- بادئ الموضوع virus007
- تاريخ البدء
- 1,339
MAAX
عضوشرف
غير متصل
الله يحييك اخوي
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
تأييد
0
virus007
زيزوومي جديد
غير متصل
اتفضل التقرير Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:16:26, on 12/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\wuauclt.exe D:\Protection\TiGeR-Firewall.exe D:\fa\HaCkeR\Com\بيفروست\Bifrost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe D:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\IDM 5.15 Portable.exe D:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IDMan.exe D:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\MR.DANG3R\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe F2 - REG:system.ini: Shell=Explorer.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IDMIECC.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe" O4 - HKCU\..\Run: [IDMan] D:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with IDM - D:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEExt.htm O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - D:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - D:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEExt.htm O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - D:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEGetVL.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- End of file - 4412 bytes
تأييد
0
MAAX
عضوشرف
غير متصل
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
تأييد
0
format
زيزوومي ماسى
غير متصل
الاخ هكر اشئ
عموما مش مووضوعنا ابعد عن الهكر
لانه عندك
D:\fa\HaCkeR\Com\بيفروست\Bifrost.exe
بيفروست
F2 - REG:system.ini: Shell=Explorer.exe
عندك اصابه في الاكسبلوره برنامج شل
عموما شوف الي راح احكيه الك بالنسبه للبيفروست
طبق الشرح الي فيه والاداه التنظيف الان بعطيك اياه مع شرح للتخلص من الفيروس لانه كانت عندي المكشله ^_^
عموما مش مووضوعنا ابعد عن الهكر
لانه عندك
D:\fa\HaCkeR\Com\بيفروست\Bifrost.exe
بيفروست
F2 - REG:system.ini: Shell=Explorer.exe
عندك اصابه في الاكسبلوره برنامج شل
عموما شوف الي راح احكيه الك بالنسبه للبيفروست
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
طبق الشرح الي فيه والاداه التنظيف الان بعطيك اياه مع شرح للتخلص من الفيروس لانه كانت عندي المكشله ^_^
توقيع : format
تأييد
0
format
زيزوومي ماسى
غير متصل
السلام عليكم
!Dr.Web CureIt
أداة رائعه ومجانيه لكشف وإزالة وتنظيف الفايروسات حتى بعد انتشارها
من Dr.web الأداة مبنيه على محرك فحص Dr.Web AntiVirus وتتحدث بشكل شبه يومي
الإصدار : 4.44
صوره الأداة عند الفتح
واجهة الفحص
لتحميل آخر نسخة ,,, محدثة حتى اليوم ,,
الشرح :ـ
لطريقة فحص اي مجلد او اي قرص خارجي أو صلب
وهذه الاعدادات المناسبه
ثم موافق واحفظ الاعدادات
!Dr.Web CureIt
أداة رائعه ومجانيه لكشف وإزالة وتنظيف الفايروسات حتى بعد انتشارها
من Dr.web الأداة مبنيه على محرك فحص Dr.Web AntiVirus وتتحدث بشكل شبه يومي
الإصدار : 4.44
صوره الأداة عند الفتح
واجهة الفحص
لتحميل آخر نسخة ,,, محدثة حتى اليوم ,,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
الشرح :ـ
لطريقة فحص اي مجلد او اي قرص خارجي أو صلب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وهذه الاعدادات المناسبه
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم موافق واحفظ الاعدادات
توقيع : format
تأييد
0
virus007
زيزوومي جديد
غير متصل
هلا اخوي ماكس
هذا التقرير تفضل
ComboFix 09-05-05.03 - MR.DANG3R 05/12/2009 18:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.735.451 [GMT 3:00]
Running from: c:\documents and settings\MR.DANG3R\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\MRA803~1.DAN\LOCALS~1\Temp\nss49.tmp\registry.dll
c:\documents and settings\MR.DANG3R\Local Settings\Temp\nss49.tmp\registry.dll
c:\windows\linkinfo.dll
c:\windows\Mylist.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\cdralw.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CDRALW
-------\Service_cdralw
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.
2009-05-12 12:25 . 2009-05-12 12:25 -------- d-----w c:\documents and settings\MR.DANG3R\DoctorWeb
2009-05-12 11:29 . 2009-05-12 11:29 -------- d--h--w c:\windows\system32\GroupPolicy
2009-05-12 07:39 . 2009-05-12 07:39 -------- d-----w c:\documents and settings\MR.DANG3R\Local Settings\Application Data\Identities
2009-05-11 13:31 . 2009-05-11 13:31 -------- d--h--w c:\windows\PIF
2009-05-10 14:04 . 2004-04-25 18:39 53248 ----a-w c:\windows\system32\SSubTmr6.dll
2009-05-10 14:04 . 2006-12-14 18:57 249856 ----a-w c:\windows\system32\KanastaCorpComCtrls.dll
2009-05-10 14:04 . 2006-06-03 10:19 53248 ----a-w c:\windows\system32\KanastaCorpUtils.dll
2009-05-10 13:19 . 2009-05-10 13:19 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\Resource Tuner
2009-05-10 13:19 . 2009-05-10 13:19 -------- d-----w c:\program files\Resource Tuner
2009-05-10 12:54 . 2009-05-10 12:54 -------- d-----w c:\documents and settings\MR.DANG3R\temp
2009-05-09 12:02 . 2009-05-09 12:02 -------- d-----w c:\program files\BreakPoint Software
2009-05-09 12:02 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-08 20:30 . 2004-08-03 21:56 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-05-08 20:30 . 2004-08-03 21:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-08 20:30 . 2004-08-03 19:58 14848 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-05-08 20:30 . 2004-08-03 19:58 14848 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-05-08 20:29 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-08 20:29 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-07 23:52 . 2009-05-08 00:01 -------- d-----w c:\windows\system32\NtmsData
2009-05-07 23:12 . 2009-03-24 13:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-07 23:12 . 2009-05-07 23:12 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-07 23:12 . 2009-05-07 23:12 -------- d-----w c:\program files\Avira
2009-05-07 14:30 . 2009-05-08 00:26 2349088 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-07 14:28 . 2009-05-07 14:28 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\CyberScrub
2009-05-07 14:27 . 2009-05-07 14:27 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\cleaner
2009-05-07 05:01 . 2009-05-07 13:10 1447 ----a-w c:\windows\lol.bat
2009-05-06 16:33 . 2009-05-06 16:33 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\vlc
2009-05-06 15:23 . 2009-05-06 15:23 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\GRETECH
2009-05-06 03:19 . 2009-05-06 03:20 -------- d-----w c:\program files\Common Files\delet
2009-05-06 02:23 . 2009-05-06 06:19 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-06 02:23 . 2009-05-06 02:23 987136 ----a-w c:\windows\system32\agsaamh.dll
2009-05-06 02:23 . 2009-05-06 02:23 331776 ----a-w c:\windows\system32\agsaama.dll
2009-05-06 02:22 . 2009-05-06 02:22 -------- d-----w c:\windows\system32\RMBin
2009-05-06 01:55 . 2004-08-03 20:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-06 01:11 . 2009-05-06 01:11 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\SuperAdBlocker.com
2009-05-06 01:11 . 2009-05-06 01:11 -------- d-----w c:\windows\system32\URTTemp
2009-05-06 01:11 . 2009-05-06 02:51 -------- d-----w c:\program files\SuperAdBlocker.com
2009-05-06 00:22 . 2009-02-06 17:22 2136064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-06 00:22 . 2009-02-06 17:24 2180480 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-06 00:22 . 2009-02-06 16:49 2015744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-06 00:22 . 2009-02-06 16:49 2057728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-05 23:47 . 2009-05-05 23:47 -------- d-s---w c:\documents and settings\MR.DANG3R\UserData
2009-05-05 23:40 . 2009-05-05 23:40 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\Kana Solution
2009-05-05 23:39 . 2009-05-11 01:10 -------- d-----w c:\program files\DynDNS Updater
2009-05-05 23:10 . 2009-05-06 04:20 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\Screenshot Sender
2009-05-05 23:09 . 2009-05-05 23:09 0 ----a-w c:\windows\nsreg.dat
2009-05-05 23:09 . 2009-05-05 23:09 -------- d-----w c:\documents and settings\MR.DANG3R\Local Settings\Application Data\Mozilla
2009-05-05 23:07 . 2009-05-05 23:07 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-05 23:00 . 2009-05-05 23:00 -------- d-----w c:\program files\Common Files\xing shared
2009-05-05 22:49 . 2002-01-05 10:37 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-05-05 22:49 . 2003-04-21 12:09 245408 ----a-w c:\windows\system32\unicows.dll
2009-05-05 22:49 . 2001-09-17 10:20 19968 ----a-w c:\windows\system32\cpuinf32.dll
2009-05-05 22:47 . 2009-05-05 22:47 -------- d-----w c:\program files\GRETECH
2009-05-05 22:46 . 2009-05-05 22:46 47104 ------w c:\windows\AKDeInstall.exe
2009-05-05 22:46 . 2009-05-05 22:46 -------- d-----w c:\program files\mpegable
2009-05-05 22:45 . 2009-05-05 22:45 -------- d-----w c:\program files\VideoLAN
2009-05-05 22:42 . 2006-05-13 18:29 843 ------w C:\ChangeWinXPKey.vbs
2009-05-05 22:41 . 2009-05-05 22:41 286720 ----a-w c:\windows\iun503.exe
2009-05-05 22:41 . 2009-05-05 22:41 -------- d-----w c:\program files\Speed Up Start Menu
2009-05-05 22:40 . 2009-05-07 22:36 -------- d-----w c:\program files\Ace Utilities
2009-05-02 22:35 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-02 22:35 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-02 22:31 . 2009-05-12 14:16 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\Skype
2009-05-02 22:31 . 2009-05-02 22:31 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-02 22:31 . 2009-05-02 22:31 -------- d-----w c:\program files\Common Files\Skype
2009-05-02 22:30 . 2009-05-02 22:31 -------- d-----w c:\program files\Skype
2009-05-02 22:27 . 2004-08-03 19:58 4992 -c--a-w c:\windows\system32\dllcache\mspqm.sys
2009-05-02 22:25 . 2009-05-02 22:25 -------- d-----w c:\windows\SIS
2009-05-02 22:24 . 2009-05-02 22:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-02 22:24 . 2009-05-02 22:24 -------- d-----w c:\program files\sisagp
2009-05-02 22:24 . 2009-05-02 22:24 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-02 22:16 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-02 15:03 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-02 15:02 . 2004-08-03 22:59 57472 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-02 15:01 . 2004-08-03 20:07 44672 -c--a-w c:\windows\system32\dllcache\uagp35.sys
2009-05-02 15:01 . 2004-08-03 20:07 44672 ----a-w c:\windows\system32\drivers\UAGP35.SYS
2009-05-02 15:01 . 2004-08-03 22:31 32768 ----a-w c:\windows\system32\drivers\sisnic.sys
2009-05-02 15:01 . 2004-08-03 22:41 685056 ----a-w c:\windows\system32\drivers\HSFCXTS2.sys
2009-05-02 15:01 . 2004-08-03 22:41 11868 ----a-w c:\windows\system32\drivers\mdmxsdk.sys
2009-05-02 15:01 . 2004-08-04 00:56 32285 ----a-w c:\windows\system32\HSFCISP2.dll
2009-05-02 15:01 . 2004-08-04 00:56 86016 ----a-w c:\windows\system32\mdmxsdk.dll
2009-05-02 15:01 . 2004-08-03 22:41 220032 ----a-w c:\windows\system32\drivers\HSFBS2S2.sys
2009-05-02 15:01 . 2004-08-03 22:41 1041536 ----a-w c:\windows\system32\drivers\HSFDPSP2.sys
2009-05-02 15:01 . 2004-08-04 00:56 74240 ----a-w c:\windows\system32\usbui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 00:26 . 2009-05-07 14:30 29648 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-07 16:00 . 2009-05-02 12:09 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 14:37 . 2009-05-02 22:25 262144 ----a-w c:\windows\system32\sistray.exe
2009-05-07 14:36 . 2009-05-02 22:27 577536 ----a-w c:\windows\SOUNDMAN.EXE
2009-05-06 02:23 . 2009-05-06 02:23 90112 ----a-w c:\windows\system32\agsaami.dll
2009-05-06 02:23 . 2009-05-06 02:23 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-05-06 02:23 . 2009-05-06 02:23 1986560 ----a-w c:\windows\system32\akll.dll
2009-05-06 02:23 . 2009-05-06 02:23 196608 ----a-w c:\windows\system32\maag.dll
2009-05-06 02:23 . 2009-05-06 02:23 1245184 ----a-w c:\windows\system32\bkll.dll
