- بادئ الموضوع مثل الزمن
- تاريخ البدء
- 1,544
مثل الزمن
زيزوومى متألق
غير متصل
هذا تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:05 AM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\m7md\Desktop\Zyzoom_HijackThis\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = speedtouch.lan
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Bagschin] C:\DOCUME~1\m7md\APPLIC~1\HOLEGL~1\move two creative.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 7665 bytes
Scan saved at 1:20:05 AM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\m7md\Desktop\Zyzoom_HijackThis\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = speedtouch.lan
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Bagschin] C:\DOCUME~1\m7md\APPLIC~1\HOLEGL~1\move two creative.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 7665 bytes
تأييد
0
MAAX
عضوشرف
غير متصل
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
تأييد
0
مثل الزمن
زيزوومى متألق
غير متصل
هذا التقرير اللي طلبت أخوي
ComboFix 09-03-29.02 - m7md 2009-03-29 23:17:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.767.442 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.
2009-03-28 19:55 . 2009-03-28 19:55 <DIR> d-------- c:\documents and settings\m7md\Application Data\Thinstall
2009-03-28 19:27 . 2009-03-28 19:27 <DIR> d-------- c:\windows\Sun
2009-03-28 14:18 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-28 14:18 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-03-28 14:17 . 2009-03-28 14:17 <DIR> d--h----- c:\program files\Zenographics
2009-03-28 14:17 . 2009-03-28 14:17 <DIR> d-------- c:\program files\Hewlett-Packard
2009-03-28 14:17 . 2006-01-30 12:00 574,100 -ra------ c:\windows\system32\hp1022n.img
2009-03-28 14:17 . 2006-01-30 12:00 442,368 -ra------ c:\windows\system32\zshp1020.exe
2009-03-28 14:17 . 2006-01-30 12:00 206,768 -ra------ c:\windows\system32\hp1022.img
2009-03-28 14:17 . 2006-01-30 12:00 143,360 -ra------ c:\windows\apptune1020.exe
2009-03-28 14:17 . 2006-01-30 12:00 128,820 -ra------ c:\windows\system32\hp1020.img
2009-03-28 14:17 . 2006-01-30 12:00 106,496 -ra------ c:\windows\system32\vshp1020.dll
2009-03-28 14:17 . 2006-01-30 12:00 102,400 -ra------ c:\windows\system32\ZLhp1020.dll
2009-03-28 14:17 . 2006-01-30 12:00 86,016 -ra------ c:\windows\system32\ZSPOOL.DLL
2009-03-28 14:17 . 2006-01-30 12:00 28,672 -ra------ c:\windows\system32\zlm.dll
2009-03-28 14:17 . 2006-01-30 12:00 28,672 -ra------ c:\windows\system32\IMF32.DLL
2009-03-28 14:17 . 2006-01-30 12:00 24,576 -ra------ c:\windows\system32\ZTAG32.DLL
2009-03-28 14:17 . 2006-01-30 12:00 7,379 -ra------ c:\windows\system32\ZSHP1020.HLP
2009-03-27 01:22 . 2009-03-27 01:22 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-03-27 01:21 . 2009-03-27 01:21 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-27 01:21 . 2009-03-27 01:21 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-03-27 01:21 . 2009-03-27 01:22 <DIR> d-------- C:\b3e04561723094d3b207baae
2009-03-27 01:20 . 2009-03-27 01:21 <DIR> d-------- C:\e6f63da0d13a709c8526bbc383c9ac
2009-03-27 00:51 . 2004-08-04 15:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-27 00:24 . 2009-03-27 00:24 <DIR> d-------- c:\documents and settings\m7md\Application Data\Media Player Classic
2009-03-26 16:08 . 2009-03-26 16:08 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-26 16:06 . 2009-03-29 20:28 <DIR> d-------- c:\program files\HTTP-Tunnel
2009-03-26 15:44 . 2009-03-26 15:44 <DIR> d-------- c:\windows\system32\Nexus Radio
2009-03-26 15:44 . 2009-03-28 17:50 <DIR> d-------- c:\program files\Nexus Radio
2009-03-26 15:44 . 2009-03-26 15:44 <DIR> d-------- C:\My Saved Files
2009-03-26 15:44 . 2009-03-26 16:23 <DIR> d-------- C:\My Recorded Files
