تقرير وارجو التحليل

ا

الجروح الاليمه

زيزوومي نشيط
إنضم
29 مارس 2008
المشاركات
167
مستوى التفاعل
0
النقاط
200
الإقامة
الكرة الارضيه
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:22:36 م, on 07/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\WinRAR\WinRAR.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\PROGRA~1\THEKMP~1\KMPlayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bind admin] C:\DOCUME~1\my-pc\APPLIC~1\FLAWARMY\debugsixthjoy.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7267 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
هل يوجد عندك مشكلة ... او بس تشيك فقط

....
اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
توقيع : ابـــو عــبــد الــلــه
تأييد 0
تفضل


ComboFix 09-05-06.08 - my-pc 05/07/2009 18:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1023.523 [GMT 3:00]
Running from: c:\documents and settings\my-pc\سطح المكتب\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-05-07 14:32 . 2009-05-07 15:00 -------- d-----w c:\program files\The KMPlayer
2009-05-07 14:22 . 2009-05-07 14:22 -------- d-----w c:\program files\Trend Micro
2009-05-06 23:45 . 2009-05-06 23:45 -------- d-----w c:\documents and settings\my-pc\Application Data\DivX
2009-05-06 23:43 . 2009-05-07 14:48 -------- d-----w c:\program files\DivX
2009-05-06 12:19 . 2009-05-06 12:19 -------- d-----w c:\windows\system32\LogFiles
2009-05-06 12:03 . 2009-05-06 12:03 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-06 11:58 . 2009-05-06 12:12 -------- d-----w c:\documents and settings\my-pc\Local Settings\Application Data\Conduit
2009-05-06 11:53 . 2009-05-06 12:12 -------- d-----w c:\program files\Conduit
2009-05-06 11:53 . 2009-05-06 12:09 -------- d-----w c:\program files\Hotspot_Shield
2009-05-06 11:53 . 2009-05-06 11:58 -------- d-----w c:\program files\Hotspot Shield
2009-05-06 11:17 . 2009-05-06 11:17 -------- d-----w c:\program files\Media Player Classic
2009-05-06 11:12 . 2009-05-06 11:17 -------- d-----w c:\documents and settings\my-pc\Application Data\Media Player Classic
2009-05-06 11:11 . 2004-01-11 22:00 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-06 10:09 . 2009-05-06 10:09 -------- d-----w c:\documents and settings\my-pc\Application Data\URSoft
2009-05-06 10:08 . 2009-05-07 14:57 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-06 10:08 . 2009-05-06 10:24 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-06 00:24 . 2009-05-07 14:00 -------- d-----w c:\program files\Internet Download Manager
2009-05-05 23:57 . 2009-05-05 23:57 -------- d-----w c:\program files\AskSearch
2009-05-05 23:57 . 2009-05-06 10:27 -------- d-----w c:\program files\AskBarDis
2009-05-05 23:57 . 2009-05-05 23:57 -------- d-----w c:\program files\uTorrent
2009-05-05 23:57 . 2009-05-07 14:47 -------- d-----w c:\documents and settings\my-pc\Application Data\uTorrent
2009-05-05 23:24 . 2006-05-13 18:29 843 ----a-w C:\ChangeWinXPKey.vbs
2009-05-05 23:17 . 2008-06-14 17:31 271616 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-05 23:17 . 2008-06-14 17:31 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-05-05 23:16 . 2009-02-09 11:22 2190592 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-05 23:16 . 2009-02-09 11:22 2146816 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-05 23:16 . 2009-02-09 11:22 2025472 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-05 23:16 . 2009-05-05 23:16 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-05 23:15 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-05 23:12 . 2008-10-16 11:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-05 23:06 . 2009-04-08 16:24 1193 ----a-w C:\Windows_Genuine_Validiation.reg
2009-05-05 22:17 . 2009-05-05 22:17 -------- d-----w c:\documents and settings\my-pc\Local Settings\Application Data\Cooliris
2009-05-05 22:03 . 2009-05-05 22:03 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-05 22:03 . 2009-05-07 13:03 -------- d-----w c:\documents and settings\my-pc\Application Data\skypePM
2009-05-05 22:02 . 2009-05-07 15:30 -------- d-----w c:\documents and settings\my-pc\Application Data\Skype
2009-05-05 22:02 . 2009-05-05 22:02 -------- d-----w c:\program files\Common Files\Skype
2009-05-05 22:02 . 2009-05-05 22:02 -------- d-----r c:\program files\Skype
2009-05-05 22:02 . 2009-05-05 22:02 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-05 19:57 . 2009-05-05 19:59 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-05 19:57 . 2009-05-05 19:57 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-05 19:57 . 2009-05-05 19:57 -------- d-----w c:\program files\Avira
2009-05-05 19:40 . 2009-05-05 19:27 58952 ----a-w c:\windows\system32\MsgPlusLoader.dll
2009-05-05 19:36 . 2009-05-05 19:36 -------- d-----w c:\program files\FLAWARMY
2009-05-05 19:36 . 2009-05-05 20:26 -------- d-----w c:\program files\Circle Developeent
2009-05-05 19:36 . 2009-05-05 19:36 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-05 19:33 . 2009-05-05 19:38 -------- d-----w c:\documents and settings\my-pc\Contacts
2009-05-05 19:28 . 2009-05-05 19:37 -------- d-----w c:\documents and settings\All Users\Application Data\Browse Dent Win Base
2009-05-05 19:27 . 2009-05-05 20:26 -------- d-----w c:\documents and settings\my-pc\Application Data\FLAWARMY
2009-05-05 19:26 . 2009-05-05 19:27 -------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-05-05 19:25 . 2009-05-05 19:34 -------- d-----w c:\program files\Windows Live
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-05 19:11 . 2008-04-15 12:00 36927 -c--a-w c:\windows\system32\dllcache\padrs411.dll
2009-05-05 19:10 . 2009-05-07 14:00 -------- d-----w c:\documents and settings\my-pc\Application Data\IDM
2009-05-05 19:10 . 2009-05-07 15:30 -------- d-----w c:\documents and settings\my-pc\Application Data\DMCache
2009-05-05 19:10 . 2009-05-05 19:10 -------- d-----w c:\documents and settings\my-pc\Application Data\Thinstall
2009-05-05 19:08 . 2009-05-05 19:19 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-05 19:08 . 2009-05-05 19:19 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-05 19:07 . 2009-05-07 15:29 892448 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-05 19:07 . 2009-05-07 15:27 172064 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-05 19:07 . 2009-05-05 19:07 -------- d-----w c:\program files\Kaspersky Lab
2009-05-05 19:07 . 2009-05-07 15:29 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-05 19:04 . 2008-04-13 21:15 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-05 19:00 . 2009-05-05 19:00 0 ----a-w c:\windows\nsreg.dat
2009-05-05 19:00 . 2009-05-05 19:00 -------- d-----w c:\documents and settings\my-pc\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 15:29 . 2009-05-05 19:07 9100 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-07 15:27 . 2009-05-05 19:07 2716 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-07 14:57 . 2008-04-15 12:00 40118 ----a-w c:\windows\system32\perfc001.dat
2009-05-07 14:57 . 2008-04-15 12:00 251674 ----a-w c:\windows\system32\perfh001.dat
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-03 18:18 . 2009-04-03 18:18 33256 ----a-w c:\windows\system32\drivers\HssDrv.sys
2009-03-26 15:35 . 2009-04-29 12:20 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-03-06 14:20 . 2008-04-15 12:00 283136 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:09 . 2008-04-15 12:00 664576 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:09 . 2008-04-15 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2008-04-15 12:00 1846656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:22 . 2008-04-14 21:12 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2008-04-15 12:00 2146816 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2008-04-15 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-15 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-15 12:00 681472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-15 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-15 12:00 693760 ----a-w c:\windows\system32\ntdll.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-06 11:57 218160 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-29 2799024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-05 206088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/05/2009 10:57 م 108289]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [22/04/2009 04:12 ص 328752]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 24592]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [23/04/2009 12:34 ص 34352]
S4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [05/05/2009 10:57 م 194817]
S4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [05/05/2009 10:57 م 432897]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-Bind admin - c:\docume~1\my-pc\APPLIC~1\FLAWARMY\debugsixthjoy.exe
HKLM-Run-nwiz - nwiz.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\my-pc\Application Data\Mozilla\Firefox\Profiles\2o1ekmdb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\documents and settings\my-pc\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-07 18:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\uTorrent\uTorrent.exe
.
**************************************************************************
.
Completion time: 2009-05-07 18:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-07 15:31

Pre-Run: 63,230,644,224 bytes free
Post-Run: 63,273,279,488 bytes free

195 --- E O F --- 2009-05-06 23:07
 
تأييد 0
اوكي يالغلااا الحين هاجيك جديد ..
 
توقيع : KoNaMi
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى