تقرير الهايجاك لجهازى للتاكد من سلامتة

[binnour]

السلام عليكم اخواني فى المنتدى الرائع
هذا تقرير الهايجك لجهازى فى الواقع لا اعانى من
اى مشاكل ولكن للاطمئنان ليس الا
ولكم منى الف تحيه

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:28, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nakido\nakido.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Golden Filter Pro\GFPro.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GoldenFilterPro] C:\Golden Filter Pro\GFPro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Internet Download Manager.lnk = C:\Program Files\Internet Download Manager\IDMan.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: English<->Arabic - C:\Program Files\LingvoSoft\LingvoSoft Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{FECB0196-B1D6-4CE2-9F92-F4535918F33B}: NameServer = 62.240.32.5,62.68.42.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9becb54e7a3c) (gupdate1c9becb54e7a3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe

--
End of file - 5854 bytes

 

[binnour]

للرفع رجاءا

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 

[PrinceOfPersia]

لو تعرف هذا البرنامج اتركه وإلا فأزله فوراً لأن مكانه لايُنصح به

O4 - HKLM\..\Run: [GoldenFilterPro] C:\Golden Filter Pro\GFPro.exe

 

[binnour]

لو تعرف هذا البرنامج اتركه وإلا فأزله فوراً لأن مكانه لايُنصح به

O4 - HKLM\..\Run: [GoldenFilterPro] C:\Golden Filter Pro\GFPro.exe[/QUOTE


شكرا اخى على مرورك الكريم
هذا البرنامج لحجب المواقع الاباحيه
لا ادرى هل يجب عليا حذفة ام لا حسب خبرتك

 

[PrinceOfPersia]

والله يا أخي إذا تعرفه أزله واعمل له setup مرة أخرى

لأن حسب موقع hijackthis فموقعه الحالي في قائمة run خطر جداً
لو واثق منه اتركه أو ادخل للموقع الخاص به وتأكد من الإعدادات

لم أستخدم البرنامج صراحة والله الموفق

 

[binnour]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

معذرة على التأخير اخى وهذا التقرير
ComboFix 09-04-19.01 - Binnour 04/18/2009 21:01.2 - NTFSx86
Running from: c:\documents and settings\Binnour\My Documents\Downloads\Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\clofghls.dll
c:\windows\system32\Data(10).dll
c:\windows\system32\Data(2).dll
c:\windows\system32\Data(3).dll
c:\windows\system32\Data(4).dll
c:\windows\system32\Data(7).dll
c:\windows\system32\Data(L).dll
c:\windows\system32\kakle.dll
c:\windows\system32\usrfil.dll
c:\windows\system32\win.dll
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-05-01 19:45 . 2009-04-16 23:15 -------- d-----w c:\documents and settings\Binnour\Application Data\Skype
2009-04-18 18:59 . 2009-04-18 18:59 -------- d-----w C:\32788R22FWJFW
2009-04-18 16:52 . 2009-04-18 16:52 -------- d-----w c:\documents and settings\Binnour\Application Data\TechSmith
2009-04-18 15:42 . 2009-04-18 15:42 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\TechSmith
2009-04-18 15:42 . 2009-04-18 15:42 -------- d-----w c:\documents and settings\Binnour\Local Settings\Application Data\TechSmith
2009-04-18 14:12 . 2009-04-18 14:12 -------- d-----w c:\documents and settings\Binnour\Application Data\CyberScrub
2009-04-18 14:12 . 2009-04-18 14:12 -------- d-----w c:\documents and settings\Binnour\Application Data\cleaner
2009-04-17 21:14 . 2009-04-18 19:09 13996128 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-17 21:14 . 2009-04-18 18:38 158384 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-17 21:13 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\13488036.sys
2009-04-16 23:46 . 2009-04-16 23:46 -------- d--h--w C:\AUTORUN.INF
2009-04-16 21:59 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 21:59 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 21:59 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 21:59 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 21:59 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 21:59 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 21:59 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 21:59 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 21:59 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 21:59 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 21:59 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-16 21:59 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 21:58 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 19:53 . 2009-04-16 19:53 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-04-16 19:53 . 2009-04-16 19:53 -------- d-----w c:\documents and settings\Binnour\Application Data\SUPERAntiSpyware.com
2009-04-16 19:25 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 19:25 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 19:25 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 20:46 . 2009-04-15 20:46 0 ----a-w c:\windows\nsreg.dat
2009-04-15 18:47 . 2009-04-15 18:47 -------- d-----w c:\documents and settings\Binnour\Local Settings\Application Data\Mozilla
2009-04-14 12:13 . 2009-03-22 06:19 69 ------w c:\windows\system32\sesreg.key
2009-04-14 12:12 . 2009-04-14 12:12 64 --sh--r c:\windows\system32\SESdemo.drv
2009-04-13 23:05 . 2009-04-13 23:05 -------- d-----w c:\documents and settings\Binnour\Local Settings\Application Data\ESET
2009-04-13 22:06 . 2009-04-13 22:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-04-13 22:06 . 2009-01-05 14:18 90112 ----a-w c:\windows\system32\QuickTimeVR.qtx
2009-04-13 22:06 . 2009-01-05 14:18 57344 ----a-w c:\windows\system32\QuickTime.qts
2009-04-13 21:35 . 2009-04-13 21:36 -------- d-----w c:\documents and settings\Binnour\Application Data\Media Player Classic
2009-04-13 21:18 . 2009-04-13 21:18 -------- d-----w c:\documents and settings\Binnour\Local Settings\Application Data\Real
2009-04-13 21:09 . 2009-04-13 21:09 36734 ----a-w c:\windows\system32\OggDSuninst.exe
2009-04-13 21:02 . 2009-04-13 21:02 33019 ----a-w c:\windows\system32\CoreAAC-uninstall.exe
2009-04-13 20:56 . 2009-04-13 20:56 -------- d-----w c:\documents and settings\Binnour\Application Data\GRETECH
2009-04-13 18:35 . 2009-04-13 18:35 0 ------w c:\windows\WB.ini
2009-04-13 18:18 . 2008-04-26 14:14 42672 ------w c:\windows\system32\wbsys.dll
2009-04-13 06:23 . 2005-02-12 23:00 67584 --sh--r c:\windows\system32\RLTheoraDec.ax
2009-04-13 06:23 . 2005-02-05 23:00 92672 --sh--r c:\windows\system32\RLVorbisDec.ax
2009-04-13 06:23 . 2005-02-12 23:00 51712 --sh--r c:\windows\system32\RLSpeexDec.ax
2009-04-13 06:23 . 2005-02-12 23:00 186880 --sh--r c:\windows\system32\RLOgg.ax
2009-04-13 06:23 . 2005-01-17 23:26 179200 --sh--r c:\windows\system32\DiracSplitter.ax
2009-04-13 06:23 . 2006-08-16 14:53 175104 --sh--r c:\windows\system32\CoreAAC.ax
2009-04-13 06:23 . 2005-02-22 16:55 81920 --sh--r c:\windows\system32\aac_parser.ax
2009-04-12 12:54 . 2009-04-12 12:54 356352 ----a-w c:\windows\eSellerateEngine.dll
2009-04-12 12:53 . 2004-12-07 08:11 258352 ----a-w c:\windows\system32\Unicows.dll
2009-04-12 11:11 . 2009-04-12 11:11 -------- d-----w c:\documents and settings\Binnour\Application Data\ESET
2009-04-12 11:08 . 2009-04-12 11:08 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ESET
2009-04-10 13:44 . 2009-04-13 11:43 52 ----a-w c:\windows\mafosav.INI
2009-04-10 13:24 . 2006-11-06 13:30 262144 ----a-w c:\windows\system32\lame_enc.dll
2009-04-10 13:21 . 2009-04-10 13:21 -------- d-----w c:\documents and settings\Binnour\Application Data\EmailNotifier
2009-04-09 13:10 . 2009-04-09 13:10 -------- d-----w c:\windows\system32\pnyv4wnpl
2009-04-05 17:02 . 2009-04-14 12:28 -------- d-----w c:\documents and settings\Binnour\Local Settings\Application Data\Windows Live Writer
2009-04-05 17:02 . 2009-04-05 17:02 -------- d-----w c:\documents and settings\Binnour\Application Data\Windows Live Writer
2009-04-02 12:06 . 2009-04-07 12:25 -------- d-----w c:\documents and settings\Binnour\Tracing
2009-04-02 11:35 . 2009-02-06 16:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-02 11:33 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-04-01 21:11 . 2009-03-26 16:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-04-01 21:10 . 2009-04-11 17:23 -------- d-----w c:\documents and settings\Binnour\Application Data\IDM
2009-03-31 13:52 . 2000-01-18 14:10 73728 ----a-w c:\windows\system32\ECLTray2.ocx
2009-03-31 13:52 . 1998-06-23 22:00 200496 ----a-w c:\windows\system32\Dblist32.ocx
2009-03-31 13:52 . 1999-11-07 02:01 92176 ----a-w c:\windows\system32\icmppt40.ocx
2009-03-31 13:52 . 1999-05-05 20:22 430080 ----a-w c:\windows\system32\Msrepl35.dll
2009-03-31 13:52 . 1998-05-30 22:00 72704 ----a-w c:\windows\system32\Odbctl32.dll
2009-03-31 13:52 . 1999-05-05 20:22 1056768 ----a-w c:\windows\system32\Msjet35.dll
2009-03-31 13:52 . 1998-06-17 22:00 89360 ----a-w c:\windows\system32\Vb5db.dll
2009-03-31 13:52 . 1998-04-23 22:00 252176 ----a-w c:\windows\system32\Msrd2x35.dll
2009-03-31 13:52 . 1998-04-23 22:00 24848 ----a-w c:\windows\system32\Msjter35.dll
2009-03-31 13:52 . 1998-04-23 22:00 123664 ----a-w c:\windows\system32\Msjint35.dll
2009-03-29 12:18 . 2009-03-29 12:18 43 ----a-w c:\windows\Aurora Media Workshop.INI
2009-03-27 15:38 . 2008-04-13 22:16 51200 -c--a-w c:\windows\system32\dllcache\msdv.sys
2009-03-27 15:38 . 2008-04-13 22:16 51200 ----a-w c:\windows\system32\drivers\msdv.sys
2009-03-27 15:37 . 2008-04-13 22:16 38912 -c--a-w c:\windows\system32\dllcache\avc.sys
2009-03-27 15:37 . 2008-04-13 22:16 38912 ----a-w c:\windows\system32\drivers\avc.sys
2009-03-27 15:37 . 2008-04-13 22:16 48128 -c--a-w c:\windows\system32\dllcache\61883.sys
2009-03-27 15:37 . 2008-04-13 22:16 48128 ----a-w c:\windows\system32\drivers\61883.sys
2009-03-26 18:14 . 2009-03-26 18:14 -------- d-----w c:\documents and settings\Binnour\Local Settings\Application Data\Stardock
2009-03-24 23:25 . 2009-03-24 23:25 100 ----a-w c:\windows\winzipme.ini
2009-03-24 23:25 . 2001-08-29 17:57 155648 ----a-w c:\windows\system32\addurl41.DLL
2009-03-24 23:25 . 2001-07-10 12:43 18432 ----a-w c:\windows\system32\winwatch.DLL
2009-03-24 22:30 . 2009-03-24 22:30 -------- d-sha-r C:\Golden Filter Pro
2009-03-24 10:42 . 2009-03-24 10:42 81920 ----a-w c:\documents and settings\Binnour\Application Data\ezpinst.exe
2009-03-24 10:42 . 2009-03-24 10:42 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-24 10:42 . 2009-03-24 10:42 47360 ----a-w c:\documents and settings\Binnour\Application Data\pcouffin.sys
2009-03-24 10:42 . 2009-03-24 10:43 -------- d-----w c:\documents and settings\Binnour\Application Data\Vso
2009-03-24 10:42 . 2004-05-26 04:37 719872 ----a-w c:\windows\system32\devil.dll
2009-03-24 10:42 . 2006-09-16 02:44 314368 ----a-w c:\windows\system32\avisynth.dll
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 19:44 . 2009-05-01 19:44 -------- d-----w c:\program files\Common Files\Skype
2009-05-01 19:44 . 2009-05-01 19:44 -------- d-----r c:\program files\Skype
2009-05-01 19:44 . 2008-12-17 22:39 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-04-18 18:58 . 2009-03-28 14:44 -------- d-----w c:\program files\Nakido
2009-04-18 18:36 . 2008-12-16 22:01 -------- d-----w c:\documents and settings\Binnour\Application Data\DMCache
2009-04-18 15:59 . 2008-12-18 11:41 38440 ----a-w c:\documents and settings\Binnour\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 15:53 . 2009-04-18 00:20 -------- d-----w c:\program files\Power Screen Capture
2009-04-18 15:52 . 2008-12-16 22:09 -------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-04-18 15:42 . 2009-04-18 15:42 -------- d-----w c:\program files\TechSmith
2009-04-18 15:34 . 2009-04-18 15:34 -------- d-----w c:\program files\MSECache
2009-04-18 14:27 . 2009-04-18 14:27 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-18 14:00 . 2008-12-18 11:08 1632 ----a-w c:\windows\system32\d3d8caps.dat
2009-04-16 20:47 . 2009-04-16 19:53 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-16 19:39 . 2009-04-16 19:39 -------- d-----w c:\program files\Google
2009-04-16 15:48 . 2009-04-15 17:11 -------- d-----w c:\program files\Trend Micro
2009-04-15 16:32 . 2008-12-21 14:25 -------- d-----w c:\documents and settings\Binnour\Application Data\skypePM
2009-04-14 12:28 . 2009-04-12 10:18 -------- d-----w c:\program files\IE Accelerator
2009-04-14 12:28 . 2009-04-01 21:10 -------- d-----w c:\program files\Internet Download Manager
2009-04-14 12:12 . 2009-04-14 12:12 -------- d-----w c:\program files\ArzooSoft Solutions
2009-04-13 22:06 . 2009-04-13 22:06 -------- d-----w c:\program files\QT Lite
2009-04-13 21:18 . 2009-04-13 21:18 -------- d-----w c:\program files\Real Alternative
2009-04-13 21:16 . 2008-12-16 22:14 -------- d-----w c:\program files\Common Files\Real
2009-04-13 20:51 . 2009-04-13 20:51 -------- d-----w c:\program files\GRETECH
2009-04-13 10:36 . 2009-03-13 13:36 2846720 ----a-w c:\windows\system32\agsaamj.dll
2009-04-13 10:36 . 2009-03-13 13:36 1245184 ----a-w c:\windows\system32\bkll.dll
2009-04-13 10:36 . 2009-03-13 13:36 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-13 10:36 . 2009-03-18 21:13 215552 ----a-w c:\windows\system32\ALOWMVFile.dll
2009-04-13 10:35 . 2009-03-18 21:13 403968 ----a-w c:\windows\system32\ALOWMAFile2.dll
2009-04-13 10:35 . 2009-03-13 13:36 626688 ----a-w c:\windows\system32\agsaamh.dll
2009-04-13 10:35 . 2009-03-13 13:36 753664 ----a-w c:\windows\system32\agsaamg.dll
2009-04-13 10:34 . 2009-03-18 21:13 188416 ----a-w c:\windows\system32\ALOVideoFile.dll
2009-04-13 10:34 . 2009-03-13 13:36 551424 ----a-w c:\windows\system32\agsaame.dll
2009-04-13 10:33 . 2009-03-18 21:13 495104 ----a-w c:\windows\system32\ALOVideoCoreM.dll
2009-04-13 10:33 . 2009-03-13 13:36 544256 ----a-w c:\windows\system32\agsaamd.dll
2009-04-13 10:33 . 2009-03-18 21:13 780288 ----a-w c:\windows\system32\ALOVideoCompress.dll
2009-04-13 10:33 . 2009-03-13 13:36 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-13 10:33 . 2009-03-13 13:36 538624 ----a-w c:\windows\system32\agsaamb.dll
2009-04-13 10:33 . 2009-03-18 21:13 249856 ----a-w c:\windows\system32\ALOQuickTimeFile.dll
2009-04-13 10:33 . 2009-03-13 13:36 331776 ----a-w c:\windows\system32\agsaama.dll
2009-04-13 10:32 . 2009-03-18 21:13 382464 ----a-w c:\windows\system32\ALOAVIFile.dll
2009-04-13 10:32 . 2009-03-18 21:13 90112 ----a-w c:\windows\system32\ALOAudioFormatSettings3.dll
2009-04-13 10:32 . 2009-03-18 21:13 877568 ----a-w c:\windows\system32\ALOAudioFile2.dll
2009-04-13 10:32 . 2009-03-18 21:13 2846720 ----a-w c:\windows\system32\ALOAudioCompress3.dll
2009-04-13 10:32 . 2009-03-18 21:13 778240 ----a-w c:\windows\system32\ALOAudioCompress2.dll
2009-04-13 08:21 . 2009-04-13 08:21 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-11 00:47 . 2009-01-14 10:51 1744 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-10 23:24 . 2009-04-10 13:27 -------- d-----w c:\program files\Mario Forever v4.0
2009-04-10 13:24 . 2009-03-18 21:13 19456 ----a-w c:\windows\system32\videocore.dll
2009-04-10 13:24 . 2009-03-18 21:13 90112 ----a-w c:\windows\system32\ssvideo.dll
2009-04-10 13:24 . 2009-03-18 21:13 1128128 ----a-w c:\windows\system32\NMSDVDXU.dll
2009-04-10 13:24 . 2009-03-18 21:13 18595840 ----a-w c:\windows\system32\coredata.dll
2009-04-10 13:24 . 2009-03-18 21:14 344064 ----a-w c:\windows\system32\dkll.dll
2009-04-10 13:24 . 2009-03-13 13:36 196608 ----a-w c:\windows\system32\maag.dll
2009-04-10 13:24 . 2009-03-13 13:36 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-10 13:24 . 2009-03-13 13:36 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-10 13:24 . 2009-04-10 13:24 -------- d-----w c:\program files\Ozone
2009-04-09 18:42 . 2009-02-14 23:12 -------- d-----w c:\program files\Microsoft
2009-04-08 13:31 . 2008-11-03 18:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 15:57 . 2008-12-16 22:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-07 15:57 . 2008-12-16 22:12 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-05 19:53 . 2009-03-24 10:42 -------- d-----w c:\program files\Video Convert Master
2009-04-03 23:07 . 2009-04-03 23:05 -------- d-----w c:\program files\Universal Extractor
2009-04-03 22:54 . 2009-04-03 22:53 -------- d-----w c:\program files\MP3Resizer
2009-04-02 11:35 . 2009-04-02 11:30 -------- d-----w c:\program files\Windows Live
2009-04-02 11:34 . 2009-04-02 11:34 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-02 11:33 . 2009-04-02 11:33 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-02 11:31 . 2009-04-02 11:31 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 10:29 . 2009-04-02 10:29 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-02 10:23 . 2009-02-18 18:56 -------- d-----w c:\program files\vSoft
2009-04-01 15:41 . 2009-04-01 15:41 -------- d-----w c:\program files\ESET
2009-04-01 14:47 . 2009-04-01 14:47 -------- d-----w c:\program files\Windows Defender
2009-03-31 15:42 . 2009-03-31 15:42 -------- d-----w c:\program files\Qoraani
2009-03-31 15:42 . 2009-03-31 15:42 -------- d-----w c:\program files\Common Files\Rtools
2009-03-26 18:13 . 2009-03-26 18:13 -------- d-----w c:\program files\CursorXP
2009-03-26 16:50 . 2009-03-26 16:46 -------- d-----w c:\program files\Intel
2009-03-26 16:49 . 2009-03-26 16:49 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-26 16:48 . 2009-03-26 16:48 -------- d-----w c:\program files\Common Files\Intel
2009-03-24 23:25 . 2009-03-24 23:25 -------- d-----w c:\program files\DSL Speed
2009-03-24 22:29 . 2009-02-10 19:24 -------- d-----w c:\program files\Avant Browser
2009-03-24 00:19 . 2009-03-24 00:02 -------- d-----w c:\program files\Your Uninstaller 2008
2009-03-23 11:56 . 2009-03-23 11:56 -------- d-----w c:\program files\Alfa Autorun Killer 2
2009-03-19 14:28 . 2009-03-19 14:38 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-17 19:38 . 2009-03-17 19:38 -------- d-----w c:\documents and settings\Binnour\Application Data\SAM
2009-03-17 16:58 . 2009-03-17 16:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-17 16:58 . 2009-03-17 16:58 -------- d-----w c:\program files\Java
2009-03-11 19:00 . 2009-03-11 19:00 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-11 19:00 . 2009-03-11 19:00 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-10 15:12 . 2009-03-08 21:56 -------- d-----w c:\program files\Common Files\delet
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-02 13:34 . 2009-03-02 13:34 -------- d-----w c:\documents and settings\Binnour\Application Data\Windows Search
2009-03-02 11:30 . 2009-03-02 08:45 -------- d-----w c:\program files\Common Files\Stardock
2009-03-02 11:30 . 2009-03-02 11:30 -------- d-----w c:\program files\Stardock
2009-03-02 00:24 . 2008-12-16 22:20 -------- d-----w c:\program files\Foxit Software
2009-03-01 23:21 . 2008-12-27 10:34 -------- d-----w c:\program files\UltraISO
2009-03-01 14:31 . 2009-03-01 14:31 30740 ---ha-w c:\windows\system32\mlfcache.dat
2009-03-01 12:44 . 2009-03-01 12:40 -------- d-----w c:\documents and settings\Binnour\Application Data\MiniDm
2009-02-27 13:47 . 2009-02-27 13:45 -------- d-----w c:\program files\USB Disk Security
2009-02-26 22:05 . 2009-02-12 22:21 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 15:08 . 2009-02-26 15:08 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2009-02-17 13:36 . 2009-02-17 13:36 2678 ----a-w c:\windows\java\Packages\Data\AONDNTNJ.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-16 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"Athan"="c:\program files\Athan\Athan.exe" [2008-12-11 1069056]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"GoldenFilterPro"="c:\golden filter pro\GFPro.exe" [2008-05-05 1671168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\Binnour\Start Menu\Programs\Startup\
Internet Download Manager.lnk - c:\program files\Internet Download Manager\IDMan.exe [2009-4-1 2790832]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 09:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nakido\\nakido.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 gupdate1c9becb54e7a3c;Google Update Service (gupdate1c9becb54e7a3c);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 133104]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 LRPPPOE;LanRoad PPPoE Protocol;c:\windows\system32\DRIVERS\lrpppoe.sys [2004-12-17 23552]
R3 utm1njiw;AVZ Kernel Driver; [x]
R3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [2007-04-09 474368]
R3 ZSMC0305;Vimicro USB PC Camera(ZC0301ZN);c:\windows\system32\Drivers\usbVM305.sys [2007-04-09 1466624]
S1 is-SEPVTdrv;is-SEPVTdrv;c:\windows\system32\DRIVERS\13488036.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-16 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2008-09-18 320000]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 LRMINIPORT;LanRoad PPPoE Adapter;c:\windows\system32\DRIVERS\lrpppoe.sys [2004-12-17 23552]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-16 19:39]

