- بادئ الموضوع motym
- تاريخ البدء
- 930
تقرير هاي جاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:07:50, on 07/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LG Software\On Screen Display\Hotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\USER\سطح المكتب\Hijack.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
E:\بــــــــــــــــــــــــرامـــج \ادوات\Hijack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [اختصار صفحة خصائص High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
--
End of file - 5680 bytes
.........................الكمبو............
ComboFix 08-11-04.02 - USER 11/07/2008 1:56:02.18 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.620 [GMT 3:00]
Running from: c:\documents and settings\USER\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 22:59 541,216 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-06 22:48 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-06 22:25 2,248 ----a-w c:\windows\system32\tmp.reg
2008-11-06 22:17 60,848 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-06 22:17 30,704 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-06 22:17 3,431,712 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-06 22:13 --------- d-----w c:\documents and settings\USER\Application Data\cleaner
2008-11-06 22:01 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-06 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-05 11:55 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-11-05 11:54 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-05 11:54 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-05 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2008-11-03 13:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 13:54 --------- d-----w c:\program files\Ipswitch
2008-11-03 13:54 --------- d-----w c:\documents and settings\USER\Application Data\Ipswitch
2008-11-03 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\Ipswitch
2008-11-01 22:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-01 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-01 19:20 --------- d-----w c:\program files\aMSN
2008-10-29 17:18 --------- d-----w c:\program files\BandRich
2008-10-29 14:51 --------- d-----w c:\program files\MSBuild
2008-10-29 14:51 --------- d-----w c:\program files\Microsoft Works
2008-10-28 14:47 --------- d-----w c:\program files\ShiningMorning
2008-10-26 16:30 --------- d-----w c:\program files\تنزيل مفاتيح منتجات كاسبرسكاي
2008-10-23 08:50 --------- d-----w c:\documents and settings\USER\Application Data\MakeUpPilot
2008-10-20 18:53 --------- d-----w c:\program files\lg_swupdate
2008-10-13 11:41 --------- d-----w c:\program files\Conduit
2008-10-13 11:39 --------- d-----w c:\program files\Hotspot_Shield
2008-10-13 00:25 606,208 ----a-w c:\windows\system32\CS.dll
2008-10-12 06:12 --------- d-----w c:\program files\Marvell
2008-10-12 06:11 --------- d-----w c:\program files\LG Software
2008-10-11 20:14 --------- d-----w c:\program files\ArabicSP Software
2008-10-11 18:32 --------- d-----w c:\program files\Parallels
2008-10-11 18:29 --------- d-----w c:\program files\Microsoft Virtual PC
2008-10-11 16:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-11 08:37 155,995 ----a-w c:\windows\java\Packages\B1BZ3TFJ.ZIP
2008-10-10 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\Prevx
2008-10-10 18:58 --------- d-----w c:\program files\Sun
2008-10-10 18:57 --------- d-----w c:\program files\Java
2008-10-07 21:44 --------- d-----w c:\program files\Letter Chase Speed Reader
2008-10-05 07:54 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-04 21:27 --------- d-----w c:\program files\Kaspersky Lab
2008-10-03 21:39 --------- d-----w c:\program files\Common Files\Adobe
2008-10-02 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-01 15:24 --------- d-----w c:\documents and settings\USER\Application Data\Thinstall
2008-09-28 21:29 --------- d-----w c:\program files\Serials 2000 7.1 Plus
2008-09-26 22:34 --------- d-----w c:\documents and settings\USER\Application Data\TeamViewer
2008-09-26 21:52 --------- d-----w c:\program files\TeamViewer3
2008-09-25 17:07 --------- d-----w c:\program files\AGI
2008-09-21 20:38 --------- d-----w c:\program files\Cracklock
2008-09-20 02:59 --------- d-----w c:\program files\Common Files\Macromedia Shared
2008-09-20 02:58 --------- d-----w c:\program files\Common Files\Macromedia
2008-09-20 02:56 --------- d-----w c:\program files\Macromedia
2008-09-20 00:02 --------- d-----w c:\program files\Windows Live
2008-09-19 00:51 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-15 15:24 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-14 22:56 294,912 ----a-w c:\windows\HideWin.exe
2008-09-14 22:55 --------- d-----w c:\program files\Realtek
2008-09-14 21:49 --------- d-----w c:\documents and settings\USER\Application Data\CyberScrub
2008-09-09 17:42 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-09 17:42 --------- d-----w c:\program files\Adobe Media Player
2008-09-09 17:22 --------- d-----w c:\program files\Common Files\Java
2008-09-09 12:46 --------- d-----w c:\documents and settings\USER\Application Data\DMCache
2008-09-09 12:42 --------- d-----w c:\program files\Thinstall.VS
2008-09-09 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\Thinstall
2008-09-08 15:07 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-08 06:02 --------- d-----w c:\documents and settings\USER\Application Data\Avant Profiles
2008-09-08 06:01 --------- d-----w c:\program files\CCleaner
2008-09-08 06:01 --------- d-----w c:\program files\Avant Browser
2008-09-08 06:00 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-09-08 05:59 --------- d-----w c:\program files\TechSmith
2008-09-08 05:58 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-08 05:33 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-09-08 05:33 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-09-08 05:33 --------- d-----w c:\program files\Real
2008-09-08 05:33 --------- d-----w c:\program files\Common Files\xing shared
2008-09-08 05:33 --------- d-----w c:\program files\Common Files\Real
2008-09-08 05:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-08 05:19 --------- d-----w c:\program files\Synaptics
2008-09-08 05:13 --------- d-----w c:\program files\Intel
2008-09-08 05:05 --------- d-----w c:\program files\microsoft frontpage
2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:20 2,190,720 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:20 2,067,584 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot_Mon 11-03-2008_21.06.44.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-29 17:15:21 16,384 ----a-w c:\windows\system32\config\systemprofile\s\index.dat
+ 2008-11-06 21:44:22 32,768 ----a-w c:\windows\system32\config\systemprofile\s\index.dat
- 2008-10-29 17:15:21 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-06 21:44:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-29 17:15:21 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-11-06 21:44:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-11-05 11:55:03 194,320 ----a-w c:\windows\system32\drivers\klif.sys
+ 2007-04-04 11:58:26 24,344 ----a-w c:\windows\system32\drivers\klim5.sys
+ 2007-06-28 09:50:52 22,457 ----a-w c:\windows\system32\drivers\klop.dat
+ 2007-06-28 09:51:48 206,088 ----a-w c:\windows\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [10/04/2008 11:30 PM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\Hotkey.exe" [07/26/2005 09:18 AM 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [09/08/2008 08:33 AM 185896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2005 11:59 AM 98396]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2005 11:58 AM 667740]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [02/07/2006 04:39 PM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [02/07/2006 04:36 PM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [02/07/2006 04:40 PM 118784]
"batterymiser"="c:\program files\LG Software\Battery Miser 2005\batterymiser.exe" [06/01/2006 05:54 PM 335872]
"IPO3"="c:\program files\LG Software\IP Operator 2005\IP Operator 2005.exe" [07/29/2005 11:14 AM 1028096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 07:00 PM 110592 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [06/08/2005 08:42 AM 14565376 c:\windows\RTHDCPL.EXE]
"اختصار صفحة خصائص High Definition Audio"="HDAShCut.exe" [01/07/2005 05:07 PM 61952 c:\windows\system32\HdAShCut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [08/24/2005 10:24 AM 88203 c:\windows\AGRSMMSG.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [06/01/2006 05:54 PM 114688]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^SnagIt 8.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\SnagIt 8.lnk
backup=c:\windows\pss\SnagIt 8.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Media Player.lnk]
path=c:\documents and settings\USER\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG Intelligent Update]
--a------ 10/13/2008 03:25 AM 106496 c:\program files\lg_swupdate\autoupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/04/2008 11:30 PM 5724184 c:\program files\Windows Live\Messenger\MsnMsgr.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [ ]
S3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys [07/03/2008 10:58 PM 323584]
S3 tapvpn;TAP VPN Adapter;c:\windows\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM 27136]
S4 اداه كاسبر لحذف الفيروسات;اداه كاسبر لحذف الفيروسات;c:\documents and settings\All Users\سطح المكتب\Kaspersky Lab Tool\اداه كاسبر لحذف الفيروسات.exe [ ]
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\1txq1itu.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-07 01:59:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/07/2008 2:01:37
ComboFix-quarantined-files.txt 2008-11-06 23:01:31
ComboFix2.txt 2008-11-06 22:24:05
ComboFix3.txt 2008-11-03 18:07:14
ComboFix4.txt 2008-10-31 11:31:15
ComboFix5.txt 2008-11-06 22:55:31
Pre-Run: 23,116,115,968 bytes free
Post-Run: 23,101,087,744 bytes free
192 --- E O F --- 2008-11-01 22:41:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:07:50, on 07/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LG Software\On Screen Display\Hotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\USER\سطح المكتب\Hijack.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
E:\بــــــــــــــــــــــــرامـــج \ادوات\Hijack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [اختصار صفحة خصائص High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator 2005\IP Operator 2005.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
--
End of file - 5680 bytes
.........................الكمبو............
ComboFix 08-11-04.02 - USER 11/07/2008 1:56:02.18 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.620 [GMT 3:00]
Running from: c:\documents and settings\USER\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 22:59 541,216 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-06 22:48 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-06 22:25 2,248 ----a-w c:\windows\system32\tmp.reg
2008-11-06 22:17 60,848 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-06 22:17 30,704 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-06 22:17 3,431,712 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-06 22:13 --------- d-----w c:\documents and settings\USER\Application Data\cleaner
2008-11-06 22:01 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-06 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-05 11:55 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-11-05 11:54 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-05 11:54 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-05 07:01 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2008-11-03 13:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 13:54 --------- d-----w c:\program files\Ipswitch
2008-11-03 13:54 --------- d-----w c:\documents and settings\USER\Application Data\Ipswitch
2008-11-03 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\Ipswitch
2008-11-01 22:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-01 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-01 19:20 --------- d-----w c:\program files\aMSN
2008-10-29 17:18 --------- d-----w c:\program files\BandRich
2008-10-29 14:51 --------- d-----w c:\program files\MSBuild
2008-10-29 14:51 --------- d-----w c:\program files\Microsoft Works
2008-10-28 14:47 --------- d-----w c:\program files\ShiningMorning
2008-10-26 16:30 --------- d-----w c:\program files\تنزيل مفاتيح منتجات كاسبرسكاي
2008-10-23 08:50 --------- d-----w c:\documents and settings\USER\Application Data\MakeUpPilot
2008-10-20 18:53 --------- d-----w c:\program files\lg_swupdate
2008-10-13 11:41 --------- d-----w c:\program files\Conduit
2008-10-13 11:39 --------- d-----w c:\program files\Hotspot_Shield
2008-10-13 00:25 606,208 ----a-w c:\windows\system32\CS.dll
2008-10-12 06:12 --------- d-----w c:\program files\Marvell
2008-10-12 06:11 --------- d-----w c:\program files\LG Software
2008-10-11 20:14 --------- d-----w c:\program files\ArabicSP Software
2008-10-11 18:32 --------- d-----w c:\program files\Parallels
2008-10-11 18:29 --------- d-----w c:\program files\Microsoft Virtual PC
2008-10-11 16:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-11 08:37 155,995 ----a-w c:\windows\java\Packages\B1BZ3TFJ.ZIP
2008-10-10 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\Prevx
2008-10-10 18:58 --------- d-----w c:\program files\Sun
2008-10-10 18:57 --------- d-----w c:\program files\Java
2008-10-07 21:44 --------- d-----w c:\program files\Letter Chase Speed Reader
2008-10-05 07:54 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-04 21:27 --------- d-----w c:\program files\Kaspersky Lab
2008-10-03 21:39 --------- d-----w c:\program files\Common Files\Adobe
2008-10-02 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-01 15:24 --------- d-----w c:\documents and settings\USER\Application Data\Thinstall
2008-09-28 21:29 --------- d-----w c:\program files\Serials 2000 7.1 Plus
2008-09-26 22:34 --------- d-----w c:\documents and settings\USER\Application Data\TeamViewer
2008-09-26 21:52 --------- d-----w c:\program files\TeamViewer3
2008-09-25 17:07 --------- d-----w c:\program files\AGI
2008-09-21 20:38 --------- d-----w c:\program files\Cracklock
2008-09-20 02:59 --------- d-----w c:\program files\Common Files\Macromedia Shared
2008-09-20 02:58 --------- d-----w c:\program files\Common Files\Macromedia
2008-09-20 02:56 --------- d-----w c:\program files\Macromedia
2008-09-20 00:02 --------- d-----w c:\program files\Windows Live
2008-09-19 00:51 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-15 15:24 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-14 22:56 294,912 ----a-w c:\windows\HideWin.exe
2008-09-14 22:55 --------- d-----w c:\program files\Realtek
2008-09-14 21:49 --------- d-----w c:\documents and settings\USER\Application Data\CyberScrub
2008-09-09 17:42 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-09 17:42 --------- d-----w c:\program files\Adobe Media Player
2008-09-09 17:22 --------- d-----w c:\program files\Common Files\Java
2008-09-09 12:46 --------- d-----w c:\documents and settings\USER\Application Data\DMCache
2008-09-09 12:42 --------- d-----w c:\program files\Thinstall.VS
2008-09-09 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\Thinstall
2008-09-08 15:07 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-08 06:02 --------- d-----w c:\documents and settings\USER\Application Data\Avant Profiles
2008-09-08 06:01 --------- d-----w c:\program files\CCleaner
2008-09-08 06:01 --------- d-----w c:\program files\Avant Browser
2008-09-08 06:00 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2008-09-08 05:59 --------- d-----w c:\program files\TechSmith
2008-09-08 05:58 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-08 05:33 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-09-08 05:33 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-09-08 05:33 --------- d-----w c:\program files\Real
2008-09-08 05:33 --------- d-----w c:\program files\Common Files\xing shared
2008-09-08 05:33 --------- d-----w c:\program files\Common Files\Real
2008-09-08 05:21 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-08 05:19 --------- d-----w c:\program files\Synaptics
2008-09-08 05:13 --------- d-----w c:\program files\Intel
2008-09-08 05:05 --------- d-----w c:\program files\microsoft frontpage
2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:20 2,190,720 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:20 2,067,584 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot_Mon 11-03-2008_21.06.44.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-29 17:15:21 16,384 ----a-w c:\windows\system32\config\systemprofile\s\index.dat
+ 2008-11-06 21:44:22 32,768 ----a-w c:\windows\system32\config\systemprofile\s\index.dat
- 2008-10-29 17:15:21 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-06 21:44:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-29 17:15:21 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-11-06 21:44:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-11-05 11:55:03 194,320 ----a-w c:\windows\system32\drivers\klif.sys
+ 2007-04-04 11:58:26 24,344 ----a-w c:\windows\system32\drivers\klim5.sys
+ 2007-06-28 09:50:52 22,457 ----a-w c:\windows\system32\drivers\klop.dat
+ 2007-06-28 09:51:48 206,088 ----a-w c:\windows\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [10/04/2008 11:30 PM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeybdUtility"="c:\program files\LG Software\On Screen Display\Hotkey.exe" [07/26/2005 09:18 AM 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [09/08/2008 08:33 AM 185896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2005 11:59 AM 98396]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2005 11:58 AM 667740]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [02/07/2006 04:39 PM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [02/07/2006 04:36 PM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [02/07/2006 04:40 PM 118784]
"batterymiser"="c:\program files\LG Software\Battery Miser 2005\batterymiser.exe" [06/01/2006 05:54 PM 335872]
"IPO3"="c:\program files\LG Software\IP Operator 2005\IP Operator 2005.exe" [07/29/2005 11:14 AM 1028096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 07:00 PM 110592 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [06/08/2005 08:42 AM 14565376 c:\windows\RTHDCPL.EXE]
"اختصار صفحة خصائص High Definition Audio"="HDAShCut.exe" [01/07/2005 05:07 PM 61952 c:\windows\system32\HdAShCut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [08/24/2005 10:24 AM 88203 c:\windows\AGRSMMSG.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [06/01/2006 05:54 PM 114688]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^SnagIt 8.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\SnagIt 8.lnk
backup=c:\windows\pss\SnagIt 8.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Media Player.lnk]
path=c:\documents and settings\USER\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG Intelligent Update]
--a------ 10/13/2008 03:25 AM 106496 c:\program files\lg_swupdate\autoupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 10/04/2008 11:30 PM 5724184 c:\program files\Windows Live\Messenger\MsnMsgr.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [ ]
S3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys [07/03/2008 10:58 PM 323584]
S3 tapvpn;TAP VPN Adapter;c:\windows\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM 27136]
S4 اداه كاسبر لحذف الفيروسات;اداه كاسبر لحذف الفيروسات;c:\documents and settings\All Users\سطح المكتب\Kaspersky Lab Tool\اداه كاسبر لحذف الفيروسات.exe [ ]
.
s of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\1txq1itu.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-11-07 01:59:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/07/2008 2:01:37
ComboFix-quarantined-files.txt 2008-11-06 23:01:31
ComboFix2.txt 2008-11-06 22:24:05
ComboFix3.txt 2008-11-03 18:07:14
ComboFix4.txt 2008-10-31 11:31:15
ComboFix5.txt 2008-11-06 22:55:31
Pre-Run: 23,116,115,968 bytes free
Post-Run: 23,101,087,744 bytes free
192 --- E O F --- 2008-11-01 22:41:44
تأييد
0
ashalshaikh
زيزوومى فضى
غير متصل
أكيد إنت شغلت أداة زيزوووم لحذف فيروسات الفلاش ميموري ,,,, أو عامل حصانة بـ usb sicurity أو إسمه قريب من كذا ,,,,
على كل حال ,,, لا تخاف هذا الملف يحميك من إعادة إرجاع الفيروسات بعد حذفه أو انتشاره بعد أو قبل الفورمات ,,,,
=========
لأن الفيروسات دائما تنتشر بسبب هذا الملف AUTORUN.INF وهذا مجلد بنفس الإسم محمي من الحذف ,,,, عشان الفيروس إذا جاء يحط ملفه ما يقدر لإن فيه ملف بنفس الإسم ,,, ولا يقدر يحذف الملف ويحط ملفه لأنه محمي من الحذف ,,,,
على كل حال ,,, لا تخاف هذا الملف يحميك من إعادة إرجاع الفيروسات بعد حذفه أو انتشاره بعد أو قبل الفورمات ,,,,
=========
لأن الفيروسات دائما تنتشر بسبب هذا الملف AUTORUN.INF وهذا مجلد بنفس الإسم محمي من الحذف ,,,, عشان الفيروس إذا جاء يحط ملفه ما يقدر لإن فيه ملف بنفس الإسم ,,, ولا يقدر يحذف الملف ويحط ملفه لأنه محمي من الحذف ,,,,
توقيع : ashalshaikh
تأييد
0
أبو رشا
زيزوومى مبدع
غير متصل
أخي الكريم : قم بتحميل unlocker لحذف فايروس أوتورن إنف
بعد تثبيت البرنامج ضع مؤشر الماوس على الملف واضغط الزر الأيمن للماوس
واختر الخيار الذي يوجد به العصا السحرية ( unlocker ) وسيتم حذفه نهائياً
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد تثبيت البرنامج ضع مؤشر الماوس على الملف واضغط الزر الأيمن للماوس
واختر الخيار الذي يوجد به العصا السحرية ( unlocker ) وسيتم حذفه نهائياً
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
مشكورين جميعا عموما انا جربت الاداه وحذفت اللي بالقرصين دي و اي لكن السي يقول هل ترغب الحذف عند اعاده التشغيل قلت نعم وننتظر بعد اعاده التشغيل
بالنسبه لكلام الاخ ashalshaikh معقوله جدا بس انا مااعرف اني شغلت اي ملف او اداه من اللي قلت ولا استخدم غير الهاي جاك والكمبو فقط وقد تكون فعلا هي اللي تقول عنها بس انا مو مرتاح لها ابدا :er: وقلت نحذفها افظل
تأييد
0