- بادئ الموضوع khodeir
- تاريخ البدء
- 754
وده بعد تغشيل الهاى جاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:26:13 ص, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\qttask.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Intense Language Office\Common\OffMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Khodeir\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ILO_Office_Manager] IntEdReg.exe /OFFMAN
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L.
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 11914 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:26:13 ص, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\qttask.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Intense Language Office\Common\OffMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Khodeir\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ILO_Office_Manager] IntEdReg.exe /OFFMAN
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L.
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 11914 bytes
تأييد
0
ahmosis
زيزوومى فضى
- إنضم
- 25 مارس 2008
- المشاركات
- 4,675
- مستوى التفاعل
- 65
- النقاط
- 840
غير متصل
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : ahmosis
تأييد
0
Corporation
زيزوومى فضى
غير متصل
طبق التالي ,,
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
التعديل الأخير بواسطة المشرف:
توقيع : Corporation
تأييد
0
ComboFix 09-03-26.03 - Khodeir 03/28/2009 1:41:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1977.1301 [GMT 2:00]
Running from: c:\documents and settings\Khodeir\My Documents\Downloads\Programs\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\lsprst7.dll
c:\windows\system32\m3.dll
c:\windows\system32\pthreadGC2.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 23:46 --------- d-----w c:\documents and settings\Khodeir\Application Data\DMCache
2009-03-27 23:14 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-03-27 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-03-27 13:49 81,984 ----a-w c:\windows\system32\bdod.bin
2009-03-27 11:55 --------- d-----w c:\program files\Common Files\Microsoft Update Engine
2009-03-26 18:02 --------- d-----w c:\program files\Internet Download Manager
2009-03-26 18:01 --------- d-----w c:\program files\Fake Webcam
2009-03-26 09:37 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-03-26 09:35 --------- d-----w c:\program files\Common Files\BitDefender
2009-03-26 09:35 --------- d-----w c:\documents and settings\Khodeir\Application Data\BitDefender
2009-03-26 09:34 --------- d-----w c:\program files\BitDefender
2009-03-26 08:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-25 18:05 --------- d-----w c:\program files\Common Files\Adobe
2009-03-25 17:28 --------- d-----w c:\documents and settings\Khodeir\Application Data\MathWorks
2009-03-25 17:02 --------- d-----w c:\program files\MATLAB
2009-03-25 09:30 --------- d-----w c:\documents and settings\Khodeir\Application Data\uTorrent
2009-03-25 09:26 --------- d-----w c:\documents and settings\Khodeir\Application Data\SmartDraw
2009-03-24 13:17 --------- d-----w c:\documents and settings\Khodeir\Application Data\VMware
2009-03-23 15:43 --------- d-----w c:\documents and settings\Khodeir\Application Data\HDI
2009-03-23 13:30 --------- d-----w c:\documents and settings\Khodeir\Application Data\Xilinx
2009-03-23 13:20 --------- d-----w c:\program files\WinPcap
2009-03-20 21:15 --------- d-----w c:\program files\TEXTware
2009-03-20 21:15 --------- d-----w c:\documents and settings\Khodeir\Application Data\Cambridge
2009-03-20 21:13 --------- d-----w c:\program files\Cambridge
2009-03-20 16:22 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ESET
2009-03-19 21:35 --------- d-----w c:\program files\eMule
2009-03-19 02:01 --------- d-----w c:\program files\Oxford
2009-03-18 21:49 126,976 ----a-w c:\windows\system32\UAService.exe
2009-03-18 21:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 21:48 --------- d-----w c:\program files\IDM
2009-03-16 18:17 --------- d-----w c:\program files\QuickTime
2009-03-16 18:17 --------- d-----w c:\documents and settings\Khodeir\Application Data\Apple Computer
2009-03-16 18:16 --------- d-----w c:\program files\Apple Software Update
2009-03-16 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-15 23:18 --------- d-----w c:\program files\PianoFX
2009-03-15 01:23 --------- d-----w c:\program files\Pianoteq 2.3
2009-03-15 00:33 --------- d-----w c:\program files\Steinberg
2009-03-15 00:33 --------- d-----w c:\program files\Common Files\Digidesign
2009-03-12 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-03-12 10:58 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-11 23:19 --------- d-----w c:\documents and settings\Khodeir\Application Data\Thinstall
2009-03-11 18:03 --------- d-----w c:\program files\MD5Win32
2009-03-11 08:20 --------- d-----w c:\program files\EAGLE-5.4.0
2009-03-11 08:20 --------- d-----w c:\documents and settings\Khodeir\Application Data\CadSoft
2009-03-11 08:00 --------- d-----w c:\program files\Real
2009-03-11 08:00 --------- d-----w c:\program files\Common Files\xing shared
2009-03-11 08:00 --------- d-----w c:\program files\Common Files\Real
2009-03-10 09:43 --------- d-----w c:\documents and settings\Khodeir\Application Data\hte
2009-03-10 09:29 --------- d-----w c:\program files\Notepad++
2009-03-10 09:29 --------- d-----w c:\documents and settings\Khodeir\Application Data\Notepad++
2009-03-09 13:52 --------- d-----w c:\program files\Intense Language Office
2009-03-08 23:11 --------- d-----w c:\program files\ICQ6.5
2009-03-06 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\mgc
2009-03-06 15:16 --------- d-----w c:\program files\Macrovision
2009-03-03 22:23 144,384 ----a-w c:\windows\system32\miccyhook.dll
2009-03-03 22:21 --------- d-----w c:\program files\Eidos
2009-03-02 20:17 --------- d-----w c:\program files\GameShadow
2009-03-02 10:30 --------- d-----w c:\program files\USB Disk Security
2009-03-02 10:24 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-02 02:37 --------- d-----w c:\program files\Common Files\fwc
2009-03-02 02:32 --------- d-----w c:\documents and settings\Khodeir\Application Data\Media Player Classic
2009-03-02 01:28 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-01 01:35 --------- d-----w c:\documents and settings\Khodeir\Application Data\ICQ
2009-02-25 22:55 --------- d-----w c:\program files\VMware
2009-02-22 23:13 --------- d-----w c:\documents and settings\Khodeir\Application Data\IDM
2009-02-21 17:43 --------- d-----w c:\documents and settings\Khodeir\Application Data\ESET
2009-02-21 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-02-20 08:41 --------- d-----w c:\program files\PowerISO
2009-02-18 12:46 --------- d-----w c:\documents and settings\Khodeir\Application Data\HDL Designer Series
2009-02-16 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-16 18:34 --------- d-----w c:\program files\Yahoo!
2009-02-16 18:19 --------- d-----w c:\program files\Sun
2009-02-16 13:17 87,568 ----a-w c:\windows\system32\drivers\VBoxNetFlt.sys
2009-02-16 13:17 41,744 ----a-w c:\windows\system32\drivers\VBoxUSBMon.sys
2009-02-16 13:17 129,552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-16 13:16 100,560 ----a-w c:\windows\system32\drivers\VBoxDrv.sys
2009-02-16 11:46 --------- d-----w c:\program files\Java
2009-02-16 11:45 --------- d-----w c:\program files\Common Files\Java
2009-02-15 23:27 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-15 23:27 --------- d-----w c:\program files\Windows Live
2009-02-15 23:27 --------- d-----w c:\program files\Microsoft
2009-02-15 23:25 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-14 08:28 --------- d-----w c:\program files\Microsoft Works
2009-02-14 08:27 --------- d-----w c:\program files\Microsoft.NET
2009-02-14 08:26 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-14 08:06 --------- d-----w c:\program files\uTorrent
2009-02-14 08:03 --------- d-----w c:\program files\Ringz Studio
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 14:22 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 22:34 --------- d-----w c:\program files\Synaptics
2009-02-04 22:34 --------- d-----w c:\program files\SCM Microsystems
2009-02-04 22:34 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-04 22:29 --------- d-----w c:\program files\Marvell
2009-02-04 22:28 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-04 22:24 --------- d-----w c:\program files\Intel
2009-02-04 22:21 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-04 22:21 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-02-04 22:21 --------- d-----w c:\program files\HP Webcam Application
2009-02-04 22:20 --------- d-----w c:\program files\Hewlett-Packard
2008-12-16 15:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [03/17/2008 03:29 PM 2289664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 10:00 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [02/14/2009 10:12 AM 2745776]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [11/05/2008 07:29 PM 4347120]
"ILO_Office_Manager"="IntEdReg.exe" [01/30/2009 04:22 AM 53760 c:\windows\system32\intedreg.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [04/14/2008 10:00 AM 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 10:00 AM 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 10:00 AM 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [04/04/2008 12:39 PM 1044480]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [06/09/2008 05:40 AM 82224]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [05/14/2008 08:56 AM 177456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [06/05/2008 07:39 AM 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [06/05/2008 07:39 AM 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [06/05/2008 07:39 AM 141848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [06/20/2008 01:49 PM 1310720]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [11/02/2008 10:38 AM 167936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 04:30 AM 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [02/16/2009 01:46 PM 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/14/2008 10:34 PM 39792]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [10/28/2008 11:07 PM 96816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/11/2009 10:00 AM 185896]
