تحليل تقرير الهيجاك لجهازى

ا

الهايم2020

زيزوومي نشيط
إنضم
7 ديسمبر 2007
المشاركات
157
مستوى التفاعل
2
النقاط
200
الإقامة
الرياض
غير متصل
السلام عليكم ورحمه الله وبركاته
ممكن شخص بيحلل لى تقرير الهيجاك اذا كان سليم او لا
وهذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:47:46 م, on 24/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3128;https=127.0.0.1:3128;socks=127.0.0.1:9000
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\turki\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: أعرض كل الصور في نوعية أصلية. - C:\Program Files\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: صورة المعرض في نوعية أصلية. - C:\Program Files\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9680 bytes
 

توقيع : الهايم2020
ترتيب حسب التاريخ ترتيب حسب الأصوات
قبل تحليل التقرير
قم بتعطيل هذه القيمة
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
ثم من ابدء تشغيل اكتب
msconfig
ثم اختار بدء التشغيل
وقم بأذالة جميع العلامات
ثم أعد تشغيل الجهاز
ثم تقرير آخر
 
توقيع : gaberbkr
تأييد 0
وعليكم السلام

عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
 
توقيع : أعتز بك
تأييد 0
هذا التقرير

ComboFix 09-05-23.04 - turki 05/24/2009 19:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.502.232 [GMT 3:00]
Running from: c:\documents and settings\turki\سطح المكتب\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\turki\Application Data\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 16:40 . 2009-05-24 16:40 -------- d-----w c:\windows\system32\xircom
2009-05-24 16:40 . 2009-05-24 16:40 -------- d-----w c:\program files\microsoft frontpage
2009-05-24 01:48 . 2009-05-24 01:48 34304 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Yahoo! Messenger\4000007100002i\yupdater.exe
2009-05-23 15:38 . 2009-05-23 15:38 -------- d-----w c:\program files\netcut
2009-05-23 00:04 . 2009-05-23 00:04 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-23 00:02 . 2009-05-23 00:02 -------- d-----w c:\documents and settings\turki\Local Settings\Application Data\bluesoleil
2009-05-22 23:57 . 2009-05-22 23:57 -------- d-----w c:\program files\IVT Corporation
2009-05-22 13:53 . 2009-05-22 13:54 -------- d-----w c:\windows\SHELLNEW
2009-05-21 19:26 . 2009-05-21 19:26 45056 ----a-r c:\documents and settings\turki\Application Data\Microsoft\Installer\{E936802D-D59E-4FDC-9642-F8178F68BC1D}\NewShortcut11_E936802DD59E4FDC9642F8178F68BC1D.exe
2009-05-21 19:26 . 2009-05-21 19:26 45056 ----a-r c:\documents and settings\turki\Application Data\Microsoft\Installer\{E936802D-D59E-4FDC-9642-F8178F68BC1D}\NewShortcut1_E936802DD59E4FDC9642F8178F68BC1D.exe
2009-05-21 19:26 . 2009-05-21 19:26 10134 ----a-r c:\documents and settings\turki\Application Data\Microsoft\Installer\{E936802D-D59E-4FDC-9642-F8178F68BC1D}\ARPPRODUCTICON.exe
2009-05-21 19:26 . 2009-05-21 19:26 -------- d-----w c:\program files\Samy Soft
2009-05-21 04:53 . 2009-05-21 04:53 390664 ----a-w c:\documents and settings\turki\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-21 04:44 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-21 04:44 . 2009-03-06 14:20 283136 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-21 04:44 . 2009-02-09 11:21 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-21 04:44 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-21 04:44 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-21 04:44 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-21 04:43 . 2009-02-09 10:51 681472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-21 04:43 . 2009-02-09 10:51 723456 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-05-21 04:43 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-21 04:43 . 2009-02-09 10:51 693760 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-21 04:41 . 2008-04-21 21:14 215040 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 16:33 . 2009-02-04 08:19 -------- d-----w c:\documents and settings\turki\Application Data\DMCache
2009-05-24 16:31 . 2009-02-04 08:19 -------- d-----w c:\program files\Internet Download Manager
2009-05-24 15:47 . 2009-02-04 11:40 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-05-24 15:30 . 2009-02-08 21:45 -------- d-----w c:\program files\Google
2009-05-24 14:43 . 2001-09-19 18:00 58920 ----a-w c:\windows\system32\perfc001.dat
2009-05-24 14:43 . 2001-09-19 18:00 328690 ----a-w c:\windows\system32\perfh001.dat
2009-05-24 14:39 . 2009-03-04 07:53 -------- d-----w c:\program files\TeamViewer3
2009-05-24 05:18 . 2009-04-13 12:33 -------- d-----w c:\program files\Registry Easy
2009-05-24 05:18 . 2009-04-11 10:02 -------- d-----w c:\documents and settings\turki\Application Data\uTorrent
2009-05-24 05:18 . 2009-04-12 09:19 -------- d-----w c:\documents and settings\turki\Application Data\SBMAV Disk Cleaner
2009-05-22 15:43 . 2009-02-04 07:57 52688 ----a-w c:\documents and settings\turki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 18:37 . 2009-03-07 00:28 -------- d-----w c:\program files\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-21 05:43 . 2009-02-15 12:51 -------- d-----w c:\program files\Intel
2009-05-21 04:50 . 2009-03-11 18:26 -------- d-----w c:\program files\VSO
2009-05-21 04:49 . 2009-02-10 00:07 -------- d-----w c:\documents and settings\turki\Application Data\Vso
2009-05-21 04:48 . 2009-02-10 00:07 47360 ----a-w c:\documents and settings\turki\Application Data\pcouffin.sys
2009-05-21 04:48 . 2009-02-10 00:07 47360 ----a-w c:\documents and settings\turki\Application Data\pcouffin.sys
2009-04-15 12:56 . 2009-04-02 05:17 2351744 ----a-w c:\windows\system32\TUKernel.exe
2009-04-14 21:28 . 2009-04-14 21:28 34816 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Yahoo! Messenger\4000009c00002h\IEXPLORE.EXE
2009-04-14 21:06 . 2009-04-14 17:42 -------- d-----w c:\documents and settings\turki\Application Data\Avant Profiles
2009-04-14 17:42 . 2009-04-14 17:42 -------- d-----w c:\program files\Avant Browser
2009-04-13 13:01 . 2009-04-06 04:13 -------- d-----w c:\program files\Windows Installer Clean Up
2009-04-13 13:01 . 2009-02-13 10:43 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-13 13:01 . 2009-03-04 07:53 -------- d-----w c:\documents and settings\turki\Application Data\TeamViewer
2009-04-13 13:01 . 2009-03-25 04:39 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-04-13 10:09 . 2009-04-13 10:01 -------- d-----w c:\program files\CPU Speed Pro
2009-04-13 07:54 . 2009-04-13 07:54 -------- d-----w c:\documents and settings\All Users\Application Data\{CD64E9C4-4D54-4640-A70E-5452AC9F3290}
2009-04-12 09:19 . 2009-04-12 09:18 -------- d-----w c:\program files\SBMAV Disk Cleaner 2009
2009-04-11 10:02 . 2009-04-11 10:02 -------- d-----w c:\program files\uTorrent
2009-04-10 19:09 . 2009-04-06 04:12 -------- d-----w c:\program files\MSECACHE
2009-04-10 17:54 . 2009-04-10 16:54 -------- d-----w c:\program files\Stardock
2009-04-10 17:53 . 2009-04-10 16:54 -------- d-----w c:\program files\Common Files\Stardock
2009-04-10 17:33 . 2008-05-07 05:09 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-04-10 15:57 . 2009-04-10 15:27 -------- d-----w c:\program files\IconTweaker
2009-04-10 15:57 . 2009-04-10 15:27 -------- d-----w c:\documents and settings\turki\Application Data\IconTweaker
2009-04-10 15:27 . 2009-04-10 15:27 -------- d-----w c:\documents and settings\All Users\Application Data\IconTweaker
2009-04-10 11:28 . 2009-02-04 09:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-10 04:50 . 2009-04-10 04:50 -------- d-----w c:\program files\Common Files\Vbox
2009-04-10 04:48 . 2009-02-04 07:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 05:44 . 2009-02-04 09:19 -------- d-----w c:\documents and settings\turki\Application Data\Thinstall
2009-04-06 04:53 . 2009-04-06 04:53 -------- d-----w c:\program files\RocketDock
2009-04-06 04:25 . 2009-02-04 07:57 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-06 04:14 . 2009-04-06 04:14 -------- d-----w c:\program files\Windows Live
2009-04-06 04:13 . 2009-04-06 04:13 3584 ----a-r c:\documents and settings\turki\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-04-05 23:04 . 2009-04-05 23:04 39424 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Windows Live Sign-in Assistant\40000056a00002i\msnmsgr.exe
2009-04-05 15:45 . 2009-02-04 07:45 -------- d-----w c:\program files\ESET
2009-04-05 03:45 . 2009-04-05 03:45 39424 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Windows Live Sign-in Assistant\4000001900003i\usnsvc.exe
2009-04-05 03:39 . 2009-04-05 03:39 39424 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Windows Live Sign-in Assistant\10000001600002i\msiexec.exe
2009-04-02 05:57 . 2009-04-02 05:57 -------- d-----w c:\program files\Microsoft
2009-04-02 05:57 . 2009-04-02 05:57 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-02 05:55 . 2009-04-02 05:55 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-01 22:30 . 2009-04-01 22:30 91136 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Windows Live Essentials\4000009a00002h\IEXPLORE.EXE
2009-04-01 07:14 . 2009-02-13 07:01 -------- d-----w c:\program files\SplitCam
2009-03-31 22:45 . 2009-03-31 22:45 -------- d-----w c:\documents and settings\All Users\Application Data\PassMark
2009-03-29 01:45 . 2009-02-07 19:13 -------- d-----w c:\program files\Paltalk Messenger
2009-03-29 01:45 . 2009-02-04 07:58 -------- d-----w c:\program files\mpegable
2009-03-29 00:33 . 2009-03-29 00:24 -------- d-----w c:\program files\Gadwin Systems
2009-03-27 05:58 . 2009-02-04 07:54 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-18 13:37 . 2009-03-18 13:37 91136 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Windows Live Essentials\400000800002h\wlcomm.exe
2009-03-11 18:26 . 2009-02-10 00:07 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-08 18:20 . 2009-03-08 18:20 574464 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Microsoft Office Enterprise 2007\10000001600002i\msiexec.exe
