- بادئ الموضوع dnya.dnya
- تاريخ البدء
- 750
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
التقرير سليم
اعمل التالي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
اعمل التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
توقيع : AbOdy
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:38:04 م, on 10/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\RCC\سطح المكتب\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.87:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: إحصائيات مضاد فيروسات المواقع - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6868 bytes
Scan saved at 08:38:04 م, on 10/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\RCC\سطح المكتب\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.87:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "C:\Program Files\Steganos Internet Trace Destructor 7\ITD7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: إحصائيات مضاد فيروسات المواقع - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 6868 bytes
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
اعمل التالي
عطل برامج الحماية وشغل الأداة
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
وبعدها عطني تقرير هايجاك جديد
عطل برامج الحماية وشغل الأداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
وبعدها عطني تقرير هايجاك جديد
توقيع : AbOdy
تأييد
0
ComboFix 09-03-10.03 - RCC 03/11/2009 17:07:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1015.546 [GMT 3:00]
Running from: c:\documents and settings\RCC\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 14:09 19,756,832 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-11 14:01 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-10 13:23 545,824 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-10 12:11 55,088 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-10 12:11 264,104 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-10 03:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-10 03:29 --------- d-----w c:\program files\Steganos Internet Trace Destructor 7
2009-03-05 12:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 12:40 --------- d-----w c:\program files\Common Files\PAC7302
2009-03-05 12:40 --------- d-----w c:\program files\ANC
2009-03-04 15:32 203,776 -c--a-w c:\windows\system32\clrviddc.dll
2009-03-04 15:27 --------- d-----w c:\program files\Common Files\xing shared
2009-03-04 15:27 --------- d-----w c:\program files\Common Files\Real
2009-03-04 15:26 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-04 13:25 --------- d-----w c:\program files\GRETECH
2009-03-03 03:52 --------- d-----w c:\program files\Creative
2009-03-02 09:34 --------- d--h--w c:\program files\Creative Installation Information
2009-03-02 09:10 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-28 20:58 --------- d-----w c:\documents and settings\RCC\Application Data\Creative
2009-02-28 08:20 --------- d-----w c:\documents and settings\RCC\Application Data\cleaner
2009-02-26 12:46 --------- d-----w c:\documents and settings\RCC\Application Data\CyberScrub
2009-02-26 04:12 --------- d-----w c:\program files\Real
2009-02-25 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-02-25 19:30 409,600 -c--a-w c:\windows\system32\wrap_oal.dll
2009-02-25 19:30 114,688 -c--a-w c:\windows\system32\OpenAL32.dll
2009-02-25 19:07 --------- d-----w c:\documents and settings\RCC\Application Data\Smart Recorder
2009-02-25 14:33 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-25 12:45 --------- d-----w c:\program files\Common Files\Creative
2009-02-25 08:10 --------- d-----w c:\program files\Reference Assemblies
2009-02-25 08:10 --------- d-----w c:\program files\MSBuild
2009-02-24 23:52 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-24 23:51 89,601 -c--a-w c:\windows\system32\drivers\klick.dat
2009-02-24 23:51 101,287 -c--a-w c:\windows\system32\drivers\klin.dat
2009-02-24 23:39 --------- d-----w c:\program files\Microsoft Works
2009-02-24 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-24 23:28 --------- d-----w c:\program files\Kaspersky Lab
2009-02-24 23:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-24 08:48 --------- d-----w c:\program files\The KMPlayer
