- بادئ الموضوع badr11
- تاريخ البدء
- 802
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
اعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
توقيع : Demo-dash
تأييد
0
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
انا لست عبادي ... انا ديمو دااش :d:
اعمل التقرير من الوضع الان
اعمل التقرير من الوضع الان
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : Demo-dash
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:17 PM, on 4/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
--
End of file - 3685 bytes
Scan saved at 7:57:17 PM, on 4/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
--
End of file - 3685 bytes
تأييد
0
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
وانت من السيف مود استخدم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : Demo-dash
تأييد
0
ComboFix 09-04-21.A8 - User 04/21/2009 20:35.1 - FAT32x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1015.826 [GMT 3:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\USER\LOCALS~1\wgwpu.rkl
.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-21 17:02 . 2009-04-21 17:02 -------- d-----w c:\documents and settings\Administrator\Contacts
2009-04-21 17:02 . 2009-04-21 17:02 49280 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 03:20 . 2009-04-13 03:20 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\Apple Computer
2009-04-09 21:39 . 2009-04-14 13:44 268 ---ha-w C:\sqmdata19.sqm
2009-04-09 21:39 . 2009-04-14 13:44 244 ---ha-w C:\sqmnoopt19.sqm
2009-04-09 20:14 . 2009-04-14 09:05 268 ---ha-w C:\sqmdata18.sqm
2009-04-09 20:14 . 2009-04-14 09:05 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-09 17:31 . 2009-04-14 06:25 268 ---ha-w C:\sqmdata17.sqm
2009-04-09 17:31 . 2009-04-14 06:25 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-09 15:45 . 2009-04-13 22:38 268 ---ha-w C:\sqmdata16.sqm
2009-04-09 15:45 . 2009-04-13 22:38 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-09 13:18 . 2009-04-13 21:47 268 ---ha-w C:\sqmdata15.sqm
2009-04-09 13:18 . 2009-04-13 21:47 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-09 03:51 . 2009-04-13 19:52 268 ---ha-w C:\sqmdata14.sqm
2009-04-09 03:51 . 2009-04-13 19:52 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-06 19:20 . 2009-04-13 18:03 268 ---ha-w C:\sqmdata13.sqm
2009-04-06 19:20 . 2009-04-13 18:03 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-06 18:25 . 2009-04-13 10:54 268 ---ha-w C:\sqmdata12.sqm
2009-04-06 18:25 . 2009-04-13 10:54 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-06 17:02 . 2009-04-13 04:25 268 ---ha-w C:\sqmdata11.sqm
2009-04-06 17:02 . 2009-04-13 04:25 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-06 16:55 . 2009-04-13 00:27 268 ---ha-w C:\sqmdata10.sqm
2009-04-06 16:55 . 2009-04-13 00:27 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-06 16:48 . 2009-04-12 13:19 268 ---ha-w C:\sqmdata09.sqm
2009-04-06 16:48 . 2009-04-12 13:19 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-02 14:22 . 2009-04-12 06:48 268 ---ha-w C:\sqmdata08.sqm
2009-04-02 14:22 . 2009-04-12 06:48 244 ---ha-w C:\sqmnoopt08.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 18:42 . 2009-03-10 13:13 268 ---ha-w C:\sqmdata01.sqm
2009-04-15 18:42 . 2009-03-10 13:13 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-15 14:43 . 2009-03-10 09:09 268 ---ha-w C:\sqmdata00.sqm
2009-04-15 14:43 . 2009-03-10 09:09 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-12 03:09 . 2009-03-16 11:27 268 ---ha-w C:\sqmdata07.sqm
2009-04-12 03:09 . 2009-03-16 11:27 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-12 01:53 . 2009-03-15 22:54 268 ---ha-w C:\sqmdata06.sqm
2009-04-12 01:53 . 2009-03-15 22:54 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-11 22:17 . 2009-03-15 15:15 268 ---ha-w C:\sqmdata05.sqm
2009-04-11 22:17 . 2009-03-15 15:15 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-11 13:12 . 2009-03-11 06:23 268 ---ha-w C:\sqmdata04.sqm
2009-04-11 13:12 . 2009-03-11 06:23 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-11 08:17 . 2009-03-10 18:47 268 ---ha-w C:\sqmdata03.sqm
2009-04-11 08:17 . 2009-03-10 18:47 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-11 01:33 . 2009-03-10 17:20 268 ---ha-w C:\sqmdata02.sqm
2009-04-11 01:33 . 2009-03-10 17:20 244 ---ha-w C:\sqmnoopt02.sqm
2009-03-20 00:11 . 2009-03-20 00:11 -------- d-----w c:\documents and settings\User\Application Data\Apple Computer
2009-03-16 19:54 . 2009-03-16 19:54 -------- d-----w c:\documents and settings\User\Application Data\Media Player Classic
2009-03-10 13:18 . 2009-03-10 13:18 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-10 09:02 . 2009-03-10 09:02 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-10 08:59 . 2009-03-10 08:59 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-10 08:59 . 2009-03-10 07:28 49280 ----a-w c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-10 08:57 . 2009-03-10 08:57 -------- d-----w c:\program files\Windows Live
2009-03-10 08:53 . 2009-03-10 08:54 298104 ----a-w c:\windows\system32\imon.dll
2009-03-10 08:53 . 2009-03-10 08:54 512096 ----a-w c:\windows\system32\drivers\amon.sys
2009-03-10 08:53 . 2009-03-10 08:54 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2009-03-10 08:53 . 2009-03-10 08:53 -------- d-----w c:\program files\ESET
2009-03-10 08:38 . 2009-03-10 08:38 -------- d-----w c:\program files\QuickTime
2009-03-10 08:35 . 2009-03-10 08:35 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-10 08:28 . 2009-03-10 08:28 47104 ------w c:\windows\AKDeInstall.exe
2009-03-10 08:28 . 2009-03-10 08:28 -------- d-----w c:\program files\mpegable
2009-03-10 08:25 . 2009-03-10 08:25 -------- d-----w c:\program files\Common Files\xing shared
2009-03-10 08:24 . 2009-03-10 08:11 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-10 08:24 . 2009-03-10 08:24 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-10 08:24 . 2009-03-10 08:24 -------- d-----w c:\program files\Common Files\Real
2009-03-10 08:24 . 2009-03-10 08:24 -------- d-----w c:\program files\Real
2009-03-10 08:21 . 2009-03-10 08:21 -------- d-----w c:\program files\VideoLAN
2009-03-10 08:18 . 2009-03-10 08:18 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-03-10 08:16 . 2009-03-10 08:15 -------- d-----w c:\program files\Common Files\Adobe
2009-03-10 08:13 . 2009-03-10 08:13 2232 ----a-w c:\windows\java\Packages\Data\ZDB5RP3Z.DAT
2009-03-10 08:13 . 2009-03-10 08:13 155995 ----a-w c:\windows\java\Packages\FX7797FR.ZIP
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\71N5V7RD.DAT
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\3B3R9BPJ.DAT
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\UGATJHBB.DAT
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\CP7B9317.DAT
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\5ZN3PR9B.DAT
2009-03-10 08:11 . 2009-03-10 08:11 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-10 08:05 . 2009-03-10 08:05 -------- d-----w c:\program files\Microsoft.NET
2009-03-10 08:05 . 2009-03-10 08:04 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-10 07:53 . 2009-03-10 07:05 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-10 07:44 . 2009-03-10 07:43 86 ----a-w C:\bcmwl5.log
2009-03-10 07:43 . 2009-03-10 07:43 -------- d-----w c:\program files\Broadcom
2009-03-10 07:43 . 2009-03-10 07:43 -------- d-----w c:\documents and settings\User\Application Data\InstallShield
2009-03-10 07:43 . 2009-03-10 07:43 87328 ----a-w c:\windows\system32\bcmwlcoi.dll
2009-03-10 07:43 . 2009-03-10 07:43 1294200 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2009-03-10 07:41 . 2009-03-10 07:41 191 ----a-w C:\syntpad.log
2009-03-10 07:41 . 2009-03-10 07:41 -------- d-----w c:\program files\Synaptics
2009-03-10 07:40 . 2009-03-10 07:40 -------- d-----w c:\program files\Marvell
2009-03-10 07:39 . 2009-03-10 07:39 -------- d-----w c:\documents and settings\User\Application Data\TMP
2009-03-10 07:39 . 2009-03-10 07:39 -------- d-----w c:\program files\Hewlett-Packard
2009-03-10 07:38 . 2009-03-10 07:37 36469 ----a-w C:\chpst.log
2009-03-10 07:37 . 2009-03-10 07:37 -------- d-----w c:\program files\Intel
2009-03-10 07:34 . 2009-03-10 07:34 -------- d-----w c:\program files\WIDCOMM
2009-03-10 07:32 . 2009-03-10 07:32 -------- d-----w c:\program files\IDT
2009-03-10 07:32 . 2009-03-10 07:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 07:32 . 2009-03-10 07:32 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-10 07:07 . 2009-03-10 07:07 -------- d-----w c:\program files\microsoft frontpage
2009-03-10 07:01 . 2009-03-10 07:01 21640 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5728112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-28 471040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-30 442477]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-10 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-10 949376]
"IDTSysTrayApp"="sttray.exe" - c:\windows\STTRAY.EXE [2008-08-30 442477]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-10 389120]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-03-10 15424]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-08-28 112128]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-21 20:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\program files\IDT\WDM\STACSV.EXE
c:\windows\SYSTEM32\IGFXSRVC.EXE
c:\program files\ESET\NOD32KRN.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
.
**************************************************************************
.
Completion time: 2009-04-21 20:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 17:41
Pre-Run: 10,788,380,672 bytes free
Post-Run: 11,344,510,976 bytes free
191
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1015.826 [GMT 3:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\USER\LOCALS~1\wgwpu.rkl
.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-21 17:02 . 2009-04-21 17:02 -------- d-----w c:\documents and settings\Administrator\Contacts
2009-04-21 17:02 . 2009-04-21 17:02 49280 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 03:20 . 2009-04-13 03:20 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\Apple Computer
2009-04-09 21:39 . 2009-04-14 13:44 268 ---ha-w C:\sqmdata19.sqm
2009-04-09 21:39 . 2009-04-14 13:44 244 ---ha-w C:\sqmnoopt19.sqm
2009-04-09 20:14 . 2009-04-14 09:05 268 ---ha-w C:\sqmdata18.sqm
2009-04-09 20:14 . 2009-04-14 09:05 244 ---ha-w C:\sqmnoopt18.sqm
2009-04-09 17:31 . 2009-04-14 06:25 268 ---ha-w C:\sqmdata17.sqm
2009-04-09 17:31 . 2009-04-14 06:25 244 ---ha-w C:\sqmnoopt17.sqm
2009-04-09 15:45 . 2009-04-13 22:38 268 ---ha-w C:\sqmdata16.sqm
2009-04-09 15:45 . 2009-04-13 22:38 244 ---ha-w C:\sqmnoopt16.sqm
2009-04-09 13:18 . 2009-04-13 21:47 268 ---ha-w C:\sqmdata15.sqm
2009-04-09 13:18 . 2009-04-13 21:47 244 ---ha-w C:\sqmnoopt15.sqm
2009-04-09 03:51 . 2009-04-13 19:52 268 ---ha-w C:\sqmdata14.sqm
2009-04-09 03:51 . 2009-04-13 19:52 244 ---ha-w C:\sqmnoopt14.sqm
2009-04-06 19:20 . 2009-04-13 18:03 268 ---ha-w C:\sqmdata13.sqm