2009-03-08 18:20 . 2009-03-08 18:20 574464 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Microsoft Office Enterprise 2007\300000008c00002i\offlb.exe
2009-03-08 18:20 . 2009-03-08 18:20 574464 ----a-w c:\documents and settings\turki\Application Data\Thinstall\Microsoft Office Enterprise 2007\300000007100002i\SETUP.EXE
2009-03-08 01:34 . 2008-05-07 05:08 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2008-05-07 05:08 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2008-05-07 05:08 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2008-04-14 21:29 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2008-05-07 05:08 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2008-05-07 05:08 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2008-05-07 05:08 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2008-05-07 05:08 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2008-05-07 05:08 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2008-05-07 05:08 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2008-04-14 21:29 283136 ----a-w c:\windows\system32\pdh.dll
2009-02-27 13:45 . 2009-02-27 13:45 9728 ----a-w c:\windows\system32\BsMonUI.dll
2009-02-27 13:45 . 2009-02-27 13:45 18432 ----a-w c:\windows\system32\BsMonSvr.dll
2009-02-27 13:45 . 2009-02-27 13:45 405589 ----a-w c:\windows\system32\BsUI.dll
2009-02-27 13:45 . 2009-02-27 13:45 57430 ----a-w c:\windows\system32\btfunc.dll
2009-02-27 13:44 . 2009-02-27 13:44 278647 ----a-w c:\windows\system32\outlookAddin.dll
2009-02-27 13:44 . 2009-02-27 13:44 53248 ----a-w c:\windows\system32\HtmPrintHelper.dll
2009-02-27 13:44 . 2009-02-27 13:44 114774 ----a-w c:\windows\system32\versit.dll
2009-02-27 13:44 . 2009-02-27 13:44 622693 ----a-w c:\windows\system32\BSShell.dll
2009-02-27 13:43 . 2009-02-27 13:43 557142 ----a-w c:\windows\system32\Bscdlg.dll
2009-02-27 13:43 . 2009-02-27 13:43 114788 ----a-w c:\windows\system32\BsProfileFunc.dll
2009-02-27 13:43 . 2009-02-27 13:43 151642 ----a-w c:\windows\system32\BsCommon.dll
2009-02-27 13:43 . 2009-02-27 13:43 94314 ----a-w c:\windows\system32\BsHelpCSps.dll
2009-02-27 13:43 . 2009-02-27 13:43 553075 ----a-w c:\windows\system32\BlueSoleilCSps.dll
2009-02-27 13:41 . 2009-02-27 13:41 28766 ----a-w c:\windows\system32\PlayerCtrl.dll
2009-02-27 13:41 . 2009-02-27 13:41 98403 ----a-w c:\windows\system32\Bs2Res.dll
2009-02-27 13:41 . 2009-02-27 13:41 241748 ----a-w c:\windows\system32\BsSDK.dll
2009-02-27 13:41 . 2009-02-27 13:41 122976 ----a-w c:\windows\system32\BsMobileSDK.dll
2009-02-27 13:40 . 2009-02-27 13:40 28672 ----a-w c:\windows\system32\BsMobileCSps.dll
2009-02-27 13:40 . 2009-02-27 13:40 28760 ----a-w c:\windows\system32\BsTrace.dll
2009-02-25 16:08 . 2009-02-25 16:05 5409 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-02-25 16:08 . 2009-02-04 08:06 59692 ----a-w c:\windows\BricoPackUninst.cmd
2009-02-25 13:11 . 2009-02-04 07:55 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-25 13:11 . 2009-02-25 13:11 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 40448]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-10-26 4354048]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"TransBar"="c:\documents and settings\turki\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe" [2005-06-01 65536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-02-26 1430784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-04 185896]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-09 14743552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-8-16 577597]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\servise_msn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"www.cproxy.com"=c:\program files\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\برامج\\YahooMessenge 8.1.401 القثمه & زيزووم\\YahooMessenge 8.1.401 القثمه\\YahooMessenger.exe"=
"c:\\Documents and Settings\\turki\\سطح المكتب\\YahooMessenger.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\www.cproxy.com\\CPROXY.exe"=
"d:\\برامج\\Windows Live Messenger v8.5 Portable Arabic\\Windows Live Messenger v8.5 Portable Arabic.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07/01/2009 11:39 م 20744]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [07/05/2008 08:09 ص 124928]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [27/02/2009 04:40 م 143467]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18/08/2008 01:25 م 468224]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [15/05/2008 04:17 م 181544]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [04/02/2009 10:55 ص 603904]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07/12/2008 12:44 م 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 02:58 م 26248]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [11/04/2009 12:35 م 323584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-04-13 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-04-13 15:14]

