- بادئ الموضوع كايتوكد
- تاريخ البدء
- 3,361
Dr.ZAIN
زيزوومى محترف
غير متصل
تــــــــكرم عيونك يالغلااا:d:
بس شكلك تتابع كونان كتير هو وكايتوكد الله يرحم ايامي و انا صغير :q:
المهم ..
حمل هذا البرنامج
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
بالانتظار
بس شكلك تتابع كونان كتير هو وكايتوكد الله يرحم ايامي و انا صغير :q:
المهم ..
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
بالانتظار
توقيع : Dr.ZAIN
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:37:08 م, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
E:\PROGRA~1\REGIST~2\rbcs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
E:\Program Files\Ares\Ares.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
E:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Al Shafei\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.64:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CheckRegDefragService] "E:\PROGRA~1\REGIST~2\rbcs.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdVantage Setup] e:\Program Files\Ares P2P\Partner\AdVantageSetup.exe
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = E:\Program Files\Ela-Salaty\Salaty.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - e:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 11123 bytes
تم التعديل يا إخوان
Scan saved at 08:37:08 م, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
E:\PROGRA~1\REGIST~2\rbcs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
E:\Program Files\Ares\Ares.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
E:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Al Shafei\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.64:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CheckRegDefragService] "E:\PROGRA~1\REGIST~2\rbcs.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdVantage Setup] e:\Program Files\Ares P2P\Partner\AdVantageSetup.exe
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = E:\Program Files\Ela-Salaty\Salaty.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - e:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 11123 bytes
تم التعديل يا إخوان
تأييد
0
ان شاء الله دووووووووم هالضحكة :q:
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:37:08 م, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
E:\PROGRA~1\REGIST~2\rbcs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
E:\Program Files\Ares\Ares.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
E:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Al Shafei\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.64:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CheckRegDefragService] "E:\PROGRA~1\REGIST~2\rbcs.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdVantage Setup] e:\Program Files\Ares P2P\Partner\AdVantageSetup.exe
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = E:\Program Files\Ela-Salaty\Salaty.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - e:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 11123 bytes
Scan saved at 08:37:08 م, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
E:\PROGRA~1\REGIST~2\rbcs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
E:\Program Files\Ares\Ares.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
E:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Al Shafei\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.64:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CheckRegDefragService] "E:\PROGRA~1\REGIST~2\rbcs.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdVantage Setup] e:\Program Files\Ares P2P\Partner\AdVantageSetup.exe
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [ares] "E:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ela-Salaty.lnk = E:\Program Files\Ela-Salaty\Salaty.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with &FileFactory Turbo - C:\Program Files\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: تخصيص القائمه - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: حفظ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: شريط ادوات روبوفورم - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: ملئ النماذج - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: املأ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: ملئ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: حفظ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: حفظ النماذج - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - e:\Program Files\Ares\chatServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 11123 bytes
تأييد
0
MAAX
عضوشرف
غير متصل
شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من الفيروسات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط الاداة
شرح الاستخدام ,,,,,,
ولحفظ التقرير اعمل التالي ,,
بعدهاا ارفع التقرير على هذا الموقع ,, وارفق الرابط بردك القادم
واتبع الشرح التالي ,, لتنظيف جهازك من الفيروسات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
ولحفظ التقرير اعمل التالي ,,
بعدهاا ارفع التقرير على هذا الموقع ,, وارفق الرابط بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
وجد فيروسات وتم حذفها
وبودي تعمل تقرير بهذه الاداة ( لأن الفيروس جديد ) موديل 2008 :hh:
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
هذا التقرير يا حلوين
ComboFix 08-03-06.4 - Al Shafei 03/07/2008 14:08:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.127 [GMT 3:00]
Running from: C:\Documents and Settings\Al Shafei\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\FunWebProducts
C:\Program Files\newdotnet
C:\Program Files\newdotnet\readme.html
.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 11:07 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\DMCache
2008-03-07 07:12 --------- dc----w C:\Program Files\ESET
2008-03-07 07:06 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-07 04:52 --------- dc----w C:\Program Files\Internet Download Manager
2008-03-07 04:49 --------- dc----w C:\Program Files\AdVantage
2008-03-07 04:44 --------- dc----w C:\Program Files\IEPro
2008-03-07 04:07 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-06 14:24 --------- dc----w C:\Program Files\Super Fast Shutdown
2008-03-05 17:56 --------- dc----w C:\Program Files\Common Files\Real
2008-03-05 12:07 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\ESET
2008-03-05 12:05 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-03-05 12:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\ESET
2008-03-05 11:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-05 03:42 2,164,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-04 19:07 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-04 19:07 218,624 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-03-04 19:07 --------- dc----w C:\Program Files\VisualTaskTips
2008-03-04 19:07 --------- dc----w C:\Program Files\VistaDriveIcon
2008-03-04 18:19 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Styler
2008-03-04 15:01 --------- dc----w C:\Program Files\Do It Again
2008-03-04 08:51 5,264 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-04 08:51 24,608 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-04 08:51 17,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-04 03:51 --------- dc----w C:\Program Files\MSXML 6.0
2008-03-03 19:34 936,960 ----a-w C:\WINDOWS\system32\rasdlg.dll
2008-03-03 19:29 1,949,184 ----a-w C:\WINDOWS\system32\logonui.exe
2008-03-03 19:29 1,949,184 ----a-w C:\WINDOWS\system32\dllcache\logonui.exe
2008-03-03 19:18 --------- dc----w C:\Program Files\Google
2008-03-03 19:14 --------- dc----w C:\Program Files\TBFDropZone
2008-03-02 19:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-02 18:14 52 -c--a-w C:\tmp.bat
2008-03-01 14:12 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Axosoft
2008-03-01 11:08 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\IEPro
2008-02-27 10:49 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-02-27 10:49 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-02-26 19:06 --------- dc----w C:\Program Files\MSBuild
2008-02-26 18:56 --------- dc----w C:\Program Files\Reference Assemblies
2008-02-26 15:27 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 15:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 19:02 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Aegisub
2008-02-25 18:41 --------- dc----w C:\Program Files\BitComet
2008-02-25 03:43 --------- dc----w C:\Program Files\Boilsoft Video Splitter
2008-02-24 19:49 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\IDM
2008-02-24 15:00 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\FileFactory Turbo
2008-02-24 14:15 104,960 ----a-w C:\WINDOWS\system32\iPMS by genial78.exe
2008-02-19 12:43 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Apple Computer
2008-02-19 12:42 --------- dc----w C:\Program Files\iPod
2008-02-19 12:42 --------- dc----w C:\Program Files\Bonjour
2008-02-19 12:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-19 12:38 --------- dc----w C:\Program Files\Common Files\Apple
2008-02-19 12:38 --------- dc----w C:\Program Files\Apple Software Update
2008-02-17 19:35 105,472 ----a-w C:\WINDOWS\system32\iPMS.exe
2008-02-17 14:22 --------- dc----w C:\Program Files\FileFactory Turbo
2008-02-15 13:53 --------- dc----w C:\Program Files\Xvid
2008-02-15 13:53 --------- dc----w C:\Program Files\DivX
2008-02-15 13:53 --------- dc----w C:\Program Files\Avanquest update
2008-02-14 20:50 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-02-13 10:48 --------- dc----w C:\Program Files\Opera
2008-02-10 20:01 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\mIRC
2008-02-10 15:04 --------- dc----w C:\Program Files\Common Files\xing shared
2008-02-10 07:20 --------- dc----w C:\Program Files\Dylo's Adventure
2008-02-10 07:16 --------- dc----w C:\Program Files\Circulate
2008-02-10 07:14 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\COWON
2008-02-10 07:09 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 15:49 --------- dc----w C:\Program Files\Windows Defender
2008-01-23 11:53 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Htm barb
2008-01-23 11:08 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-01-23 11:08 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-01-23 11:07 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-01-18 10:44 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-11 05:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 04:59 --------- dc----w C:\Program Files\sXe Injected
2008-01-08 13:34 --------- dc----w C:\Program Files\mSoft
2008-01-08 12:13 202,160 ----a-w C:\WINDOWS\system32\idmmbc.dll
2007-12-19 22:48 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-16 15:30 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-12-16 04:11 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys
2007-10-05 02:46 1,597 -c--a-w C:\Program Files\Common Files\تعليمات.txt
2007-09-18 00:23 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-04-04 10:42 89,872 -c--a-w C:\Program Files\Common Files\IDM.5.0xx.patch.exe
2007-04-04 10:18 156 -c--a-w C:\Program Files\Common Files\IDM_StartUP_FIX.reg
2007-04-01 10:38 187 -c--a-w C:\Program Files\Common Files\UnReggedMe.reg
2007-03-31 23:38 34,491 -c--a-w C:\Program Files\Common Files\idmldr.exe
2006-05-04 17:09 40,137 -c--a-w C:\Program Files\Common Files\IDM.patch.exe
.
------- Sigcheck -------
bdcfbfd89296cb14abab6cb8ef705d99 C:\WINDOWS\system32\wininet.dll
----a-w 824,320 2007-06-27 14:13:19 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
----a-w 825,344 2007-08-20 09:47:24 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 825,344 2007-10-10 23:21:22 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
----a-w 825,344 2007-12-07 01:41:18 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
-c--a-w 654,848 2004-08-03 22:55:58 C:\WINDOWS\ie7\wininet.dll
-c----w 818,688 2006-11-07 18:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
-c----w 823,808 2007-06-27 13:23:47 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 824,832 2007-08-20 09:58:59 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
-c----w 824,832 2007-10-10 23:46:24 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
----a-w 926,208 2007-12-07 02:04:32 C:\WINDOWS\system32\wininet.dll
----a-w 926,208 2007-12-07 02:04:32 C:\WINDOWS\system32\dllcache\wininet.dll
8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,040 2004-08-03 21:14:42 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 359,808 2007-09-05 22:22:57 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
----a-w 360,064 2008-01-23 11:08:14 C:\WINDOWS\system32\dllcache\TCPIP.SYS
----a-w 360,064 2008-01-23 11:08:14 C:\WINDOWS\system32\drivers\TCPIP.SYS
ef34827229b786e17000c5ccd091775f C:\WINDOWS\system32\winlogon.exe
----a-w 540,672 2004-08-03 22:56:36 C:\WINDOWS\system32\winlogon.exe
----a-w 540,672 2004-08-03 22:56:36 C:\WINDOWS\system32\dllcache\winlogon.exe
e481cfcf32a6de4a88ced50c897f7293 C:\WINDOWS\explorer.exe
----a-w 1,550,848 2008-03-03 19:34:55 C:\WINDOWS\explorer.exe
----a-w 1,030,656 2007-06-13 13:10:04 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,029,632 2004-08-03 22:56:12 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
----a-w 1,550,848 2008-03-03 19:34:55 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CheckRegDefragService"="" []
"IDMan"="E:\Program Files\Internet Download Manager\IDMan.exe" [02/21/2008 07:44 AM 2594224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [10/25/2007 09:26 AM 1410304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 01:56 AM 25088 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a--c--- 11/10/2006 04:19 PM 1051648 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a--c--- 12/04/2007 06:41 PM 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 05/17/2005 01:48 PM 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 03/06/2008 10:12 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a--c--- 01/30/2008 01:11 PM 3497984 E:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitComet\\BitComet.exe"=
"J:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe"=
"E:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"E:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"E:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22169:TCP"= 22169:TCP:BitComet 22169 TCP
"22169:UDP"= 22169:UDP:BitComet 22169 UDP
"62626:TCP"= 62626:TCP:BitComet 62626 TCP
"62626:UDP"= 62626:UDP:BitComet 62626 UDP
"7900:TCP"= 7900:TCP:bitcomet TCP 7900
"7900:UDP"= 7900:UDP:bitcomet UDP 7900
"6348:TCP"= 6348:TCP:bearshare TCP 6348
"6348:UDP"= 6348:UDP:bearshare UDP 6348
"48740:UDP"= 48740:UDP:ares UDP 48740
"48740:TCP"= 48740:TCP:ares TCP 6348
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM]
.
s of the 'Scheduled Tasks' folder
"2008-02-22 17:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 06:47:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-22 12:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-03-07 11:10:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{06A12C2B-FD5A-40ED-B743-4C9182A2A766}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-03-07 14:26:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
.
