جهازي مليان فيروسات.مالحل؟

الحالة
مغلق و غير مفتوح للمزيد من الردود.
ا

القرمزي

زيزوومي جديد
إنضم
9 أبريل 2009
المشاركات
15
مستوى التفاعل
0
النقاط
20
غير متصل
سلام عليكم

اخواني سويت فحص على جهازي ولقيت اغلب الملفات مصابه بفيروس Win32.Virtob.Gen.12

وانا توي مسوي فورمات للجهاز عشان المشاكل اللي فيه بس للاسف ماانحلت
حاولت ارفع التقرير ماقدرت


ياليت تساعدوني وجزاكم الله خير
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام

اي برنامج قمت بعمل فيه التقرير ؟؟

إذا ماقدرت ترفع التقرير ,, ارفقه هنا على طول ,, تحديد الكل >> نسخ >> لصق
 
توقيع : AbOdy
تأييد 0
ما شاء الله ,, جهازك صاير قنبله فايروسات

لاهنت اعمل التالي



عطل استعادة النظام حسب الشرح التالي


dis_sys_xp.jpg




حمل اداة الكاسبر من الرابط التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل


تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير



zyzoom-7ce8879e89.png



zyzoom-cdd75c8aa3.png



zyzoom-89156f000e.png



zyzoom-6d533c4f2e.png



zyzoom-f20f3644d0.png



ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




وارفع التقرير على مركز الرفع الي رفعت عليه التقرير الأولي​
 
توقيع : AbOdy
تأييد 0
تمام



اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​
 
توقيع : AbOdy
تأييد 0
هذا هو اخوي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:02 ?, on 17/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\5902xp_6033v_012208\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Documents and Settings\Administrator\reader_s.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\My Documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\c++.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - Startup: is-60N8F.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1\is-60N8F\startup.exe
O4 - Startup: Wireless Network Monitor.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\5902xp_6033v_012208\wdm\STacSV.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 5193 bytes
 
تأييد 0
الوضع سيء :no:

اعمل التالي




يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes



اثناء الفحص ممكن يعاد تشغيل الجهاز



وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،،

بعد ماتخلص من الأداة ,, احفظ التقرير واعد تشغيل الجهاز

وعطني تقرير نفس التقرير الأولي للهايجاك


بالأنتظار للتقريرين
 
توقيع : AbOdy
تأييد 0
هذا تقرير البرنامج اخوي

ComboFix 09-04-17.01 - Administrator 04/18/2009 12:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.966.1033.18.1015.723 [GMT 2:00]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\mousehook.dll
c:\docume~1\ADMINI~1\LOCALS~1\Temp\ntdll64.dll
c:\documents and settings\Administrator\Local Settings\Temp1239811749.exe
c:\documents and settings\Administrator\Local Settings\Temp1239814835.exe
c:\documents and settings\Administrator\Local Settings\Temp1239817069.exe
c:\documents and settings\Administrator\Local Settings\Temp1239834051.exe
c:\documents and settings\Administrator\Local Settings\Temp1239835889.exe
c:\documents and settings\Administrator\reader_s.exe
c:\windows\dhcp\svchost.exe
c:\windows\IE4 Error Log.txt
c:\windows\services.exe
c:\windows\system32\afisicx.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\at1394.sys
c:\windows\system32\c++.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\fhpatch.dll
c:\windows\system32\Iasv32.dll
c:\windows\system32\iphy.dll
c:\windows\system32\IpSvchostF.dll
c:\windows\system32\ntdll64.exe
c:\windows\system32\reader_s.exe
c:\windows\system32\riphy.dll
c:\windows\system32\sopidkc.exe
c:\windows\system32\tdctxte.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\uniq.tll
c:\windows\system32\w.exe
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\Temp\33.exe
c:\windows\TEMP\ntdll64.dll
E:\WinRAR.exe
c:\windows\system32\userinit.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_AFISICX
-------\Legacy_AT1394
-------\Legacy_DHCPSRV
-------\Legacy_IAS
-------\Legacy_PROTECT
-------\Legacy_SOPIDKC
-------\Legacy_TDCTXTE
-------\Service_6to4
-------\Service_afisicx
-------\Service_at1394
-------\Service_DhcpSrv
-------\Service_Ias
-------\Service_protect
-------\Service_restore
-------\Service_sopidkc
-------\Service_tdctxte

((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.
2009-04-18 10:12 . 2009-04-18 10:12 0 ------w c:\windows\system32\IpSvchostF.dll
2009-04-17 02:09 . 2009-04-17 02:31 36864 ----a-w c:\windows\system32\dpcxool64.sys
2009-04-17 02:09 . 2009-04-17 02:09 61440 ----a-w c:\windows\system32\tcpd.exe
2009-04-17 02:07 . 2009-04-18 10:09 -------- d-----w c:\windows\dhcp
2009-04-17 02:07 . 2009-04-17 02:07 31744 ----a-w c:\windows\system32\frmwrk32.ex_
2009-04-16 17:30 . 2009-04-16 17:31 71680 ----a-w c:\windows\system32\4.tmp
2009-04-16 17:30 . 2009-04-16 17:30 168 ----a-w c:\windows\system32\3.tmp
2009-04-16 11:09 . 2009-04-16 11:09 124 ----a-w c:\windows\system32\D.tmp
2009-04-16 11:07 . 2009-04-16 11:07 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-04-16 11:07 . 2005-12-06 02:24 7846 ----a-w c:\windows\system32\rt73.cat
2009-04-16 11:07 . 2005-11-24 17:51 245248 ----a-w c:\windows\system32\rt73.sys
2009-04-16 11:07 . 2009-04-16 11:07 1361 ----a-w c:\windows\system32\WLAN.INI
2009-04-16 10:47 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\64173164.sys
2009-04-16 10:46 . 2009-04-17 09:19 2785312 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-16 10:46 . 2009-04-17 09:19 14588 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-16 10:46 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\23244118.sys
2009-04-16 01:27 . 2009-04-16 01:27 124 ----a-w c:\windows\system32\6.tmp
2009-04-16 00:44 . 2009-04-16 00:44 -------- d--h--w c:\windows\$hf_mig$
2009-04-15 23:50 . 2009-04-15 23:50 124 ----a-w c:\windows\system32\2.tmp
2009-04-15 17:16 . 2009-04-15 21:19 -------- d-----w c:\windows\BDOSCAN8
2009-04-15 17:05 . 2009-04-15 17:05 -------- d-----w c:\documents and settings\Administrator\Application Data\Logs
2009-04-15 12:51 . 2009-04-15 12:51 27848 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 12:16 . 2009-04-15 12:16 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-15 12:12 . 2009-04-18 10:13 -------- d-----w c:\documents and settings\Administrator\Tracing
2009-04-15 10:16 . 2009-04-15 10:16 80 ----a-w c:\windows\system32\A9.tmp
2009-04-15 09:21 . 2009-04-17 03:08 -------- d-----w c:\windows\system32\config\systemprofile\Tracing
2009-04-15 08:31 . 2009-04-15 08:31 25088 ----a-w c:\windows\metscr.dll
2009-04-15 08:21 . 2008-02-15 10:45 172032 ----a-w c:\windows\system32\igfxres.dll
2009-04-15 08:19 . 2009-04-15 08:19 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-15 08:19 . 2009-04-15 08:19 -------- d-sh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-04-15 08:18 . 2004-01-01 00:00 25088 ----a-w c:\documents and settings\All Users\proto.dll
2009-04-15 08:13 . 2009-04-15 08:13 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache
2009-04-15 08:12 . 2009-04-15 08:12 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-15 08:12 . 2009-04-15 08:12 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-15 08:11 . 2009-04-15 12:05 27848 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 08:09 . 2008-02-15 13:09 27024 ----a-w c:\windows\system32\igxpxs32.vp
2009-04-15 08:09 . 2008-02-15 11:12 1670144 ----a-w c:\windows\system32\igxpdv32.dll
2009-04-15 08:09 . 2008-02-15 11:12 2643968 ----a-w c:\windows\system32\igxpdx32.dll
2009-04-15 08:09 . 2008-02-15 11:12 5854752 ----a-w c:\windows\system32\drivers\igxpmp32.sys
2009-04-15 08:09 . 2008-02-15 11:12 57344 ----a-w c:\windows\system32\igxprd32.dll
2009-04-15 08:09 . 2008-02-15 11:12 151040 ----a-w c:\windows\system32\igxpgd32.dll
2009-04-15 08:09 . 2008-02-15 10:46 48128 ----a-w c:\windows\system32\igfxsrvc.dll
2009-04-15 08:09 . 2008-02-15 10:45 102400 ----a-w c:\windows\system32\hccutils.dll
2009-04-15 08:09 . 2008-02-15 10:38 2096 ----a-w c:\windows\system32\igxpxk32.vp
2009-04-15 08:09 . 2009-04-15 08:09 -------- d-----w c:\windows\system32\Lang
2009-04-15 08:09 . 2008-03-07 10:56 920088 ----a-w c:\windows\system32\igxpun.exe
2009-04-15 08:09 . 2006-11-10 06:25 319456 ----a-w c:\windows\system32\difxapi.dll
2009-04-15 08:08 . 2009-04-15 08:08 -------- d-----w c:\windows\OPTIONS
2009-04-15 08:07 . 2009-04-15 08:07 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2009-04-15 08:07 . 2009-01-21 13:49 118656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2009-04-15 08:07 . 2009-01-16 20:45 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-04-15 08:06 . 2009-04-15 08:20 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-15 08:06 . 2008-05-01 14:35 53248 ----a-w c:\windows\system32\CSVer.dll
2009-04-15 08:06 . 2009-04-15 08:06 -------- d-----w C:\Intel
2009-04-15 07:57 . 2009-04-15 07:57 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-15 07:48 . 2009-04-15 07:48 80 ----a-w c:\windows\system32\242.tmp
2009-04-15 07:44 . 2009-04-15 07:44 0 ----a-w c:\windows\system32\145.tmp
2009-04-15 07:44 . 2009-04-15 07:44 80 ----a-w c:\windows\system32\107.tmp
2009-04-15 07:44 . 2009-01-07 16:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-15 07:43 . 2009-04-15 07:43 25 ----a-w c:\windows\cdplayer.ini
2009-04-15 07:43 . 2007-08-13 16:45 78336 -c--a-w c:\windows\system32\dllcache\ieencode.dll
2009-04-15 07:43 . 2007-08-13 16:45 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 07:40 . 2009-04-15 07:40 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-15 07:40 . 2009-04-15 07:40 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-15 07:37 . 2005-11-24 17:51 245248 ----a-w c:\windows\system32\drivers\rt73.sys
2009-04-15 07:37 . 2005-11-03 15:41 32768 ----a-w c:\windows\system32\GTGina.dll
2009-04-15 07:37 . 2005-02-01 16:18 17992 ----a-w c:\windows\system32\drivers\bcm42rly.sys
2009-04-15 07:37 . 2005-02-01 16:18 17992 ----a-w c:\windows\system32\bcm42rly.sys
2009-04-15 07:37 . 2005-02-01 16:18 17992 ----a-w c:\windows\bcm42rly.sys
2009-04-15 07:37 . 2003-10-13 13:30 94208 ----a-w c:\windows\system32\GTW32N50.dll
2009-04-15 07:37 . 2003-09-25 21:28 31930 ----a-w c:\windows\system32\GTNDIS3.VXD
2009-04-15 07:37 . 2003-09-25 20:15 15872 ----a-w c:\windows\system32\GTNDIS5.sys
2009-04-15 07:36 . 2009-04-15 07:36 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Thinstall
2009-04-15 07:36 . 2009-04-15 07:36 -------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-04-15 03:05 . 2009-04-15 03:05 8192 ----a-w c:\windows\REGLOCS.OLD
2009-04-15 03:05 . 2009-04-15 03:05 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft
2009-04-15 03:05 . 2009-04-15 07:50 -------- d-sh--w c:\documents and settings\NetworkService
2009-04-15 03:03 . 2004-01-01 00:00 40448 -c--a-w c:\windows\system32\dllcache\snmpthrd.dll
2009-04-15 03:02 . 2004-01-01 00:00 7168 -c--a-w c:\windows\system32\dllcache\f3ahvoas.dll
2009-04-15 03:01 . 2009-04-15 03:01 23392 ----a-w c:\windows\system32\nscompat.tlb
2009-04-15 03:01 . 2009-04-15 03:01 16832 ----a-w c:\windows\system32\amcompat.tlb
2009-04-15 03:01 . 2009-04-15 03:01 316640 ----a-w c:\windows\WMSysPr9.prx
2009-04-15 03:01 . 2009-04-15 03:01 -------- d-sh--w c:\documents and settings\All Users\DRM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 02:09 . 2009-04-15 07:39 10240 ----a-w c:\windows\system32\Packer.dll
2009-04-17 02:07 . 2004-01-01 00:00 123904 ----a-w c:\windows\system32\userinit.exe
2009-04-17 02:06 . 2009-04-15 07:38 -------- d-sh--r c:\program files\ThunMail
2009-04-17 02:06 . 2009-04-17 02:06 262 ----a-w C:\gadhq2g.log
2009-04-16 11:07 . 2009-04-16 11:07 -------- d-----w c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-04-16 11:07 . 2009-04-15 07:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 11:07 . 2009-04-15 07:37 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-16 10:57 . 2008-01-09 13:01 57344 ----a-w c:\windows\bdoscandel.exe
2009-04-16 10:57 . 2004-01-01 00:00 31744 ----a-w c:\windows\system32\ntsd.exe
2009-04-16 10:57 . 2009-04-15 02:57 344064 ----a-w c:\windows\system32\mspaint.exe
2009-04-16 10:57 . 2009-04-15 02:59 158720 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-16 10:57 . 2009-04-15 02:59 769024 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-04-16 10:57 . 2004-01-01 00:00 220672 ----a-w c:\windows\system32\logon.scr
2009-04-16 10:57 . 2004-01-01 00:00 110080 ----a-w c:\windows\system32\progman.exe
2009-04-16 10:57 . 2004-01-01 00:00 43008 ----a-w c:\windows\system32\shmgrate.exe
2009-04-16 10:57 . 2004-01-01 00:00 12800 ----a-w c:\windows\system32\regsvr32.exe
2009-04-16 10:54 . 2009-04-15 08:20 253952 ----a-w c:\windows\system32\igfxsrvc.exe
2009-04-16 10:54 . 2009-04-15 08:20 135168 ----a-w c:\windows\system32\igfxpers.exe
2009-04-16 10:54 . 2009-04-15 08:20 163840 ----a-w c:\windows\system32\hkcmd.exe
2009-04-16 10:54 . 2009-04-15 08:20 135168 ----a-w c:\windows\system32\igfxtray.exe
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\ALF3J1VJ.DAT
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\K7ZR5RRL.DAT
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\VRNFR9R7.DAT
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\PZRVBD75.DAT
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\MSEAV9V3.DAT
2009-04-15 22:55 . 2009-04-15 22:54 115146 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-04-15 22:55 . 2009-04-15 03:01 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-15 12:13 . 2009-04-15 12:12 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-15 09:18 . 2009-04-15 09:18 -------- d-----w c:\program files\Microsoft
2009-04-15 09:18 . 2009-04-15 09:18 -------- d-----w c:\program files\Windows Live
2009-04-15 09:18 . 2009-04-15 09:18 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-15 08:24 . 2009-04-15 08:24 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-15 08:23 . 2009-04-15 08:22 -------- d-----w c:\program files\IDT
2009-04-15 08:07 . 2009-04-15 08:07 -------- d-----w c:\program files\Realtek
2009-04-15 08:06 . 2009-04-15 08:06 -------- d-----w c:\program files\Intel
2009-04-15 07:48 . 2004-01-01 00:00 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-15 07:46 . 2009-04-15 07:46 2232 ----a-w c:\windows\java\Packages\Data\1ZZPFLBT.DAT
2009-04-15 07:46 . 2009-04-15 07:46 155995 ----a-w c:\windows\java\Packages\HB3RFXRD.ZIP
2009-04-15 07:40 . 2009-04-15 07:40 -------- d-----w c:\program files\Common Files\xing shared
2009-04-15 07:40 . 2009-04-15 07:40 -------- d-----w c:\program files\Common Files\Real
2009-04-15 07:40 . 2009-04-15 07:40 -------- d-----w c:\program files\Real
2009-04-15 07:39 . 2009-04-15 07:39 172032 ----a-w c:\windows\system32\tcpcon.dll
2009-04-15 07:39 . 2009-04-15 07:39 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Thinstall
2009-04-15 03:02 . 2009-04-15 03:02 -------- d-----w c:\program files\microsoft frontpage
2009-04-15 02:59 . 2009-04-15 02:59 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.
------- Sigcheck -------
[-] 2009-04-15 07:48 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-15 07:48 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\drivers\ndis.sys
[-] 2004-01-01 00:00 1051136 8F7111B91235C5E0398321509C45CCAE c:\windows\explorer.exe
[-] 2004-01-01 00:00 1051136 25E7BDF9507CC92862F3EB53AA62BACE c:\windows\system32\dllcache\explorer.exe
[-] 2004-01-01 00:00 34304 D3C5D6D836F0EBD75B76A29E68B1EF8D c:\windows\system32\ctfmon.exe
[-] 2004-01-01 00:00 34304 F68BB28F497502007B32BD26DA3E327F c:\windows\system32\dllcache\ctfmon.exe
[-] 2004-01-01 00:00 130048 410EB3752C17C0BB888F5EADEFBD6AF4 c:\windows\system32\wuauclt.exe
[-] 2004-01-01 00:00 130048 3EE6B2D621FB6C2FE958111D13F82B02 c:\windows\system32\dllcache\wuauclt.exe
[-] 2009-04-17 02:07 123904 0E3FE2BFE95BD8DD5D2BA36B18E35CD0 c:\windows\system32\userinit.exe
[-] 2009-04-17 02:07 123904 0E3FE2BFE95BD8DD5D2BA36B18E35CD0 c:\windows\system32\dllcache\userinit.exe
[-] 2009-04-17 02:09 983552 C3C7E091E09BC6BD266BE8305583FAFD c:\windows\system32\kernel32.dll
[7] 2004-01-01 00:00 983552 888190E31455FAD793312F8D087146EB c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-01-01 34304]
"DiskChk help"="c:\documents and settings\All Users\proto.dll" [2004-01-01 25088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-15 185872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-16 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-16 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-16 135168]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-16 442368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"svc"="c:\program files\ThunMail\testabd.exe" [2009-04-17 66760]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
is-60N8F.lnk - c:\documents and settings\Administrator\Desktop\Virus Removal Tool1\is-60N8F\startup.exe [2009-4-16 69632]
Wireless Network Monitor.lnk - c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\InvokeSvc2.exe [2009-4-16 60920]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli kbtdefd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\3361\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aen4c2e;aen4c2e; [x]
R1 afo62af;afo62af; [x]
R1 hmaa139;hmaa139; [x]
R1 imb7e5e;imb7e5e; [x]
R1 koe2ab4;koe2ab4; [x]
R1 paj545d;paj545d; [x]
R1 ppe352d;ppe352d; [x]
S1 is-2GB8Edrv;is-2GB8Edrv;c:\windows\system32\DRIVERS\23244118.sys [2008-07-08 148496]
S1 is-60N8Fdrv;is-60N8Fdrv;c:\windows\system32\DRIVERS\64173164.sys [2008-07-08 148496]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - GTNDIS5
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - is-2GB8Edrv
*Deregistered* - is-60N8Fdrv
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - STacSV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WUSB54GCSVC
*Deregistered* - WZCSVC
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-reader_s - c:\windows\system32\config\systemprofile\reader_s.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-18 12:12
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,fd,27,c6,43,c9,08,45,95,97,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,fd,27,c6,43,c9,08,45,95,97,b0,\
[HKEY_USERS\S-1-5-21-823518204-492894223-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,df,1a,23,ad,f8,70,4b,b7,0e,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,df,1a,23,ad,f8,70,4b,b7,0e,46,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\tcpcon.dll
c:\windows\system32\GTGina.dll
- - - - - - - > 'lsass.exe'(872)
c:\windows\kbtdefd.dll
- - - - - - - > 'explorer.exe'(3256)
c:\windows\kbtdefd.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\5902XP_6033V_012208\WDM\STacSV.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\3361\SVCHOST.EXE
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\Administrator\Desktop\Virus Removal Tool1\is-60N8F\is-60n8f.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-04-18 12:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 10:14
Pre-Run: 6,200,279,040 bytes free
Post-Run: 6,562,504,704 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
425
 
تأييد 0
وهذا الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49:41 ?, on 18/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\5902xp_6033v_012208\wdm\STacSV.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - Startup: is-60N8F.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1\is-60N8F\startup.exe
O4 - Startup: Wireless Network Monitor.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\5902xp_6033v_012208\wdm\STacSV.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 4869 bytes
 
تأييد 0
تماام

حمل اداة دكتور ويب للفحص والتنظيف وهي محدثه بتاريخ اليوم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


(( اذا كنت تستخدم كاسبر أعمل له خروج من جوار الساعه أولاً ))

i72j1t42q3.jpg


شرح عمل الاداة ::

بعد التحميل نقوم بتشغيلها .. ونعمل كما بالصور ::

3oh2ql4moe.jpg


ثم

wb3gi1nm8j.jpg


ثم ننتظر قليلاً يتم فحص الذاكرة فقط ..

وبعد الانتهاء نعمل كما بالصوره للفحص الشامل للجهاز

m3m2rh4xtf.jpg


وفي حال العثور على فايروس أثناء الفحص وظهرت هذه الرساله

نعمل الاتي لحذف الاصابه وتنظيفها ::

vwopk5zb2n.jpg


ثم ننتظر أنتهاء الفحص الشامل (( قد يتأخر الفحص على حسب حجم ملفاتك على الجهاز ))

وعند الانتهاء نعمل الاتي ::

vgcih1gsrj.jpg


ثم نقوم بحذف الفايروسات المكتشفه ::

1h71ch58um.jpg


(( ثم أعد تشغيل الجهاز ))



بعد عمل المطلوب

ارفع لي تقرير للهايجاك جديد
 
توقيع : AbOdy
تأييد 0
اخي الكريم حملت البرنامج بس اذا ضغطت ابدا الفحص ثم موافق يقول فيه مشكله

ومايشتغل
 
تأييد 0
حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها فتظهر لك واجهة الاداة
احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة
 
توقيع : AbOdy
تأييد 0
هذا التقرير اخوي عبودي

Engine Version : 5300.2777
Engine Load Time : 39375 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\Administrator\NTUSER.DAT : Scan Failed
c:\Documents and Settings\Administrator\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\LogFiles\edbtmp.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d1b831d9-6c43-4530-a771-c70f19b0a87b}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d1b831d9-6c43-4530-a771-c70f19b0a87b}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d1b831d9-6c43-4530-a771-c70f19b0a87b}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\LogFiles\edbtmp.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\fla14.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\fla27D.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\JVM18.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\MPC9C.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\Perflib_Perfdata_1b6c.dat : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\~DF5D66.tmp : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1033.dat : Scan Failed
c:\WINDOWS\pchealth\helpctr\Config\CheckPoint\tmp.edb : Scan Failed
c:\WINDOWS\pchealth\helpctr\Database\HCdata.edb : Scan Failed
c:\WINDOWS\system32\IpSvchostF.dll : Scan Failed
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.idx : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 18409
FilesScanned : 12308
FilesNotScanned : 6101

ObjectsFound : 41273
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 07:42:11 م 24 ربيع الثاني, 1430
Ended at : 08:07:26 م 24 ربيع الثاني, 1430
Duration : 25 minutes 15 seconds
2254 MB scanned in 1515 seconds = 1524 KB/s
Engine Version : 5300.2777
Engine Load Time : 41860 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 15411
FilesScanned : 11579
FilesNotScanned : 3832

ObjectsFound : 19016
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 08:08:10 م 24 ربيع الثاني, 1430
Ended at : 08:18:56 م 24 ربيع الثاني, 1430
Duration : 10 minutes 46 seconds
1230 MB scanned in 646 seconds = 1950 KB/s
Engine Version : 5300.2777
Engine Load Time : 40468 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 2878
FilesScanned : 1593
FilesNotScanned : 1285

ObjectsFound : 2957
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 08:19:38 م 24 ربيع الثاني, 1430
Ended at : 08:21:11 م 24 ربيع الثاني, 1430
Duration : 1 minutes 33 seconds
186 MB scanned in 93 seconds = 2 MB/s
Engine Version : 5300.2777
Engine Load Time : 50094 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 1
FilesScanned : 0
FilesNotScanned : 1

ObjectsFound : 1
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 08:22:02 م 24 ربيع الثاني, 1430
Ended at : 08:22:02 م 24 ربيع الثاني, 1430
Duration : 0 seconds
 
تأييد 0
يعطيك العافية

بس ماطبقت الكلام الي قلت لك عليه

شغلها فتظهر لك واجهة الاداة
احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة
أنقر للتوسيع...


اعد الفحص مرة اخرى واختار خيار التنظيف

وعطني التقرير من جديد
 
توقيع : AbOdy
تأييد 0
ضغطت تنظيف المره الاولى وعدته مره ثانيه وضغطت تنظيف وهذا التقرير الجديد

Engine Version : 5300.2777
Engine Load Time : 39375 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\Administrator\NTUSER.DAT : Scan Failed
c:\Documents and Settings\Administrator\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\LogFiles\edbtmp.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d1b831d9-6c43-4530-a771-c70f19b0a87b}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d1b831d9-6c43-4530-a771-c70f19b0a87b}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d1b831d9-6c43-4530-a771-c70f19b0a87b}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\LogFiles\edbtmp.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\fla14.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\fla27D.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\JVM18.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\MPC9C.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\Perflib_Perfdata_1b6c.dat : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\~DF5D66.tmp : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1033.dat : Scan Failed
c:\WINDOWS\pchealth\helpctr\Config\CheckPoint\tmp.edb : Scan Failed
c:\WINDOWS\pchealth\helpctr\Database\HCdata.edb : Scan Failed
c:\WINDOWS\system32\IpSvchostF.dll : Scan Failed
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.idx : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 18409
FilesScanned : 12308
FilesNotScanned : 6101

ObjectsFound : 41273
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 07:42:11 م 24 ربيع الثاني, 1430
Ended at : 08:07:26 م 24 ربيع الثاني, 1430
Duration : 25 minutes 15 seconds
2254 MB scanned in 1515 seconds = 1524 KB/s
Engine Version : 5300.2777
Engine Load Time : 41860 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 15411
FilesScanned : 11579
FilesNotScanned : 3832

ObjectsFound : 19016
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 08:08:10 م 24 ربيع الثاني, 1430
Ended at : 08:18:56 م 24 ربيع الثاني, 1430
Duration : 10 minutes 46 seconds
1230 MB scanned in 646 seconds = 1950 KB/s
Engine Version : 5300.2777
Engine Load Time : 40468 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 2878
FilesScanned : 1593
FilesNotScanned : 1285

ObjectsFound : 2957
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 08:19:38 م 24 ربيع الثاني, 1430
Ended at : 08:21:11 م 24 ربيع الثاني, 1430
Duration : 1 minutes 33 seconds
186 MB scanned in 93 seconds = 2 MB/s
Engine Version : 5300.2777
Engine Load Time : 50094 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 1
FilesScanned : 0
FilesNotScanned : 1

ObjectsFound : 1
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 08:22:02 م 24 ربيع الثاني, 1430
Ended at : 08:22:02 م 24 ربيع الثاني, 1430
Duration : 0 seconds
Engine Version : 5300.2777
Engine Load Time : 58422 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Terminating scan ...
Engine Version : 5300.2777
Engine Load Time : 65859 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections

Memory : Clean
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\Administrator\NTUSER.DAT : Scan Failed
c:\Documents and Settings\Administrator\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{c47c6334-5eaf-47c2-96df-173eaad72916}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d1b831d9-6c43-4530-a771-c70f19b0a87b}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d1b831d9-6c43-4530-a771-c70f19b0a87b}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d1b831d9-6c43-4530-a771-c70f19b0a87b}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{dff4c528-f787-4f50-a830-e8abddb50224}\DBStore\LogFiles\edbtmp.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\contacts.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\tempedb.edb : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\LogFiles\edb.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\{fa9832ea-7f9c-4427-81ff-01371b1bc062}\DBStore\LogFiles\edbtmp.log : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\fla14.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\fla28E.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\JVM18.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\MPC9C.tmp : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\Perflib_Perfdata_1a0c.dat : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\Perflib_Perfdata_1a14.dat : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\Skype.msi : Scan Failed
c:\Documents and Settings\Administrator\Local Settings\temp\~DF5D66.tmp : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1033.dat : Scan Failed
c:\WINDOWS\pchealth\helpctr\Config\CheckPoint\tmp.edb : Scan Failed
c:\WINDOWS\pchealth\helpctr\Database\HCdata.edb : Scan Failed
c:\WINDOWS\system32\IpSvchostF.dll : Scan Failed
c:\WINDOWS\system32\CatRoot2\edb.log : Scan Failed
c:\WINDOWS\system32\CatRoot2\tmp.edb : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.dat : Scan Failed
c:\WINDOWS\system32\drivers\fidbox.idx : Scan Failed
Scanning the registry
Registry : Clean