2009-02-23 19:37 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 17:08 410,984 -c--a-w c:\windows\system32\deploytk.dll
2009-02-23 17:08 --------- d-----w c:\program files\Java
2009-02-23 10:27 --------- d-----w c:\program files\Remove Empty Directories
2009-02-23 05:20 --------- d-----w c:\documents and settings\RCC\Application Data\URSoft
2009-02-23 05:20 --------- d-----w c:\documents and settings\RCC\Application Data\Thinstall
2009-02-22 13:49 --------- d-----w c:\documents and settings\RCC\Application Data\Media Player Classic
2009-02-22 06:12 --------- d-----w c:\program files\Google
2009-02-21 21:59 --------- d-----w c:\documents and settings\RCC\Application Data\COWON
2009-02-21 00:33 --------- d-----w c:\program files\LtUcx
2009-02-20 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-20 16:22 --------- d-----w c:\program files\Windows Live
2009-02-20 16:22 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-20 16:22 --------- d-----w c:\program files\Adverts
2009-02-20 16:20 --------- d-----w c:\program files\Paltalk Messenger
2009-02-20 16:20 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-20 16:20 --------- d-----w c:\program files\JetAudio
2009-02-20 16:20 --------- d-----w c:\program files\Common Files\COWON
2009-02-20 16:20 --------- d-----w c:\documents and settings\RCC\Application Data\Paltalk
2009-02-20 16:17 73,216 -c--a-w c:\windows\ST6UNST.EXE
2009-02-20 16:17 172,032 -c--a-w c:\windows\Setup1.exe
2009-02-20 16:15 --------- d-----w c:\program files\CyberLink
2009-02-20 16:15 --------- d-----w c:\program files\Ahead
2009-02-20 16:06 --------- d-----w c:\program files\MSN Messenger
2009-02-20 15:59 10,368 -c--a-w c:\windows\system32\drivers\pfc.sys
2009-02-20 15:59 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-20 15:59 --------- d-----w c:\program files\ACD Systems
2009-02-20 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-20 15:58 --------- d-----w c:\program files\Macromedia
2009-02-20 15:56 --------- d-----w c:\program files\Common Files\Java
2009-02-20 15:55 155,995 -c--a-w c:\windows\java\Packages\0CXZB1Z5.ZIP
2009-02-20 15:51 --------- d-----w c:\program files\Common Files\Adobe
2009-02-20 15:50 47,104 -c--a-w c:\windows\AKDeInstall.exe
2009-02-20 15:50 --------- d-----w c:\program files\mpegable
2009-02-20 15:48 --------- d-----w c:\program files\Ozone
2009-02-20 15:21 --------- d-----w c:\program files\Microsoft.NET
2009-02-20 15:15 --------- d-----w c:\program files\CONEXANT
2009-02-20 15:07 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-20 14:47 --------- d-----w c:\program files\Realtek
2009-02-20 14:44 --------- d-----w c:\program files\Yahoo!
2009-02-20 14:44 --------- d-----w c:\program files\Intel
2009-02-20 14:38 --------- d-----w c:\program files\microsoft frontpage
2008-12-31 14:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 14:04 502,120 -c--a-w c:\windows\system32\OGAAddin.dll
2008-12-20 22:31 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 -c--a-w c:\windows\system32\dpl100.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM 102400]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [11/09/2006 10:19 AM 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"igfxpers"="c:\windows\system32\igfxpers.exe" [11/28/2005 08:55 AM 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [11/28/2005 08:52 AM 77824]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/04/2009 06:26 PM 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-20 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1214440339-1659004503-725345543-1003\Scripts\Logoff\0\0]
"Script"=c:\program files\Automatic Windows Internet Washer\xp.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
R1 is-RCCK0drv;is-RCCK0drv;c:\windows\system32\drivers\54922860.sys [2009-02-24 148496]
R3 ute0ntuz;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\ute0ntuz.sys --> c:\windows\system32\Drivers\ute0ntuz.sys [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 PAC7302;PAC7302 VGA SoC PC-Camera;c:\windows\system32\drivers\PAC7302.SYS [2009-03-05 458752]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IS-N92ESDRV
.
*******s of the 'Scheduled Tasks' folder
2009-03-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-CTXFIREG - CTxfiReg.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
DPF: Microsoft XML Parser for Java -
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://voice2.maxvoice.net/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.112/saudi1999/talks3n.cab
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-03-11 17:09:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R???w0??w????*??w???w ???w??w??-?m???2???????????????h???h??????????ww??w??-?m???2???????????????k!?sw??w??-?m?????????8w???????w??i????????w??????8w???w???????s???????w???w???????w??8wL??????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(764)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
Completion time: 03/11/2009 17:11:22
ComboFix-quarantined-files.txt 2009-03-11 14:11:19
Pre-Run: 19,517,825,024 bytes free
Post-Run: 19,512,242,176 bytes free
196 --- E O F --- 2009-02-25 13:13:04
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1015.546 [GMT 3:00]
Running from: c:\documents and settings\RCC\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 14:09 19,756,832 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-11 14:01 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-10 13:23 545,824 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-10 12:11 55,088 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-10 12:11 264,104 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-10 03:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-10 03:29 --------- d-----w c:\program files\Steganos Internet Trace Destructor 7
2009-03-05 12:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 12:40 --------- d-----w c:\program files\Common Files\PAC7302
2009-03-05 12:40 --------- d-----w c:\program files\ANC
2009-03-04 15:32 203,776 -c--a-w c:\windows\system32\clrviddc.dll
2009-03-04 15:27 --------- d-----w c:\program files\Common Files\xing shared
2009-03-04 15:27 --------- d-----w c:\program files\Common Files\Real
2009-03-04 15:26 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-04 13:25 --------- d-----w c:\program files\GRETECH
2009-03-03 03:52 --------- d-----w c:\program files\Creative
2009-03-02 09:34 --------- d--h--w c:\program files\Creative Installation Information
2009-03-02 09:10 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-28 20:58 --------- d-----w c:\documents and settings\RCC\Application Data\Creative
2009-02-28 08:20 --------- d-----w c:\documents and settings\RCC\Application Data\cleaner
2009-02-26 12:46 --------- d-----w c:\documents and settings\RCC\Application Data\CyberScrub
2009-02-26 04:12 --------- d-----w c:\program files\Real
2009-02-25 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-02-25 19:30 409,600 -c--a-w c:\windows\system32\wrap_oal.dll
2009-02-25 19:30 114,688 -c--a-w c:\windows\system32\OpenAL32.dll
2009-02-25 19:07 --------- d-----w c:\documents and settings\RCC\Application Data\Smart Recorder
2009-02-25 14:33 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-25 12:45 --------- d-----w c:\program files\Common Files\Creative
2009-02-25 08:10 --------- d-----w c:\program files\Reference Assemblies
2009-02-25 08:10 --------- d-----w c:\program files\MSBuild
2009-02-24 23:52 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-24 23:51 89,601 -c--a-w c:\windows\system32\drivers\klick.dat
2009-02-24 23:51 101,287 -c--a-w c:\windows\system32\drivers\klin.dat
2009-02-24 23:39 --------- d-----w c:\program files\Microsoft Works
2009-02-24 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-24 23:28 --------- d-----w c:\program files\Kaspersky Lab
2009-02-24 23:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-24 08:48 --------- d-----w c:\program files\The KMPlayer
2009-02-23 19:37 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 17:08 410,984 -c--a-w c:\windows\system32\deploytk.dll
2009-02-23 17:08 --------- d-----w c:\program files\Java
2009-02-23 10:27 --------- d-----w c:\program files\Remove Empty Directories
2009-02-23 05:20 --------- d-----w c:\documents and settings\RCC\Application Data\URSoft
2009-02-23 05:20 --------- d-----w c:\documents and settings\RCC\Application Data\Thinstall
2009-02-22 13:49 --------- d-----w c:\documents and settings\RCC\Application Data\Media Player Classic
2009-02-22 06:12 --------- d-----w c:\program files\Google
2009-02-21 21:59 --------- d-----w c:\documents and settings\RCC\Application Data\COWON
2009-02-21 00:33 --------- d-----w c:\program files\LtUcx
2009-02-20 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-20 16:22 --------- d-----w c:\program files\Windows Live
2009-02-20 16:22 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-20 16:22 --------- d-----w c:\program files\Adverts
2009-02-20 16:20 --------- d-----w c:\program files\Paltalk Messenger
2009-02-20 16:20 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-20 16:20 --------- d-----w c:\program files\JetAudio
2009-02-20 16:20 --------- d-----w c:\program files\Common Files\COWON
2009-02-20 16:20 --------- d-----w c:\documents and settings\RCC\Application Data\Paltalk
2009-02-20 16:17 73,216 -c--a-w c:\windows\ST6UNST.EXE
2009-02-20 16:17 172,032 -c--a-w c:\windows\Setup1.exe
2009-02-20 16:15 --------- d-----w c:\program files\CyberLink
2009-02-20 16:15 --------- d-----w c:\program files\Ahead
2009-02-20 16:06 --------- d-----w c:\program files\MSN Messenger
2009-02-20 15:59 10,368 -c--a-w c:\windows\system32\drivers\pfc.sys
2009-02-20 15:59 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-20 15:59 --------- d-----w c:\program files\ACD Systems
2009-02-20 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-20 15:58 --------- d-----w c:\program files\Macromedia
2009-02-20 15:56 --------- d-----w c:\program files\Common Files\Java
2009-02-20 15:55 155,995 -c--a-w c:\windows\java\Packages\0CXZB1Z5.ZIP
2009-02-20 15:51 --------- d-----w c:\program files\Common Files\Adobe
2009-02-20 15:50 47,104 -c--a-w c:\windows\AKDeInstall.exe
2009-02-20 15:50 --------- d-----w c:\program files\mpegable
2009-02-20 15:48 --------- d-----w c:\program files\Ozone
2009-02-20 15:21 --------- d-----w c:\program files\Microsoft.NET
2009-02-20 15:15 --------- d-----w c:\program files\CONEXANT
2009-02-20 15:07 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-20 14:47 --------- d-----w c:\program files\Realtek
2009-02-20 14:44 --------- d-----w c:\program files\Yahoo!
2009-02-20 14:44 --------- d-----w c:\program files\Intel
2009-02-20 14:38 --------- d-----w c:\program files\microsoft frontpage
2008-12-31 14:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 14:04 502,120 -c--a-w c:\windows\system32\OGAAddin.dll
2008-12-20 22:31 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 -c--a-w c:\windows\system32\dpl100.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM 102400]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [11/09/2006 10:19 AM 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"igfxpers"="c:\windows\system32\igfxpers.exe" [11/28/2005 08:55 AM 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [11/28/2005 08:52 AM 77824]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/04/2009 06:26 PM 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-20 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1214440339-1659004503-725345543-1003\Scripts\Logoff\0\0]
"Script"=c:\program files\Automatic Windows Internet Washer\xp.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
R1 is-RCCK0drv;is-RCCK0drv;c:\windows\system32\drivers\54922860.sys [2009-02-24 148496]
R3 ute0ntuz;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\ute0ntuz.sys --> c:\windows\system32\Drivers\ute0ntuz.sys [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 PAC7302;PAC7302 VGA SoC PC-Camera;c:\windows\system32\drivers\PAC7302.SYS [2009-03-05 458752]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IS-N92ESDRV
.
*******s of the 'Scheduled Tasks' folder
2009-03-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-CTXFIREG - CTxfiReg.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://voice2.maxvoice.net/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.24.112/saudi1999/talks3n.cab
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-03-11 17:09:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R???w0??w????*??w???w ???w??w??-?m???2???????????????h???h??????????ww??w??-?m???2???????????????k!?sw??w??-?m?????????8w???????w??i????????w??????8w???w???????s???????w???w???????w??8wL??????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(764)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
Completion time: 03/11/2009 17:11:22
ComboFix-quarantined-files.txt 2009-03-11 14:11:19
Pre-Run: 19,517,825,024 bytes free
Post-Run: 19,512,242,176 bytes free
196 --- E O F --- 2009-02-25 13:13:04
تأييد
0
اتفضل لا هنت سامحني اغلبك معاي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:51 م, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Creative\MediaSource\CTCMS.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\SurMixer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\RCC\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: إحصائيات مضاد فيروسات المواقع - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 5842 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:01:51 م, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Creative\MediaSource\CTCMS.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\SurMixer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\RCC\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: إحصائيات مضاد فيروسات المواقع - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 5842 bytes
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
حدد القيم واحذفها
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
او
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
او
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وشف لي وضع الجهاز عندك
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وشف لي وضع الجهاز عندك
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد
0
- الحالة