- بادئ الموضوع aSJo_oJI
- تاريخ البدء
- 826
وهذا تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:08:07 م, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\tazebama.dl_
C:\DOCUME~1\mansor\LOCALS~1\Temp\Rar$EX19.718\Ultraiso9_Medo9_Zamzam\Patch.exe
C:\Program Files\UltraISO\UltraISO.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [viruscleaner] "C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" h
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
--
End of file - 4622 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:08:07 م, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\tazebama.dl_
C:\DOCUME~1\mansor\LOCALS~1\Temp\Rar$EX19.718\Ultraiso9_Medo9_Zamzam\Patch.exe
C:\Program Files\UltraISO\UltraISO.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [viruscleaner] "C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" h
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
--
End of file - 4622 bytes
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
اولا
عطل برامج الحماية لديك
نزل هذه الاداة
عطل برامج الحماية لديك
نزل هذه الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول
ثانيا
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول
ثانيا
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد
0
ComboFix 09-05-11.08 - mansor 05/12/2009 20:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.447.224 [GMT 3:00]
Running from: c:\docume~1\mansor\LOCALS~1\Temp\Rar$EX07.187\12 Must have tools\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\mansor\Application Data\tazebama
c:\documents and settings\mansor\Application Data\tazebama\tazebama.log
c:\documents and settings\mansor\Application Data\tazebama\zPharaoh.dat
C:\zPharaoh.exe
D:\Autorun.inf
d:\recycler\NokiaN73Tools.exe
d:\recycler\RECYCLER .exe
D:\zPharaoh.exe
.
---- Previous Run -------
.
C:\autorun.inf
c:\documents and settings\mansor\Application Data\tazebama
c:\documents and settings\mansor\Application Data\tazebama\tazebama.log
c:\documents and settings\mansor\Application Data\tazebama\zPharaoh.dat
C:\zPharaoh.exe
D:\Autorun.inf
d:\recycler\NokiaN73Tools.exe
d:\recycler\RECYCLER .exe
D:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.
2009-05-12 17:12 . 2009-05-12 17:13 155361 --sh--r C:\zPharaoh.exe
2009-05-12 17:12 . 2009-05-12 17:12 -------- d-----w c:\windows\system32\xircom
2009-05-12 17:12 . 2009-05-12 17:12 -------- d-----w c:\program files\microsoft frontpage
2009-05-12 17:10 . 2009-05-12 17:13 -------- d-----w c:\documents and settings\mansor\Application Data\tazebama
2009-05-12 17:05 . 2009-05-12 17:05 -------- d-----w c:\program files\Realtek AC97
2009-05-12 16:48 . 2004-08-11 12:55 110602 ----a-w c:\windows\system32\xcdsfx32.bin
2009-05-12 16:48 . 2004-09-28 08:13 526184 ----a-w c:\windows\system32\XceedCry.dll
2009-05-12 16:48 . 2005-01-12 08:19 456536 ----a-w c:\windows\system32\XCEEDZIP.DLL
2009-05-12 16:48 . 2009-05-12 16:50 -------- d-----w c:\program files\Driver Magician
2009-05-12 16:22 . 2009-05-12 16:22 -------- d-----w c:\documents and settings\mansor\Local Settings\Application Data\PC_Drivers_Headquarters
2009-05-12 16:20 . 2009-05-12 16:20 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-05-12 16:20 . 2009-05-12 16:20 -------- d-----w c:\documents and settings\mansor\Local Settings\Application Data\Downloaded Installations
2009-05-12 16:19 . 2009-05-12 16:52 -------- d-----w c:\documents and settings\mansor\Application Data\GetRightToGo
2009-05-12 16:07 . 2009-05-12 16:07 -------- d-----w c:\program files\Trend Micro
2009-05-12 15:54 . 2009-05-12 15:54 -------- d-----w c:\program files\Common Files\EZB Systems
2009-05-12 15:54 . 2009-05-12 15:54 -------- d-----w c:\program files\UltraISO
2009-05-12 14:42 . 2009-05-12 14:50 877423 ----a-w c:\windows\iun6002.exe
2009-05-12 14:42 . 2009-05-12 14:42 -------- d-----w c:\program files\Abadisoft
2009-05-12 14:34 . 2009-05-12 14:34 -------- d-----w c:\documents and settings\SYSTEM
2009-05-12 13:34 . 2008-06-14 17:31 271616 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-12 13:34 . 2008-06-14 17:31 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-05-12 13:31 . 2008-10-15 16:35 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-12 13:31 . 2008-09-04 17:15 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-05-12 13:30 . 2008-04-11 19:04 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-12 13:27 . 2009-05-12 13:27 -------- d-----w c:\documents and settings\mansor\Local Settings\Application Data\Help
2009-05-07 07:42 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-05-05 03:05 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-05 03:04 . 2008-04-14 21:07 57472 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-05 03:04 . 2008-04-13 22:05 20992 ----a-w c:\windows\system32\drivers\RTL8139.sys
2009-05-05 03:04 . 2008-04-14 00:06 10240 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-05-05 03:04 . 2008-04-14 21:05 16384 ----a-w c:\windows\system32\drivers\battc.sys
2009-05-05 03:04 . 2008-04-14 00:06 13952 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-05-05 03:04 . 2008-04-14 21:29 73728 ----a-w c:\windows\system32\usbui.dll
2009-05-05 03:02 . 2009-05-12 16:21 -------- d-sh--w c:\windows\Installer
2009-05-05 03:02 . 2009-05-12 17:12 -------- d-----r C:\Program Files
2009-05-05 03:00 . 2009-05-05 00:14 -------- d-----w c:\windows\system32\CatRoot
2009-05-05 03:00 . 2009-05-12 17:04 -------- d-----w c:\windows\system32\CatRoot2
2009-05-05 03:00 . 2009-05-05 00:11 -------- d-----w c:\documents and settings\All Users
2009-05-05 03:00 . 2009-05-05 00:18 -------- d--h--w c:\documents and settings\Default User
2009-05-05 03:00 . 2009-05-12 17:02 -------- d-----w C:\Documents and Settings
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 17:09 . 2009-05-05 01:35 471919 ----a-w c:\windows\alcupd.exe
2009-05-12 17:09 . 2009-05-05 01:35 373615 ----a-w c:\windows\Alcrmv.exe
2009-05-12 17:09 . 2008-04-14 21:29 1187695 ----a-w c:\windows\explorer.exe
2009-05-12 17:07 . 2001-09-19 18:00 58920 ----a-w c:\windows\system32\perfc001.dat
2009-05-12 17:07 . 2001-09-19 18:00 328690 ----a-w c:\windows\system32\perfh001.dat
2009-05-12 16:22 . 2009-05-05 00:44 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-12 14:04 . 2009-05-05 00:12 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-12 14:02 . 2006-10-18 20:03 257391 ----a-w c:\windows\system32\logagent.exe
2009-05-12 14:01 . 2009-05-05 00:09 900975 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2009-05-12 14:01 . 2009-05-05 00:10 256367 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2009-05-12 13:51 . 2001-09-19 18:00 3531167 ----a-w c:\windows\Help\Tours\mmTour\tour.exe
2009-05-12 13:46 . 2008-04-14 21:30 440687 ----a-w c:\windows\winhlp32.exe
2009-05-12 13:46 . 2001-09-19 18:00 182127 ----a-w c:\windows\twunk_32.exe
2009-05-12 13:46 . 2009-05-05 03:01 225647 ----a-w c:\windows\NOTEPAD.EXE
2009-05-12 13:46 . 2008-04-14 21:30 303471 ----a-w c:\windows\regedit.exe
2009-05-12 13:46 . 2008-04-14 21:29 167279 ----a-w c:\windows\hh.exe
2009-05-05 01:38 . 2009-05-05 01:38 17801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-05-05 01:37 . 2009-05-05 01:37 -------- d-----w c:\program files\TP-LINK
2009-05-05 01:33 . 2009-05-05 00:07 271215 ----a-w c:\windows\system32\calc.exe
2009-05-05 01:33 . 2009-05-05 00:07 834415 ----a-w c:\windows\system32\mstsc.exe
2009-05-05 01:33 . 2008-04-14 21:30 189295 ----a-w c:\windows\system32\odbcad32.exe
2009-05-05 01:33 . 2009-05-05 00:09 326511 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-05-05 01:33 . 2009-05-05 00:09 925551 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-05-05 01:33 . 2009-05-05 00:44 -------- d-----w c:\program files\ATI Technologies
2009-05-05 01:29 . 2009-05-05 01:29 -------- d-----w c:\program files\TechTracker
2009-05-05 01:21 . 2009-05-05 01:21 27264 ----a-w c:\documents and settings\mansor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 01:11 . 2009-05-05 01:10 -------- d-----w c:\program files\Internet Download Manager
2009-05-05 00:26 . 2009-05-05 00:26 -------- d-----w c:\program files\Uniblue
2009-05-05 00:13 . 2009-05-05 00:13 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-05 00:12 . 2001-09-19 18:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-05 00:08 . 2009-05-05 00:08 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:20 . 2008-04-14 21:29 283136 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:06 . 2008-05-07 05:08 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 16:50 . 2008-05-07 05:08 78336 ----a-w c:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2009-05-12 17:09 1187695 228A8E04AB54E85A233AFAE63C2734C5 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-12 2963743]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 344064]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2009-05-12 570223]
"viruscleaner"="c:\program files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" [2007-12-10 552960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [07/05/2008 08:09 ص 124928]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-12 20:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b1,f0,41,63,2b,ed,48,91,09,6a,2d,3e,3e,2e,2c,33,da,52,c3,ab,a1,
0f,86,ef,0d,33,96,ae,6e,50,f2,f7,7b,01,2a,a7,db,7b,25,55,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{99a4213c-94fb-4cbc-b0d6-0f64edc982d3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000083
"Therad"=dword:00000008
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2248)
c:\documents and settings\tazebama.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\tazebama.dl_
.
**************************************************************************
.
Completion time: 2009-05-12 20:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-12 17:15
Pre-Run: 17,168,662,528 bytes free
Post-Run: 17,278,070,784 bytes free
182 --- E O F --- 2009-05-12 13:26
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.447.224 [GMT 3:00]
Running from: c:\docume~1\mansor\LOCALS~1\Temp\Rar$EX07.187\12 Must have tools\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\mansor\Application Data\tazebama
c:\documents and settings\mansor\Application Data\tazebama\tazebama.log
c:\documents and settings\mansor\Application Data\tazebama\zPharaoh.dat
C:\zPharaoh.exe
D:\Autorun.inf
d:\recycler\NokiaN73Tools.exe
d:\recycler\RECYCLER .exe
D:\zPharaoh.exe
.
---- Previous Run -------
.
C:\autorun.inf
c:\documents and settings\mansor\Application Data\tazebama
c:\documents and settings\mansor\Application Data\tazebama\tazebama.log
c:\documents and settings\mansor\Application Data\tazebama\zPharaoh.dat
C:\zPharaoh.exe
D:\Autorun.inf
d:\recycler\NokiaN73Tools.exe
d:\recycler\RECYCLER .exe
D:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.
2009-05-12 17:12 . 2009-05-12 17:13 155361 --sh--r C:\zPharaoh.exe
2009-05-12 17:12 . 2009-05-12 17:12 -------- d-----w c:\windows\system32\xircom
2009-05-12 17:12 . 2009-05-12 17:12 -------- d-----w c:\program files\microsoft frontpage
2009-05-12 17:10 . 2009-05-12 17:13 -------- d-----w c:\documents and settings\mansor\Application Data\tazebama
2009-05-12 17:05 . 2009-05-12 17:05 -------- d-----w c:\program files\Realtek AC97
2009-05-12 16:48 . 2004-08-11 12:55 110602 ----a-w c:\windows\system32\xcdsfx32.bin
2009-05-12 16:48 . 2004-09-28 08:13 526184 ----a-w c:\windows\system32\XceedCry.dll
2009-05-12 16:48 . 2005-01-12 08:19 456536 ----a-w c:\windows\system32\XCEEDZIP.DLL
2009-05-12 16:48 . 2009-05-12 16:50 -------- d-----w c:\program files\Driver Magician
2009-05-12 16:22 . 2009-05-12 16:22 -------- d-----w c:\documents and settings\mansor\Local Settings\Application Data\PC_Drivers_Headquarters
2009-05-12 16:20 . 2009-05-12 16:20 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-05-12 16:20 . 2009-05-12 16:20 -------- d-----w c:\documents and settings\mansor\Local Settings\Application Data\Downloaded Installations
2009-05-12 16:19 . 2009-05-12 16:52 -------- d-----w c:\documents and settings\mansor\Application Data\GetRightToGo
2009-05-12 16:07 . 2009-05-12 16:07 -------- d-----w c:\program files\Trend Micro
2009-05-12 15:54 . 2009-05-12 15:54 -------- d-----w c:\program files\Common Files\EZB Systems
2009-05-12 15:54 . 2009-05-12 15:54 -------- d-----w c:\program files\UltraISO
2009-05-12 14:42 . 2009-05-12 14:50 877423 ----a-w c:\windows\iun6002.exe
2009-05-12 14:42 . 2009-05-12 14:42 -------- d-----w c:\program files\Abadisoft
2009-05-12 14:34 . 2009-05-12 14:34 -------- d-----w c:\documents and settings\SYSTEM
2009-05-12 13:34 . 2008-06-14 17:31 271616 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-12 13:34 . 2008-06-14 17:31 271616 ------w c:\windows\system32\drivers\bthport.sys
2009-05-12 13:31 . 2008-10-15 16:35 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-12 13:31 . 2008-09-04 17:15 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-05-12 13:30 . 2008-04-11 19:04 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-12 13:27 . 2009-05-12 13:27 -------- d-----w c:\documents and settings\mansor\Local Settings\Application Data\Help
2009-05-07 07:42 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-05-05 03:05 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-05 03:04 . 2008-04-14 21:07 57472 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-05 03:04 . 2008-04-13 22:05 20992 ----a-w c:\windows\system32\drivers\RTL8139.sys
2009-05-05 03:04 . 2008-04-14 00:06 10240 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-05-05 03:04 . 2008-04-14 21:05 16384 ----a-w c:\windows\system32\drivers\battc.sys
2009-05-05 03:04 . 2008-04-14 00:06 13952 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-05-05 03:04 . 2008-04-14 21:29 73728 ----a-w c:\windows\system32\usbui.dll
2009-05-05 03:02 . 2009-05-12 16:21 -------- d-sh--w c:\windows\Installer
2009-05-05 03:02 . 2009-05-12 17:12 -------- d-----r C:\Program Files
2009-05-05 03:00 . 2009-05-05 00:14 -------- d-----w c:\windows\system32\CatRoot
2009-05-05 03:00 . 2009-05-12 17:04 -------- d-----w c:\windows\system32\CatRoot2
2009-05-05 03:00 . 2009-05-05 00:11 -------- d-----w c:\documents and settings\All Users
2009-05-05 03:00 . 2009-05-05 00:18 -------- d--h--w c:\documents and settings\Default User
2009-05-05 03:00 . 2009-05-12 17:02 -------- d-----w C:\Documents and Settings
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 17:09 . 2009-05-05 01:35 471919 ----a-w c:\windows\alcupd.exe
2009-05-12 17:09 . 2009-05-05 01:35 373615 ----a-w c:\windows\Alcrmv.exe
2009-05-12 17:09 . 2008-04-14 21:29 1187695 ----a-w c:\windows\explorer.exe
2009-05-12 17:07 . 2001-09-19 18:00 58920 ----a-w c:\windows\system32\perfc001.dat
2009-05-12 17:07 . 2001-09-19 18:00 328690 ----a-w c:\windows\system32\perfh001.dat
2009-05-12 16:22 . 2009-05-05 00:44 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-12 14:04 . 2009-05-05 00:12 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-12 14:02 . 2006-10-18 20:03 257391 ----a-w c:\windows\system32\logagent.exe
