- بادئ الموضوع نبض إنسان
- تاريخ البدء
- 1,047
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
عليكم السلام ... مرحبا بك
اعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
توقيع : Demo-dash
تأييد
0
نبض إنسان
زيزوومي جديد
غير متصل
وعليكم السلام ورحمة الله وبركاتهـ,
PHP:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:33:13 م, on 29/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\VIA\RAID\raid_tool.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\VTtrayp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Paltalk Messenger\paltalk.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
K:\تقرير HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: إضافة إلى حاجب الدعايات - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - D:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232726607640
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7149 bytes
تأييد
0
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
اذا اشبك الفلاش بالجهاز واستخدم هالاداه
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : Demo-dash
تأييد
0
نبض إنسان
زيزوومي جديد
غير متصل
هذا التقرير الثاني
PHP:
ComboFix 09-03-28.06 - pc 03/29/2009 18:58:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.446.210 [GMT 3:00]
Running from: d:\documents and settings\pc\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\windows\system32\agsaame.dll
d:\windows\system32\ALOAudioFile2.dll
d:\windows\system32\ALOAVIFile.dll
d:\windows\system32\ALOQuickTimeFile.dll
d:\windows\system32\ALOVideoCoreM.dll
d:\windows\system32\ALOWMAFile2.dll
d:\windows\system32\kakle.dll
d:\windows\system32\winitn.dll
M:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 16:04 6,044 --sha-w d:\windows\system32\drivers\fidbox2.idx
2009-03-29 16:04 532,512 --sha-w d:\windows\system32\drivers\fidbox2.dat
2009-03-29 16:04 --------- d-----w d:\documents and settings\pc\Application Data\DMCache
2009-03-29 16:01 42,036 --sha-w d:\windows\system32\drivers\fidbox.idx
2009-03-29 16:01 4,705,824 --sha-w d:\windows\system32\drivers\fidbox.dat
2009-03-29 15:51 --------- d-----w d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-25 16:34 --------- d-----w d:\documents and settings\pc\Application Data\U3
2009-03-24 16:53 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2009-03-16 16:26 --------- d-----w d:\program files\GetData
2009-03-14 16:20 --------- d-----w d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-12 11:22 --------- d-----w d:\program files\JetAudio
2009-03-12 11:22 --------- d-----w d:\documents and settings\pc\Application Data\COWON
2009-03-12 11:13 --------- d--h--w d:\program files\InstallShield Installation Information
2009-03-09 13:50 --------- d-----w d:\program files\Messenger Plus! Live
2009-03-08 16:05 --------- d-----w d:\documents and settings\pc\Application Data\Windows Live Writer
2009-03-08 15:58 --------- d-----w d:\documents and settings\pc\Application Data\IDM
2009-03-06 13:19 --------- d-----w d:\program files\Windows Live
2009-03-06 13:13 --------- d-----w d:\program files\Microsoft SQL Server Compact Edition
2009-03-06 13:11 --------- d-----w d:\program files\Windows Live SkyDrive
2009-03-06 13:11 --------- d-----w d:\program files\Microsoft
2009-03-06 12:30 --------- d-----w d:\program files\Common Files\Windows Live
2009-03-06 08:33 --------- d-----w d:\documents and settings\All Users\Application Data\WinZip
2009-03-05 14:26 --------- d-----w d:\documents and settings\pc\Application Data\Thinstall
2009-02-27 20:24 --------- d-----w d:\program files\Paltalk Messenger
2009-02-27 14:26 --------- d-----w d:\documents and settings\pc\Application Data\Paltalk
2009-02-21 18:20 --------- d-----w d:\documents and settings\pc\Application Data\vlc
2009-02-17 20:26 --------- d-----w d:\program files\MSXML 4.0
2009-02-16 16:59 --------- d-----w d:\program files\Magic Video Converter
2009-02-10 10:58 33,808 ----a-w d:\windows\system32\drivers\klbg.sys
2009-02-09 14:15 1,846,144 ----a-w d:\windows\system32\win32k.sys
2009-02-06 16:43 307,576 ----a-w d:\windows\WLXPGSS.SCR
2009-02-06 15:52 49,504 ----a-w d:\windows\system32\sirenacm.dll
2009-02-03 17:07 89,601 ----a-w d:\windows\system32\drivers\klick.dat
2009-02-03 17:07 101,287 ----a-w d:\windows\system32\drivers\klin.dat
2009-02-01 18:20 --------- d-----w d:\program files\MyPal
2009-01-09 19:02 81,920 ----a-w d:\documents and settings\pc\Application Data\ezpinst.exe
2009-01-09 19:02 47,360 ----a-w d:\documents and settings\pc\Application Data\pcouffin.sys
2009-01-09 18:54 73,216 ----a-w d:\windows\ST6UNST.EXE
2009-01-09 18:54 172,032 ------w d:\windows\Setup1.exe
2009-01-09 18:52 344,064 ----a-w d:\windows\system32\dkll.dll
2009-01-09 18:52 196,608 ----a-w d:\windows\system32\maag.dll
2009-01-09 18:52 18,595,840 ----a-w d:\windows\system32\coredata.dll
2009-01-09 18:52 1,986,560 ----a-w d:\windows\system32\akll.dll
2009-01-09 18:52 1,212,416 ----a-w d:\windows\system32\ckll.dll
2009-01-09 18:52 1,128,128 ----a-w d:\windows\system32\NMSDVDXU.dll
2009-01-09 18:43 499,712 ----a-w d:\windows\system32\msvcp71.dll
2009-01-09 18:43 348,160 ----a-w d:\windows\system32\msvcr71.dll
2009-01-09 18:36 155,995 ----a-w d:\windows\java\Packages\VXF937NT.ZIP
2009-01-09 18:35 57,376 ----a-w d:\program files\Uninstall.exe
2009-01-09 18:35 5,106 ----a-w d:\program files\Uninstall.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [07/28/2008 10:02 PM 2610608]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [08/04/2004 01:09 AM 1667584]
"AdobeUpdater"="d:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/11/2009 11:45 PM 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM 40048]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [01/09/2009 09:43 PM 185896]
"RaidTool"="d:\program files\VIA\RAID\raid_tool.exe" [11/23/2005 05:12 AM 1060864]
"VTTimer"="VTTimer.exe" [03/07/2005 10:33 PM 53248 d:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [10/31/2005 11:15 PM 163840 d:\windows\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [03/01/2006 11:22 AM 577536 d:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
"Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [03/27/2007 03:58 PM 1744896]
d:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-14 113664]
PalTalk.lnk - d:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]
WinZip Quick Pick.lnk - d:\program files\WinZip\WZQKPICK.EXE [2009-03-06 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 06/27/2007 06:03 PM 152872 d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 07/24/2008 06:02 PM 490952 d:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 07/28/2008 10:02 PM 2610608 d:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 03/01/2007 02:57 PM 153136 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 03/23/2007 01:20 PM 227328 d:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 AVPsys;AVPsys;d:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bcc83f2-de8f-11dd-8e84-0019db4be057}]
\Shell\AutoRun\command - N:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: تحميل الكل بـ إنترنت داونلود مانيجر - d:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - d:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - d:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\6jcxurnj.default\
FF - component: d:\documents and settings\pc\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: d:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: d:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: d:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: d:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: d:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: d:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: d:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: d:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 19:04:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2025429265-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="NOTEPAD.EXE"
"MRUList"="a"
[HKEY_USERS\S-1-5-21-2025429265-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithProgids]
"ctt_auto_file"=hex(0):
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,0b,12,9e,fa,a4,e9,25,4b,45,fd,1b,60,1a,42,67,46,03,19,1c,09,
d3,6d,da,7c,50,47,dd,9b,34,6f,fd,bf,aa,ac,3d,76,51,27,f5,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9f9154fd-de45-4aea-9689-8f62fdddbd34}]
@Denied: (Full) (Everyone)
"Model"=dword:00000049
"Therad"=dword:0000000a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,3d,40,d8,be,96,c7,80,34,ff,de,1b,59,3f,a3,\
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
.
**************************************************************************
.
Completion time: 03/29/2009 19:09:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-29 16:09:18
Pre-Run: 22,113,918,976 bytes free
Post-Run: 23,643,815,936 bytes free
191 --- E O F --- 2009-03-12 04:53:27
تأييد
0