"QuickTime Task"="C:\qttask.exe" [04/27/2007 09:41 AM 282624]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [01/09/2009 12:51 PM 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [10/17/2008 05:02 PM 69632]
"Intense Registry Service"="IntEdReg.exe" [01/30/2009 04:22 AM 53760 c:\windows\system32\intedreg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-03-25 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-03-31 576104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\recycler\S-1-5-21-0325003769-7881997088-613155376-8147\svchost.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WTK2.5.2_01\\bin\\emulator.exe"=
"c:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0\\bin\\java.exe"=
"c:\\WTK2.5.2_01\\bin\\zayit.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\FPGAdv72LSPS\\Hds\\bin\\hdldesigner.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-01-25 24064]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-02-16 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-02-16 41744]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
R2 SSIPDDP;SSIPDDP;c:\windows\system32\drivers\SSIPDDP.SYS [2009-03-06 54272]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-28 54960]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-02-03 104328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-02-05 193840]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-02-16 87568]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{99HTYDDF-HU87-JTY7-C6YD-BH6UZXBGVX67}]
c:\program files\Common Files\Microsoft Update Engine\Codec_v.1010.1.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [01/10/2007 03:42 PM]
2009-03-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-27 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.mini20.com
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Khodeir\Application Data\Mozilla\Firefox\Profiles\i21w1un5.default\
FF - component: c:\documents and settings\Khodeir\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-03-28 01:46:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 03/28/2009 1:48:04
ComboFix-quarantined-files.txt 2009-03-27 23:48:01
Pre-Run: 3,092,807,680 bytes free
Post-Run: 3,154,599,936 bytes free
250 --- E O F --- 2009-03-26 08:06:19
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1977.1301 [GMT 2:00]
Running from: c:\documents and settings\Khodeir\My Documents\Downloads\Programs\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\lsprst7.dll
c:\windows\system32\m3.dll
c:\windows\system32\pthreadGC2.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 23:46 --------- d-----w c:\documents and settings\Khodeir\Application Data\DMCache
2009-03-27 23:14 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-03-27 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-03-27 13:49 81,984 ----a-w c:\windows\system32\bdod.bin
2009-03-27 11:55 --------- d-----w c:\program files\Common Files\Microsoft Update Engine
2009-03-26 18:02 --------- d-----w c:\program files\Internet Download Manager
2009-03-26 18:01 --------- d-----w c:\program files\Fake Webcam
2009-03-26 09:37 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-03-26 09:35 --------- d-----w c:\program files\Common Files\BitDefender
2009-03-26 09:35 --------- d-----w c:\documents and settings\Khodeir\Application Data\BitDefender
2009-03-26 09:34 --------- d-----w c:\program files\BitDefender
2009-03-26 08:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-25 18:05 --------- d-----w c:\program files\Common Files\Adobe
2009-03-25 17:28 --------- d-----w c:\documents and settings\Khodeir\Application Data\MathWorks
2009-03-25 17:02 --------- d-----w c:\program files\MATLAB
2009-03-25 09:30 --------- d-----w c:\documents and settings\Khodeir\Application Data\uTorrent
2009-03-25 09:26 --------- d-----w c:\documents and settings\Khodeir\Application Data\SmartDraw
2009-03-24 13:17 --------- d-----w c:\documents and settings\Khodeir\Application Data\VMware
2009-03-23 15:43 --------- d-----w c:\documents and settings\Khodeir\Application Data\HDI
2009-03-23 13:30 --------- d-----w c:\documents and settings\Khodeir\Application Data\Xilinx
2009-03-23 13:20 --------- d-----w c:\program files\WinPcap
2009-03-20 21:15 --------- d-----w c:\program files\TEXTware
2009-03-20 21:15 --------- d-----w c:\documents and settings\Khodeir\Application Data\Cambridge
2009-03-20 21:13 --------- d-----w c:\program files\Cambridge
2009-03-20 16:22 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\ESET
2009-03-19 21:35 --------- d-----w c:\program files\eMule
2009-03-19 02:01 --------- d-----w c:\program files\Oxford
2009-03-18 21:49 126,976 ----a-w c:\windows\system32\UAService.exe
2009-03-18 21:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 21:48 --------- d-----w c:\program files\IDM
2009-03-16 18:17 --------- d-----w c:\program files\QuickTime
2009-03-16 18:17 --------- d-----w c:\documents and settings\Khodeir\Application Data\Apple Computer
2009-03-16 18:16 --------- d-----w c:\program files\Apple Software Update
2009-03-16 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-15 23:18 --------- d-----w c:\program files\PianoFX
2009-03-15 01:23 --------- d-----w c:\program files\Pianoteq 2.3
2009-03-15 00:33 --------- d-----w c:\program files\Steinberg
2009-03-15 00:33 --------- d-----w c:\program files\Common Files\Digidesign
2009-03-12 20:46 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-03-12 10:58 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-11 23:19 --------- d-----w c:\documents and settings\Khodeir\Application Data\Thinstall
2009-03-11 18:03 --------- d-----w c:\program files\MD5Win32
2009-03-11 08:20 --------- d-----w c:\program files\EAGLE-5.4.0
2009-03-11 08:20 --------- d-----w c:\documents and settings\Khodeir\Application Data\CadSoft
2009-03-11 08:00 --------- d-----w c:\program files\Real
2009-03-11 08:00 --------- d-----w c:\program files\Common Files\xing shared
2009-03-11 08:00 --------- d-----w c:\program files\Common Files\Real
2009-03-10 09:43 --------- d-----w c:\documents and settings\Khodeir\Application Data\hte
2009-03-10 09:29 --------- d-----w c:\program files\Notepad++
2009-03-10 09:29 --------- d-----w c:\documents and settings\Khodeir\Application Data\Notepad++
2009-03-09 13:52 --------- d-----w c:\program files\Intense Language Office
2009-03-08 23:11 --------- d-----w c:\program files\ICQ6.5
2009-03-06 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\mgc
2009-03-06 15:16 --------- d-----w c:\program files\Macrovision
2009-03-03 22:23 144,384 ----a-w c:\windows\system32\miccyhook.dll
2009-03-03 22:21 --------- d-----w c:\program files\Eidos
2009-03-02 20:17 --------- d-----w c:\program files\GameShadow
2009-03-02 10:30 --------- d-----w c:\program files\USB Disk Security
2009-03-02 10:24 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-02 02:37 --------- d-----w c:\program files\Common Files\fwc
2009-03-02 02:32 --------- d-----w c:\documents and settings\Khodeir\Application Data\Media Player Classic
2009-03-02 01:28 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-01 01:35 --------- d-----w c:\documents and settings\Khodeir\Application Data\ICQ
2009-02-25 22:55 --------- d-----w c:\program files\VMware
2009-02-22 23:13 --------- d-----w c:\documents and settings\Khodeir\Application Data\IDM
2009-02-21 17:43 --------- d-----w c:\documents and settings\Khodeir\Application Data\ESET
2009-02-21 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-02-20 08:41 --------- d-----w c:\program files\PowerISO
2009-02-18 12:46 --------- d-----w c:\documents and settings\Khodeir\Application Data\HDL Designer Series
2009-02-16 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-16 18:34 --------- d-----w c:\program files\Yahoo!
2009-02-16 18:19 --------- d-----w c:\program files\Sun
2009-02-16 13:17 87,568 ----a-w c:\windows\system32\drivers\VBoxNetFlt.sys
2009-02-16 13:17 41,744 ----a-w c:\windows\system32\drivers\VBoxUSBMon.sys
2009-02-16 13:17 129,552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-16 13:16 100,560 ----a-w c:\windows\system32\drivers\VBoxDrv.sys
2009-02-16 11:46 --------- d-----w c:\program files\Java
2009-02-16 11:45 --------- d-----w c:\program files\Common Files\Java
2009-02-15 23:27 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-15 23:27 --------- d-----w c:\program files\Windows Live
2009-02-15 23:27 --------- d-----w c:\program files\Microsoft
2009-02-15 23:25 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-14 08:28 --------- d-----w c:\program files\Microsoft Works
2009-02-14 08:27 --------- d-----w c:\program files\Microsoft.NET
2009-02-14 08:26 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-14 08:06 --------- d-----w c:\program files\uTorrent
2009-02-14 08:03 --------- d-----w c:\program files\Ringz Studio
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 14:22 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 22:34 --------- d-----w c:\program files\Synaptics
2009-02-04 22:34 --------- d-----w c:\program files\SCM Microsystems
2009-02-04 22:34 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-04 22:29 --------- d-----w c:\program files\Marvell
2009-02-04 22:28 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-04 22:24 --------- d-----w c:\program files\Intel
2009-02-04 22:21 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-04 22:21 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-02-04 22:21 --------- d-----w c:\program files\HP Webcam Application
2009-02-04 22:20 --------- d-----w c:\program files\Hewlett-Packard
2008-12-16 15:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [03/17/2008 03:29 PM 2289664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 10:00 AM 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [02/14/2009 10:12 AM 2745776]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [11/05/2008 07:29 PM 4347120]