2009-05-06 02:23 . 2009-05-06 02:23 1212416 ----a-w c:\windows\system32\ckll.dll
2009-05-06 02:23 . 2009-05-06 02:22 237568 ----a-w c:\windows\system32\lame_enc.dll
2009-05-06 02:23 . 2009-05-06 02:23 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-05-06 02:23 . 2009-05-06 02:23 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-05-05 23:00 . 2009-05-05 22:58 -------- d-----w c:\program files\Real
2009-05-05 22:59 . 2009-05-05 22:58 -------- d-----w c:\program files\Common Files\Real
2009-05-05 22:58 . 2009-05-05 22:58 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-05 22:58 . 2009-05-05 22:49 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-05 22:38 . 2009-05-05 22:37 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-05 22:38 . 2009-05-02 22:35 -------- d-----w c:\program files\MSN Messenger
2009-05-05 22:36 . 2009-05-05 22:36 34232 ------w c:\documents and settings\MR.DANG3R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 22:27 . 2009-05-02 22:27 -------- d-----w c:\program files\Realtek Sound Manager
2009-05-02 22:27 . 2009-05-02 22:27 -------- d-----w c:\program files\AvRack
2009-05-02 22:27 . 2009-05-02 22:27 -------- d-----w c:\program files\Realtek AC97
2009-05-02 22:25 . 2009-05-02 22:25 -------- d-----w c:\program files\SiS VGA Utilities V3.75
2009-05-02 12:11 . 2009-05-02 12:11 -------- d-----w c:\program files\microsoft frontpage
2009-05-02 12:09 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-02 12:06 . 2009-05-02 12:06 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 23:52 . 2009-03-02 23:52 1495552 ----a-w c:\windows\system32\SET109.tmp
2009-02-20 08:30 . 2009-02-20 08:30 616448 ----a-w c:\windows\system32\SET107.tmp
2009-02-20 08:30 . 2009-02-20 08:30 474112 ----a-w c:\windows\system32\SET108.tmp
2009-02-20 08:30 . 2009-02-20 08:30 3059712 ----a-w c:\windows\system32\SET10E.tmp
2009-02-20 08:30 . 2009-02-20 08:30 1023488 ----a-w c:\windows\system32\SET116.tmp
2009-02-20 08:30 . 2009-02-20 08:30 659456 ----a-w c:\windows\system32\SET106.tmp
2009-02-20 08:30 . 2009-02-20 08:30 39424 ----a-w c:\windows\system32\SET10A.tmp
2009-02-20 08:30 . 2009-02-20 08:30 357888 ----a-w c:\windows\system32\SET113.tmp
2009-02-20 08:30 . 2009-02-20 08:30 205312 ----a-w c:\windows\system32\SET112.tmp
2009-02-20 08:30 . 2004-08-04 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2004-08-04 12:00 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-19 09:47 . 2009-02-19 09:47 351744 ------w c:\windows\system32\SET118.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2009-05-07 5743984]
"DynDNS Updater"="c:\program files\DynDNS Updater\DynDNS.exe" [2006-09-17 1352704]
"IDMan"="d:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IDMan.exe" [2008-12-24 939008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-07 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MR.DANG3R^Start Menu^Programs^Startup^delxp.exe]
path=c:\documents and settings\MR.DANG3R\Start Menu\Programs\Startup\delxp.exe
backup=c:\windows\pss\delxp.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SABSVC"=2 (0x2)
"lanmanserver"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\fa\\HaCkeR\\Com\\بويزون\\Poison Ivy 2.3.2.exe"=
"d:\\fa\\HaCkeR\\Com\\بيفروست\\BiFrOsT Dr.MOT 2008\\BiFrOsT Dr.MOT v0.1.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DynDNS Updater\\DynDNS.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Documents and Settings\\MR.DANG3R\\Desktop\\HiJackThis.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"d:\\fa\\PrO\\Portable.Internet.Download.Manager.v5.15.5\\App\\Internet Download Manager\\IDMan.exe"=
"d:\\fa\\HaCkeR\\Com\\بيفروست\\Bifrost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [08/05/2009 02:12 ص 108289]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 aic32p;aic32p;\??\c:\windows\system32\drivers\oiinqm.sys --> c:\windows\system32\drivers\oiinqm.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{16A4D003-0C9A-6035-637C-CB6C1C043C2F}]
c:\windows\msn.exe
.
