- بادئ الموضوع sneekr
- تاريخ البدء
- 4,425
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
و عليكم السلام و رحمة الله و بركته ...
حياك الله ...
أعمل التالي ...
حمل هذه الأداة ...
شغلها و روح على [ Do a system scan and save log ] ...
شوي و يعطيك تقرير داخل مفكرة ...
أنسخه كاملا ً ... و بشكل صحيح ...
و لصقه في ردك القادم ...
حياك الله ...
أعمل التالي ...
حمل هذه الأداة ...
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغلها و روح على [ Do a system scan and save log ] ...
شوي و يعطيك تقرير داخل مفكرة ...
أنسخه كاملا ً ... و بشكل صحيح ...
و لصقه في ردك القادم ...
توقيع : MMA_LORD_735
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:47:40 ص, on 18/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\My Documents\HiJackThis.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E0FE1F-E3C7-4D53-B290-A9EB2D579590}: NameServer = 10.40.155.33 10.40.155.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4547 bytes
Scan saved at 02:47:40 ص, on 18/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\My Documents\HiJackThis.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E0FE1F-E3C7-4D53-B290-A9EB2D579590}: NameServer = 10.40.155.33 10.40.155.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4547 bytes
توقيع : sneekr
تأييد
0
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
قم الآن بعمل التالي ...
أغلق الأنتي فايروس ألي عندك ...
ثم ...
حمل هذه الأداة ...
اداة ComboFix
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
أغلق الأنتي فايروس ألي عندك ...
ثم ...
حمل هذه الأداة ...
اداة ComboFix
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
توقيع : MMA_LORD_735
تأييد
0
انا عندي نفس المشكلة وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:18, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Application Layer Gateway Service ALGTapiSrv (ALGTapiSrv) - Unknown owner - C:\WINDOWS\system32\wpv861235998315.cpx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: DHCP Client DhcpEhttpSrv (DhcpEhttpSrv) - Unknown owner - C:\WINDOWS\system32\3076r.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\form\BIN\ONRSD80.EXE
O23 - Service: OraclereportClientCache80 - Unknown owner - C:\report\BIN\ONRSD80.EXE
O23 - Service: Remote Procedure Call (RPC) Locator RpcLocatorRemoteAccess (RpcLocatorRemoteAccess) - Unknown owner - C:\WINDOWS\system32\activedsd.exe (file missing)
O23 - Service: Task Scheduler Scheduleupnphost (Scheduleupnphost) - Unknown owner - C:\WINDOWS\system32\3076a.exe (file missing)
--
End of file - 8354 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:18, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
=R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Application Layer Gateway Service ALGTapiSrv (ALGTapiSrv) - Unknown owner - C:\WINDOWS\system32\wpv861235998315.cpx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: DHCP Client DhcpEhttpSrv (DhcpEhttpSrv) - Unknown owner - C:\WINDOWS\system32\3076r.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\form\BIN\ONRSD80.EXE
O23 - Service: OraclereportClientCache80 - Unknown owner - C:\report\BIN\ONRSD80.EXE
O23 - Service: Remote Procedure Call (RPC) Locator RpcLocatorRemoteAccess (RpcLocatorRemoteAccess) - Unknown owner - C:\WINDOWS\system32\activedsd.exe (file missing)
O23 - Service: Task Scheduler Scheduleupnphost (Scheduleupnphost) - Unknown owner - C:\WINDOWS\system32\3076a.exe (file missing)
--
End of file - 8354 bytes
تأييد
0
هذا التقرير ليوم امس
ComboFix 09-05-17.03 - user 05/18/2009 17:09.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.502.273 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\user\LOCALS~1\Temp\catchme.dll
c:\docume~1\user\LOCALS~1\Temp\E_4
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk
c:\documents and settings\user\Local Settings\temp\catchme.dll
c:\program files\Spyware Cease
c:\program files\Spyware Cease\AutoUpdate.exe
c:\program files\Spyware Cease\DefendLog.txt
c:\program files\Spyware Cease\ls.dat
c:\program files\Spyware Cease\LSR.lsr
c:\program files\Spyware Cease\md5.dll
c:\program files\Spyware Cease\networkdll.dll
c:\program files\Spyware Cease\opfile.dll
c:\program files\Spyware Cease\RegDefend.ini
c:\program files\Spyware Cease\RkHitApi.dll
c:\program files\Spyware Cease\SepareteContents\PROGRAMMER X Anti Autorun.exe.bak
c:\program files\Spyware Cease\SepareteContents\user@doubleclick[1].txt.bak
c:\program files\Spyware Cease\SepareteContents\VB6STKIT.DLL.bak
c:\program files\Spyware Cease\spkdll.dll
c:\program files\Spyware Cease\SpywareCease.exe
c:\program files\Spyware Cease\SpywareCease.url
c:\program files\Spyware Cease\swdb.ssk
c:\program files\Spyware Cease\unins000.dat
c:\program files\Spyware Cease\unins000.exe
c:\program files\Spyware Cease\update\swdb.ssk
c:\program files\Spyware Cease\update\Update.ini
c:\program files\Spyware Cease\zlib1.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MabryObj.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
F:\autorun.inf
F:\emjoe.pif
F:\nsegsn.pif
F:\thkrfg.cmd
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RKHIT
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.
2009-05-17 19:05 . 2008-08-26 13:17 113664 ----a-w c:\windows\system32\drivers\ewusbnet.sys
2009-05-17 19:05 . 2008-04-14 06:36 621056 ----a-w c:\windows\system32\drivers\mod7700.sys
2009-05-17 19:05 . 2007-08-09 01:13 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys
2009-05-17 19:05 . 2008-07-24 09:02 101376 ----a-w c:\windows\system32\drivers\ewusbmdm.sys
2009-05-17 19:04 . 2009-05-17 19:04 -------- d-----w c:\program files\Zain e-GO
2009-05-08 17:59 . 2009-05-15 22:28 -------- d-----w c:\documents and settings\user\Application Data\Skype
2009-05-08 17:59 . 2009-05-08 17:59 -------- d-----w c:\program files\Skype
2009-05-08 17:59 . 2009-05-08 17:59 -------- d-----w c:\program files\Common Files\Skype
2009-05-06 12:10 . 2009-05-07 08:15 -------- d-----w c:\program files\Internet Download Manager
2009-05-05 14:38 . 2009-05-05 14:38 -------- d-----w c:\program files\Network Stumbler
2009-05-04 15:39 . 2009-05-04 15:39 -------- d-----w c:\program files\Filerecoveryangel
2009-04-29 20:44 . 2009-04-29 20:44 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Identities
2009-04-29 12:20 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-04-27 10:45 . 2000-05-31 23:00 61440 ----a-w c:\windows\system32\tsccvid.dll
2009-04-27 10:44 . 2009-04-27 10:44 -------- d-----w c:\program files\Hadeya
2009-04-19 14:28 . 2009-04-19 14:28 -------- d-----w c:\program files\Microsoft.NET
2009-04-19 14:25 . 2009-04-19 14:25 -------- d-----w c:\documents and settings\user\Application Data\URSoft
2009-04-19 14:25 . 2009-04-19 14:28 -------- d-----w c:\program files\Your Uninstaller 2006
2009-04-19 11:36 . 2009-04-19 11:36 -------- d-----w c:\program files\HumaxSmartSuite
2009-04-19 06:19 . 2005-07-12 11:12 86016 ----a-w c:\windows\removeark.exe
2009-04-19 06:19 . 2005-09-02 14:49 28928 ----a-w c:\windows\system32\drivers\usb2vcom.sys
2009-04-18 16:02 . 2005-07-29 21:00 6712 ----a-w c:\windows\system32\CH341PT.DLL
2009-04-18 16:02 . 2006-06-04 21:00 35824 ----a-w c:\windows\system32\drivers\CH341SER.SYS
2009-04-18 16:02 . 2009-04-18 16:02 -------- d-----w C:\WCH.CN
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 19:11 . 2009-01-20 14:40 -------- d-----w c:\program files\IVT Corporation
2009-05-17 19:10 . 2009-01-19 15:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 18:03 . 2009-02-14 10:18 -------- d-----w c:\program files\Alfa Autorun Killer 2
2009-05-13 16:42 . 2009-01-25 14:57 -------- d-----w c:\program files\GVR
2009-05-13 16:39 . 2009-02-14 10:22 63 ----a-w c:\windows\AlfaStart.CMD
2009-05-01 18:48 . 2009-03-29 21:28 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-27 12:53 . 2009-01-19 13:36 95024 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 10:44 . 2009-01-19 15:58 286720 ------w c:\windows\Setup1.exe
2009-04-27 10:33 . 2009-01-31 17:00 286720 ----a-w c:\windows\iun506.exe
2009-04-19 17:12 . 2009-01-23 20:59 -------- d-----w c:\program files\Unlocker
2009-04-19 14:20 . 2009-01-20 22:23 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-16 18:43 . 2009-04-16 18:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2009-04-16 18:36 . 2009-01-19 14:54 -------- d-----w c:\program files\Google
2009-04-16 05:56 . 2009-02-23 16:55 -------- d-----w c:\program files\PC Editor
2009-04-15 05:39 . 2009-04-15 05:39 -------- d-----w c:\program files\Lavasoft
2009-04-13 07:16 . 2009-01-31 10:38 -------- d-----w c:\program files\PConPoint
2009-04-13 07:08 . 2009-01-21 12:43 -------- d-----w c:\program files\Error Repair Professional
2009-04-11 07:21 . 2009-01-19 16:10 -------- d-----w c:\program files\CONEXANT
2009-04-11 07:17 . 2009-04-11 07:17 -------- d-----w c:\program files\SP23455
2009-04-11 04:14 . 2009-04-11 04:14 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-04-06 21:23 . 2009-04-06 21:23 -------- d-----w c:\program files\Lavalys