**************************************************************************
.
Completion time: 03/07/2008 14:28:58 - machine was rebooted [Al Shafei]
ComboFix-quarantined-files.txt 2008-03-07 11:28:54
.
2008-03-04 03:51:30 --- E O F ---
ComboFix 08-03-06.4 - Al Shafei 03/07/2008 14:08:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.127 [GMT 3:00]
Running from: C:\Documents and Settings\Al Shafei\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\FunWebProducts
C:\Program Files\newdotnet
C:\Program Files\newdotnet\readme.html
.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 11:07 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\DMCache
2008-03-07 07:12 --------- dc----w C:\Program Files\ESET
2008-03-07 07:06 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-07 04:52 --------- dc----w C:\Program Files\Internet Download Manager
2008-03-07 04:49 --------- dc----w C:\Program Files\AdVantage
2008-03-07 04:44 --------- dc----w C:\Program Files\IEPro
2008-03-07 04:07 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-06 14:24 --------- dc----w C:\Program Files\Super Fast Shutdown
2008-03-05 17:56 --------- dc----w C:\Program Files\Common Files\Real
2008-03-05 12:07 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\ESET
2008-03-05 12:05 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-03-05 12:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\ESET
2008-03-05 11:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-05 03:42 2,164,768 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-04 19:07 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-04 19:07 218,624 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-03-04 19:07 --------- dc----w C:\Program Files\VisualTaskTips
2008-03-04 19:07 --------- dc----w C:\Program Files\VistaDriveIcon
2008-03-04 18:19 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Styler
2008-03-04 15:01 --------- dc----w C:\Program Files\Do It Again
2008-03-04 08:51 5,264 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-04 08:51 24,608 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-04 08:51 17,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-04 03:51 --------- dc----w C:\Program Files\MSXML 6.0
2008-03-03 19:34 936,960 ----a-w C:\WINDOWS\system32\rasdlg.dll
2008-03-03 19:29 1,949,184 ----a-w C:\WINDOWS\system32\logonui.exe
2008-03-03 19:29 1,949,184 ----a-w C:\WINDOWS\system32\dllcache\logonui.exe
2008-03-03 19:18 --------- dc----w C:\Program Files\Google
2008-03-03 19:14 --------- dc----w C:\Program Files\TBFDropZone
2008-03-02 19:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-02 18:14 52 -c--a-w C:\tmp.bat
2008-03-01 14:12 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Axosoft
2008-03-01 11:08 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\IEPro
2008-02-27 10:49 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-02-27 10:49 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-02-26 19:06 --------- dc----w C:\Program Files\MSBuild
2008-02-26 18:56 --------- dc----w C:\Program Files\Reference Assemblies
2008-02-26 15:27 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 15:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 19:02 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Aegisub
2008-02-25 18:41 --------- dc----w C:\Program Files\BitComet
2008-02-25 03:43 --------- dc----w C:\Program Files\Boilsoft Video Splitter
2008-02-24 19:49 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\IDM
2008-02-24 15:00 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\FileFactory Turbo
2008-02-24 14:15 104,960 ----a-w C:\WINDOWS\system32\iPMS by genial78.exe
2008-02-19 12:43 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Apple Computer
2008-02-19 12:42 --------- dc----w C:\Program Files\iPod
2008-02-19 12:42 --------- dc----w C:\Program Files\Bonjour
2008-02-19 12:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-19 12:38 --------- dc----w C:\Program Files\Common Files\Apple
2008-02-19 12:38 --------- dc----w C:\Program Files\Apple Software Update
2008-02-17 19:35 105,472 ----a-w C:\WINDOWS\system32\iPMS.exe
2008-02-17 14:22 --------- dc----w C:\Program Files\FileFactory Turbo
2008-02-15 13:53 --------- dc----w C:\Program Files\Xvid
2008-02-15 13:53 --------- dc----w C:\Program Files\DivX
2008-02-15 13:53 --------- dc----w C:\Program Files\Avanquest update
2008-02-14 20:50 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-02-13 10:48 --------- dc----w C:\Program Files\Opera
2008-02-10 20:01 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\mIRC
2008-02-10 15:04 --------- dc----w C:\Program Files\Common Files\xing shared
2008-02-10 07:20 --------- dc----w C:\Program Files\Dylo's Adventure
2008-02-10 07:16 --------- dc----w C:\Program Files\Circulate
2008-02-10 07:14 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\COWON
2008-02-10 07:09 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 15:49 --------- dc----w C:\Program Files\Windows Defender
2008-01-23 11:53 --------- dc----w C:\Documents and Settings\Al Shafei\Application Data\Htm barb
2008-01-23 11:08 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-01-23 11:08 360,064 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-01-23 11:07 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-01-18 10:44 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-11 05:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 04:59 --------- dc----w C:\Program Files\sXe Injected
2008-01-08 13:34 --------- dc----w C:\Program Files\mSoft
2008-01-08 12:13 202,160 ----a-w C:\WINDOWS\system32\idmmbc.dll
2007-12-19 22:48 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-16 15:30 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-12-16 04:11 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys
2007-10-05 02:46 1,597 -c--a-w C:\Program Files\Common Files\تعليمات.txt
2007-09-18 00:23 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-04-04 10:42 89,872 -c--a-w C:\Program Files\Common Files\IDM.5.0xx.patch.exe
2007-04-04 10:18 156 -c--a-w C:\Program Files\Common Files\IDM_StartUP_FIX.reg
2007-04-01 10:38 187 -c--a-w C:\Program Files\Common Files\UnReggedMe.reg
2007-03-31 23:38 34,491 -c--a-w C:\Program Files\Common Files\idmldr.exe
2006-05-04 17:09 40,137 -c--a-w C:\Program Files\Common Files\IDM.patch.exe
.
------- Sigcheck -------
bdcfbfd89296cb14abab6cb8ef705d99 C:\WINDOWS\system32\wininet.dll
----a-w 824,320 2007-06-27 14:13:19 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
----a-w 825,344 2007-08-20 09:47:24 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 825,344 2007-10-10 23:21:22 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
----a-w 825,344 2007-12-07 01:41:18 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
-c--a-w 654,848 2004-08-03 22:55:58 C:\WINDOWS\ie7\wininet.dll
-c----w 818,688 2006-11-07 18:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
-c----w 823,808 2007-06-27 13:23:47 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 824,832 2007-08-20 09:58:59 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
-c----w 824,832 2007-10-10 23:46:24 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
----a-w 926,208 2007-12-07 02:04:32 C:\WINDOWS\system32\wininet.dll
----a-w 926,208 2007-12-07 02:04:32 C:\WINDOWS\system32\dllcache\wininet.dll
8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,040 2004-08-03 21:14:42 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c----w 359,808 2007-09-05 22:22:57 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
----a-w 360,064 2008-01-23 11:08:14 C:\WINDOWS\system32\dllcache\TCPIP.SYS
----a-w 360,064 2008-01-23 11:08:14 C:\WINDOWS\system32\drivers\TCPIP.SYS
ef34827229b786e17000c5ccd091775f C:\WINDOWS\system32\winlogon.exe
----a-w 540,672 2004-08-03 22:56:36 C:\WINDOWS\system32\winlogon.exe
----a-w 540,672 2004-08-03 22:56:36 C:\WINDOWS\system32\dllcache\winlogon.exe
e481cfcf32a6de4a88ced50c897f7293 C:\WINDOWS\explorer.exe
----a-w 1,550,848 2008-03-03 19:34:55 C:\WINDOWS\explorer.exe
----a-w 1,030,656 2007-06-13 13:10:04 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,029,632 2004-08-03 22:56:12 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
----a-w 1,550,848 2008-03-03 19:34:55 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CheckRegDefragService"="" []
"IDMan"="E:\Program Files\Internet Download Manager\IDMan.exe" [02/21/2008 07:44 AM 2594224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 25088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [10/25/2007 09:26 AM 1410304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 01:56 AM 25088 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a--c--- 11/10/2006 04:19 PM 1051648 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a--c--- 12/04/2007 06:41 PM 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 05/17/2005 01:48 PM 77824 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 03/06/2008 10:12 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a--c--- 01/30/2008 01:11 PM 3497984 E:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitComet\\BitComet.exe"=
"J:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe"=
"E:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"E:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"E:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22169:TCP"= 22169:TCP:BitComet 22169 TCP
"22169:UDP"= 22169:UDP:BitComet 22169 UDP
"62626:TCP"= 62626:TCP:BitComet 62626 TCP
"62626:UDP"= 62626:UDP:BitComet 62626 UDP
"7900:TCP"= 7900:TCP:bitcomet TCP 7900
"7900:UDP"= 7900:UDP:bitcomet UDP 7900
"6348:TCP"= 6348:TCP:bearshare TCP 6348
"6348:UDP"= 6348:UDP:bearshare UDP 6348
"48740:UDP"= 48740:UDP:ares UDP 48740
"48740:TCP"= 48740:TCP:ares TCP 6348
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM]
.
