تقرير الهايجاك

ا

ابو خسفة

زيزوومي جديد
إنضم
8 أكتوبر 2008
المشاركات
16
مستوى التفاعل
0
النقاط
20
غير متصل
هذا تقرير لاهل الخبرة مع العلم ان جهازي الوندز الذي به مضروب وحاولت اصلاحه لكن لم يفد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:07:29, on 29/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Documents and Settings\mohammed\سطح المكتب\Zyzoom_HijackThis.exe
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [balm new] C:\DOCUME~1\mohammed\APPLIC~1\PROC64~1\Pollheckdumb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: خدمة تحديث Google (gupdate1c9abff4ecba970) (gupdate1c9abff4ecba970) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
--
End of file - 9033 bytes


ارجو المساعدة والنصيحة
والله يجزاكم الله كل خير
 

توقيع : ابو خسفة
ترتيب حسب التاريخ ترتيب حسب الأصوات
اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : AbOdy
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
الاخ الفاضل MAAX
يا هلا بك
وهذا التقرير
ComboFix 09-03-28.06 - mohammed 03/29/2009 14:54:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.735.467 [GMT 3:00]
Running from: c:\documents and settings\mohammed\سطح المكتب\ComboFix.exe
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\E21vy27T.exe.a_a
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 21:03 --------- d-----w c:\documents and settings\mohammed\Application Data\AVG7
2009-03-28 20:22 --------- d-----w c:\program files\SweetIM
2009-03-28 20:22 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2009-03-27 19:38 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-24 15:12 --------- d-----w c:\program files\MSXML 4.0
2009-03-23 23:05 --------- d-----w c:\program files\LtUcx
2009-03-23 22:40 --------- d-----w c:\program files\TopThemesXP
2009-03-23 22:26 --------- d-----w c:\program files\SourceTec
2009-03-23 22:26 --------- d-----w c:\program files\Common Files\SourceTec
2009-03-23 21:38 --------- d-----w c:\program files\Common Files\xing shared
2009-03-23 21:38 --------- d-----w c:\program files\Common Files\Real
2009-03-23 21:36 --------- d-----w c:\program files\Google
2009-03-21 22:03 --------- d-----w c:\program files\Golden Al-Wafi Translator
2009-03-18 21:34 --------- d-----w c:\program files\Windows Installer Clean Up
2009-03-18 21:34 --------- d-----w c:\program files\MSECACHE
2009-03-16 16:39 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-16 09:49 --------- d-----w c:\program files\XoftSpySE
2009-03-13 00:26 --------- d-----w c:\program files\Windows Live
2009-03-13 00:21 --------- d-----w c:\program files\Microsoft Sync Framework
2009-03-13 00:19 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-12 23:10 --------- d-----w c:\program files\MSN Messenger
2009-03-12 23:09 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-12 23:09 --------- d-----w c:\program files\Microsoft
2009-03-12 22:55 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-27 11:36 89,996 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-27 11:36 7,587,872 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-10 21:15 --------- d-----w c:\documents and settings\mohammed\Application Data\Proc 64
2009-02-10 21:14 --------- d-----w c:\documents and settings\All Users\Application Data\Bags Plus Online Chin
2009-02-10 21:13 --------- d-----w c:\program files\Proc 64
2009-02-10 21:12 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-10 21:12 --------- d-----w c:\program files\Circle Developement
2009-02-08 04:06 --------- d-----w c:\program files\Hotspot Shield
2009-02-06 16:43 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-05 21:55 31,704 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-02-04 09:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-04 09:03 --------- d-----w c:\documents and settings\mohammed\Application Data\SUPERAntiSpyware.com
2009-02-04 09:03 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-29 23:27 --------- d-----w c:\program files\VS Revo Group
2009-01-29 23:27 --------- d-----w c:\documents and settings\mohammed\Application Data\Ashampoo Photo Commander 5
2009-01-28 23:07 --------- d-----w c:\program files\Hotspot_Shield
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [03/04/2009 12:20 AM 1883672]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [10/08/2008 12:22 PM 173368]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
03/04/2009 12:20 AM 1883672 --a------ c:\program files\Hotspot_Shield\tbHot0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
10/08/2008 12:22 PM 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
02/07/2009 11:26 PM 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [03/04/2009 12:20 AM 1883672]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [10/08/2008 12:22 PM 1172792]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [03/04/2009 12:20 AM 1883672]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/18/2008 12:44 AM 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/27/2009 10:38 PM 1830128]
"balm new"="c:\docume~1\mohammed\APPLIC~1\PROC64~1\Pollheckdumb.exe" [02/11/2009 12:13 AM 569344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/24/2009 12:38 AM 198160]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [03/05/2009 07:36 PM 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [12/02/2008 08:58 PM 219136]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-03-01 122880]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [05/13/2008 09:13 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
12/22/2008 11:05 AM 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
12/20/2001 11:34 PM 24576 c:\program files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 04/14/2008 06:59 PM 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-06 117208]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 gupdate1c9abff4ecba970;خدمة تحديث Google (gupdate1c9abff4ecba970);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-05 29744]
.
Contents of the 'Scheduled Tasks' folder
2009-03-29 c:\windows\Tasks\AF4B116B918C830B.job
- c:\docume~1\mohammed\applic~1\proc64~1\Name Ref Stupid.exe [02/11/2009 12:15 AM]
2009-03-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [03/24/2009 12:35 AM]
2009-03-25 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM]
2009-03-29 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [07/18/2007 11:41 PM]
2009-03-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [07/18/2007 11:41 PM]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-TXP - c:\program files\topthemesxp\txp.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.19.17/sultan99/talks3n.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-29 14:58:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-839522115-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\AlienGUIse\fastload.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 03/29/2009 15:00:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-29 12:00:48
Pre-Run: 15,373,230,080 bytes free
Post-Run: 15,344,017,408 bytes free
215 --- E O F --- 2009-03-24 15:12:38

مع تحياتي وشكري لك
 
توقيع : ابو خسفة
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى