock
2008-09-20 12:32 --------- d-----w C:\Program Files\Teorex
2008-09-19 15:12 --------- d-----w C:\Program Files\MosaicCreator
2008-09-17 09:59 --------- d-----w C:\Program Files\MSXML 6.0
2008-09-16 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-16 10:12 --------- d-----w C:\Program Files\Circle Developement
2008-09-16 06:02 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-16 06:02 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-16 06:02 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-16 06:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-16 06:00 --------- d-----w C:\Program Files\Ozone
2008-09-16 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-16 05:59 --------- d-----w C:\Program Files\Windows Live
2008-09-16 05:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-16 05:59 --------- d-----w C:\Program Files\CyberLink
2008-09-16 05:58 --------- d-----w C:\Program Files\MSN Messenger
2008-09-16 05:58 --------- d-----w C:\Program Files\Macromedia
2008-09-16 05:57 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-16 05:57 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\IDM
2008-09-16 05:57 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\DMCache
2008-09-16 05:56 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-16 05:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-16 05:56 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-16 05:56 --------- d-----w C:\Program Files\ACD Systems
2008-09-16 05:56 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\ACD Systems
2008-09-16 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-16 05:55 --------- d-----w C:\Program Files\GRETECH
2008-09-16 05:55 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\GRETECH
2008-09-16 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-16 05:54 --------- d-----w C:\Program Files\Nokia
2008-09-16 05:54 --------- d-----w C:\Program Files\Java
2008-09-16 05:54 --------- d-----w C:\Program Files\Hotspot Shield
2008-09-16 05:54 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-16 05:54 --------- d-----w C:\Program Files\Common Files\Java
2008-09-16 05:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-16 05:53 --------- d-----w C:\Program Files\Nero
2008-09-16 05:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-16 05:52 --------- d-----w C:\Program Files\Real
2008-09-16 05:52 --------- d-----w C:\Program Files\Common Files\Real
2008-09-16 05:46 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_Dell 500 .MRK
2008-09-16 05:46 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_Dell 500 .MRK
2008-09-16 05:42 --------- d-----w C:\Program Files\Marvell
2008-09-16 05:41 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\TMP
2008-09-16 05:39 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-09-16 05:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-09-16 05:39 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\Intel
2008-09-16 05:38 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-16 05:38 21,393 ----a-w C:\WINDOWS\AegisP.sys
2008-09-16 05:38 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-09-16 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-09-16 05:33 --------- d-----w C:\Program Files\WIDCOMM
2008-09-16 05:31 --------- d-----w C:\Program Files\CONEXANT
2008-09-16 05:28 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-16 05:28 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-09-16 05:28 --------- d-----w C:\Program Files\DellTPad
2008-09-16 05:27 --------- d-----w C:\Program Files\DIFX
2008-09-16 05:25 --------- d-----w C:\Program Files\Intel
2008-09-16 05:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 05:23 --------- d-----w C:\Program Files\SigmaTel
2008-09-16 05:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-16 05:23 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\Dell
2008-09-16 05:22 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\InstallShield
2008-09-16 05:21 --------- d-----w C:\Program Files\Dell
2008-09-16 05:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-16 05:15 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-16 05:15 --------- d-----w C:\Program Files\Common Files\L&H
2008-09-16 05:14 --------- d-----w C:\Program Files\Microsoft Works
2008-09-16 04:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-15 20:12 --------- d-----w C:\Program Files\ReflexiveArcade
2008-09-15 20:12 --------- d-----w C:\Program Files\Bricks of Camelot
2008-09-15 20:11 --------- d-----w C:\Program Files\Realore
2008-09-15 20:11 --------- d-----w C:\Program Files\PopCap Games
2008-09-15 20:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-09-15 20:10 --------- d-----w C:\Program Files\Chicken Invaders 2
2008-09-15 20:10 --------- d-----w C:\Program Files\BFG
2008-09-15 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-15 20:03 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-09-15 20:03 172,032 ------w C:\WINDOWS\Setup1.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/15/2008 10:57 PM 932864]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"Netlog Music Tool"="C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe" [N/A]
"DesktopIconToy"="C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe" [10/12/2008 02:40 PM 450560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/10/2007 06:06 PM 1228800]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM 405504]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [07/02/2007 01:29 PM 159744]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/25/2007 04:32 PM 823296]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/25/2007 04:30 PM 974848]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/05/2007 05:13 PM 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/05/2007 05:13 PM 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [09/05/2007 05:13 PM 137752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [09/15/2008 10:54 PM 77824]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/01/2008 02:18 PM 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 09:56 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-22 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\winks\\mcoinstall.exe"=
"C:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM 24592]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/07/2007 11:52 PM 27136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da45091f-8f92-11dd-83bd-001fe1dba3b1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{def9b946-940e-11dd-83ce-001fe1dba3b1}]
\Shell\AutoRun\command - F:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BD195C73-48CA-FFB7-61FD-038F0AAB384B}]
C:\DOCUME~1\BURAQ\LOCALS~1\Temp\svchost.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\BURAQ\Application Data\Mozilla\Firefox\Profiles\fw8yq5jt.default\
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-21 03:24:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/21/2008 3:25:58
ComboFix-quarantined-files.txt 2008-10-21 10:25:56
Pre-Run: 11,091,542,016 bytes free
Post-Run: 11,127,537,664 bytes free
211 --- E O F --- 2008-10-16 07:55:09
يعني ماخليت شي ماجربته ولا عارف وش اسوي؟؟
ساعدوني
مشكلتي ان النت مايفتح عندي
اتصال دي اس ال والكل يفتح عنده وانا الحين داخله من جهاز اخوي
ياليت تساعدوني هذي صوره
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وهذا الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:33:28 ص, on 21/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\BURAQ\Desktop\برامج\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8755 bytes
_________________________________________________________
________________________________________________________
وجربت اسوي له fix
وهذا تقرير
ComboFix 08-10-19.04 - BURAQ 10/21/2008 3:18:12.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.592 [GMT -7:00]
Running from: C:\Documents and Settings\BURAQ\My Documents\Bluetooth Exchange Folder\ComboFix\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Resources\Themes\coco\Shell\Desktop_.ini
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 08:44 3,764 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-21 08:44 202,528 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-21 08:44 1,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-21 08:44 1,244 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-20 16:23 --------- d-----w C:\Program Files\Desktop Icon Toy
2008-10-19 07:10 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\CyberScrub
2008-10-19 07:09 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\cleaner
2008-10-18 09:22 1,630,208 ----a-w C:\WINDOWS\system32\ULTRA SURF 9.9 BY OWL.exe
2008-10-15 03:18 --------- d-----w C:\Program Files\Netlog Video Tool
2008-10-15 02:06 --------- d-----w C:\Program Files\Netlog Photo Tool
2008-10-14 22:58 90,112 ----a-w C:\WINDOWS\DUMP5217.tmp
2008-10-07 01:24 --------- d-----w C:\Program Files\Mobily Connect Card
2008-10-04 02:55 --------- d-----w C:\Program Files\DCETools
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-02 01:52 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\CyberLink
2008-10-01 21:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-01 21:18 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-01 21:18 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-01 03:11 --------- d-----w C:\Program Files\Save Flash
2008-09-27 09:27 --------- d-----w C:\Program Files\LtUcx
2008-09-25 09:23 --------- d-----w C:\Program Files\iVocalize Web Conference 4
2008-09-25 07:17 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\Media Player Classic
2008-09-22 08:42 --------- d-----w C:\Program Files\Stardock
2008-09-20 12:32 --------- d-----w C:\Program Files\Teorex
2008-09-19 15:12 --------- d-----w C:\Program Files\MosaicCreator
2008-09-17 09:59 --------- d-----w C:\Program Files\MSXML 6.0
2008-09-16 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-16 10:12 --------- d-----w C:\Program Files\Circle Developement
2008-09-16 06:02 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-16 06:02 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-16 06:02 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-16 06:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-16 06:00 --------- d-----w C:\Program Files\Ozone
2008-09-16 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-16 05:59 --------- d-----w C:\Program Files\Windows Live
2008-09-16 05:59 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-16 05:59 --------- d-----w C:\Program Files\CyberLink
2008-09-16 05:58 --------- d-----w C:\Program Files\MSN Messenger
2008-09-16 05:58 --------- d-----w C:\Program Files\Macromedia
2008-09-16 05:57 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-16 05:57 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\IDM
2008-09-16 05:57 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\DMCache
2008-09-16 05:56 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-16 05:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-16 05:56 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-09-16 05:56 --------- d-----w C:\Program Files\ACD Systems
2008-09-16 05:56 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\ACD Systems
2008-09-16 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-16 05:55 --------- d-----w C:\Program Files\GRETECH
2008-09-16 05:55 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\GRETECH
2008-09-16 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-16 05:54 --------- d-----w C:\Program Files\Nokia
2008-09-16 05:54 --------- d-----w C:\Program Files\Java
2008-09-16 05:54 --------- d-----w C:\Program Files\Hotspot Shield
2008-09-16 05:54 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-16 05:54 --------- d-----w C:\Program Files\Common Files\Java
2008-09-16 05:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-16 05:53 --------- d-----w C:\Program Files\Nero
2008-09-16 05:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-16 05:52 --------- d-----w C:\Program Files\Real
2008-09-16 05:52 --------- d-----w C:\Program Files\Common Files\Real
2008-09-16 05:46 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_Dell 500 .MRK
2008-09-16 05:46 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_Dell 500 .MRK
2008-09-16 05:42 --------- d-----w C:\Program Files\Marvell
2008-09-16 05:41 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\TMP
2008-09-16 05:39 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-09-16 05:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-09-16 05:39 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\Intel
2008-09-16 05:38 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-16 05:38 21,393 ----a-w C:\WINDOWS\AegisP.sys
2008-09-16 05:38 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-09-16 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-09-16 05:33 --------- d-----w C:\Program Files\WIDCOMM
2008-09-16 05:31 --------- d-----w C:\Program Files\CONEXANT
2008-09-16 05:28 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-16 05:28 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-09-16 05:28 --------- d-----w C:\Program Files\DellTPad
2008-09-16 05:27 --------- d-----w C:\Program Files\DIFX
2008-09-16 05:25 --------- d-----w C:\Program Files\Intel
2008-09-16 05:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 05:23 --------- d-----w C:\Program Files\SigmaTel
2008-09-16 05:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-16 05:23 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\Dell
2008-09-16 05:22 --------- d-----w C:\Documents and Settings\BURAQ\Application Data\InstallShield
2008-09-16 05:21 --------- d-----w C:\Program Files\Dell
2008-09-16 05:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-16 05:15 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-16 05:15 --------- d-----w C:\Program Files\Common Files\L&H
2008-09-16 05:14 --------- d-----w C:\Program Files\Microsoft Works
2008-09-16 04:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-15 20:12 --------- d-----w C:\Program Files\ReflexiveArcade
2008-09-15 20:12 --------- d-----w C:\Program Files\Bricks of Camelot
2008-09-15 20:11 --------- d-----w C:\Program Files\Realore
2008-09-15 20:11 --------- d-----w C:\Program Files\PopCap Games
2008-09-15 20:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-09-15 20:10 --------- d-----w C:\Program Files\Chicken Invaders 2
2008-09-15 20:10 --------- d-----w C:\Program Files\BFG
2008-09-15 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-15 20:03 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-09-15 20:03 172,032 ------w C:\WINDOWS\Setup1.exe
.
كود:
<pre>
----a-w 518,481 2002-01-05 18:00:26 C:\Documents and Settings\BURAQ\Desktop\مجموعة العاب\أجمل ألعاب الفلاش\لعبة مبنى التجارة .exe
</pre>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/15/2008 10:57 PM 932864]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"Netlog Music Tool"="C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe" [N/A]
"DesktopIconToy"="C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe" [10/12/2008 02:40 PM 450560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/10/2007 06:06 PM 1228800]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM 405504]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [07/02/2007 01:29 PM 159744]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/25/2007 04:32 PM 823296]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/25/2007 04:30 PM 974848]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/05/2007 05:13 PM 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/05/2007 05:13 PM 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [09/05/2007 05:13 PM 137752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [09/15/2008 10:54 PM 77824]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/01/2008 02:18 PM 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 09:56 PM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-22 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\winks\\mcoinstall.exe"=
"C:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM 24592]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [06/07/2007 11:52 PM 27136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da45091f-8f92-11dd-83bd-001fe1dba3b1}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{def9b946-940e-11dd-83ce-001fe1dba3b1}]
\Shell\AutoRun\command - F:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BD195C73-48CA-FFB7-61FD-038F0AAB384B}]
C:\DOCUME~1\BURAQ\LOCALS~1\Temp\svchost.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\BURAQ\Application Data\Mozilla\Firefox\Profiles\fw8yq5jt.default\
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-21 03:24:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/21/2008 3:25:58
ComboFix-quarantined-files.txt 2008-10-21 10:25:56
Pre-Run: 11,091,542,016 bytes free
Post-Run: 11,127,537,664 bytes free
211 --- E O F --- 2008-10-16 07:55:09
يعني ماخليت شي ماجربته ولا عارف وش اسوي؟؟
ساعدوني