2009-04-06 19:20 . 2009-04-13 18:03 244 ---ha-w C:\sqmnoopt13.sqm
2009-04-06 18:25 . 2009-04-13 10:54 268 ---ha-w C:\sqmdata12.sqm
2009-04-06 18:25 . 2009-04-13 10:54 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-06 17:02 . 2009-04-13 04:25 268 ---ha-w C:\sqmdata11.sqm
2009-04-06 17:02 . 2009-04-13 04:25 244 ---ha-w C:\sqmnoopt11.sqm
2009-04-06 16:55 . 2009-04-13 00:27 268 ---ha-w C:\sqmdata10.sqm
2009-04-06 16:55 . 2009-04-13 00:27 244 ---ha-w C:\sqmnoopt10.sqm
2009-04-06 16:48 . 2009-04-12 13:19 268 ---ha-w C:\sqmdata09.sqm
2009-04-06 16:48 . 2009-04-12 13:19 244 ---ha-w C:\sqmnoopt09.sqm
2009-04-02 14:22 . 2009-04-12 06:48 268 ---ha-w C:\sqmdata08.sqm
2009-04-02 14:22 . 2009-04-12 06:48 244 ---ha-w C:\sqmnoopt08.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 18:42 . 2009-03-10 13:13 268 ---ha-w C:\sqmdata01.sqm
2009-04-15 18:42 . 2009-03-10 13:13 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-15 14:43 . 2009-03-10 09:09 268 ---ha-w C:\sqmdata00.sqm
2009-04-15 14:43 . 2009-03-10 09:09 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-12 03:09 . 2009-03-16 11:27 268 ---ha-w C:\sqmdata07.sqm
2009-04-12 03:09 . 2009-03-16 11:27 244 ---ha-w C:\sqmnoopt07.sqm
2009-04-12 01:53 . 2009-03-15 22:54 268 ---ha-w C:\sqmdata06.sqm
2009-04-12 01:53 . 2009-03-15 22:54 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-11 22:17 . 2009-03-15 15:15 268 ---ha-w C:\sqmdata05.sqm
2009-04-11 22:17 . 2009-03-15 15:15 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-11 13:12 . 2009-03-11 06:23 268 ---ha-w C:\sqmdata04.sqm
2009-04-11 13:12 . 2009-03-11 06:23 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-11 08:17 . 2009-03-10 18:47 268 ---ha-w C:\sqmdata03.sqm
2009-04-11 08:17 . 2009-03-10 18:47 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-11 01:33 . 2009-03-10 17:20 268 ---ha-w C:\sqmdata02.sqm
2009-04-11 01:33 . 2009-03-10 17:20 244 ---ha-w C:\sqmnoopt02.sqm
2009-03-20 00:11 . 2009-03-20 00:11 -------- d-----w c:\documents and settings\User\Application Data\Apple Computer
2009-03-16 19:54 . 2009-03-16 19:54 -------- d-----w c:\documents and settings\User\Application Data\Media Player Classic
2009-03-10 13:18 . 2009-03-10 13:18 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-10 09:02 . 2009-03-10 09:02 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-10 08:59 . 2009-03-10 08:59 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-10 08:59 . 2009-03-10 07:28 49280 ----a-w c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-10 08:57 . 2009-03-10 08:57 -------- d-----w c:\program files\Windows Live
2009-03-10 08:53 . 2009-03-10 08:54 298104 ----a-w c:\windows\system32\imon.dll
2009-03-10 08:53 . 2009-03-10 08:54 512096 ----a-w c:\windows\system32\drivers\amon.sys
2009-03-10 08:53 . 2009-03-10 08:54 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2009-03-10 08:53 . 2009-03-10 08:53 -------- d-----w c:\program files\ESET
2009-03-10 08:38 . 2009-03-10 08:38 -------- d-----w c:\program files\QuickTime
2009-03-10 08:35 . 2009-03-10 08:35 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-10 08:28 . 2009-03-10 08:28 47104 ------w c:\windows\AKDeInstall.exe
2009-03-10 08:28 . 2009-03-10 08:28 -------- d-----w c:\program files\mpegable
2009-03-10 08:25 . 2009-03-10 08:25 -------- d-----w c:\program files\Common Files\xing shared
2009-03-10 08:24 . 2009-03-10 08:11 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-10 08:24 . 2009-03-10 08:24 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-10 08:24 . 2009-03-10 08:24 -------- d-----w c:\program files\Common Files\Real
2009-03-10 08:24 . 2009-03-10 08:24 -------- d-----w c:\program files\Real
2009-03-10 08:21 . 2009-03-10 08:21 -------- d-----w c:\program files\VideoLAN