s of the 'Scheduled Tasks' folder
"2008-02-22 17:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-07 06:47:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-22 12:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-03-07 11:10:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{06A12C2B-FD5A-40ED-B743-4C9182A2A766}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-03-07 14:26:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
.
**************************************************************************
.
Completion time: 03/07/2008 14:28:58 - machine was rebooted [Al Shafei]
ComboFix-quarantined-files.txt 2008-03-07 11:28:54
.
2008-03-04 03:51:30 --- E O F ---
تأييد
0
يعطيك العافيه ,,
استخدم الملف هذا
عند تشغيله سوف يعاد تشغيل جهازك بشكل تلقائي
بعد اعادة التشغيل سوف يظهر لك تقرير انسخه والصقه بردك القادم
-------------------------------------
واعمل تقرير جديد هايجاك
استخدم الملف هذا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيله سوف يعاد تشغيل جهازك بشكل تلقائي
بعد اعادة التشغيل سوف يظهر لك تقرير انسخه والصقه بردك القادم
-------------------------------------
واعمل تقرير جديد هايجاك
تأييد
0
يا عالم ترى لمن أحطه في الوضع الأمن يسوي إيقاف تشغيل عادي وينطفي أعتقد مافي فايروس
هذا التقرير
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\udjqvkmj
*******************
file located at: \??\C:\WINDOWS\dnobtdmf.txt
file opened successfully.
file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process file:
File C:\WINDOWS\system32\affv208325p1now.sys deleted successfully.
File C:\WINDOWS\system32\iPMS by genial78.exe deleted successfully.
Folder C:\Program Files\FunWebProducts not found!
Deletion of folder C:\Program Files\FunWebProducts failed!
Could not process line:
C:\Program Files\FunWebProducts
Status: 0xc0000034
Folder C:\Program Files\newdotnet not found!
Deletion of folder C:\Program Files\newdotnet failed!
Could not process line:
C:\Program Files\newdotnet
Status: 0xc0000034
Completed processing.
*******************
Finished! Terminate.
هذا التقرير
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\udjqvkmj
*******************
file located at: \??\C:\WINDOWS\dnobtdmf.txt
file opened successfully.
file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process file:
File C:\WINDOWS\system32\affv208325p1now.sys deleted successfully.
File C:\WINDOWS\system32\iPMS by genial78.exe deleted successfully.
Folder C:\Program Files\FunWebProducts not found!
Deletion of folder C:\Program Files\FunWebProducts failed!
Could not process line:
C:\Program Files\FunWebProducts
Status: 0xc0000034
Folder C:\Program Files\newdotnet not found!
Deletion of folder C:\Program Files\newdotnet failed!
Could not process line:
C:\Program Files\newdotnet
Status: 0xc0000034
Completed processing.
*******************
Finished! Terminate.
تأييد
0
وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:08:47 م, on 07/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
E:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\wuauclt.exe
J:\Program Files\BearShare\BearShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Al Shafei\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetVL.htm
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - e:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 3631 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:08:47 م, on 07/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
E:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\wuauclt.exe
J:\Program Files\BearShare\BearShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Al Shafei\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - E:\Program Files\Internet Download Manager\IEGetVL.htm
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - e:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 3631 bytes
تأييد
0
- الحالة