2009-03-26 14:46 . 2009-03-26 14:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-26 14:40 . 2009-03-26 14:47 <DIR> d-------- c:\documents and settings\m7md\Contacts
2009-03-26 14:40 . 2009-03-27 11:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Audio 4 part browse
2009-03-26 14:39 . 2009-03-26 14:39 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-03-26 14:39 . 2009-03-26 14:39 <DIR> d-------- c:\program files\Hole Glue Joy
2009-03-26 14:39 . 2009-03-26 14:39 <DIR> d-------- c:\program files\Circl Developement
2009-03-26 14:39 . 2009-03-27 18:34 <DIR> d-------- c:\documents and settings\m7md\Application Data\Hole Glue Joy
2009-03-26 14:35 . 2009-03-26 14:35 244 --ah----- C:\sqmnoopt01.sqm
2009-03-26 14:35 . 2009-03-26 14:35 232 --ah----- C:\sqmdata01.sqm
2009-03-26 14:34 . 2009-03-26 14:34 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-26 14:34 . 2009-03-26 14:34 268 --ah----- C:\sqmdata00.sqm
2009-03-26 14:34 . 2009-03-26 14:34 244 --ah----- C:\sqmnoopt00.sqm
2009-03-26 14:30 . 2009-03-26 14:30 <DIR> d-------- c:\program files\uTorrent
2009-03-26 14:30 . 2009-03-29 23:13 <DIR> d-------- c:\documents and settings\m7md\Application Data\uTorrent
2009-03-26 14:28 . 2009-03-26 14:28 <DIR> d-------- c:\program files\Nuclear Coffee
2009-03-26 14:27 . 2009-03-26 14:27 <DIR> d-------- c:\program files\Shiki
2009-03-26 14:26 . 2009-03-26 14:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-03-26 14:25 . 2009-03-26 14:33 <DIR> d-------- c:\program files\Windows Live
2009-03-26 14:25 . 2009-03-26 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-26 14:25 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-03-26 14:25 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-03-26 14:25 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-03-26 14:25 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-26 14:25 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-03-26 14:24 . 2009-03-26 14:24 <DIR> d---s---- c:\documents and settings\m7md\UserData
2009-03-26 14:23 . 2009-03-29 23:16 <DIR> d-------- C:\Downloads
2009-03-26 14:20 . 2009-03-26 14:20 <DIR> d-------- c:\program files\IEPro
2009-03-26 14:20 . 2009-03-29 01:28 <DIR> d-------- c:\documents and settings\m7md\Application Data\IEPro
2009-03-26 14:19 . 2009-03-29 23:15 <DIR> d-------- c:\program files\FlashGet
2009-03-26 14:19 . 2004-08-04 15:00 359,040 --a------ c:\windows\system32\drivers\tcpip.sys.flg
2009-03-26 14:17 . 2009-03-26 14:17 <DIR> d-------- c:\program files\TechSmith
2009-03-26 14:17 . 2009-03-26 14:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2009-03-26 14:16 . 2009-03-26 14:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-26 14:15 . 2009-03-26 14:15 <DIR> d-------- c:\documents and settings\m7md\Application Data\ESET
2009-03-26 14:14 . 2009-03-26 14:14 <DIR> d-------- c:\program files\ESET
2009-03-26 14:14 . 2009-03-26 14:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-26 14:13 . 2009-03-26 14:13 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-26 14:11 . 2009-03-26 14:11 <DIR> d-------- c:\program files\SRS Labs
2009-03-26 14:11 . 2009-03-26 14:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\SRS Labs
2009-03-26 14:11 . 2007-07-26 09:25 47,360 -ra------ c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2009-03-26 14:11 . 2007-07-26 09:25 47,104 -ra------ c:\windows\system32\drivers\tshd4_kern_i386.sys
2009-03-26 14:11 . 2007-07-26 09:25 42,112 -ra------ c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2009-03-26 14:11 . 2007-07-26 09:25 39,808 -ra------ c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2009-03-26 14:11 . 2007-07-26 09:25 32,000 -ra------ c:\windows\system32\drivers\wowhd_kern_i386.sys
2009-03-26 14:09 . 2009-03-26 14:09 <DIR> d-------- c:\program files\Real
2009-03-26 14:09 . 2009-03-26 14:09 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-26 14:09 . 2009-03-26 14:09 <DIR> d-------- c:\program files\Common Files\Real
2009-03-26 14:01 . 2009-03-26 14:01 <DIR> d-------- c:\windows\KingoOo
2009-03-26 14:01 . 2009-03-26 14:01 <DIR> d-------- c:\program files\System
2009-03-26 14:01 . 2004-07-29 12:56 208,896 --a------ c:\windows\system32\cttune.cpl
2009-03-26 14:01 . 2004-09-30 11:17 122,880 --a------ c:\windows\system32\directx.cpl
2009-03-26 14:01 . 2002-12-29 01:14 110,592 --a------ c:\windows\system32\Startup.cpl
2009-03-26 13:59 . 2009-03-26 13:59 <DIR> d-------- c:\program files\PowerISO
2009-03-25 19:48 . 2009-03-25 19:48 <DIR> d-------- c:\program files\Unlocker
2009-03-25 19:47 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-03-25 19:47 . 2009-03-25 19:47 376 --a------ c:\windows\ODBC.INI
2009-03-25 19:46 . 2009-03-25 19:47 <DIR> d-------- c:\windows\SHELLNEW
2009-03-25 19:46 . 2009-03-25 19:46 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-25 19:46 . 2009-03-25 19:46 <DIR> d-------- c:\program files\Microsoft Works
2009-03-25 19:46 . 2009-03-25 19:46 <DIR> d-------- c:\program files\Extension Changer
2009-03-25 19:45 . 2009-03-25 19:45 <DIR> dr-h----- C:\MSOCache
2009-03-25 19:42 . 2009-03-25 19:42 <DIR> d-------- c:\documents and settings\m7md\Application Data\ATI
2009-03-25 19:39 . 2009-03-25 19:39 <DIR> d-------- c:\windows\system32\RTCOM
2009-03-25 19:39 . 2009-03-25 19:39 <DIR> d-------- c:\program files\Realtek
2009-03-25 19:38 . 2009-03-25 19:38 <DIR> d-------- c:\windows\Options
2009-03-25 19:36 . 2009-03-25 19:39 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-25 19:36 . 2009-03-25 19:37 <DIR> d-------- c:\program files\ATI Technologies
2009-03-25 19:35 . 2009-03-25 19:39 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-25 19:32 . 2009-03-26 14:45 <DIR> d-------- c:\program files\Google
2009-03-25 19:29 . 2009-03-25 19:29 <DIR> d-------- c:\program files\Java
2009-03-25 19:29 . 2009-03-25 19:29 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-25 19:29 . 2009-03-25 19:29 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-25 19:28 . 2008-03-09 07:25 236 --ah----- c:\program files\Common Files\dx.reg
2009-03-25 19:13 . 2009-03-25 19:13 <DIR> d-------- c:\windows\system32\ar-SA
2009-03-25 19:13 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-25 19:12 . 2009-03-25 19:12 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-25 19:12 . 2009-03-25 19:12 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-25 19:12 . 2009-03-25 19:12 <DIR> d-------- c:\program files\MSBuild
2009-03-25 19:12 . 2009-03-25 19:12 <DIR> d-------- C:\f39584c5632791a131cffdbb
2009-03-25 19:12 . 2008-07-06 15:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-25 19:12 . 2008-07-06 15:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-25 19:12 . 2008-07-06 13:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-25 19:12 . 2008-07-06 15:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-25 19:12 . 2008-07-06 15:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-25 19:12 . 2008-07-06 15:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-25 19:12 . 2008-07-06 15:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-25 19:10 . 2009-03-25 19:10 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-25 19:10 . 2007-11-30 14:18 26,488 --a------ c:\windows\system32\spupdsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 16:39 294,912 ----a-w c:\windows\HideWin.exe
2009-03-25 12:45 --------- d-----w c:\program files\microsoft frontpage
2009-03-15 10:25 56,268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
.
------- Sigcheck -------
2004-08-04 15:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2004-08-04 15:00 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-01-08 3215360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-26 270128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 180269]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 c:\windows\AGRSMMSG.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-05-15 6822728]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2008-05-04 76544]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
.
Contents of the 'Scheduled Tasks' folder
2009-03-29 c:\windows\Tasks\AC4A306391A9A353.job
- c:\docume~1\m7md\applic~1\holegl~1\Keep else type.exe [2009-03-26 14:40]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Bagschin - c:\docume~1\m7md\APPLIC~1\HOLEGL~1\move two creative.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = 127.0.0.1:1080
uInternet Settings,ProxyOverride = speedtouch.lan
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
IE: {{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-03-29 23:19:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-29 23:20:28
ComboFix-quarantined-files.txt 2009-03-29 20:20:26
Pre-Run: 148,905,693,184 bytes free
Post-Run: 149,203,300,352 bytes free
238
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.767.442 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.
2009-03-28 19:55 . 2009-03-28 19:55 <DIR> d-------- c:\documents and settings\m7md\Application Data\Thinstall
2009-03-28 19:27 . 2009-03-28 19:27 <DIR> d-------- c:\windows\Sun
2009-03-28 14:18 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-28 14:18 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-03-28 14:17 . 2009-03-28 14:17 <DIR> d--h----- c:\program files\Zenographics
2009-03-28 14:17 . 2009-03-28 14:17 <DIR> d-------- c:\program files\Hewlett-Packard
2009-03-28 14:17 . 2006-01-30 12:00 574,100 -ra------ c:\windows\system32\hp1022n.img
2009-03-28 14:17 . 2006-01-30 12:00 442,368 -ra------ c:\windows\system32\zshp1020.exe
2009-03-28 14:17 . 2006-01-30 12:00 206,768 -ra------ c:\windows\system32\hp1022.img
2009-03-28 14:17 . 2006-01-30 12:00 143,360 -ra------ c:\windows\apptune1020.exe
2009-03-28 14:17 . 2006-01-30 12:00 128,820 -ra------ c:\windows\system32\hp1020.img
2009-03-28 14:17 . 2006-01-30 12:00 106,496 -ra------ c:\windows\system32\vshp1020.dll
2009-03-28 14:17 . 2006-01-30 12:00 102,400 -ra------ c:\windows\system32\ZLhp1020.dll
2009-03-28 14:17 . 2006-01-30 12:00 86,016 -ra------ c:\windows\system32\ZSPOOL.DLL
2009-03-28 14:17 . 2006-01-30 12:00 28,672 -ra------ c:\windows\system32\zlm.dll
2009-03-28 14:17 . 2006-01-30 12:00 28,672 -ra------ c:\windows\system32\IMF32.DLL
2009-03-28 14:17 . 2006-01-30 12:00 24,576 -ra------ c:\windows\system32\ZTAG32.DLL
2009-03-28 14:17 . 2006-01-30 12:00 7,379 -ra------ c:\windows\system32\ZSHP1020.HLP
2009-03-27 01:22 . 2009-03-27 01:22 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-03-27 01:21 . 2009-03-27 01:21 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-27 01:21 . 2009-03-27 01:21 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-03-27 01:21 . 2009-03-27 01:22 <DIR> d-------- C:\b3e04561723094d3b207baae
2009-03-27 01:20 . 2009-03-27 01:21 <DIR> d-------- C:\e6f63da0d13a709c8526bbc383c9ac
2009-03-27 00:51 . 2004-08-04 15:00 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-27 00:24 . 2009-03-27 00:24 <DIR> d-------- c:\documents and settings\m7md\Application Data\Media Player Classic
2009-03-26 16:08 . 2009-03-26 16:08 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-26 16:06 . 2009-03-29 20:28 <DIR> d-------- c:\program files\HTTP-Tunnel
2009-03-26 15:44 . 2009-03-26 15:44 <DIR> d-------- c:\windows\system32\Nexus Radio
2009-03-26 15:44 . 2009-03-28 17:50 <DIR> d-------- c:\program files\Nexus Radio
2009-03-26 15:44 . 2009-03-26 15:44 <DIR> d-------- C:\My Saved Files
2009-03-26 15:44 . 2009-03-26 16:23 <DIR> d-------- C:\My Recorded Files
2009-03-26 14:46 . 2009-03-26 14:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-26 14:40 . 2009-03-26 14:47 <DIR> d-------- c:\documents and settings\m7md\Contacts
2009-03-26 14:40 . 2009-03-27 11:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Audio 4 part browse
2009-03-26 14:39 . 2009-03-26 14:39 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-03-26 14:39 . 2009-03-26 14:39 <DIR> d-------- c:\program files\Hole Glue Joy
2009-03-26 14:39 . 2009-03-26 14:39 <DIR> d-------- c:\program files\Circl Developement
2009-03-26 14:39 . 2009-03-27 18:34 <DIR> d-------- c:\documents and settings\m7md\Application Data\Hole Glue Joy
2009-03-26 14:35 . 2009-03-26 14:35 244 --ah----- C:\sqmnoopt01.sqm
2009-03-26 14:35 . 2009-03-26 14:35 232 --ah----- C:\sqmdata01.sqm
2009-03-26 14:34 . 2009-03-26 14:34 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-26 14:34 . 2009-03-26 14:34 268 --ah----- C:\sqmdata00.sqm
2009-03-26 14:34 . 2009-03-26 14:34 244 --ah----- C:\sqmnoopt00.sqm
2009-03-26 14:30 . 2009-03-26 14:30 <DIR> d-------- c:\program files\uTorrent
2009-03-26 14:30 . 2009-03-29 23:13 <DIR> d-------- c:\documents and settings\m7md\Application Data\uTorrent
2009-03-26 14:28 . 2009-03-26 14:28 <DIR> d-------- c:\program files\Nuclear Coffee
2009-03-26 14:27 . 2009-03-26 14:27 <DIR> d-------- c:\program files\Shiki
2009-03-26 14:26 . 2009-03-26 14:26 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-03-26 14:25 . 2009-03-26 14:33 <DIR> d-------- c:\program files\Windows Live
2009-03-26 14:25 . 2009-03-26 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-26 14:25 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-03-26 14:25 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-03-26 14:25 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-03-26 14:25 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-26 14:25 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-03-26 14:24 . 2009-03-26 14:24 <DIR> d---s---- c:\documents and settings\m7md\UserData
2009-03-26 14:23 . 2009-03-29 23:16 <DIR> d-------- C:\Downloads
2009-03-26 14:20 . 2009-03-26 14:20 <DIR> d-------- c:\program files\IEPro
2009-03-26 14:20 . 2009-03-29 01:28 <DIR> d-------- c:\documents and settings\m7md\Application Data\IEPro
2009-03-26 14:19 . 2009-03-29 23:15 <DIR> d-------- c:\program files\FlashGet
2009-03-26 14:19 . 2004-08-04 15:00 359,040 --a------ c:\windows\system32\drivers\tcpip.sys.flg
2009-03-26 14:17 . 2009-03-26 14:17 <DIR> d-------- c:\program files\TechSmith
2009-03-26 14:17 . 2009-03-26 14:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2009-03-26 14:16 . 2009-03-26 14:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-26 14:15 . 2009-03-26 14:15 <DIR> d-------- c:\documents and settings\m7md\Application Data\ESET
2009-03-26 14:14 . 2009-03-26 14:14 <DIR> d-------- c:\program files\ESET
2009-03-26 14:14 . 2009-03-26 14:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-26 14:13 . 2009-03-26 14:13 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-26 14:11 . 2009-03-26 14:11 <DIR> d-------- c:\program files\SRS Labs
2009-03-26 14:11 . 2009-03-26 14:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\SRS Labs
2009-03-26 14:11 . 2007-07-26 09:25 47,360 -ra------ c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2009-03-26 14:11 . 2007-07-26 09:25 47,104 -ra------ c:\windows\system32\drivers\tshd4_kern_i386.sys
2009-03-26 14:11 . 2007-07-26 09:25 42,112 -ra------ c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2009-03-26 14:11 . 2007-07-26 09:25 39,808 -ra------ c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2009-03-26 14:11 . 2007-07-26 09:25 32,000 -ra------ c:\windows\system32\drivers\wowhd_kern_i386.sys
2009-03-26 14:09 . 2009-03-26 14:09 <DIR> d-------- c:\program files\Real
2009-03-26 14:09 . 2009-03-26 14:09 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-26 14:09 . 2009-03-26 14:09 <DIR> d-------- c:\program files\Common Files\Real
2009-03-26 14:01 . 2009-03-26 14:01 <DIR> d-------- c:\windows\KingoOo
2009-03-26 14:01 . 2009-03-26 14:01 <DIR> d-------- c:\program files\System
2009-03-26 14:01 . 2004-07-29 12:56 208,896 --a------ c:\windows\system32\cttune.cpl
2009-03-26 14:01 . 2004-09-30 11:17 122,880 --a------ c:\windows\system32\directx.cpl
2009-03-26 14:01 . 2002-12-29 01:14 110,592 --a------ c:\windows\system32\Startup.cpl
2009-03-26 13:59 . 2009-03-26 13:59 <DIR> d-------- c:\program files\PowerISO
2009-03-25 19:48 . 2009-03-25 19:48 <DIR> d-------- c:\program files\Unlocker
2009-03-25 19:47 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2009-03-25 19:47 . 2009-03-25 19:47 376 --a------ c:\windows\ODBC.INI
2009-03-25 19:46 . 2009-03-25 19:47 <DIR> d-------- c:\windows\SHELLNEW
2009-03-25 19:46 . 2009-03-25 19:46 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-25 19:46 . 2009-03-25 19:46 <DIR> d-------- c:\program files\Microsoft Works
2009-03-25 19:46 . 2009-03-25 19:46 <DIR> d-------- c:\program files\Extension Changer
2009-03-25 19:45 . 2009-03-25 19:45 <DIR> dr-h----- C:\MSOCache
2009-03-25 19:42 . 2009-03-25 19:42 <DIR> d-------- c:\documents and settings\m7md\Application Data\ATI
2009-03-25 19:39 . 2009-03-25 19:39 <DIR> d-------- c:\windows\system32\RTCOM
2009-03-25 19:39 . 2009-03-25 19:39 <DIR> d-------- c:\program files\Realtek
2009-03-25 19:38 . 2009-03-25 19:38 <DIR> d-------- c:\windows\Options
2009-03-25 19:36 . 2009-03-25 19:39 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-25 19:36 . 2009-03-25 19:37 <DIR> d-------- c:\program files\ATI Technologies
2009-03-25 19:35 . 2009-03-25 19:39 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-25 19:32 . 2009-03-26 14:45 <DIR> d-------- c:\program files\Google
2009-03-25 19:29 . 2009-03-25 19:29 <DIR> d-------- c:\program files\Java
2009-03-25 19:29 . 2009-03-25 19:29 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-25 19:29 . 2009-03-25 19:29 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-25 19:28 . 2008-03-09 07:25 236 --ah----- c:\program files\Common Files\dx.reg
2009-03-25 19:13 . 2009-03-25 19:13 <DIR> d-------- c:\windows\system32\ar-SA
2009-03-25 19:13 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-25 19:12 . 2009-03-25 19:12 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-25 19:12 . 2009-03-25 19:12 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-25 19:12 . 2009-03-25 19:12 <DIR> d-------- c:\program files\MSBuild
2009-03-25 19:12 . 2009-03-25 19:12 <DIR> d-------- C:\f39584c5632791a131cffdbb
2009-03-25 19:12 . 2008-07-06 15:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-25 19:12 . 2008-07-06 15:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-25 19:12 . 2008-07-06 13:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-25 19:12 . 2008-07-06 15:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-25 19:12 . 2008-07-06 15:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-25 19:12 . 2008-07-06 15:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-25 19:12 . 2008-07-06 15:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-25 19:10 . 2009-03-25 19:10 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-25 19:10 . 2007-11-30 14:18 26,488 --a------ c:\windows\system32\spupdsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 16:39 294,912 ----a-w c:\windows\HideWin.exe
2009-03-25 12:45 --------- d-----w c:\program files\microsoft frontpage
2009-03-15 10:25 56,268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
.
------- Sigcheck -------
2004-08-04 15:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys
2004-08-04 15:00 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-01-08 3215360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-26 270128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 180269]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 c:\windows\AGRSMMSG.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-05-15 6822728]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2008-05-04 76544]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
.
Contents of the 'Scheduled Tasks' folder
2009-03-29 c:\windows\Tasks\AC4A306391A9A353.job
- c:\docume~1\m7md\applic~1\holegl~1\Keep else type.exe [2009-03-26 14:40]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Bagschin - c:\docume~1\m7md\APPLIC~1\HOLEGL~1\move two creative.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = 127.0.0.1:1080
uInternet Settings,ProxyOverride = speedtouch.lan
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
IE: {{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-03-29 23:19:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-29 23:20:28
ComboFix-quarantined-files.txt 2009-03-29 20:20:26
Pre-Run: 148,905,693,184 bytes free
Post-Run: 149,203,300,352 bytes free
238
تأييد
0
مثل الزمن
زيزوومى متألق
غير متصل
هذا تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:28 AM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HTTP-Tunnel\HTTP-TunnelClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\m7md\Desktop\Zyzoom_HijackThis\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = speedtouch.lan
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 7662 bytes
Scan saved at 12:21:28 AM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HTTP-Tunnel\HTTP-TunnelClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\m7md\Desktop\Zyzoom_HijackThis\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = speedtouch.lan
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 7662 bytes
تأييد
0
MAAX
عضوشرف
غير متصل
تقرير سليم حاليا
نزل هذه الاداة واتبع الشرح التالي
نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وينصح لتشغيل تحديثات الوندوز
وينصح لتشغيل تحديثات الوندوز
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
رابط تحميل آخر تحديث للاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
وارفق لي التقرير
توقيع : AbOdy
تأييد
0
مثل الزمن
زيزوومى متألق
غير متصل
تم إجراء اللازم ، وهذا التقرير اللي طلبت
SmitFraudFix v2.405
Scan done at 20:04:08.82, Mon 03/30/2009
Run from C:\Downloads\برنامج إعداد تقرير للمتصفح وحل مشاكله\03\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{373C1E61-062B-44AA-B571-0A24F977C2C2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{373C1E61-062B-44AA-B571-0A24F977C2C2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{373C1E61-062B-44AA-B571-0A24F977C2C2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 20:04:08.82, Mon 03/30/2009
Run from C:\Downloads\برنامج إعداد تقرير للمتصفح وحل مشاكله\03\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{373C1E61-062B-44AA-B571-0A24F977C2C2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{373C1E61-062B-44AA-B571-0A24F977C2C2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{373C1E61-062B-44AA-B571-0A24F977C2C2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
تأييد
0
مثل الزمن
زيزوومى متألق
غير متصل
حاليا ً لا
وهذا توضيح أكبر
التعليق والرساله كان يجيني إذا فتحت بريد الهوتميل وجلست أحمل مقطع فيديو من نفس البريد
واجهتني المشكلة أكثر من مرة ، فقط على بريد الهوتميل
ومن أمس إلى الآن استخدم الجهاز وكل شي تمام الحمد لله
وإن شاء الله إن الامور زينه ، وهذي من بركات الله ثم بركاتكم
الله لايحرمنا منكم
وإذا صار شي لاقدر الله والله لايقوله إن شاء الله
راح اتواصل معكم على هذا الموضوع
شكراً لكم جميعا ً
وهذا توضيح أكبر
التعليق والرساله كان يجيني إذا فتحت بريد الهوتميل وجلست أحمل مقطع فيديو من نفس البريد
واجهتني المشكلة أكثر من مرة ، فقط على بريد الهوتميل
ومن أمس إلى الآن استخدم الجهاز وكل شي تمام الحمد لله
وإن شاء الله إن الامور زينه ، وهذي من بركات الله ثم بركاتكم
الله لايحرمنا منكم
وإذا صار شي لاقدر الله والله لايقوله إن شاء الله
راح اتواصل معكم على هذا الموضوع
شكراً لكم جميعا ً
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
الحمد لله على حل المشكلة
اختي كانت عندك فيروسات الاخوان ماقصروا
اختي كانت عندك فيروسات الاخوان ماقصروا
توقيع : فارس الملاك
تأييد
0
- الحالة