2009-04-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-05-01 c:\windows\Tasks\User_Feed_Synchronization-{CA05655C-5DA0-442D-9BD9-E7719EA8FE22}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 00:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.islamicgoogle.com/
mWindow Title = Microsoft Internet Explorer
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: English<->Arabic - c:\program files\LingvoSoft\LingvoSoft Dictionary 2007 (English-Arabic) for Windows\Plugins\IE.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: {FECB0196-B1D6-4CE2-9F92-F4535918F33B} = 62.240.32.5,62.68.42.2
FF - ProfilePath - c:\documents and settings\Binnour\Application Data\Mozilla\Firefox\Profiles\s1u8nyvn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ly/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\documents and settings\Binnour\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Binnour\Application Data\Mozilla\Firefox\Profiles\s1u8nyvn.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-18 21:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-1202660629-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1417001333-1202660629-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ACC2A5A0-6D23-D6F3-96EF-307B283F66AF}*]
"japfnohdgkaiaefcbjkh"=hex:62,61,69,70,00,00
"iapegnpkphldmobdbi"=hex:6b,61,6f,70,65,65,62,65,63,65,66,63,67,63,65,68,64,67,
67,6d,65,66,00,00
"japfnohdgkaiaefcbjoh"=hex:62,61,64,6f,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2f,27,44,8b,93,d8,36,57,2d,9b,63,bc,d6,3b,bd,cd,95,dc,6c,ab,48,
5e,e3,da,51,b2,b3,e1,98,f5,a8,a9,64,9a,f6,bf,2f,11,27,88,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):46,55,55,74,48,2a,dc,22,23,df,cf,9c,b5,b1,bd,96,85,5a,59,03,be,
7e,ba,2a,0d,f7,fb,ad,71,43,0c,b7,5b,1e,c1,4c,12,3b,3e,3b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACC2A5A0-6D23-D6F3-96EF-307B283F66AF}\InProcServer32*]
"kaneacjipochgegajfebap"=hex:62,61,6e,70,00,8e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{cebea1a1-df24-4fa9-87c8-daccc79095fa}]
@Denied: (Full) (Everyone)
"Model"=dword:00000042
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,e3,d7,3c,e8,49,
da,2e,3e,05,98,32,02,34,2b,da,61,5d,4a,33,35,cb,8a,2e,2b,dc,77,34,8f,58,08,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ef72197f-db3e-46e1-9078-a45334f2a2de}]
@Denied: (Full) (Everyone)
"Model"=dword:00000059
"Therad"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\idmmbc.dll
.
Completion time: 2009-04-18 21:12
ComboFix-quarantined-files.txt 2009-04-18 19:12

Pre-Run: 18,585,726,976 bytes free
Post-Run: 18,573,885,440 bytes free

354 --- E O F --- 2009-04-18 18:38

 

[MAAX]

كما تفضل اخونا البرنس بالنسبة للقيمة
اما تقرير الكمبو فيكس فتم حذف بعض الملفات التي تعتبر ضارة
كيف الاوضاع الان ؟

 

[binnour]

شكرا على مرورك اخى
وضع الجهاز تمام
ويعطيكم الف عافيه على هل المساعده
مشكورين