jojajo
زيزوومي نشيط
غير متصل
انا عندى مشكلة فى جاهزى مش عارف اعمل اية انا عملت شوية تقارير بشوية برامج شوفوها الاول
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:59, on 2009-01-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\FCleaner\FCleaner.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinASO\Registry Optimizer\RegOpt.exe
D:\Virus Removal\2009\Zyzoom_HijackThis.exe
D:\Virus Removal\Hijack This.exe
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Messenger] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ymsgr:callto? %1
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FTweakFCleaner] C:\Program Files\FCleaner\FCleaner.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Mena\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Mena\Application Data\CyberScrub\Privacy Suite"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video ******* with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 4584 bytes
********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.20.7238 *
* *
********************************************************************************
Created at 16:52:13 on Thursday, January 22, 2009
Time Zone : (GMT+02:00) Cairo
Logged On User : Mena
Operating System : Microsoft Windows XP Professional Service Pack 3
OS Version : 5.1.2600
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 Intel(R) Pentium(R) 4 CPU 3.00GHz
System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32
System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 20.5 GB
System Drive Free : 12.06 GB
Total Physical Memory: 511 MB
Free Physical Memory : 333 MB
Total Page File : 511 MB
Free Page File : 1151 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1963 MB
Boot State : Fail-safe boot
--------------------------------------------------------------------------------
!!! userinit.exe is Clean !!!
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done
ShadowPuterDude
Safe Surfing!!!
Engine Version : 5300.2777
Engine Load Time : 31531 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 2009-01-11
Extra DAT : 0 detections
Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's ****** directories
******s : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\Mena\NTUSER.DAT : Scan Failed
c:\Documents and Settings\Mena\ntuser.dat.LOG : Scan Failed
File : c:\Documents and Settings\Mena\Desktop\Virus Removal Tool\is-5TS2J\startup.exe : contains "Trojan" called "Generic PWS.y" (No Action Taken )
c:\Documents and Settings\Mena\Desktop\Virus Removal Tool\is-5TS2J\startup.exe : No action taken
c:\Documents and Settings\Mena\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Mena\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Mena\Local Settings\temp\Perflib_Perfdata_690.dat : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
Scanning the registry
Registry : Clean
Summary :-
FilesFound : 32991
FilesScanned : 20517
FilesNotScanned : 12474
******sFound : 83565
******sInfected : 1
******sCleaned : 0
******sDeleted : 0
FilesInfected : 1
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0
Started at : 17:01:09 2009-01-22
Ended at : 18:03:07 2009-01-22
Duration : 1 hours 1 minutes 57 seconds
3870 MB scanned in 3717 seconds = 1066 KB/s
Engine initialisation failed with engine error 7
Engine initialisation failed with engine error 7
Engine initialisation failed with engine error 7
Engine initialisation failed with engine error 7
Engine initialisation failed with engine error 7
SmitFraudFix v2.391
Scan done at 16:53:22.87, 2009-01-22
Run from D:\Virus Removal\2009\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\WINDOWS\system32\x.exe
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8FE494A9-1BFC-44C2-A5F4-09334CBCDCB3}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8FE494A9-1BFC-44C2-A5F4-09334CBCDCB3}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8FE494A9-1BFC-44C2-A5F4-09334CBCDCB3}: DhcpNameServer=10.0.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Explorer ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Explorer ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR ==> réparer
وعندى فيرس فحصت عنه باداه Yaman tools لكن شوفوا الصورة
بالعلم انا عندى Kaspersky internet security 2009 لكن مش عارف اعمل والكمبيوتر بطى اوى اوى اوى وانا كنت عامل مشاركة قبل كدة وشكرا جدا جدا جدا
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:59, on 2009-01-22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\FCleaner\FCleaner.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinASO\Registry Optimizer\RegOpt.exe
D:\Virus Removal\2009\Zyzoom_HijackThis.exe
D:\Virus Removal\Hijack This.exe
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Messenger] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ymsgr:callto? %1
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FTweakFCleaner] C:\Program Files\FCleaner\FCleaner.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Mena\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Mena\Application Data\CyberScrub\Privacy Suite"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video ******* with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 4584 bytes
********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.20.7238 *
* *
********************************************************************************
Created at 16:52:13 on Thursday, January 22, 2009
Time Zone : (GMT+02:00) Cairo
Logged On User : Mena
Operating System : Microsoft Windows XP Professional Service Pack 3
OS Version : 5.1.2600
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 Intel(R) Pentium(R) 4 CPU 3.00GHz
System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32
System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 20.5 GB
System Drive Free : 12.06 GB
Total Physical Memory: 511 MB
Free Physical Memory : 333 MB
Total Page File : 511 MB
Free Page File : 1151 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1963 MB
Boot State : Fail-safe boot
--------------------------------------------------------------------------------
!!! userinit.exe is Clean !!!
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done
ShadowPuterDude
Safe Surfing!!!
Engine Version : 5300.2777
Engine Load Time : 31531 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 2009-01-11
Extra DAT : 0 detections
Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's ****** directories
******s : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\Mena\NTUSER.DAT : Scan Failed
c:\Documents and Settings\Mena\ntuser.dat.LOG : Scan Failed
File : c:\Documents and Settings\Mena\Desktop\Virus Removal Tool\is-5TS2J\startup.exe : contains "Trojan" called "Generic PWS.y" (No Action Taken )
c:\Documents and Settings\Mena\Desktop\Virus Removal Tool\is-5TS2J\startup.exe : No action taken
c:\Documents and Settings\Mena\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Mena\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Mena\Local Settings\temp\Perflib_Perfdata_690.dat : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
Scanning the registry
Registry : Clean
Summary :-
FilesFound : 32991
FilesScanned : 20517
FilesNotScanned : 12474
******sFound : 83565
******sInfected : 1
******sCleaned : 0
******sDeleted : 0
FilesInfected : 1
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0
Started at : 17:01:09 2009-01-22
Ended at : 18:03:07 2009-01-22
Duration : 1 hours 1 minutes 57 seconds
3870 MB scanned in 3717 seconds = 1066 KB/s
Engine initialisation failed with engine error 7
Engine initialisation failed with engine error 7
Engine initialisation failed with engine error 7
Engine initialisation failed with engine error 7
Engine initialisation failed with engine error 7
SmitFraudFix v2.391
Scan done at 16:53:22.87, 2009-01-22
Run from D:\Virus Removal\2009\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\WINDOWS\system32\x.exe
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8FE494A9-1BFC-44C2-A5F4-09334CBCDCB3}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8FE494A9-1BFC-44C2-A5F4-09334CBCDCB3}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8FE494A9-1BFC-44C2-A5F4-09334CBCDCB3}: DhcpNameServer=10.0.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ==> réparer
[2009-01-22 17:27:40] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Explorer ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig ==> réparer
[2009-01-22 17:27:40] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden ==> réparer
[2009-01-22 17:28:11] - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Explorer ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig ==> réparer
[2009-01-22 17:28:11] - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR ==> réparer
وعندى فيرس فحصت عنه باداه Yaman tools لكن شوفوا الصورة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بالعلم انا عندى Kaspersky internet security 2009 لكن مش عارف اعمل والكمبيوتر بطى اوى اوى اوى وانا كنت عامل مشاركة قبل كدة وشكرا جدا جدا جدا