2009-05-24 c:\windows\Tasks\User_Feed_Synchronization-{25680B24-73F2-45FF-97E5-F01FB0211065}.job
- c:\windows\system32\msfeedssync.exe [2008-05-07 01:31]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:3128;https=127.0.0.1:3128;socks=127.0.0.1:9000
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;<local>
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: أعرض كل الصور في نوعية أصلية. - c:\program files\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
IE: صورة المعرض في نوعية أصلية. - c:\program files\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\turki\Application Data\Mozilla\Firefox\Profiles\dqop1j84.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\turki\Application Data\IDM\idmmzcc2\components\idmmzcc.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-24 19:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6d131350-0cf4-4bfd-80db-0946f78715c8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000063
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,74,c0,8e,39,d3,4d,9a,82,de,dc,58,df,fe,6f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6a,fa,a6,69,19,8b,f5,75,c2,90,63,27,da,48,52,1b,00,97,14,98,d7,
4a,cc,ec,1d,6f,db,93,1c,ab,ef,63,f8,8b,fe,d4,6d,b2,9f,02,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1912)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1972)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(2448)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TeamViewer3\TeamViewer.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-05-24 19:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 16:46

Pre-Run: 23,551,127,552 bytes free
Post-Run: 23,489,601,536 bytes free

310 --- E O F --- 2009-05-23 15:59
 
توقيع : الهايم2020
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى