- بادئ الموضوع shda1428
- تاريخ البدء
- 752
الليث الضارب
زيزوومى مبدع
غير متصل
عذراً بنقله إلى الركن المناسب ,,
بالتوفيق ,,
بالتوفيق ,,
توقيع : الليث الضارب
تأييد
0
هاوي النت
زيزوومى فضى
غير متصل
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
تأييد
0
حياكم الله يااخوتي وهذا التقرير اللي طلبته اخوي (( هاوي النت )) بارك الله فيك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:00 م, on 06/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\سعيد الغامدي\My Documents\Downloads\Compressed\fg679p1f1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\سعيد الغامدي\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8567
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bait deaf idle setup] C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf\slow bend.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [The Wipe] C:\DOCUME~1\C02E~1\APPLIC~1\BOOB64~1\junknoun2.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra 'Tools' menuitem: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
--
End of file - 8718 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:00 م, on 06/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\سعيد الغامدي\My Documents\Downloads\Compressed\fg679p1f1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\سعيد الغامدي\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8567
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bait deaf idle setup] C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf\slow bend.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [The Wipe] C:\DOCUME~1\C02E~1\APPLIC~1\BOOB64~1\junknoun2.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra 'Tools' menuitem: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
--
End of file - 8718 bytes
تأييد
0
KoNaMi
زيزوومى فضى
غير متصل
حياك الله اخوي
احذف هذة القيم
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra 'Tools' menuitem: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
.png)
.png)
احذف هذة القيم
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra 'Tools' menuitem: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
طريقة الحذف
وبذلك تكون تمت عملية الحذف
بعدها حمل هذه الأدآة
استخدم هذه الاداة للتنظيف
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعدين سوي تقرير جديد نشوف حالة الجهاز
توقيع : KoNaMi
تأييد
0
هاوي النت
زيزوومى فضى
غير متصل
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، انسخه والصقه بردك القادم
(2)
هات تقرير هايجاك جديد
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، انسخه والصقه بردك القادم
(2)
هات تقرير هايجاك جديد
تأييد
0
تفضل اخوي سويت زي مااقلت
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:03 م, on 06/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\سعيد الغامدي\My Documents\Downloads\Compressed\fg679p1f1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Documents and Settings\سعيد الغامدي\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8567
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bait deaf idle setup] C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf\slow bend.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [The Wipe] C:\DOCUME~1\C02E~1\APPLIC~1\BOOB64~1\junknoun2.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra 'Tools' menuitem: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
--
End of file - 8566 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:03 م, on 06/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\سعيد الغامدي\My Documents\Downloads\Compressed\fg679p1f1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Documents and Settings\سعيد الغامدي\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8567
R3 - URLSearchHook: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: zyzoom Toolbar - {3aaa6ede-0f45-43da-8b81-608a1d8108a2} - C:\Program Files\zyzoom\tbzyz1.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bait deaf idle setup] C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf\slow bend.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [The Wipe] C:\DOCUME~1\C02E~1\APPLIC~1\BOOB64~1\junknoun2.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra 'Tools' menuitem: موقع الدوالج التعليمي - {7B28C068-0049-4862-95AE-8FD306F88531} - C:\Program Files\Dwalej\RunTray.exe (file missing)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
--
End of file - 8566 bytes
تأييد
0
Corporation
زيزوومى فضى
غير متصل
أخوي التقرير إلى الآن مصآب
أرجع نظف بالأدآة الي أعطآك أياها هاوي النت
وبعدين أرجع سوي تقرير هآجآك جديد
لان صرآحة في قيم كثيرة مصآبة
توقيع : Corporation
تأييد
0
حياكم الله جميعا هذا التقرير بعد تشغيل برنامج ( ComboFix ) ولكن لم يعد التغيل فقط اعطاني هذا التقرير
ComboFix 08-12-06.03 - سعيد الغامدي 12/06/2008 23:53:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1315 [GMT 3:00]
Running from: c:\documents and settings\سعيد الغامدي\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 20:53 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\DMCache
2008-12-06 20:53 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\DMCache
2008-12-06 20:53 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\DMCache
2008-12-06 13:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-03 22:15 --------- d-----w c:\program files\GetData
2008-12-03 19:55 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\GTunnel
2008-12-03 19:55 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\GTunnel
2008-12-03 19:55 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\GTunnel
2008-12-03 19:37 --------- d-----w c:\program files\moulin
2008-12-02 18:13 --------- d-----w c:\program files\Common Files\Skype
2008-12-02 17:49 --------- d-----w c:\program files\Ashampoo
2008-11-30 17:36 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Boob 64 Mapi
2008-11-30 17:36 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Boob 64 Mapi
2008-11-30 17:36 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Boob 64 Mapi
2008-11-28 17:15 96,384 ----a-w c:\windows\system32\drivers\sptd2797.sys
2008-11-28 13:09 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\skypePM
2008-11-28 13:09 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\skypePM
2008-11-28 13:09 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\skypePM
2008-11-21 15:58 --------- d-----w c:\program files\Google
2008-11-21 13:47 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\vlc
2008-11-21 13:47 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\vlc
2008-11-21 13:47 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\vlc
2008-11-21 13:46 --------- d-----w c:\program files\VideoLAN
2008-11-20 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-19 15:54 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Thinstall
2008-11-19 15:54 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Thinstall
2008-11-19 15:54 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Thinstall
2008-11-19 13:37 --------- d-----w c:\program files\Internet Download Manager
2008-11-19 13:04 --------- d-----w c:\program files\Your Uninstaller 2008
2008-11-19 12:46 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-18 13:44 --------- d-----w c:\program files\AAQ
2008-11-17 15:24 --------- d-----w c:\program files\zyzoom
2008-11-17 13:17 --------- d-----w c:\program files\Unity
2008-11-16 18:12 --------- d-----w c:\program files\MSXML 4.0
2008-11-16 17:24 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Kunnafoni
2008-11-16 17:24 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Kunnafoni
2008-11-16 17:24 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Kunnafoni
2008-11-16 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\Htm Support Bait Deaf
2008-11-16 15:23 --------- d-----w c:\program files\Boob 64 Mapi
2008-11-16 13:11 --------- d-----w c:\program files\Siber Systems
2008-11-16 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\RoboForm
2008-11-15 18:01 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\IDM
2008-11-15 18:01 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\IDM
2008-11-15 18:01 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\IDM
2008-11-15 15:24 --------- d-----w c:\program files\Adverts
2008-11-14 13:17 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-11-14 13:16 --------- d-----w c:\program files\Microsoft
2008-11-14 13:05 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-13 20:23 --------- d-----w c:\program files\Paltalk Messenger
2008-11-10 17:57 --------- d-----w c:\program files\aljazeera news
2008-11-09 14:06 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Paltalk
2008-11-09 14:06 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Paltalk
2008-11-09 14:06 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Paltalk
2008-11-04 13:38 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\RealVNC
2008-11-04 13:38 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\RealVNC
2008-11-04 13:38 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\RealVNC
2008-11-04 13:27 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-04 13:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 13:27 --------- d-----w c:\program files\TP-LINK
2008-10-27 14:51 --------- d-----w c:\program files\Conduit
2008-10-27 07:38 95,056 ----a-w c:\windows\DSETUP.dll
2008-10-27 07:37 1,692,496 ----a-w c:\windows\dsetup32.dll
2008-10-27 07:36 526,160 ----a-w c:\windows\DXSETUP.exe
2008-10-25 18:45 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-10-25 18:14 --------- d-----w c:\program files\Driver-Soft
2008-10-25 18:11 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-25 18:01 --------- d-----w c:\program files\Real
2008-10-25 18:01 --------- d-----w c:\program files\Common Files\xing shared
2008-10-25 18:01 --------- d-----w c:\program files\Common Files\Real
2008-10-25 17:47 --------- d-----w c:\program files\WinAVI Video Converter
2008-10-25 17:45 --------- d-----w c:\program files\VisualSubSync
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 02:35 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-22 18:59 --------- d-----w c:\program files\Nero
2008-10-22 18:42 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ahead
2008-10-22 18:42 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ahead
2008-10-22 18:42 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ahead
2008-10-22 18:26 --------- d-----w c:\program files\Common Files\Nero
2008-10-22 18:26 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-19 18:01 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-19 17:37 --------- d-----w c:\program files\ReflexiveArcade
2008-10-19 01:40 --------- d-----w c:\program files\PowerISO
2008-10-19 01:09 223,128 ----a-w c:\windows\system32\drivers\vaxscsi.sys
2008-10-19 01:09 --------- d-----w c:\program files\Alcohol Soft
2008-10-19 01:08 643,072 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-18 14:41 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2008-10-18 14:41 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ashampoo
2008-10-18 14:41 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ashampoo
2008-10-18 14:41 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ashampoo
2008-10-16 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-16 18:22 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Nero
2008-10-16 18:22 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Nero
2008-10-16 18:22 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Nero
2008-10-16 17:52 81,984 ----a-w c:\windows\system32\bdod.bin
2008-10-16 16:00 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\URSoft
2008-10-16 16:00 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\URSoft
2008-10-16 16:00 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\URSoft
2008-10-16 15:59 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-16 15:59 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Media Player Classic
2008-10-16 15:59 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Media Player Classic
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3aaa6ede-0f45-43da-8b81-608a1d8108a2}"= "c:\program files\zyzoom\tbzyz1.dll" [11/17/2008 06:24 PM 1784856]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
11/17/2008 06:24 PM 1784856 --a------ c:\program files\zyzoom\tbzyz1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3AAA6EDE-0F45-43DA-8B81-608A1D8108A2}"= "c:\program files\zyzoom\tbzyz1.dll" [11/17/2008 06:24 PM 1784856]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"Google Update"="c:\documents and settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [11/20/2008 09:13 PM 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/16/2008 06:48 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [11/28/2005 08:55 AM 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [11/28/2005 08:52 AM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [11/28/2005 08:55 AM 118784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [10/25/2008 09:01 PM 185872]
"bait deaf idle setup"="c:\documents and settings\All Users\Application Data\Htm Support Bait Deaf\slow bend.exe" [12/06/2008 08:49 PM 3559424]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [07/07/2008 10:34 AM 167936]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 07:00 PM 110592 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 11:08 AM 16380416 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [06/15/2007 11:45 AM 1826816 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-11-04 622592]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\سعيد الغامدي\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\سعيد الغامدي\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-04-14 26112]
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-12-06 c:\windows\Tasks\A8C2226291A1D902.job
- c:\docume~1\c02e~1\applic~1\boob64~1\funk bore clock.exe []
2008-12-06 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\3 []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-The Wipe - c:\docume~1\C02E~1\APPLIC~1\BOOB64~1\junknoun2.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
IE: تخصيص القائمه - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: حفظ النماذج - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: شريط ادوات روبوفورم - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: ملئ النماذج - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FireFox -: Profile - c:\documents and settings\سعيد الغامدي\Application Data\Mozilla\Firefox\Profiles\p9eqpwcv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1654009&SearchSource=3&q=
FF -: plugin - c:\documents and settings\ط³ط¹ظٹط¯ ط§ظ„ط؛ط§ظ…ط¯ظٹ\Application Data\Mozilla\plugins\npgoogletalk.dll
FF -: plugin - c:\documents and settings\ط³ط¹ظٹط¯ ط§ظ„ط؛ط§ظ…ط¯ظٹ\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-12-06 23:54:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\igfxdev.dll
.
Completion time: 12/06/2008 23:55:53
ComboFix-quarantined-files.txt 2008-12-06 20:55:18
Pre-Run: 23,762,358,272 bytes free
Post-Run: 23,749,005,312 bytes free
207 --- E O F --- 2008-12-04 13:29:45
ComboFix 08-12-06.03 - سعيد الغامدي 12/06/2008 23:53:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1315 [GMT 3:00]
Running from: c:\documents and settings\سعيد الغامدي\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 20:53 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\DMCache
2008-12-06 20:53 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\DMCache
2008-12-06 20:53 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\DMCache
2008-12-06 13:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-03 22:15 --------- d-----w c:\program files\GetData
2008-12-03 19:55 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\GTunnel
2008-12-03 19:55 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\GTunnel
2008-12-03 19:55 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\GTunnel
2008-12-03 19:37 --------- d-----w c:\program files\moulin
2008-12-02 18:13 --------- d-----w c:\program files\Common Files\Skype
2008-12-02 17:49 --------- d-----w c:\program files\Ashampoo
2008-11-30 17:36 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Boob 64 Mapi
2008-11-30 17:36 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Boob 64 Mapi
2008-11-30 17:36 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Boob 64 Mapi
2008-11-28 17:15 96,384 ----a-w c:\windows\system32\drivers\sptd2797.sys
2008-11-28 13:09 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\skypePM
2008-11-28 13:09 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\skypePM
2008-11-28 13:09 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\skypePM
2008-11-21 15:58 --------- d-----w c:\program files\Google
2008-11-21 13:47 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\vlc
2008-11-21 13:47 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\vlc
2008-11-21 13:47 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\vlc
2008-11-21 13:46 --------- d-----w c:\program files\VideoLAN
2008-11-20 13:13 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-19 15:54 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Thinstall
2008-11-19 15:54 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Thinstall
2008-11-19 15:54 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Thinstall
2008-11-19 13:37 --------- d-----w c:\program files\Internet Download Manager
2008-11-19 13:04 --------- d-----w c:\program files\Your Uninstaller 2008
2008-11-19 12:46 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-18 13:44 --------- d-----w c:\program files\AAQ
2008-11-17 15:24 --------- d-----w c:\program files\zyzoom
2008-11-17 13:17 --------- d-----w c:\program files\Unity
2008-11-16 18:12 --------- d-----w c:\program files\MSXML 4.0
2008-11-16 17:24 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Kunnafoni
2008-11-16 17:24 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Kunnafoni
2008-11-16 17:24 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Kunnafoni
2008-11-16 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\Htm Support Bait Deaf
2008-11-16 15:23 --------- d-----w c:\program files\Boob 64 Mapi
2008-11-16 13:11 --------- d-----w c:\program files\Siber Systems
2008-11-16 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\RoboForm
2008-11-15 18:01 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\IDM
2008-11-15 18:01 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\IDM
2008-11-15 18:01 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\IDM
2008-11-15 15:24 --------- d-----w c:\program files\Adverts
2008-11-14 13:17 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-11-14 13:16 --------- d-----w c:\program files\Microsoft
2008-11-14 13:05 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-13 20:23 --------- d-----w c:\program files\Paltalk Messenger
2008-11-10 17:57 --------- d-----w c:\program files\aljazeera news
2008-11-09 14:06 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Paltalk
2008-11-09 14:06 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Paltalk
2008-11-09 14:06 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Paltalk
2008-11-04 13:38 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\RealVNC
2008-11-04 13:38 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\RealVNC
2008-11-04 13:38 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\RealVNC
2008-11-04 13:27 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-04 13:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 13:27 --------- d-----w c:\program files\TP-LINK
2008-10-27 14:51 --------- d-----w c:\program files\Conduit
2008-10-27 07:38 95,056 ----a-w c:\windows\DSETUP.dll
2008-10-27 07:37 1,692,496 ----a-w c:\windows\dsetup32.dll
2008-10-27 07:36 526,160 ----a-w c:\windows\DXSETUP.exe
2008-10-25 18:45 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-10-25 18:14 --------- d-----w c:\program files\Driver-Soft
2008-10-25 18:11 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-25 18:01 --------- d-----w c:\program files\Real
2008-10-25 18:01 --------- d-----w c:\program files\Common Files\xing shared
2008-10-25 18:01 --------- d-----w c:\program files\Common Files\Real
2008-10-25 17:47 --------- d-----w c:\program files\WinAVI Video Converter
2008-10-25 17:45 --------- d-----w c:\program files\VisualSubSync
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 02:35 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-22 18:59 --------- d-----w c:\program files\Nero
2008-10-22 18:42 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ahead
2008-10-22 18:42 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ahead
2008-10-22 18:42 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ahead
2008-10-22 18:26 --------- d-----w c:\program files\Common Files\Nero
2008-10-22 18:26 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-19 18:01 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-19 17:37 --------- d-----w c:\program files\ReflexiveArcade
2008-10-19 01:40 --------- d-----w c:\program files\PowerISO
2008-10-19 01:09 223,128 ----a-w c:\windows\system32\drivers\vaxscsi.sys
2008-10-19 01:09 --------- d-----w c:\program files\Alcohol Soft
2008-10-19 01:08 643,072 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-18 14:41 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2008-10-18 14:41 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ashampoo
2008-10-18 14:41 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ashampoo
2008-10-18 14:41 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Ashampoo
2008-10-16 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-16 18:22 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Nero
2008-10-16 18:22 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Nero
2008-10-16 18:22 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Nero
2008-10-16 17:52 81,984 ----a-w c:\windows\system32\bdod.bin
2008-10-16 16:00 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\URSoft
2008-10-16 16:00 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\URSoft
2008-10-16 16:00 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\URSoft
2008-10-16 15:59 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-16 15:59 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Media Player Classic
2008-10-16 15:59 --------- d-----w c:\documents and settings\سعيد الغامدي\Application Data\Media Player Classic
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3aaa6ede-0f45-43da-8b81-608a1d8108a2}"= "c:\program files\zyzoom\tbzyz1.dll" [11/17/2008 06:24 PM 1784856]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
11/17/2008 06:24 PM 1784856 --a------ c:\program files\zyzoom\tbzyz1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3AAA6EDE-0F45-43DA-8B81-608A1D8108A2}"= "c:\program files\zyzoom\tbzyz1.dll" [11/17/2008 06:24 PM 1784856]
[HKEY_CLASSES_ROOT\clsid\{3aaa6ede-0f45-43da-8b81-608a1d8108a2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"Google Update"="c:\documents and settings\سعيد الغامدي\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [11/20/2008 09:13 PM 133104]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [10/16/2008 06:48 PM 2606512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [11/28/2005 08:55 AM 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [11/28/2005 08:52 AM 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [11/28/2005 08:55 AM 118784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [10/25/2008 09:01 PM 185872]
"bait deaf idle setup"="c:\documents and settings\All Users\Application Data\Htm Support Bait Deaf\slow bend.exe" [12/06/2008 08:49 PM 3559424]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [07/07/2008 10:34 AM 167936]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/14/2008 07:00 PM 110592 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 11:08 AM 16380416 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [06/15/2007 11:45 AM 1826816 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-11-04 622592]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\سعيد الغامدي\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\سعيد الغامدي\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-04-14 26112]
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-12-06 c:\windows\Tasks\A8C2226291A1D902.job
- c:\docume~1\c02e~1\applic~1\boob64~1\funk bore clock.exe []
2008-12-06 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\3 []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-The Wipe - c:\docume~1\C02E~1\APPLIC~1\BOOB64~1\junknoun2.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
IE: تخصيص القائمه - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: حفظ النماذج - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: شريط ادوات روبوفورم - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: ملئ النماذج - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FireFox -: Profile - c:\documents and settings\سعيد الغامدي\Application Data\Mozilla\Firefox\Profiles\p9eqpwcv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1654009&SearchSource=3&q=
FF -: plugin - c:\documents and settings\ط³ط¹ظٹط¯ ط§ظ„ط؛ط§ظ…ط¯ظٹ\Application Data\Mozilla\plugins\npgoogletalk.dll
FF -: plugin - c:\documents and settings\ط³ط¹ظٹط¯ ط§ظ„ط؛ط§ظ…ط¯ظٹ\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-12-06 23:54:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\igfxdev.dll
.
Completion time: 12/06/2008 23:55:53
ComboFix-quarantined-files.txt 2008-12-06 20:55:18
Pre-Run: 23,762,358,272 bytes free
Post-Run: 23,749,005,312 bytes free
207 --- E O F --- 2008-12-04 13:29:45
تأييد
0