.
------- Supplementary Scan -------
.
IE: تحميل الكل بواسطة Internet Download Manager - d:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - d:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - d:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\MR.DANG3R\Application Data\Mozilla\Firefox\Profiles\mvbvt84b.default\
FF - component: c:\documents and settings\MR.DANG3R\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-12 18:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2009-05-12 18:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-12 15:30
ComboFix2.txt 2009-05-06 14:53
Pre-Run: 15,011,246,080 bytes free
Post-Run: 15,107,694,592 bytes free
241 --- E O F --- 2009-05-07 05:13
هذا التقرير تفضل
ComboFix 09-05-05.03 - MR.DANG3R 05/12/2009 18:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.735.451 [GMT 3:00]
Running from: c:\documents and settings\MR.DANG3R\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\MRA803~1.DAN\LOCALS~1\Temp\nss49.tmp\registry.dll
c:\documents and settings\MR.DANG3R\Local Settings\Temp\nss49.tmp\registry.dll
c:\windows\linkinfo.dll
c:\windows\Mylist.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\cdralw.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CDRALW
-------\Service_cdralw
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.
2009-05-12 12:25 . 2009-05-12 12:25 -------- d-----w c:\documents and settings\MR.DANG3R\DoctorWeb
2009-05-12 11:29 . 2009-05-12 11:29 -------- d--h--w c:\windows\system32\GroupPolicy
2009-05-12 07:39 . 2009-05-12 07:39 -------- d-----w c:\documents and settings\MR.DANG3R\Local Settings\Application Data\Identities
2009-05-11 13:31 . 2009-05-11 13:31 -------- d--h--w c:\windows\PIF
2009-05-10 14:04 . 2004-04-25 18:39 53248 ----a-w c:\windows\system32\SSubTmr6.dll
2009-05-10 14:04 . 2006-12-14 18:57 249856 ----a-w c:\windows\system32\KanastaCorpComCtrls.dll
2009-05-10 14:04 . 2006-06-03 10:19 53248 ----a-w c:\windows\system32\KanastaCorpUtils.dll
2009-05-10 13:19 . 2009-05-10 13:19 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\Resource Tuner
2009-05-10 13:19 . 2009-05-10 13:19 -------- d-----w c:\program files\Resource Tuner
2009-05-10 12:54 . 2009-05-10 12:54 -------- d-----w c:\documents and settings\MR.DANG3R\temp
2009-05-09 12:02 . 2009-05-09 12:02 -------- d-----w c:\program files\BreakPoint Software
2009-05-09 12:02 . 1998-10-29 13:45 306688 ----a-w c:\windows\IsUninst.exe
2009-05-08 20:30 . 2004-08-03 21:56 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-05-08 20:30 . 2004-08-03 21:56 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-08 20:30 . 2004-08-03 19:58 14848 -c--a-w c:\windows\system32\dllcache\kbdhid.sys
2009-05-08 20:30 . 2004-08-03 19:58 14848 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-05-08 20:29 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-05-08 20:29 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-05-07 23:52 . 2009-05-08 00:01 -------- d-----w c:\windows\system32\NtmsData
2009-05-07 23:12 . 2009-03-24 13:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-07 23:12 . 2009-05-07 23:12 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-07 23:12 . 2009-05-07 23:12 -------- d-----w c:\program files\Avira
2009-05-07 14:30 . 2009-05-08 00:26 2349088 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-07 14:28 . 2009-05-07 14:28 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\CyberScrub
2009-05-07 14:27 . 2009-05-07 14:27 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\cleaner
2009-05-07 05:01 . 2009-05-07 13:10 1447 ----a-w c:\windows\lol.bat
2009-05-06 16:33 . 2009-05-06 16:33 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\vlc
2009-05-06 15:23 . 2009-05-06 15:23 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\GRETECH
2009-05-06 03:19 . 2009-05-06 03:20 -------- d-----w c:\program files\Common Files\delet
2009-05-06 02:23 . 2009-05-06 06:19 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-06 02:23 . 2009-05-06 02:23 987136 ----a-w c:\windows\system32\agsaamh.dll
2009-05-06 02:23 . 2009-05-06 02:23 331776 ----a-w c:\windows\system32\agsaama.dll
2009-05-06 02:22 . 2009-05-06 02:22 -------- d-----w c:\windows\system32\RMBin
2009-05-06 01:55 . 2004-08-03 20:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-06 01:11 . 2009-05-06 01:11 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\SuperAdBlocker.com
2009-05-06 01:11 . 2009-05-06 01:11 -------- d-----w c:\windows\system32\URTTemp
2009-05-06 01:11 . 2009-05-06 02:51 -------- d-----w c:\program files\SuperAdBlocker.com
2009-05-06 00:22 . 2009-02-06 17:22 2136064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-06 00:22 . 2009-02-06 17:24 2180480 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-06 00:22 . 2009-02-06 16:49 2015744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-06 00:22 . 2009-02-06 16:49 2057728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-05 23:47 . 2009-05-05 23:47 -------- d-s---w c:\documents and settings\MR.DANG3R\UserData
2009-05-05 23:40 . 2009-05-05 23:40 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\Kana Solution
2009-05-05 23:39 . 2009-05-11 01:10 -------- d-----w c:\program files\DynDNS Updater
2009-05-05 23:10 . 2009-05-06 04:20 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\Screenshot Sender
2009-05-05 23:09 . 2009-05-05 23:09 0 ----a-w c:\windows\nsreg.dat
2009-05-05 23:09 . 2009-05-05 23:09 -------- d-----w c:\documents and settings\MR.DANG3R\Local Settings\Application Data\Mozilla
2009-05-05 23:07 . 2009-05-05 23:07 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-05 23:00 . 2009-05-05 23:00 -------- d-----w c:\program files\Common Files\xing shared
2009-05-05 22:49 . 2002-01-05 10:37 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-05-05 22:49 . 2003-04-21 12:09 245408 ----a-w c:\windows\system32\unicows.dll
2009-05-05 22:49 . 2001-09-17 10:20 19968 ----a-w c:\windows\system32\cpuinf32.dll
2009-05-05 22:47 . 2009-05-05 22:47 -------- d-----w c:\program files\GRETECH
2009-05-05 22:46 . 2009-05-05 22:46 47104 ------w c:\windows\AKDeInstall.exe
2009-05-05 22:46 . 2009-05-05 22:46 -------- d-----w c:\program files\mpegable
2009-05-05 22:45 . 2009-05-05 22:45 -------- d-----w c:\program files\VideoLAN
2009-05-05 22:42 . 2006-05-13 18:29 843 ------w C:\ChangeWinXPKey.vbs
2009-05-05 22:41 . 2009-05-05 22:41 286720 ----a-w c:\windows\iun503.exe
2009-05-05 22:41 . 2009-05-05 22:41 -------- d-----w c:\program files\Speed Up Start Menu
2009-05-05 22:40 . 2009-05-07 22:36 -------- d-----w c:\program files\Ace Utilities
2009-05-02 22:35 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-02 22:35 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-02 22:31 . 2009-05-12 14:16 -------- d-----w c:\documents and settings\MR.DANG3R\Application Data\Skype
2009-05-02 22:31 . 2009-05-02 22:31 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-02 22:31 . 2009-05-02 22:31 -------- d-----w c:\program files\Common Files\Skype
2009-05-02 22:30 . 2009-05-02 22:31 -------- d-----w c:\program files\Skype
2009-05-02 22:27 . 2004-08-03 19:58 4992 -c--a-w c:\windows\system32\dllcache\mspqm.sys
2009-05-02 22:25 . 2009-05-02 22:25 -------- d-----w c:\windows\SIS
2009-05-02 22:24 . 2009-05-02 22:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-02 22:24 . 2009-05-02 22:24 -------- d-----w c:\program files\sisagp
2009-05-02 22:24 . 2009-05-02 22:24 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-02 22:16 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-02 15:03 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-02 15:02 . 2004-08-03 22:59 57472 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-02 15:01 . 2004-08-03 20:07 44672 -c--a-w c:\windows\system32\dllcache\uagp35.sys
2009-05-02 15:01 . 2004-08-03 20:07 44672 ----a-w c:\windows\system32\drivers\UAGP35.SYS
2009-05-02 15:01 . 2004-08-03 22:31 32768 ----a-w c:\windows\system32\drivers\sisnic.sys
2009-05-02 15:01 . 2004-08-03 22:41 685056 ----a-w c:\windows\system32\drivers\HSFCXTS2.sys
2009-05-02 15:01 . 2004-08-03 22:41 11868 ----a-w c:\windows\system32\drivers\mdmxsdk.sys
2009-05-02 15:01 . 2004-08-04 00:56 32285 ----a-w c:\windows\system32\HSFCISP2.dll
2009-05-02 15:01 . 2004-08-04 00:56 86016 ----a-w c:\windows\system32\mdmxsdk.dll
2009-05-02 15:01 . 2004-08-03 22:41 220032 ----a-w c:\windows\system32\drivers\HSFBS2S2.sys
2009-05-02 15:01 . 2004-08-03 22:41 1041536 ----a-w c:\windows\system32\drivers\HSFDPSP2.sys
2009-05-02 15:01 . 2004-08-04 00:56 74240 ----a-w c:\windows\system32\usbui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 00:26 . 2009-05-07 14:30 29648 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-07 16:00 . 2009-05-02 12:09 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 14:37 . 2009-05-02 22:25 262144 ----a-w c:\windows\system32\sistray.exe
2009-05-07 14:36 . 2009-05-02 22:27 577536 ----a-w c:\windows\SOUNDMAN.EXE
2009-05-06 02:23 . 2009-05-06 02:23 90112 ----a-w c:\windows\system32\agsaami.dll
2009-05-06 02:23 . 2009-05-06 02:23 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-05-06 02:23 . 2009-05-06 02:23 1986560 ----a-w c:\windows\system32\akll.dll
2009-05-06 02:23 . 2009-05-06 02:23 196608 ----a-w c:\windows\system32\maag.dll
2009-05-06 02:23 . 2009-05-06 02:23 1245184 ----a-w c:\windows\system32\bkll.dll
2009-05-06 02:23 . 2009-05-06 02:23 1212416 ----a-w c:\windows\system32\ckll.dll
2009-05-06 02:23 . 2009-05-06 02:22 237568 ----a-w c:\windows\system32\lame_enc.dll
2009-05-06 02:23 . 2009-05-06 02:23 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-05-06 02:23 . 2009-05-06 02:23 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-05-05 23:00 . 2009-05-05 22:58 -------- d-----w c:\program files\Real
2009-05-05 22:59 . 2009-05-05 22:58 -------- d-----w c:\program files\Common Files\Real
2009-05-05 22:58 . 2009-05-05 22:58 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-05 22:58 . 2009-05-05 22:49 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-05 22:38 . 2009-05-05 22:37 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-05 22:38 . 2009-05-02 22:35 -------- d-----w c:\program files\MSN Messenger
2009-05-05 22:36 . 2009-05-05 22:36 34232 ------w c:\documents and settings\MR.DANG3R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 22:27 . 2009-05-02 22:27 -------- d-----w c:\program files\Realtek Sound Manager
2009-05-02 22:27 . 2009-05-02 22:27 -------- d-----w c:\program files\AvRack
2009-05-02 22:27 . 2009-05-02 22:27 -------- d-----w c:\program files\Realtek AC97
2009-05-02 22:25 . 2009-05-02 22:25 -------- d-----w c:\program files\SiS VGA Utilities V3.75
2009-05-02 12:11 . 2009-05-02 12:11 -------- d-----w c:\program files\microsoft frontpage
2009-05-02 12:09 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-02 12:06 . 2009-05-02 12:06 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 23:52 . 2009-03-02 23:52 1495552 ----a-w c:\windows\system32\SET109.tmp
2009-02-20 08:30 . 2009-02-20 08:30 616448 ----a-w c:\windows\system32\SET107.tmp
2009-02-20 08:30 . 2009-02-20 08:30 474112 ----a-w c:\windows\system32\SET108.tmp
2009-02-20 08:30 . 2009-02-20 08:30 3059712 ----a-w c:\windows\system32\SET10E.tmp
2009-02-20 08:30 . 2009-02-20 08:30 1023488 ----a-w c:\windows\system32\SET116.tmp
2009-02-20 08:30 . 2009-02-20 08:30 659456 ----a-w c:\windows\system32\SET106.tmp
2009-02-20 08:30 . 2009-02-20 08:30 39424 ----a-w c:\windows\system32\SET10A.tmp
2009-02-20 08:30 . 2009-02-20 08:30 357888 ----a-w c:\windows\system32\SET113.tmp
2009-02-20 08:30 . 2009-02-20 08:30 205312 ----a-w c:\windows\system32\SET112.tmp
2009-02-20 08:30 . 2004-08-04 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2004-08-04 12:00 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-19 09:47 . 2009-02-19 09:47 351744 ------w c:\windows\system32\SET118.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2009-05-07 5743984]
"DynDNS Updater"="c:\program files\DynDNS Updater\DynDNS.exe" [2006-09-17 1352704]
"IDMan"="d:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IDMan.exe" [2008-12-24 939008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-07 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MR.DANG3R^Start Menu^Programs^Startup^delxp.exe]
path=c:\documents and settings\MR.DANG3R\Start Menu\Programs\Startup\delxp.exe
backup=c:\windows\pss\delxp.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SABSVC"=2 (0x2)
"lanmanserver"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\fa\\HaCkeR\\Com\\بويزون\\Poison Ivy 2.3.2.exe"=
"d:\\fa\\HaCkeR\\Com\\بيفروست\\BiFrOsT Dr.MOT 2008\\BiFrOsT Dr.MOT v0.1.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DynDNS Updater\\DynDNS.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Documents and Settings\\MR.DANG3R\\Desktop\\HiJackThis.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"d:\\fa\\PrO\\Portable.Internet.Download.Manager.v5.15.5\\App\\Internet Download Manager\\IDMan.exe"=
"d:\\fa\\HaCkeR\\Com\\بيفروست\\Bifrost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [08/05/2009 02:12 ص 108289]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 aic32p;aic32p;\??\c:\windows\system32\drivers\oiinqm.sys --> c:\windows\system32\drivers\oiinqm.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{16A4D003-0C9A-6035-637C-CB6C1C043C2F}]
c:\windows\msn.exe
.
.
------- Supplementary Scan -------
.
IE: تحميل الكل بواسطة Internet Download Manager - d:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - d:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - d:\fa\PrO\Portable.Internet.Download.Manager.v5.15.5\App\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\MR.DANG3R\Application Data\Mozilla\Firefox\Profiles\mvbvt84b.default\
FF - component: c:\documents and settings\MR.DANG3R\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-12 18:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2009-05-12 18:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-12 15:30
ComboFix2.txt 2009-05-06 14:53
Pre-Run: 15,011,246,080 bytes free
Post-Run: 15,107,694,592 bytes free
241 --- E O F --- 2009-05-07 05:13
تأييد
0
MAAX
عضوشرف
غير متصل
عطل استعادة النظام حسب الشرح التالي
ثم
ادخل هذه الصفحة
وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
وارفعه على هذا الموقع
وارفق رابط التحميل بمشاركتك القادمة
ثم
ادخل هذه الصفحة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التقرير noor_mcafeeوارفعه على هذا الموقع
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وارفق رابط التحميل بمشاركتك القادمة
تأييد
0
kemo_2009
زيزوومى مميز
غير متصل
قم بالدخول الى هذه الصفحة وان شاء الله تفيدك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
- الحالة