2009-03-30 20:02 . 2009-03-30 19:09 -------- d-----w c:\program files\M Autorun Killer 1.0
2009-03-30 13:31 . 2009-03-29 17:15 -------- d-----w c:\program files\MSN Messenger
2009-03-29 23:02 . 2009-01-27 21:41 -------- d-----w c:\program files\Flash Memory Toolkit
2009-03-29 22:56 . 2009-01-22 22:04 -------- d-----w c:\program files\Autorun Eater
2009-03-29 22:45 . 2009-01-19 15:58 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-03-29 21:52 . 2009-01-25 15:31 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-29 21:46 . 2009-02-22 20:28 720896 ----a-w c:\windows\iun6002.exe
2009-03-29 21:42 . 2009-01-21 13:35 -------- d-----w c:\program files\USB Disk Security
2009-03-29 21:38 . 2009-02-22 20:05 -------- d-----w c:\program files\RegistryFix6
2009-03-29 21:37 . 2009-02-22 11:35 -------- d-----w c:\program files\Fixup Restrictions
2009-03-28 20:14 . 2009-01-19 15:10 -------- d-----w c:\program files\Windows Live
2009-03-28 20:03 . 2009-03-28 20:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-11 22:08 . 2009-02-22 16:41 849 ----a-w c:\windows\AlfaRun.cmd
2009-03-11 22:08 . 2009-02-22 16:41 125 ----a-w c:\windows\StartClean.cmd
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-22 15:42 . 2009-02-22 15:42 172 ----a-w C:\curr_ver.tmp
2009-02-22 12:47 . 2009-02-21 21:37 111 ----a-w c:\windows\Expl.cmd
2009-02-21 18:04 . 2009-02-21 18:04 720896 ----a-w c:\windows\iun6002ev.exe
2009-02-20 08:10 . 2008-04-14 12:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2008-04-14 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-01-22 12:36 . 2009-01-22 12:31 102400 --sh--r c:\windows\system32\XP-6635D69D.EXE
2009-02-01 22:26 . 2009-01-19 16:04 559136 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-01 22:26 . 2009-01-19 16:04 122912 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-18_00.15.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2009-05-18 00:15 59774 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2009-05-18 13:58 59774 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2009-05-18 13:58 395534 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2009-05-18 00:15 395534 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-06 2799024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\XP-6635D69D.EXE"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Autorun Eater\\billy.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\GVR\\GVR.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Alfa Autorun Killer 2\\alfa autorun killer 2.0.exe"=
"c:\\SRNMIC~1\\SOLOCFG.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [20/01/2009 06:23 م 18688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/01/2009 06:31 م 15504]
S3 USBSER34;USBSER34;c:\windows\system32\drivers\USBSER34.SYS [13/02/2009 02:16 م 37456]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/02/2009 06:53 م 170640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-18 17:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0b,06,b1,9f,97,ec,84,92,9b,70,b2,bd,37,de,70,68,c6,43,c4,b7,46,
ea,f9,b0,cf,5e,59,ac,18,84,6a,99,c3,cf,77,94,2c,1a,e9,f1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{652b10f3-ae29-4742-a964-0f1682fb1422}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005a
"Therad"=dword:00000010
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):79,6a,32,9f,74,48,71,f7,c5,a3,21,5e,0b,f7,3c,48,8c,ea,06,56,26,
9a,b6,a9,c9,e6,9a,bd,e9,66,bc,f7,71,c2,c2,2f,e5,22,71,e3,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b8da2e69-0d64-42fe-8165-381fa7090bf2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002f
"Therad"=dword:0000001b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2820)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1025\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1025\OWCI11.DLL
c:\windows\system32\MSVCP60.dll
.
Completion time: 2009-05-18 17:12
ComboFix-quarantined-files.txt 2009-05-18 14:12
Pre-Run: 30,473,117,696 bytes free
Post-Run: 30,459,904,000 bytes free
256 --- E O F --- 2009-04-16 04:48
توقيع : sneekr
تأييد
0
ComboFix جديد
ComboFix 09-05-17.03 - user 05/19/2009 18:27.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.965.1033.18.502.206 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.
2009-05-19 06:16 . 2009-05-19 06:27 -------- d-----w c:\windows\BDOSCAN8
2009-05-19 05:47 . 2009-05-19 05:47 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-18 15:31 . 2009-05-18 15:31 -------- d-----w C:\MT
2009-05-18 15:31 . 2004-05-03 06:23 1384448 ----a-w c:\windows\system32\msvbvm60.dll
2009-05-18 15:03 . 2009-05-18 15:03 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ESET
2009-05-18 14:31 . 2009-05-18 14:31 -------- d-----w c:\documents and settings\user\Application Data\ESET
2009-05-18 14:30 . 2009-05-18 14:30 -------- d-----w c:\program files\ESET
2009-05-18 14:30 . 2009-05-18 14:30 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-17 19:05 . 2008-08-26 13:17 113664 ----a-w c:\windows\system32\drivers\ewusbnet.sys
2009-05-17 19:05 . 2008-04-14 06:36 621056 ----a-w c:\windows\system32\drivers\mod7700.sys
2009-05-17 19:05 . 2007-08-09 01:13 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys
2009-05-17 19:05 . 2008-07-24 09:02 101376 ----a-w c:\windows\system32\drivers\ewusbmdm.sys
2009-05-17 19:04 . 2009-05-17 19:04 -------- d-----w c:\program files\Zain e-GO
2009-05-08 17:59 . 2009-05-15 22:28 -------- d-----w c:\documents and settings\user\Application Data\Skype
2009-05-08 17:59 . 2009-05-08 17:59 -------- d-----w c:\program files\Skype
2009-05-08 17:59 . 2009-05-08 17:59 -------- d-----w c:\program files\Common Files\Skype
2009-05-06 12:10 . 2009-05-07 08:15 -------- d-----w c:\program files\Internet Download Manager
2009-05-05 14:38 . 2009-05-05 14:38 -------- d-----w c:\program files\Network Stumbler
2009-05-04 15:39 . 2009-05-04 15:39 -------- d-----w c:\program files\Filerecoveryangel
2009-04-29 20:44 . 2009-04-29 20:44 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Identities
2009-04-29 12:20 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-04-27 10:45 . 2000-05-31 23:00 61440 ----a-w c:\windows\system32\tsccvid.dll
2009-04-27 10:44 . 2009-04-27 10:44 -------- d-----w c:\program files\Hadeya
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 15:03 . 2009-01-22 21:16 -------- d-----w c:\program files\Hazard Shield
2009-05-17 19:11 . 2009-01-20 14:40 -------- d-----w c:\program files\IVT Corporation
2009-05-17 19:10 . 2009-01-19 15:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 18:03 . 2009-02-14 10:18 -------- d-----w c:\program files\Alfa Autorun Killer 2
2009-05-13 16:42 . 2009-01-25 14:57 -------- d-----w c:\program files\GVR
2009-05-13 16:39 . 2009-02-14 10:22 63 ----a-w c:\windows\AlfaStart.CMD
2009-05-01 18:48 . 2009-03-29 21:28 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-27 12:53 . 2009-01-19 13:36 95024 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 10:44 . 2009-01-19 15:58 286720 ------w c:\windows\Setup1.exe
2009-04-27 10:33 . 2009-01-31 17:00 286720 ----a-w c:\windows\iun506.exe
2009-04-19 17:12 . 2009-01-23 20:59 -------- d-----w c:\program files\Unlocker
2009-04-19 14:28 . 2009-04-19 14:28 -------- d-----w c:\program files\Microsoft.NET
2009-04-19 14:28 . 2009-04-19 14:25 -------- d-----w c:\program files\Your Uninstaller 2006
2009-04-19 14:20 . 2009-01-20 22:23 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-19 11:36 . 2009-04-19 11:36 -------- d-----w c:\program files\HumaxSmartSuite
2009-04-16 18:43 . 2009-04-16 18:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2009-04-16 18:36 . 2009-01-19 14:54 -------- d-----w c:\program files\Google
2009-04-16 05:56 . 2009-02-23 16:55 -------- d-----w c:\program files\PC Editor
2009-04-15 05:39 . 2009-04-15 05:39 -------- d-----w c:\program files\Lavasoft
2009-04-13 07:16 . 2009-01-31 10:38 -------- d-----w c:\program files\PConPoint
2009-04-13 07:08 . 2009-01-21 12:43 -------- d-----w c:\program files\Error Repair Professional
2009-04-11 07:21 . 2009-01-19 16:10 -------- d-----w c:\program files\CONEXANT
2009-04-11 07:17 . 2009-04-11 07:17 -------- d-----w c:\program files\SP23455
2009-04-11 04:14 . 2009-04-11 04:14 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-04-09 12:21 . 2009-04-09 12:21 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-04-09 12:21 . 2009-04-09 12:21 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-04-09 12:21 . 2009-04-09 12:21 133000 ----a-w c:\windows\system32\drivers\epfw.sys
2009-04-09 12:18 . 2009-04-09 12:18 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-04-09 12:10 . 2009-04-09 12:10 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-04-06 21:23 . 2009-04-06 21:23 -------- d-----w c:\program files\Lavalys
2009-03-30 20:02 . 2009-03-30 19:09 -------- d-----w c:\program files\M Autorun Killer 1.0
2009-03-30 13:31 . 2009-03-29 17:15 -------- d-----w c:\program files\MSN Messenger
2009-03-29 23:02 . 2009-01-27 21:41 -------- d-----w c:\program files\Flash Memory Toolkit
2009-03-29 22:56 . 2009-01-22 22:04 -------- d-----w c:\program files\Autorun Eater
2009-03-29 22:45 . 2009-01-19 15:58 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-03-29 21:52 . 2009-01-25 15:31 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-29 21:46 . 2009-02-22 20:28 720896 ----a-w c:\windows\iun6002.exe
2009-03-29 21:42 . 2009-01-21 13:35 -------- d-----w c:\program files\USB Disk Security
2009-03-29 21:38 . 2009-02-22 20:05 -------- d-----w c:\program files\RegistryFix6
2009-03-29 21:37 . 2009-02-22 11:35 -------- d-----w c:\program files\Fixup Restrictions
2009-03-28 20:14 . 2009-01-19 15:10 -------- d-----w c:\program files\Windows Live
2009-03-28 20:03 . 2009-03-28 20:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-11 22:08 . 2009-02-22 16:41 849 ----a-w c:\windows\AlfaRun.cmd
2009-03-11 22:08 . 2009-02-22 16:41 125 ----a-w c:\windows\StartClean.cmd
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-22 15:42 . 2009-02-22 15:42 172 ----a-w C:\curr_ver.tmp
2009-02-22 12:47 . 2009-02-21 21:37 111 ----a-w c:\windows\Expl.cmd
2009-02-21 18:04 . 2009-02-21 18:04 720896 ----a-w c:\windows\iun6002ev.exe
2009-02-20 08:10 . 2008-04-14 12:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2008-04-14 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-01-22 12:36 . 2009-01-22 12:31 102400 --sh--r c:\windows\system32\XP-6635D69D.EXE
2009-02-01 22:26 . 2009-01-19 16:04 559136 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-01 22:26 . 2009-01-19 16:04 122912 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-18_00.15.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2009-05-18 00:15 59774 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2009-05-19 15:12 59774 c:\windows\system32\perfc009.dat
+ 2009-05-18 14:31 . 2009-05-18 14:31 97360 c:\windows\Installer\{EDD5DA26-1D0A-4AF4-9B7C-E21ADD578A96}\egui.exe
+ 2009-05-18 14:31 . 2009-05-18 14:31 10134 c:\windows\Installer\{EDD5DA26-1D0A-4AF4-9B7C-E21ADD578A96}\callmsi.exe
+ 2009-01-05 12:44 . 2009-01-05 12:44 53248 c:\windows\bdoscandel.exe
+ 2009-05-19 06:16 . 2009-05-19 06:16 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-05-19 06:16 . 2009-05-19 06:16 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-05-19 06:16 . 2009-05-19 06:16 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-05-19 06:16 . 2009-05-19 06:16 45056 c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-04-14 12:00 . 2009-05-19 15:12 395534 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2009-05-18 00:15 395534 c:\windows\system32\perfh009.dat
+ 2009-01-05 12:44 . 2009-01-05 12:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 12:44 . 2009-01-05 12:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-06 2799024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\XP-6635D69D.EXE"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Autorun Eater\\billy.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\GVR\\GVR.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Alfa Autorun Killer 2\\alfa autorun killer 2.0.exe"=
"c:\\SRNMIC~1\\SOLOCFG.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09/04/2009 03:18 م 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [09/04/2009 03:19 م 731840]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [20/01/2009 06:23 م 18688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/01/2009 06:31 م 15504]
S3 USBSER34;USBSER34;c:\windows\system32\drivers\USBSER34.SYS [13/02/2009 02:16 م 37456]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/02/2009 06:53 م 170640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-19 18:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0b,06,b1,9f,97,ec,84,92,9b,70,b2,bd,37,de,70,68,c6,43,c4,b7,46,
ea,f9,b0,cf,5e,59,ac,18,84,6a,99,c3,cf,77,94,2c,1a,e9,f1,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{652b10f3-ae29-4742-a964-0f1682fb1422}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005a
"Therad"=dword:00000010
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):79,6a,32,9f,74,48,71,f7,c5,a3,21,5e,0b,f7,3c,48,8c,ea,06,56,26,
9a,b6,a9,c9,e6,9a,bd,e9,66,bc,f7,71,c2,c2,2f,e5,22,71,e3,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b8da2e69-0d64-42fe-8165-381fa7090bf2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002f
"Therad"=dword:0000001b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2124)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1025\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1025\OWCI11.DLL
c:\windows\system32\MSVCP60.dll
.
Completion time: 2009-05-19 18:33
ComboFix-quarantined-files.txt 2009-05-19 15:32
ComboFix2.txt 2009-05-18 14:12
Pre-Run: 30,512,496,640 bytes free
Post-Run: 30,562,951,168 bytes free
224 --- E O F --- 2009-04-16 04:48
توقيع : sneekr
تأييد
0
هذا HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:38:30 م, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E0FE1F-E3C7-4D53-B290-A9EB2D579590}: NameServer = 10.40.155.33 10.40.155.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4567 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:38:30 م, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\user\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E0FE1F-E3C7-4D53-B290-A9EB2D579590}: NameServer = 10.40.155.33 10.40.155.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 4567 bytes
توقيع : sneekr
تأييد
0
طيب يا الغلا
قم بحذف التالي من تقرير الهايجاك
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
او
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وبعد الأنتهاء أعمل التالي
حمل الاداة التالية
وأغلق جميع البرامج
قم بتعطيل استعادة النظام كما في الشرح
شغلها فتظهر لك واجهة الاداة
اختر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة
بالآآنتظآآر ,,
قم بحذف التالي من تقرير الهايجاك
C:\Program Files\Zain e-GO\Zain e-GO\Zain e-GO.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وبعد الأنتهاء أعمل التالي
حمل الاداة التالية
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وأغلق جميع البرامج
قم بتعطيل استعادة النظام كما في الشرح
شغلها فتظهر لك واجهة الاداة
اختر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة
بالآآنتظآآر ,,
توقيع : أعتز بك
تأييد
0