- بادئ الموضوع فتى الدرب
- تاريخ البدء
- 1,163
Haithamko fone
زيزوومي جديد
- إنضم
- 1 نوفمبر 2008
- المشاركات
- 95
- مستوى التفاعل
- 2
- النقاط
- 110
غير متصل
هل هذه المشكلة تحدث عندما تفتح ملف به اكثر من فيديو ؟
تأييد
0
تأييد
0
صمت السكوت
زيزوومى محترف
- إنضم
- 3 أبريل 2008
- المشاركات
- 5,058
- مستوى التفاعل
- 53
- النقاط
- 830
غير متصل
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : صمت السكوت
تأييد
0
عاشق الحلم
زيزوومي جديد
- إنضم
- 27 أبريل 2008
- المشاركات
- 7
- مستوى التفاعل
- 0
- النقاط
- 0
غير متصل
مع فائق احترامي وتقديري لك اختي خلود وبالنسبة للأداتين حملتها وبالنسبة للأداة الأولى هذا هو التقرير
ComboFix 08-11-13.02 - Administrator 11/15/2008 21:52:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.201 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\addon.dat
c:\program files\Bifrost
c:\program files\bifrost\klog.dat
.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 19:06 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-15 18:56 4,436 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-15 18:56 368,672 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-15 18:56 16,740 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-15 18:56 1,602,080 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-12 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-10 18:36 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\FreeHotBabesScreensaver
2008-11-03 21:05 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-03 11:41 --------- d-----w c:\program files\HP
2008-11-03 11:41 --------- d-----w c:\program files\Hewlett-Packard
2008-11-03 10:17 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2008-11-03 10:07 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2008-11-01 19:59 --------- d-----w c:\program files\Skype
2008-11-01 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-01 19:58 --------- d-----w c:\program files\Common Files\Skype
2008-10-31 19:42 65,385 ----a-w c:\windows\BricoPackUninst.cmd
2008-10-31 19:42 6,112 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-31 13:09 --------- d-----w c:\program files\Axialis
2008-10-31 12:17 --------- d-----w c:\program files\MSN Messenger
2008-10-31 12:17 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-31 12:17 --------- d-----w c:\program files\Circle Developement
2008-10-31 07:09 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinking Minds Budiling Bytes
2008-10-26 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\FreeHotBabesScreensaver
2008-10-26 21:23 --------- d-----w c:\documents and settings\Administrator\Application Data\FreeHotBabesScreensaver
2008-10-25 20:49 --------- d-----w c:\documents and settings\Administrator\Application Data\Image Zone Express
2008-10-25 17:02 --------- d-----w c:\documents and settings\Administrator\Application Data\HP
2008-10-25 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-25 15:54 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:22 --------- d-----w c:\program files\MSN Pictures Displayer
2008-10-16 20:22 --------- d-----w c:\documents and settings\Administrator\Application Data\MSN Pictures Displayer
2008-10-15 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-15 14:09 --------- d-----w c:\program files\Adverts
2008-10-07 06:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Orbit
2008-10-06 23:57 --------- d-----w c:\documents and settings\Administrator\Application Data\GrabPro
2008-10-06 15:48 --------- d-----w c:\program files\Evil Msn
2008-10-05 05:11 --------- d-----w c:\program files\Hanami
2008-10-04 22:05 --------- d-----w c:\program files\MouseAround
.