Summary :-
FilesFound : 19458
FilesScanned : 12855
FilesNotScanned : 6603

ObjectsFound : 43058
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 10:47:46 م 24 ربيع الثاني, 1430
Ended at : 11:42:06 م 24 ربيع الثاني, 1430
Duration : 54 minutes 20 seconds
2265 MB scanned in 3260 seconds = 711 KB/s
Engine Version : 5300.2777
Engine Load Time : 194000 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 15412
FilesScanned : 11579
FilesNotScanned : 3833

ObjectsFound : 19019
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 11:45:29 م 24 ربيع الثاني, 1430
Ended at : 12:04:37 ص 25 ربيع الثاني, 1430
Duration : 19 minutes 8 seconds
1230 MB scanned in 1148 seconds = 1097 KB/s
Engine Version : 5300.2777
Engine Load Time : 65406 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 2878
FilesScanned : 1593
FilesNotScanned : 1285

ObjectsFound : 2957
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 12:05:44 ص 25 ربيع الثاني, 1430
Ended at : 12:07:58 ص 25 ربيع الثاني, 1430
Duration : 2 minutes 13 seconds
186 MB scanned in 133 seconds = 1436 KB/s
Engine Version : 5300.2777
Engine Load Time : 74750 milliseconds
AV DAT Version : 5492.0000 488805 detections Built 15 محرم, 1430
Extra DAT : 0 detections


Summary :-
FilesFound : 1
FilesScanned : 0
FilesNotScanned : 1

ObjectsFound : 1
ObjectsInfected : 0
ObjectsCleaned : 0
ObjectsDeleted : 0

FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

Started at : 12:09:13 ص 25 ربيع الثاني, 1430
Ended at : 12:09:13 ص 25 ربيع الثاني, 1430
Duration : 0 seconds
 
تأييد 0
طيب تمام

اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم

 
توقيع : AbOdy
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:17:15 ?, on 20/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\5902xp_6033v_012208\wdm\STacSV.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
E:\Winamp\winampa.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Administrator\My Documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - Startup: is-60N8F.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1\is-60N8F\startup.exe
O4 - Startup: Wireless Network Monitor.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\5902xp_6033v_012208\wdm\STacSV.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 6018 bytes
 
تأييد 0
تمام

الأن حدد القيم واحذفها

O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"


O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe


O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"


O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run


O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')


O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll


O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe




طريقة الحذف




mg%20%283%29.png


mg%20%284%29.png




بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود


ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png





بعد عمل المطلوب

اعمل التالي مرة اخرى

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى


وعطني هذا التقرير من جديد

اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​



بالأنتظار للتقريرين الجدد​
 
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد 0
ComboFix 09-04-19.01 - Administrator 04/20/2009 13:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.966.1033.18.1015.657 [GMT 2:00]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ThunMail
c:\program files\ThunMail\testabd.dll
c:\program files\ThunMail\testabd.ex_
c:\program files\ThunMail\testabd.exe
c:\windows\dhcp\svchost.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\at1394.sys
c:\windows\system32\bversion.dll
c:\windows\system32\dpcxool64.sys
c:\windows\system32\IPHACTION.dll
c:\windows\system32\IpSvchostF.dll
c:\windows\system32\userinit.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_AT1394
-------\Legacy_DHCPSRV
-------\Service_6to4
-------\Service_at1394
-------\Service_DhcpSrv
-------\Service_restore