2009-05-12 14:01 . 2009-05-05 00:09 900975 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2009-05-12 14:01 . 2009-05-05 00:10 256367 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2009-05-12 13:51 . 2001-09-19 18:00 3531167 ----a-w c:\windows\Help\Tours\mmTour\tour.exe
2009-05-12 13:46 . 2008-04-14 21:30 440687 ----a-w c:\windows\winhlp32.exe
2009-05-12 13:46 . 2001-09-19 18:00 182127 ----a-w c:\windows\twunk_32.exe
2009-05-12 13:46 . 2009-05-05 03:01 225647 ----a-w c:\windows\NOTEPAD.EXE
2009-05-12 13:46 . 2008-04-14 21:30 303471 ----a-w c:\windows\regedit.exe
2009-05-12 13:46 . 2008-04-14 21:29 167279 ----a-w c:\windows\hh.exe
2009-05-05 01:38 . 2009-05-05 01:38 17801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-05-05 01:37 . 2009-05-05 01:37 -------- d-----w c:\program files\TP-LINK
2009-05-05 01:33 . 2009-05-05 00:07 271215 ----a-w c:\windows\system32\calc.exe
2009-05-05 01:33 . 2009-05-05 00:07 834415 ----a-w c:\windows\system32\mstsc.exe
2009-05-05 01:33 . 2008-04-14 21:30 189295 ----a-w c:\windows\system32\odbcad32.exe
2009-05-05 01:33 . 2009-05-05 00:09 326511 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-05-05 01:33 . 2009-05-05 00:09 925551 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-05-05 01:33 . 2009-05-05 00:44 -------- d-----w c:\program files\ATI Technologies
2009-05-05 01:29 . 2009-05-05 01:29 -------- d-----w c:\program files\TechTracker
2009-05-05 01:21 . 2009-05-05 01:21 27264 ----a-w c:\documents and settings\mansor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 01:11 . 2009-05-05 01:10 -------- d-----w c:\program files\Internet Download Manager
2009-05-05 00:26 . 2009-05-05 00:26 -------- d-----w c:\program files\Uniblue
2009-05-05 00:13 . 2009-05-05 00:13 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-05 00:12 . 2001-09-19 18:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-05 00:08 . 2009-05-05 00:08 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:20 . 2008-04-14 21:29 283136 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:06 . 2008-05-07 05:08 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 16:50 . 2008-05-07 05:08 78336 ----a-w c:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2009-05-12 17:09 1187695 228A8E04AB54E85A233AFAE63C2734C5 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-12 2963743]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-22 344064]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2009-05-12 570223]
"viruscleaner"="c:\program files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" [2007-12-10 552960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [07/05/2008 08:09 ص 124928]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-12 20:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b1,f0,41,63,2b,ed,48,91,09,6a,2d,3e,3e,2e,2c,33,da,52,c3,ab,a1,
0f,86,ef,0d,33,96,ae,6e,50,f2,f7,7b,01,2a,a7,db,7b,25,55,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{99a4213c-94fb-4cbc-b0d6-0f64edc982d3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000083
"Therad"=dword:00000008
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2248)
c:\documents and settings\tazebama.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\tazebama.dl_
.
**************************************************************************
.
Completion time: 2009-05-12 20:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-12 17:15
Pre-Run: 17,168,662,528 bytes free
Post-Run: 17,278,070,784 bytes free
182 --- E O F --- 2009-05-12 13:26
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:17:28 م, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [viruscleaner] "C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
--
End of file - 3602 bytes
Scan saved at 08:17:28 م, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\tazebama.dl_
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [viruscleaner] "C:\Program Files\Abadisoft\Avc 4.0\AbadisoftCleanVirus.exe" h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
--
End of file - 3602 bytes
تأييد
0