"ILO_Office_Manager"="IntEdReg.exe" [01/30/2009 04:22 AM 53760 c:\windows\system32\intedreg.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [04/14/2008 10:00 AM 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 10:00 AM 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 10:00 AM 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [04/04/2008 12:39 PM 1044480]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [06/09/2008 05:40 AM 82224]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [05/14/2008 08:56 AM 177456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [06/05/2008 07:39 AM 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [06/05/2008 07:39 AM 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [06/05/2008 07:39 AM 141848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [06/20/2008 01:49 PM 1310720]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [11/02/2008 10:38 AM 167936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 04:30 AM 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [02/16/2009 01:46 PM 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/14/2008 10:34 PM 39792]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [10/28/2008 11:07 PM 96816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/11/2009 10:00 AM 185896]
"QuickTime Task"="C:\qttask.exe" [04/27/2007 09:41 AM 282624]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [01/09/2009 12:51 PM 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [10/17/2008 05:02 PM 69632]
"Intense Registry Service"="IntEdReg.exe" [01/30/2009 04:22 AM 53760 c:\windows\system32\intedreg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-03-25 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-03-31 576104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\recycler\S-1-5-21-0325003769-7881997088-613155376-8147\svchost.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WTK2.5.2_01\\bin\\emulator.exe"=
"c:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0\\bin\\java.exe"=
"c:\\WTK2.5.2_01\\bin\\zayit.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\FPGAdv72LSPS\\Hds\\bin\\hdldesigner.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-01-25 24064]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-02-16 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-02-16 41744]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
R2 SSIPDDP;SSIPDDP;c:\windows\system32\drivers\SSIPDDP.SYS [2009-03-06 54272]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-28 54960]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-02-03 104328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-02-05 193840]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-02-16 87568]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{99HTYDDF-HU87-JTY7-C6YD-BH6UZXBGVX67}]
c:\program files\Common Files\Microsoft Update Engine\Codec_v.1010.1.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [01/10/2007 03:42 PM]
2009-03-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-27 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.mini20.com
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Khodeir\Application Data\Mozilla\Firefox\Profiles\i21w1un5.default\
FF - component: c:\documents and settings\Khodeir\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-03-28 01:46:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 03/28/2009 1:48:04
ComboFix-quarantined-files.txt 2009-03-27 23:48:01
Pre-Run: 3,092,807,680 bytes free
Post-Run: 3,154,599,936 bytes free
250 --- E O F --- 2009-03-26 08:06:19
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
عذرا بتعديل العنوان لينم عن فحواه
بارك الله فيك
بارك الله فيك
توقيع : السّاجد لله
تأييد
0
Corporation
زيزوومى فضى
غير متصل
ارجع سو تقرير هايجاك جديد للجهاز ,,
توقيع : Corporation
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:12:53 ص, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\qttask.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Intense Language Office\Common\OffMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Khodeir\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ILO_Office_Manager] IntEdReg.exe /OFFMAN
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L.
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 11360 bytes
Scan saved at 02:12:53 ص, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\qttask.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Intense Language Office\Common\OffMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Khodeir\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ILO_Office_Manager] IntEdReg.exe /OFFMAN
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L.
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 11360 bytes
تأييد
0
Corporation
زيزوومى فضى
غير متصل
عطل نقطة استعادة النظام حسب الشرح التالي
او من هنا
او من هنا
حمل اداة الكاسبر من الرابط التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم قوم بضغط التقرير ورفعه هنا>>>>
وارفعة على اي موقع تريد ..
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وارفعة على اي موقع تريد ..
التعديل الأخير بواسطة المشرف:
توقيع : Corporation
تأييد
0
Corporation
زيزوومى فضى
غير متصل
ارفعة على اي موقع ياغالي ,,
توقيع : Corporation
تأييد
0
Corporation
زيزوومى فضى
غير متصل
الله لا يهينك يأخي الرابدشير عندي ما ادري ايش فيه ,,
أرفعة على الميديا فاير ,,
أرفعة على الميديا فاير ,,
توقيع : Corporation
تأييد
0