((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.
2009-04-20 11:30 . 2009-04-20 11:30 0 ------w c:\windows\system32\IpSvchostF.dll
2009-04-20 11:12 . 2009-04-20 11:12 -------- d-----w c:\documents and settings\Administrator\Application Data\CyberScrub
2009-04-20 11:10 . 2009-04-20 11:11 -------- d-----w c:\documents and settings\Administrator\Application Data\cleaner
2009-04-19 21:36 . 2009-04-19 21:36 48 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-19 21:35 . 2009-04-20 06:06 -------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2009-04-19 21:34 . 2009-04-20 10:34 -------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-04-19 21:21 . 2009-04-19 21:22 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-19 16:38 . 2009-04-19 16:38 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-04-19 14:17 . 2009-04-19 17:25 -------- d-----w c:\documents and settings\Administrator\Application Data\Winamp
2009-04-19 02:52 . 2009-04-19 02:52 94208 ----a-w c:\windows\system32\TRSOCR.dll
2009-04-19 02:52 . 2009-04-19 02:52 95 ----a-w c:\windows\system32\TRSOCR.ini
2009-04-18 20:36 . 2009-04-18 20:36 -------- d-----w c:\documents and settings\Administrator\DoctorWeb
2009-04-18 11:34 . 2009-04-19 02:51 32137216 ----a-w c:\windows\system32\TRSOCR.dat
2009-04-17 02:09 . 2009-04-17 02:09 61440 ----a-w c:\windows\system32\tcpd.exe
2009-04-17 02:07 . 2009-04-20 11:27 -------- d-----w c:\windows\dhcp
2009-04-17 02:07 . 2009-04-17 02:07 31744 ----a-w c:\windows\system32\frmwrk32.ex_
2009-04-16 17:30 . 2009-04-16 17:31 71680 ----a-w c:\windows\system32\4.tmp
2009-04-16 17:30 . 2009-04-16 17:30 168 ----a-w c:\windows\system32\3.tmp
2009-04-16 11:09 . 2009-04-16 11:09 124 ----a-w c:\windows\system32\D.tmp
2009-04-16 11:07 . 2009-04-16 11:07 20747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-04-16 11:07 . 2005-12-06 02:24 7846 ----a-w c:\windows\system32\rt73.cat
2009-04-16 11:07 . 2005-11-24 17:51 245248 ----a-w c:\windows\system32\rt73.sys
2009-04-16 11:07 . 2009-04-16 11:07 1361 ----a-w c:\windows\system32\WLAN.INI
2009-04-16 10:47 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\64173164.sys
2009-04-16 10:46 . 2009-04-20 11:31 13383712 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-16 10:46 . 2009-04-20 11:30 159452 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-16 10:46 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\23244118.sys
2009-04-16 01:27 . 2009-04-16 01:27 124 ----a-w c:\windows\system32\6.tmp
2009-04-16 00:44 . 2009-04-16 00:44 -------- d--h--w c:\windows\$hf_mig$
2009-04-15 23:50 . 2009-04-15 23:50 124 ----a-w c:\windows\system32\2.tmp
2009-04-15 17:16 . 2009-04-15 21:19 -------- d-----w c:\windows\BDOSCAN8
2009-04-15 17:05 . 2009-04-15 17:05 -------- d-----w c:\documents and settings\Administrator\Application Data\Logs
2009-04-15 12:51 . 2009-04-15 12:51 27848 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 12:16 . 2009-04-15 12:16 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-15 12:12 . 2009-04-20 11:31 -------- d-----w c:\documents and settings\Administrator\Tracing
2009-04-15 10:16 . 2009-04-15 10:16 80 ----a-w c:\windows\system32\A9.tmp
2009-04-15 09:21 . 2009-04-17 03:08 -------- d-----w c:\windows\system32\config\systemprofile\Tracing
2009-04-15 08:31 . 2009-04-15 08:31 25088 ----a-w c:\windows\metscr.dll
2009-04-15 08:21 . 2008-02-15 10:45 172032 ----a-w c:\windows\system32\igfxres.dll
2009-04-15 08:19 . 2009-04-15 08:19 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-15 08:19 . 2009-04-15 08:19 -------- d-sh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-04-15 08:18 . 2004-01-01 00:00 25088 ----a-w c:\documents and settings\All Users\proto.dll
2009-04-15 08:13 . 2009-04-15 08:13 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache
2009-04-15 08:12 . 2009-04-15 08:12 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-15 08:12 . 2009-04-15 08:12 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-15 08:11 . 2009-04-15 12:05 27848 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 08:09 . 2008-02-15 13:09 27024 ----a-w c:\windows\system32\igxpxs32.vp
2009-04-15 08:09 . 2008-02-15 11:12 1670144 ----a-w c:\windows\system32\igxpdv32.dll
2009-04-15 08:09 . 2008-02-15 11:12 2643968 ----a-w c:\windows\system32\igxpdx32.dll
2009-04-15 08:09 . 2008-02-15 11:12 5854752 ----a-w c:\windows\system32\drivers\igxpmp32.sys
2009-04-15 08:09 . 2008-02-15 11:12 57344 ----a-w c:\windows\system32\igxprd32.dll
2009-04-15 08:09 . 2008-02-15 11:12 151040 ----a-w c:\windows\system32\igxpgd32.dll
2009-04-15 08:09 . 2008-02-15 10:46 48128 ----a-w c:\windows\system32\igfxsrvc.dll
2009-04-15 08:09 . 2008-02-15 10:45 102400 ----a-w c:\windows\system32\hccutils.dll
2009-04-15 08:09 . 2008-02-15 10:38 2096 ----a-w c:\windows\system32\igxpxk32.vp
2009-04-15 08:09 . 2009-04-15 08:09 -------- d-----w c:\windows\system32\Lang
2009-04-15 08:09 . 2008-03-07 10:56 920088 ----a-w c:\windows\system32\igxpun.exe
2009-04-15 08:09 . 2006-11-10 06:25 319456 ----a-w c:\windows\system32\difxapi.dll
2009-04-15 08:08 . 2009-04-15 08:08 -------- d-----w c:\windows\OPTIONS
2009-04-15 08:07 . 2009-04-15 08:07 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2009-04-15 08:07 . 2009-01-21 13:49 118656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2009-04-15 08:07 . 2009-01-16 20:45 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-04-15 08:06 . 2009-04-15 08:20 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-15 08:06 . 2008-05-01 14:35 53248 ----a-w c:\windows\system32\CSVer.dll
2009-04-15 08:06 . 2009-04-15 08:06 -------- d-----w C:\Intel
2009-04-15 07:57 . 2009-04-15 07:57 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-15 07:48 . 2009-04-15 07:48 80 ----a-w c:\windows\system32\242.tmp
2009-04-15 07:44 . 2009-04-15 07:44 0 ----a-w c:\windows\system32\145.tmp
2009-04-15 07:44 . 2009-04-15 07:44 80 ----a-w c:\windows\system32\107.tmp
2009-04-15 07:44 . 2009-01-07 16:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-15 07:43 . 2009-04-15 07:43 25 ----a-w c:\windows\cdplayer.ini
2009-04-15 07:43 . 2007-08-13 16:45 78336 -c--a-w c:\windows\system32\dllcache\ieencode.dll
2009-04-15 07:43 . 2007-08-13 16:45 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-15 07:40 . 2009-04-15 07:40 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-15 07:40 . 2009-04-15 07:40 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-15 07:37 . 2005-11-24 17:51 245248 ----a-w c:\windows\system32\drivers\rt73.sys
2009-04-15 07:37 . 2005-11-03 15:41 32768 ----a-w c:\windows\system32\GTGina.dll
2009-04-15 07:37 . 2005-02-01 16:18 17992 ----a-w c:\windows\system32\drivers\bcm42rly.sys
2009-04-15 07:37 . 2005-02-01 16:18 17992 ----a-w c:\windows\system32\bcm42rly.sys
2009-04-15 07:37 . 2005-02-01 16:18 17992 ----a-w c:\windows\bcm42rly.sys
2009-04-15 07:37 . 2003-10-13 13:30 94208 ----a-w c:\windows\system32\GTW32N50.dll
2009-04-15 07:37 . 2003-09-25 21:28 31930 ----a-w c:\windows\system32\GTNDIS3.VXD
2009-04-15 07:37 . 2003-09-25 20:15 15872 ----a-w c:\windows\system32\GTNDIS5.sys
2009-04-15 07:36 . 2009-04-15 07:36 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Thinstall
2009-04-15 07:36 . 2009-04-15 07:36 -------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-04-15 03:05 . 2009-04-15 03:05 8192 ----a-w c:\windows\REGLOCS.OLD
2009-04-15 03:05 . 2009-04-15 03:05 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft
2009-04-15 03:05 . 2009-04-18 10:14 -------- d-sh--w c:\documents and settings\NetworkService
2009-04-15 03:03 . 2004-01-01 00:00 40448 -c--a-w c:\windows\system32\dllcache\snmpthrd.dll
2009-04-15 03:02 . 2004-01-01 00:00 7168 -c--a-w c:\windows\system32\dllcache\f3ahvoas.dll
2009-04-15 03:01 . 2009-04-15 03:01 23392 ----a-w c:\windows\system32\nscompat.tlb
2009-04-15 03:01 . 2009-04-15 03:01 16832 ----a-w c:\windows\system32\amcompat.tlb
2009-04-15 03:01 . 2009-04-15 03:01 316640 ----a-w c:\windows\WMSysPr9.prx
2009-04-15 03:01 . 2009-04-19 14:23 -------- d-sh--w c:\documents and settings\All Users\DRM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:22 . 2009-04-19 21:22 -------- d-----r c:\program files\Skype
2009-04-19 21:22 . 2009-04-19 21:22 -------- d-----w c:\program files\Common Files\Skype
2009-04-19 17:01 . 2009-04-19 17:01 115188 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-04-19 17:01 . 2009-04-15 03:01 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-19 16:38 . 2009-04-19 16:38 -------- d-----w c:\program files\Google
2009-04-19 14:18 . 2009-04-19 14:17 -------- d-----w c:\program files\Winamp
2009-04-17 02:09 . 2009-04-15 07:39 10240 ----a-w c:\windows\system32\Packer.dll
2009-04-17 02:07 . 2004-01-01 00:00 123904 ----a-w c:\windows\system32\userinit.exe
2009-04-17 02:06 . 2009-04-17 02:06 262 ----a-w C:\gadhq2g.log
2009-04-16 11:07 . 2009-04-16 11:07 -------- d-----w c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-04-16 11:07 . 2009-04-15 07:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 11:07 . 2009-04-15 07:37 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-16 10:57 . 2008-01-09 13:01 57344 ----a-w c:\windows\bdoscandel.exe
2009-04-16 10:57 . 2004-01-01 00:00 31744 ----a-w c:\windows\system32\ntsd.exe
2009-04-16 10:57 . 2009-04-15 02:57 344064 ----a-w c:\windows\system32\mspaint.exe
2009-04-16 10:57 . 2009-04-15 02:59 158720 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-04-16 10:57 . 2009-04-15 02:59 769024 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-04-16 10:57 . 2004-01-01 00:00 220672 ----a-w c:\windows\system32\logon.scr
2009-04-16 10:57 . 2004-01-01 00:00 110080 ----a-w c:\windows\system32\progman.exe
2009-04-16 10:57 . 2004-01-01 00:00 43008 ----a-w c:\windows\system32\shmgrate.exe
2009-04-16 10:57 . 2004-01-01 00:00 12800 ----a-w c:\windows\system32\regsvr32.exe
2009-04-16 10:54 . 2009-04-15 08:20 253952 ----a-w c:\windows\system32\igfxsrvc.exe
2009-04-16 10:54 . 2009-04-15 08:20 135168 ----a-w c:\windows\system32\igfxpers.exe
2009-04-16 10:54 . 2009-04-15 08:20 163840 ----a-w c:\windows\system32\hkcmd.exe
2009-04-16 10:54 . 2009-04-15 08:20 135168 ----a-w c:\windows\system32\igfxtray.exe
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\ALF3J1VJ.DAT
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\K7ZR5RRL.DAT
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\VRNFR9R7.DAT
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\PZRVBD75.DAT
2009-04-16 01:36 . 2009-04-16 01:36 2678 ----a-w c:\windows\java\Packages\Data\MSEAV9V3.DAT
2009-04-15 12:13 . 2009-04-15 12:12 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-15 09:18 . 2009-04-15 09:18 -------- d-----w c:\program files\Microsoft
2009-04-15 09:18 . 2009-04-15 09:18 -------- d-----w c:\program files\Windows Live
2009-04-15 09:18 . 2009-04-15 09:18 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-15 08:24 . 2009-04-15 08:24 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-15 08:23 . 2009-04-15 08:22 -------- d-----w c:\program files\IDT
2009-04-15 08:07 . 2009-04-15 08:07 -------- d-----w c:\program files\Realtek
2009-04-15 08:06 . 2009-04-15 08:06 -------- d-----w c:\program files\Intel
2009-04-15 07:48 . 2004-01-01 00:00 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-15 07:46 . 2009-04-15 07:46 2232 ----a-w c:\windows\java\Packages\Data\1ZZPFLBT.DAT
2009-04-15 07:46 . 2009-04-15 07:46 155995 ----a-w c:\windows\java\Packages\HB3RFXRD.ZIP
2009-04-15 07:40 . 2009-04-15 07:40 -------- d-----w c:\program files\Common Files\xing shared
2009-04-15 07:40 . 2009-04-15 07:40 -------- d-----w c:\program files\Common Files\Real
2009-04-15 07:40 . 2009-04-15 07:40 -------- d-----w c:\program files\Real
2009-04-15 07:39 . 2009-04-15 07:39 172032 ----a-w c:\windows\system32\tcpcon.dll
2009-04-15 07:39 . 2009-04-15 07:39 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Thinstall
2009-04-15 03:02 . 2009-04-15 03:02 -------- d-----w c:\program files\microsoft frontpage
2009-04-15 02:59 . 2009-04-15 02:59 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.
------- Sigcheck -------
[-] 2009-04-15 07:48 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-15 07:48 213376 FF85EBD2AD3679254CF251136C62D764 c:\windows\system32\drivers\ndis.sys
[-] 2004-01-01 00:00 1051136 8F7111B91235C5E0398321509C45CCAE c:\windows\explorer.exe
[-] 2004-01-01 00:00 1051136 25E7BDF9507CC92862F3EB53AA62BACE c:\windows\system32\dllcache\explorer.exe
[-] 2004-01-01 00:00 34304 D3C5D6D836F0EBD75B76A29E68B1EF8D c:\windows\system32\ctfmon.exe
[-] 2004-01-01 00:00 34304 F68BB28F497502007B32BD26DA3E327F c:\windows\system32\dllcache\ctfmon.exe
[-] 2004-01-01 00:00 130048 410EB3752C17C0BB888F5EADEFBD6AF4 c:\windows\system32\wuauclt.exe
[-] 2004-01-01 00:00 130048 3EE6B2D621FB6C2FE958111D13F82B02 c:\windows\system32\dllcache\wuauclt.exe
[-] 2009-04-17 02:07 123904 0E3FE2BFE95BD8DD5D2BA36B18E35CD0 c:\windows\system32\userinit.exe
[-] 2009-04-17 02:07 123904 0E3FE2BFE95BD8DD5D2BA36B18E35CD0 c:\windows\system32\dllcache\userinit.exe
[-] 2009-04-17 02:09 983552 C3C7E091E09BC6BD266BE8305583FAFD c:\windows\system32\kernel32.dll
[7] 2004-01-01 00:00 983552 888190E31455FAD793312F8D087146EB c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-18_10.13.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-20 11:31 . 2009-04-20 11:30 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-20 11:31 . 2009-04-20 11:30 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2009-04-20 11:31 . 2009-04-20 11:30 16384 c:\windows\temp\Cookies\index.dat
+ 2004-01-01 00:00 . 2005-01-28 11:44 33792 c:\windows\system32\WMDMPS.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 28160 c:\windows\system32\WMDMLOG.dll
+ 2009-04-19 14:18 . 2008-08-20 17:59 96752 c:\windows\system32\vxblock.dll
+ 2009-04-19 14:18 . 2008-08-20 17:58 66032 c:\windows\system32\pxinsa64.exe
+ 2009-04-19 14:18 . 2008-08-20 17:58 72176 c:\windows\system32\pxhpinst.exe
+ 2009-04-19 14:18 . 2008-08-20 17:58 66544 c:\windows\system32\pxcpya64.exe
+ 2004-01-01 00:00 . 2005-01-28 11:44 25088 c:\windows\system32\MsPMSNSv.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 96768 c:\windows\system32\drmstor.dll
+ 2009-04-19 14:18 . 2008-08-20 17:58 44944 c:\windows\system32\drivers\PxHelp20.sys
+ 2004-01-01 00:00 . 2005-01-28 11:44 33792 c:\windows\system32\dllcache\wmdmps.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 28160 c:\windows\system32\dllcache\wmdmlog.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 25088 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 96768 c:\windows\system32\dllcache\drmstor.dll
+ 2009-04-20 02:57 . 2009-04-20 11:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009042020090421\index.dat
+ 2009-04-18 22:19 . 2009-04-20 02:57 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009041920090420\index.dat
+ 2009-04-20 02:57 . 2009-04-20 02:57 98304 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009041320090420\index.dat
+ 2009-04-15 23:51 . 2009-04-20 11:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2009-04-15 23:51 . 2009-04-17 03:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-04-15 08:11 . 2009-04-20 11:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-15 08:11 . 2009-04-18 10:05 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-19 16:52 . 2005-01-28 11:44 96768 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 87040 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 18944 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2009-04-19 14:23 . 2005-01-28 11:44 10752 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 66560 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 61952 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 38912 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 57856 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2009-04-19 14:23 . 2005-01-28 11:44 15872 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 66048 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2009-04-19 17:01 . 2005-01-28 11:44 33792 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2009-04-19 17:01 . 2005-01-28 11:44 28160 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2009-04-19 17:01 . 2005-01-28 11:44 25088 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 23552 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 27136 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 52224 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
+ 2009-04-19 14:18 . 2008-08-20 17:58 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2009-04-19 14:18 . 2008-08-20 17:58 9072 c:\windows\system32\drivers\cdr4_xp.sys
- 2004-01-01 00:00 . 2004-01-01 00:00 6656 c:\windows\system32\dllcache\laprxy.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 6656 c:\windows\system32\dllcache\laprxy.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 6656 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\laprxy.dll
- 2009-04-15 03:01 . 2009-04-15 22:55 2722 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-04-15 03:01 . 2009-04-19 17:01 2722 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-01-01 00:00 . 2005-01-28 11:44 895736 c:\windows\system32\wmvdmod.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 413944 c:\windows\system32\wmspdmod.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 774904 c:\windows\system32\wmsdmod.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 396528 c:\windows\system32\wmadmod.dll
+ 2009-04-19 14:18 . 2008-08-20 17:59 436720 c:\windows\system32\pxwave.dll
+ 2009-04-19 14:18 . 2008-08-20 17:58 219632 c:\windows\system32\pxmas.dll
+ 2009-04-19 14:18 . 2008-08-20 17:58 551408 c:\windows\system32\pxdrv.dll
+ 2009-04-19 14:18 . 2008-08-20 17:58 129520 c:\windows\system32\pxafs.dll
+ 2009-04-19 14:18 . 2008-08-20 17:58 670192 c:\windows\system32\px.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 315904 c:\windows\system32\MSWMDM.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 364784 c:\windows\system32\MSSCP.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 173568 c:\windows\system32\MsPMSP.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 142336 c:\windows\system32\msnetobj.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 502272 c:\windows\system32\drmv2clt.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 258296 c:\windows\system32\drmclien.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 895736 c:\windows\system32\dllcache\wmvdmod.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 413944 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 774904 c:\windows\system32\dllcache\wmsdmod.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 150016 c:\windows\system32\dllcache\wmidx.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 224768 c:\windows\system32\dllcache\wmasf.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 396528 c:\windows\system32\dllcache\wmadmod.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 221184 c:\windows\system32\dllcache\qasf.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 315904 c:\windows\system32\dllcache\mswmdm.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 364784 c:\windows\system32\dllcache\msscp.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 173568 c:\windows\system32\dllcache\mspmsp.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 142336 c:\windows\system32\dllcache\msnetobj.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 502272 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 258296 c:\windows\system32\dllcache\drmclien.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 164864 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 294912 c:\windows\system32\dllcache\blackbox.dll
+ 2009-04-18 10:24 . 2009-04-20 11:26 327680 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-15 08:11 . 2009-04-20 11:26 114688 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-15 08:11 . 2009-04-18 10:05 114688 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-01-01 00:00 . 2005-01-28 11:44 164864 c:\windows\system32\cewmdm.dll
+ 2004-01-01 00:00 . 2005-01-28 11:44 294912 c:\windows\system32\blackbox.dll
+ 2009-04-19 16:52 . 2005-01-28 11:44 142336 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2009-04-19 16:52 . 2005-01-28 11:44 502272 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2009-04-19 16:52 . 2005-01-28 11:44 258296 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2009-04-19 16:52 . 2005-01-28 11:44 294912 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 259072 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 695296 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 299520 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 286208 c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 940544 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 150016 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 290816 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 335872 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 224768 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 716288 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 221184 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 115712 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2009-04-19 16:52 . 2004-01-01 00:00 896512 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmspdmoe.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 151552 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmidx.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 230400 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmasf.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 670720 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmadmoe.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 237568 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\qasf.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 122880 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\logagent.exe
+ 2009-04-19 16:52 . 2005-01-28 11:44 895736 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2009-04-19 16:52 . 2005-01-28 11:44 413944 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2009-04-19 16:52 . 2005-01-28 11:44 774904 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2009-04-19 16:52 . 2005-01-28 11:44 396528 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 809984 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 484864 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 759296 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 408064 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 331264 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 331776 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 114176 c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2009-04-19 17:01 . 2005-01-28 11:44 315904 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2009-04-19 17:01 . 2005-01-28 11:44 364784 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2009-04-19 17:01 . 2005-01-28 11:44 173568 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2009-04-19 17:01 . 2005-01-28 11:44 164864 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 245760 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 356352 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 201728 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2009-04-19 14:23 . 2004-01-01 00:00 159232 c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2009-04-19 21:22 . 2009-04-19 21:22 364726 c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2005-01-28 11:44 . 2005-01-28 11:44 1218808 c:\windows\system32\wmvadvd.dll
+ 2009-04-19 14:18 . 2008-08-20 17:58 1858032 c:\windows\system32\pxsfs.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 1003008 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 2370296 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 1512448 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2009-04-19 14:23 . 2005-01-28 11:44 1119744 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2009-04-19 14:23 . 2005-01-28 11:44 1027072 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 1001472 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmvdmoe2.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 2105344 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmvcore.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 1119744 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmsdmoe2.dll
+ 2009-04-19 16:52 . 2004-01-01 00:00 1050624 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$TEMP$\System\wmnetmgr.dll
+ 2009-04-19 16:52 . 2005-01-28 11:44 1218808 c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-01-01 34304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DiskChk help"="c:\documents and settings\All Users\proto.dll" [2004-01-01 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-15 185872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-16 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-16 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-16 135168]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-16 442368]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3760128]
"svchost.exe"="c:\windows\system32\3361\SVCHOST.exe" [2009-04-17 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"svchost.exe"="c:\windows\system32\3361\SVCHOST.exe" [2009-04-17 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
is-60N8F.lnk - c:\documents and settings\Administrator\Desktop\Virus Removal Tool1\is-60N8F\startup.exe [2009-4-16 69632]
Wireless Network Monitor.lnk - c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\InvokeSvc2.exe [2009-4-16 60920]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli kbtdefd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\3361\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aen4c2e;aen4c2e; [x]
R1 afo62af;afo62af; [x]
R1 hmaa139;hmaa139; [x]
R1 imb7e5e;imb7e5e; [x]
R1 koe2ab4;koe2ab4; [x]
R1 paj545d;paj545d; [x]
R1 ppe352d;ppe352d; [x]
S1 is-2GB8Edrv;is-2GB8Edrv;c:\windows\system32\DRIVERS\23244118.sys [2008-07-08 148496]
S1 is-60N8Fdrv;is-60N8Fdrv;c:\windows\system32\DRIVERS\64173164.sys [2008-07-08 148496]