------- Sigcheck -------
04/21/2008 09:56 AM 665088 5e6599f286dca71723cae03c388770c5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
04/21/2008 09:42 AM 664576 908b749bc0864b68b5be77bc530b63bd c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
04/21/2008 09:24 AM 665088 5d9314f5fad444882b68d49b23429d75 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
04/23/2008 07:19 AM 827392 154282ae8e63d03a7add87e50d061836 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
06/23/2008 06:38 PM 827904 bd4be2824bc805da1f29385519b865f9 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
08/26/2008 12:08 PM 827904 bceb6d8a6bea74628db977215081652a c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
04/21/2008 10:01 AM 657920 087391c34ae510d222ea2b4753bb8f5d c:\windows\$NtServicePackUninstall$\wininet.dll
04/14/2008 09:29 PM 664576 699b4dbfba7d4201d67c521e5df0670d c:\windows\$NtUninstallKB950759$\wininet.dll
08/04/2004 12:55 AM 654848 1e1cef80a11bdab92b2a83f885d214d5 c:\windows\$NtUninstallKB950759_0$\wininet.dll
04/21/2008 09:42 AM 664576 908b749bc0864b68b5be77bc530b63bd c:\windows\ie7\wininet.dll
08/13/2007 06:54 PM 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB950759-IE7\wininet.dll
04/23/2008 07:16 AM 826368 565098f166f21e24874ebc8cf89c623c c:\windows\ie7updates\KB953838-IE7\wininet.dll
06/23/2008 07:15 PM 826368 3f4bca25f29394995161e8e85d925c1a c:\windows\ie7updates\KB956390-IE7\wininet.dll
08/26/2008 10:57 AM 817152 931f9e64c1054d8418fb6719f157713c c:\windows\ServicePackFiles\i386\wininet.dll
08/26/2008 10:57 AM 817152 931f9e64c1054d8418fb6719f157713c c:\windows\system32\wininet.dll
08/26/2008 10:57 AM 826368 8d2003bbfffd5ff95ea66350e4d1e4c7 c:\windows\system32\dllcache\wininet.dll
04/14/2008 09:29 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\explorer.exe
08/04/2004 12:56 AM 1029632 932f97b77f2625f7ff7dfc97552548f8 c:\windows\$NtServicePackUninstall$\explorer.exe
04/14/2008 09:29 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\ServicePackFiles\i386\explorer.exe
07/18/2008 10:10 PM 68808 136896c2cdc3f689876e0d44485153ea c:\windows\ServicePackFiles\i386\wuauclt.exe
07/18/2008 10:10 PM 68808 136896c2cdc3f689876e0d44485153ea c:\windows\system32\wuauclt.exe
07/18/2008 10:10 PM 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [03/27/2008 02:12 PM 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{215fa32b-b0f7-6d7f-002a-fbebadf0d30c}]
08/07/2008 02:54 PM 97792 --a------ c:\windows\system32\rfqibozfmswe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{e795e28a-af8a-d108-f8bd-880759b738cb}]
11/06/2008 07:41 PM 573952 --a------ c:\windows\system32\nsn2D.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{EEE6C35C-6118-11DC-9C72-001320C79847}]
03/27/2008 02:12 PM 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{FC740608-B791-515F-27AC-5BAC2DEACFDB}]
11/01/2008 12:46 PM 178176 --a------ c:\windows\system32\nzxdnekgaugofrxc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/01/2008 07:42 PM 68856]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:55 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [08/16/2008 08:59 AM 185896]
"pxwlpxaqgwcb"="c:\windows\system32\nzxdnekgaugofrxc.dll" [11/01/2008 12:46 PM 178176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM 54840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]
c:\documents and settings\Administrator\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
MSN Pictures Displayer.lnk - c:\program files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-10-16 4561920]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
09/07/2004 04:08 PM 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^قائمة ابدأ^البرامج^بدء التشغيل^Ela-Salaty.lnk]
path=c:\documents and settings\Administrator\قائمة ابدأ\البرامج\بدء التشغيل\Ela-Salaty.lnk
backup=c:\windows\pss\Ela-Salaty.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^قائمة ابدأ^البرامج^بدء التشغيل^Shortcut to Hanami.exe.lnk]
path=c:\documents and settings\Administrator\قائمة ابدأ\البرامج\بدء التشغيل\Shortcut to Hanami.exe.lnk
backup=c:\windows\pss\Shortcut to Hanami.exe.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 10/07/2005 02:13 PM 176128 c:\program files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 04/14/2008 09:29 PM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 09/01/2005 05:24 PM 684032 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
--a------ 06/24/2008 02:26 PM 148784 c:\program files\HiYo\Bin\HiYo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 09/20/2005 10:32 AM 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 09/20/2005 10:36 AM 114688 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 09/20/2005 10:35 AM 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 10/30/2004 02:59 PM 385024 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 08/01/2008 02:54 AM 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MouseAround]
--a------ 12/11/2001 11:34 PM 151552 c:\program files\MouseAround\MouseAround.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 06/10/2008 04:27 AM 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 03/27/2008 07:31 PM 111928 c:\program files\SweetIM\Messenger\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 08/16/2008 08:59 AM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
R3 GTICARD;GTICARD;c:\windows\system32\DRIVERS\gticard.sys [2003-02-06 59328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-04 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [06/20/2008 09:09 AM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-msnmsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R1 -: HKCU-Internet Settings,ProxyOverride = local
O8 -: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-15 22:07:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\ADMINI~1\LOCALS~1\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LC.gif 379 bytes
c:\docume~1\ADMINI~1\LOCALS~1\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LK.gif 377 bytes
c:\docume~1\ADMINI~1\LOCALS~1\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ME.gif 330 bytes
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\explorer.exe
-> c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\regsvr32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 11/15/2008 22:10:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-15 19:10:17
Pre-Run: 23,604,228,096 bytes free
Post-Run: 23,781,466,112 bytes free
237 --- E O F --- 2008-11-12 22:06:34
ComboFix 08-11-13.02 - Administrator 11/15/2008 21:52:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.201 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\addon.dat
c:\program files\Bifrost
c:\program files\bifrost\klog.dat
.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 19:06 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-15 18:56 4,436 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-15 18:56 368,672 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-15 18:56 16,740 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-15 18:56 1,602,080 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-12 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-10 18:36 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\FreeHotBabesScreensaver
2008-11-03 21:05 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-03 11:41 --------- d-----w c:\program files\HP
2008-11-03 11:41 --------- d-----w c:\program files\Hewlett-Packard
2008-11-03 10:17 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2008-11-03 10:07 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2008-11-01 19:59 --------- d-----w c:\program files\Skype
2008-11-01 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-01 19:58 --------- d-----w c:\program files\Common Files\Skype
2008-10-31 19:42 65,385 ----a-w c:\windows\BricoPackUninst.cmd
2008-10-31 19:42 6,112 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-10-31 13:09 --------- d-----w c:\program files\Axialis
2008-10-31 12:17 --------- d-----w c:\program files\MSN Messenger
2008-10-31 12:17 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-31 12:17 --------- d-----w c:\program files\Circle Developement
2008-10-31 07:09 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinking Minds Budiling Bytes
2008-10-26 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\FreeHotBabesScreensaver
2008-10-26 21:23 --------- d-----w c:\documents and settings\Administrator\Application Data\FreeHotBabesScreensaver
2008-10-25 20:49 --------- d-----w c:\documents and settings\Administrator\Application Data\Image Zone Express
2008-10-25 17:02 --------- d-----w c:\documents and settings\Administrator\Application Data\HP
2008-10-25 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-25 15:54 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:22 --------- d-----w c:\program files\MSN Pictures Displayer
2008-10-16 20:22 --------- d-----w c:\documents and settings\Administrator\Application Data\MSN Pictures Displayer
2008-10-15 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-15 14:09 --------- d-----w c:\program files\Adverts
2008-10-07 06:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Orbit
2008-10-06 23:57 --------- d-----w c:\documents and settings\Administrator\Application Data\GrabPro
2008-10-06 15:48 --------- d-----w c:\program files\Evil Msn
2008-10-05 05:11 --------- d-----w c:\program files\Hanami
2008-10-04 22:05 --------- d-----w c:\program files\MouseAround
.
------- Sigcheck -------
04/21/2008 09:56 AM 665088 5e6599f286dca71723cae03c388770c5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
04/21/2008 09:42 AM 664576 908b749bc0864b68b5be77bc530b63bd c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
04/21/2008 09:24 AM 665088 5d9314f5fad444882b68d49b23429d75 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
04/23/2008 07:19 AM 827392 154282ae8e63d03a7add87e50d061836 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
06/23/2008 06:38 PM 827904 bd4be2824bc805da1f29385519b865f9 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
08/26/2008 12:08 PM 827904 bceb6d8a6bea74628db977215081652a c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
04/21/2008 10:01 AM 657920 087391c34ae510d222ea2b4753bb8f5d c:\windows\$NtServicePackUninstall$\wininet.dll
04/14/2008 09:29 PM 664576 699b4dbfba7d4201d67c521e5df0670d c:\windows\$NtUninstallKB950759$\wininet.dll
08/04/2004 12:55 AM 654848 1e1cef80a11bdab92b2a83f885d214d5 c:\windows\$NtUninstallKB950759_0$\wininet.dll
04/21/2008 09:42 AM 664576 908b749bc0864b68b5be77bc530b63bd c:\windows\ie7\wininet.dll
08/13/2007 06:54 PM 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB950759-IE7\wininet.dll
04/23/2008 07:16 AM 826368 565098f166f21e24874ebc8cf89c623c c:\windows\ie7updates\KB953838-IE7\wininet.dll
06/23/2008 07:15 PM 826368 3f4bca25f29394995161e8e85d925c1a c:\windows\ie7updates\KB956390-IE7\wininet.dll
08/26/2008 10:57 AM 817152 931f9e64c1054d8418fb6719f157713c c:\windows\ServicePackFiles\i386\wininet.dll
08/26/2008 10:57 AM 817152 931f9e64c1054d8418fb6719f157713c c:\windows\system32\wininet.dll
08/26/2008 10:57 AM 826368 8d2003bbfffd5ff95ea66350e4d1e4c7 c:\windows\system32\dllcache\wininet.dll
04/14/2008 09:29 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\explorer.exe
08/04/2004 12:56 AM 1029632 932f97b77f2625f7ff7dfc97552548f8 c:\windows\$NtServicePackUninstall$\explorer.exe
04/14/2008 09:29 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\ServicePackFiles\i386\explorer.exe
07/18/2008 10:10 PM 68808 136896c2cdc3f689876e0d44485153ea c:\windows\ServicePackFiles\i386\wuauclt.exe
07/18/2008 10:10 PM 68808 136896c2cdc3f689876e0d44485153ea c:\windows\system32\wuauclt.exe
07/18/2008 10:10 PM 53448 d316e28958873859b88d72cf47ad1ea5 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [03/27/2008 02:12 PM 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{215fa32b-b0f7-6d7f-002a-fbebadf0d30c}]
08/07/2008 02:54 PM 97792 --a------ c:\windows\system32\rfqibozfmswe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{e795e28a-af8a-d108-f8bd-880759b738cb}]
11/06/2008 07:41 PM 573952 --a------ c:\windows\system32\nsn2D.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{EEE6C35C-6118-11DC-9C72-001320C79847}]
03/27/2008 02:12 PM 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{FC740608-B791-515F-27AC-5BAC2DEACFDB}]
11/01/2008 12:46 PM 178176 --a------ c:\windows\system32\nzxdnekgaugofrxc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 02:12 PM 1164600]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/01/2008 07:42 PM 68856]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:55 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [08/16/2008 08:59 AM 185896]
"pxwlpxaqgwcb"="c:\windows\system32\nzxdnekgaugofrxc.dll" [11/01/2008 12:46 PM 178176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM 54840]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/25/2008 06:21 PM 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]
c:\documents and settings\Administrator\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
MSN Pictures Displayer.lnk - c:\program files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-10-16 4561920]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
09/07/2004 04:08 PM 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^قائمة ابدأ^البرامج^بدء التشغيل^Ela-Salaty.lnk]
path=c:\documents and settings\Administrator\قائمة ابدأ\البرامج\بدء التشغيل\Ela-Salaty.lnk
backup=c:\windows\pss\Ela-Salaty.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^قائمة ابدأ^البرامج^بدء التشغيل^Shortcut to Hanami.exe.lnk]
path=c:\documents and settings\Administrator\قائمة ابدأ\البرامج\بدء التشغيل\Shortcut to Hanami.exe.lnk
backup=c:\windows\pss\Shortcut to Hanami.exe.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 10/07/2005 02:13 PM 176128 c:\program files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 04/14/2008 09:29 PM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 09/01/2005 05:24 PM 684032 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
--a------ 06/24/2008 02:26 PM 148784 c:\program files\HiYo\Bin\HiYo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 09/20/2005 10:32 AM 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 09/20/2005 10:36 AM 114688 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 09/20/2005 10:35 AM 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 10/30/2004 02:59 PM 385024 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 08/01/2008 02:54 AM 190024 c:\program files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MouseAround]
--a------ 12/11/2001 11:34 PM 151552 c:\program files\MouseAround\MouseAround.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 06/10/2008 04:27 AM 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 03/27/2008 07:31 PM 111928 c:\program files\SweetIM\Messenger\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 08/16/2008 08:59 AM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
R3 GTICARD;GTICARD;c:\windows\system32\DRIVERS\gticard.sys [2003-02-06 59328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-04 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
s of the 'Scheduled Tasks' folder
2008-10-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [06/20/2008 09:09 AM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-msnmsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R1 -: HKCU-Internet Settings,ProxyOverride = local
O8 -: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-11-15 22:07:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\ADMINI~1\LOCALS~1\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LC.gif 379 bytes
c:\docume~1\ADMINI~1\LOCALS~1\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\LK.gif 377 bytes
c:\docume~1\ADMINI~1\LOCALS~1\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\ME.gif 330 bytes
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: c:\windows\explorer.exe
-> c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\regsvr32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 11/15/2008 22:10:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-15 19:10:17
Pre-Run: 23,604,228,096 bytes free
Post-Run: 23,781,466,112 bytes free
237 --- E O F --- 2008-11-12 22:06:34
تأييد
0
عاشق الحلم
زيزوومي جديد
- إنضم
- 27 أبريل 2008
- المشاركات
- 7
- مستوى التفاعل
- 0
- النقاط
- 0
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:24 العلوي, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: affiliator plug-in - {215fa32b-b0f7-6d7f-002a-fbebadf0d30c} - C:\WINDOWS\system32\rfqibozfmswe.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: adservefast - {e795e28a-af8a-d108-f8bd-880759b738cb} - C:\WINDOWS\system32\nsn2D.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: adservefast browser enhancer - {FC740608-B791-515F-27AC-5BAC2DEACFDB} - C:\WINDOWS\system32\nzxdnekgaugofrxc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pxwlpxaqgwcb] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\nzxdnekgaugofrxc.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Scan saved at 10:13:24 العلوي, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: affiliator plug-in - {215fa32b-b0f7-6d7f-002a-fbebadf0d30c} - C:\WINDOWS\system32\rfqibozfmswe.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: adservefast - {e795e28a-af8a-d108-f8bd-880759b738cb} - C:\WINDOWS\system32\nsn2D.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: adservefast browser enhancer - {FC740608-B791-515F-27AC-5BAC2DEACFDB} - C:\WINDOWS\system32\nzxdnekgaugofrxc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pxwlpxaqgwcb] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\nzxdnekgaugofrxc.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
تأييد
0
صمت السكوت
زيزوومى محترف
- إنضم
- 3 أبريل 2008
- المشاركات
- 5,058
- مستوى التفاعل
- 53
- النقاط
- 830
غير متصل
احذف التالي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
طريقة الحذف
نزل هالاداة لتنظيف الجهاز
وبعد ذلك نزل هذه الاداه
رابط تحميل آخر تحديث للاداة
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
وياليت تقرير هايجاك جديد بعد ذلك واعطائنا النتائج
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
طريقة الحذف
نزل هالاداة لتنظيف الجهاز
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبعد ذلك نزل هذه الاداه
رابط تحميل آخر تحديث للاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
وياليت تقرير هايجاك جديد بعد ذلك واعطائنا النتائج
توقيع : صمت السكوت
تأييد
0
الاخت خلود :مع فائق الاحترام والتقديرلسرعه استجابتك والرد على ،وهذا هو التقرير النهائى..
SmitFraudFix v2.375
Scan done at 21:20:16.34, Sun 11/16/2008
Run from C:\Documents and Settings\Administrator\«ل¥ ںéêè¢ \SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D4D6E889-D742-4FEC-B0C4-DA4737F30E75}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D4D6E889-D742-4FEC-B0C4-DA4737F30E75}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.375
Scan done at 21:20:16.34, Sun 11/16/2008
Run from C:\Documents and Settings\Administrator\«ل¥ ںéêè¢ \SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D4D6E889-D742-4FEC-B0C4-DA4737F30E75}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D4D6E889-D742-4FEC-B0C4-DA4737F30E75}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
توقيع : فتى الدرب
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
وعذرا ياغاالي بتعديل العنوان ليدل على محتوى الموضوع
توقيع : فارس الملاك
تأييد
0