2009-03-10 08:18 . 2009-03-10 08:18 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-03-10 08:16 . 2009-03-10 08:15 -------- d-----w c:\program files\Common Files\Adobe
2009-03-10 08:13 . 2009-03-10 08:13 2232 ----a-w c:\windows\java\Packages\Data\ZDB5RP3Z.DAT
2009-03-10 08:13 . 2009-03-10 08:13 155995 ----a-w c:\windows\java\Packages\FX7797FR.ZIP
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\71N5V7RD.DAT
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\3B3R9BPJ.DAT
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\UGATJHBB.DAT
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\CP7B9317.DAT
2009-03-10 08:13 . 2009-03-10 08:13 2678 ----a-w c:\windows\java\Packages\Data\5ZN3PR9B.DAT
2009-03-10 08:11 . 2009-03-10 08:11 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-10 08:05 . 2009-03-10 08:05 -------- d-----w c:\program files\Microsoft.NET
2009-03-10 08:05 . 2009-03-10 08:04 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-10 07:53 . 2009-03-10 07:05 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-10 07:44 . 2009-03-10 07:43 86 ----a-w C:\bcmwl5.log
2009-03-10 07:43 . 2009-03-10 07:43 -------- d-----w c:\program files\Broadcom
2009-03-10 07:43 . 2009-03-10 07:43 -------- d-----w c:\documents and settings\User\Application Data\InstallShield
2009-03-10 07:43 . 2009-03-10 07:43 87328 ----a-w c:\windows\system32\bcmwlcoi.dll
2009-03-10 07:43 . 2009-03-10 07:43 1294200 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2009-03-10 07:41 . 2009-03-10 07:41 191 ----a-w C:\syntpad.log
2009-03-10 07:41 . 2009-03-10 07:41 -------- d-----w c:\program files\Synaptics
2009-03-10 07:40 . 2009-03-10 07:40 -------- d-----w c:\program files\Marvell
2009-03-10 07:39 . 2009-03-10 07:39 -------- d-----w c:\documents and settings\User\Application Data\TMP
2009-03-10 07:39 . 2009-03-10 07:39 -------- d-----w c:\program files\Hewlett-Packard
2009-03-10 07:38 . 2009-03-10 07:37 36469 ----a-w C:\chpst.log
2009-03-10 07:37 . 2009-03-10 07:37 -------- d-----w c:\program files\Intel
2009-03-10 07:34 . 2009-03-10 07:34 -------- d-----w c:\program files\WIDCOMM
2009-03-10 07:32 . 2009-03-10 07:32 -------- d-----w c:\program files\IDT
2009-03-10 07:32 . 2009-03-10 07:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 07:32 . 2009-03-10 07:32 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-10 07:07 . 2009-03-10 07:07 -------- d-----w c:\program files\microsoft frontpage
2009-03-10 07:01 . 2009-03-10 07:01 21640 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5728112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-28 471040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-30 442477]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-10 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-10 949376]
"IDTSysTrayApp"="sttray.exe" - c:\windows\STTRAY.EXE [2008-08-30 442477]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-10 389120]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-03-10 15424]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-08-28 112128]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\imon.dll
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-21 20:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\program files\IDT\WDM\STACSV.EXE
c:\windows\SYSTEM32\IGFXSRVC.EXE
c:\program files\ESET\NOD32KRN.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
.
**************************************************************************
.
Completion time: 2009-04-21 20:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 17:41
Pre-Run: 10,788,380,672 bytes free
Post-Run: 11,344,510,976 bytes free
191
تأييد
0