--- Other Services/Drivers In Memory ---
*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - GTNDIS5
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - is-2GB8Edrv
*Deregistered* - is-60N8Fdrv
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - STacSV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WUSB54GCSVC
*Deregistered* - WZCSVC
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - e:\winamp\winampa.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-20 13:31
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\6to4]
"ServiceDll"="c:\windows\system32\6to4v32.dll"
--
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\at1394]
"ImagePath"="\??\c:\windows\system32\at1394.sys"
--
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DhcpSrv]
"ImagePath"="c:\windows\dhcp\svchost.exe"
--
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\restore]
"ImagePath"="\??\c:\windows\system32\drivers\restore.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,fd,27,c6,43,c9,08,45,95,97,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f1,fd,27,c6,43,c9,08,45,95,97,b0,\
[HKEY_USERS\S-1-5-21-823518204-492894223-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,df,1a,23,ad,f8,70,4b,b7,0e,46,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,df,1a,23,ad,f8,70,4b,b7,0e,46,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\tcpcon.dll
c:\windows\system32\GTGina.dll
- - - - - - - > 'lsass.exe'(872)
c:\windows\kbtdefd.dll
- - - - - - - > 'explorer.exe'(2360)
c:\windows\system32\msi.dll
c:\windows\kbtdefd.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\5902XP_6033V_012208\WDM\STacSV.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\Administrator\Desktop\Virus Removal Tool1\is-60N8F\is-60n8f.exe
.
**************************************************************************
.
Completion time: 2009-04-20 13:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-20 11:33
ComboFix2.txt 2009-04-18 10:14
Pre-Run: 6,120,927,232 bytes free
Post-Run: 6,154,604,544 bytes free
555
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى