- بادئ الموضوع فريق اول
- تاريخ البدء
- 912
اعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
توقيع : king_man
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:49:39 م, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\windows\system32\svchost..exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\HiJackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [F-16-RGRSH] C:\windows\system32\svchost..exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-448539723-573735546-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5077 bytes
Scan saved at 01:49:39 م, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\windows\system32\svchost..exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\HiJackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [F-16-RGRSH] C:\windows\system32\svchost..exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-448539723-573735546-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5077 bytes
تأييد
0
احذف هذه القيم :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [F-16-RGRSH] C:\windows\system32\svchost..exe
بعدها
ثم قم بعمل تقرير هايجاك جديد
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [F-16-RGRSH] C:\windows\system32\svchost..exe
طريقة الحذف
بعدها
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
عطل برنامج الحمايه واستخدم اداة SmitfraudFix
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
ثم قم بعمل تقرير هايجاك جديد
التعديل الأخير بواسطة المشرف:
توقيع : king_man
تأييد
0
ComboFix 09-06-04.08 - Owner 06/05/2009 14:26.1 - NTFSx86
Running from: F:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\systeminfo.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-04 08:24 . 2009-06-04 08:24 8192 ----a-w- c:\windows\system32\alg..exe
2009-06-04 08:24 . 2009-06-04 08:24 8192 ----a-w- c:\windows\system32\svchost..exe
2009-06-03 13:34 . 2009-06-03 13:34 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-06-03 13:14 . 2009-06-03 13:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2009-06-03 12:41 . 2009-06-03 12:41 -------- d-----w- c:\program files\Circle Dvelopement
2009-06-03 11:40 . 2009-06-04 21:59 -------- d-----w- c:\program files\MSN Messenger
2009-06-02 19:47 . 2009-06-04 15:50 -------- d-----w- c:\program files\LtUcx
2009-06-02 19:18 . 2009-06-02 19:18 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-02 19:10 . 2009-06-04 13:49 -------- d-----w- c:\documents and settings\Owner\Contacts
2009-06-02 19:09 . 2009-06-02 19:09 -------- d-s---w- c:\documents and settings\Owner\UserData
2009-06-02 19:07 . 2008-06-27 01:39 332928 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2009-06-02 19:01 . 2005-05-31 10:12 49224 ----a-w- c:\windows\system32\athgina.dll
2009-06-02 19:01 . 2005-05-24 22:39 465952 ----a-w- c:\windows\system32\ar5211.sys
2009-06-02 19:01 . 2005-05-31 10:12 36864 ----a-w- c:\windows\system32\acs.exe
2009-06-02 19:01 . 2009-06-02 19:01 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-02 19:01 . 2005-05-31 10:00 192512 ----a-w- c:\windows\system32\AegisI5.exe
2009-06-02 19:01 . 2005-05-31 10:00 1396835 ----a-w- c:\windows\system32\AegisE5.dll
2009-06-02 19:01 . 2005-05-31 10:12 385024 ----a-w- c:\windows\system32\athcfg11.dll
2009-06-02 19:01 . 2005-05-31 10:10 77824 ----a-w- c:\windows\system32\athcfg11res.dll
2009-06-02 19:01 . 2005-05-31 10:10 249856 ----a-w- c:\windows\system32\wgapi.dll
2009-06-02 19:01 . 2005-05-31 10:09 237568 ----a-w- c:\windows\system32\wcapi.dll
2009-06-02 19:01 . 2009-06-02 19:05 -------- d-----w- c:\program files\Atheros
2009-06-02 19:01 . 2009-06-02 19:01 -------- d-----w- C:\temp
2009-06-02 19:00 . 2009-06-02 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 21:59 . 2009-06-02 18:14 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-04 13:32 . 2001-09-19 12:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-06-04 13:32 . 2001-09-19 12:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-06-03 17:52 . 2009-06-02 17:49 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-03 17:43 . 2009-06-02 15:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-02 19:17 . 2009-06-02 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-02 19:01 . 2009-06-02 16:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-02 18:25 . 2009-06-02 18:25 -------- d-----w- c:\program files\Google
2009-06-02 18:24 . 2009-06-02 18:24 -------- d-----w- c:\program files\VideoLAN
2009-06-02 18:23 . 2009-06-02 18:23 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-02 18:20 . 2009-06-02 18:20 61440 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{870B0889-A92E-4230-A6A1-F739C1D140DD}\ARPPRODUCTICON.exe
2009-06-02 18:20 . 2009-06-02 18:20 -------- d-----w- c:\program files\Opera
2009-06-02 18:18 . 2009-06-02 18:18 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-02 18:18 . 2009-06-02 18:18 -------- d-----w- c:\program files\Common Files\Real
2009-06-02 18:18 . 2009-06-02 18:18 -------- d-----w- c:\program files\Real
2009-06-02 18:17 . 2009-06-02 18:15 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Suite
2009-06-02 18:17 . 2009-06-02 18:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Nokia
2009-06-02 18:17 . 2009-06-02 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-02 18:16 . 2009-06-02 18:15 -------- d-----w- c:\program files\DIFX
2009-06-02 18:16 . 2009-06-02 18:16 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-02 18:16 . 2009-06-02 18:15 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\program files\Nokia
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-02 18:15 . 2009-06-02 18:15 9728 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe
2009-06-02 18:15 . 2009-06-02 18:15 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe
2009-06-02 18:15 . 2009-06-02 18:15 15360 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-02 18:14 . 2009-06-02 16:25 73208 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 18:13 . 2009-06-02 18:13 -------- d-----w- c:\program files\Windows Live
2009-06-02 18:10 . 2009-06-02 18:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-02 18:09 . 2009-06-02 18:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-02 18:05 . 2009-06-02 18:03 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-02 18:04 . 2009-06-02 18:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-06-02 18:03 . 2009-06-02 18:03 -------- d-----w- c:\program files\Nero
2009-06-02 18:01 . 2009-06-02 18:01 -------- d-----w- c:\program files\mpegable
2009-06-02 18:01 . 2009-06-02 18:01 47104 ------w- c:\windows\AKDeInstall.exe
2009-06-02 18:00 . 2009-06-02 18:00 -------- d-----w- c:\program files\GRETECH
2009-06-02 18:00 . 2009-06-02 18:00 -------- d-----w- c:\program files\DVD X Studios
2009-06-02 17:49 . 2009-06-02 17:49 -------- d-----w- c:\program files\Avira
2009-06-02 17:49 . 2009-06-02 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-02 17:21 . 2009-06-02 17:21 -------- d-----w- c:\program files\Microsoft.NET
2009-06-02 16:58 . 2009-06-02 16:58 -------- d-----w- c:\program files\WIDCOMM
2009-06-02 16:54 . 2009-06-02 16:54 125 ----a-w- c:\windows\xUninstall.bat
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\program files\CONEXANT
2009-06-02 16:33 . 2009-06-02 16:33 315392 ----a-w- c:\windows\HideWin.exe
2009-06-02 16:33 . 2009-06-02 16:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-02 16:30 . 2009-06-02 16:30 -------- d-----w- c:\program files\Intel
2009-06-02 15:55 . 2009-06-02 15:55 -------- d-----w- c:\program files\microsoft frontpage
2009-06-02 15:51 . 2009-06-02 15:51 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 167936]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5748080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 240152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 211480]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 112496]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-02 185896]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 380928]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-05-26 16862720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\HiJackThis.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]
S3 abp470n5;abp470n5;c:\windows\system32\drivers\mtmqn.sys [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ABP470N5
*NewlyCreated* - IPFILTERDRIVER
*Deregistered* - abp470n5
*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - AntiVirScheduler
*Deregistered* - AntiVirService
*Deregistered* - audstub
*Deregistered* - avgio
*Deregistered* - avgntflt
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - BTKRNL
*Deregistered* - btwdins
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - Dnscache
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - IpFilterDriver
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - seclogon
*Deregistered* - sr
*Deregistered* - Srv
*Deregistered* - ssmdrv
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - wuauserv
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://174.36.224.242/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-05 14:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\athgina.dll
c:\windows\system32\athcfg11.dll
c:\windows\system32\athcfg11Res.dll
.
Completion time: 2009-06-05 14:28
ComboFix-quarantined-files.txt 2009-06-05 11:28
Pre-Run: 58,140,069,888 bytes free
Post-Run: 58,490,671,104 bytes free
261
Running from: F:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\systeminfo.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-04 08:24 . 2009-06-04 08:24 8192 ----a-w- c:\windows\system32\alg..exe
2009-06-04 08:24 . 2009-06-04 08:24 8192 ----a-w- c:\windows\system32\svchost..exe
2009-06-03 13:34 . 2009-06-03 13:34 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-06-03 13:14 . 2009-06-03 13:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2009-06-03 12:41 . 2009-06-03 12:41 -------- d-----w- c:\program files\Circle Dvelopement
2009-06-03 11:40 . 2009-06-04 21:59 -------- d-----w- c:\program files\MSN Messenger
2009-06-02 19:47 . 2009-06-04 15:50 -------- d-----w- c:\program files\LtUcx
2009-06-02 19:18 . 2009-06-02 19:18 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-02 19:10 . 2009-06-04 13:49 -------- d-----w- c:\documents and settings\Owner\Contacts
2009-06-02 19:09 . 2009-06-02 19:09 -------- d-s---w- c:\documents and settings\Owner\UserData
2009-06-02 19:07 . 2008-06-27 01:39 332928 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2009-06-02 19:01 . 2005-05-31 10:12 49224 ----a-w- c:\windows\system32\athgina.dll
2009-06-02 19:01 . 2005-05-24 22:39 465952 ----a-w- c:\windows\system32\ar5211.sys
2009-06-02 19:01 . 2005-05-31 10:12 36864 ----a-w- c:\windows\system32\acs.exe
2009-06-02 19:01 . 2009-06-02 19:01 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-02 19:01 . 2005-05-31 10:00 192512 ----a-w- c:\windows\system32\AegisI5.exe
2009-06-02 19:01 . 2005-05-31 10:00 1396835 ----a-w- c:\windows\system32\AegisE5.dll
2009-06-02 19:01 . 2005-05-31 10:12 385024 ----a-w- c:\windows\system32\athcfg11.dll
2009-06-02 19:01 . 2005-05-31 10:10 77824 ----a-w- c:\windows\system32\athcfg11res.dll
2009-06-02 19:01 . 2005-05-31 10:10 249856 ----a-w- c:\windows\system32\wgapi.dll
2009-06-02 19:01 . 2005-05-31 10:09 237568 ----a-w- c:\windows\system32\wcapi.dll
2009-06-02 19:01 . 2009-06-02 19:05 -------- d-----w- c:\program files\Atheros
2009-06-02 19:01 . 2009-06-02 19:01 -------- d-----w- C:\temp
2009-06-02 19:00 . 2009-06-02 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 21:59 . 2009-06-02 18:14 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-04 13:32 . 2001-09-19 12:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-06-04 13:32 . 2001-09-19 12:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-06-03 17:52 . 2009-06-02 17:49 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-03 17:43 . 2009-06-02 15:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-02 19:17 . 2009-06-02 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-02 19:01 . 2009-06-02 16:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-02 18:25 . 2009-06-02 18:25 -------- d-----w- c:\program files\Google
2009-06-02 18:24 . 2009-06-02 18:24 -------- d-----w- c:\program files\VideoLAN
2009-06-02 18:23 . 2009-06-02 18:23 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-02 18:20 . 2009-06-02 18:20 61440 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{870B0889-A92E-4230-A6A1-F739C1D140DD}\ARPPRODUCTICON.exe
2009-06-02 18:20 . 2009-06-02 18:20 -------- d-----w- c:\program files\Opera
2009-06-02 18:18 . 2009-06-02 18:18 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-02 18:18 . 2009-06-02 18:18 -------- d-----w- c:\program files\Common Files\Real
2009-06-02 18:18 . 2009-06-02 18:18 -------- d-----w- c:\program files\Real
2009-06-02 18:17 . 2009-06-02 18:15 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Suite
2009-06-02 18:17 . 2009-06-02 18:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Nokia
2009-06-02 18:17 . 2009-06-02 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-02 18:16 . 2009-06-02 18:15 -------- d-----w- c:\program files\DIFX
2009-06-02 18:16 . 2009-06-02 18:16 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-02 18:16 . 2009-06-02 18:15 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\program files\Nokia
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-02 18:15 . 2009-06-02 18:15 9728 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe
2009-06-02 18:15 . 2009-06-02 18:15 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe
2009-06-02 18:15 . 2009-06-02 18:15 15360 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-02 18:15 . 2009-06-02 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-02 18:14 . 2009-06-02 16:25 73208 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 18:13 . 2009-06-02 18:13 -------- d-----w- c:\program files\Windows Live
2009-06-02 18:10 . 2009-06-02 18:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-02 18:09 . 2009-06-02 18:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-02 18:05 . 2009-06-02 18:03 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-02 18:04 . 2009-06-02 18:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-06-02 18:03 . 2009-06-02 18:03 -------- d-----w- c:\program files\Nero
2009-06-02 18:01 . 2009-06-02 18:01 -------- d-----w- c:\program files\mpegable
2009-06-02 18:01 . 2009-06-02 18:01 47104 ------w- c:\windows\AKDeInstall.exe
2009-06-02 18:00 . 2009-06-02 18:00 -------- d-----w- c:\program files\GRETECH
2009-06-02 18:00 . 2009-06-02 18:00 -------- d-----w- c:\program files\DVD X Studios
2009-06-02 17:49 . 2009-06-02 17:49 -------- d-----w- c:\program files\Avira
2009-06-02 17:49 . 2009-06-02 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-02 17:21 . 2009-06-02 17:21 -------- d-----w- c:\program files\Microsoft.NET
2009-06-02 16:58 . 2009-06-02 16:58 -------- d-----w- c:\program files\WIDCOMM
2009-06-02 16:54 . 2009-06-02 16:54 125 ----a-w- c:\windows\xUninstall.bat
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\program files\CONEXANT
2009-06-02 16:33 . 2009-06-02 16:33 315392 ----a-w- c:\windows\HideWin.exe
2009-06-02 16:33 . 2009-06-02 16:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-02 16:30 . 2009-06-02 16:30 -------- d-----w- c:\program files\Intel
2009-06-02 15:55 . 2009-06-02 15:55 -------- d-----w- c:\program files\microsoft frontpage
2009-06-02 15:51 . 2009-06-02 15:51 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 167936]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5748080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 240152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 211480]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 229376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 112496]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-02 185896]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-05-31 380928]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-05-26 16862720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\HiJackThis.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]
S3 abp470n5;abp470n5;c:\windows\system32\drivers\mtmqn.sys [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ABP470N5
*NewlyCreated* - IPFILTERDRIVER
*Deregistered* - abp470n5
*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - AntiVirScheduler
*Deregistered* - AntiVirService
*Deregistered* - audstub
*Deregistered* - avgio
*Deregistered* - avgntflt
*Deregistered* - avipbb
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - BTKRNL
*Deregistered* - btwdins
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - Dnscache
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - IpFilterDriver
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - seclogon
*Deregistered* - sr
*Deregistered* - Srv
*Deregistered* - ssmdrv
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - wuauserv
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://174.36.224.242/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-05 14:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\athgina.dll
c:\windows\system32\athcfg11.dll
c:\windows\system32\athcfg11Res.dll
.
Completion time: 2009-06-05 14:28
ComboFix-quarantined-files.txt 2009-06-05 11:28
Pre-Run: 58,140,069,888 bytes free
Post-Run: 58,490,671,104 bytes free
261
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:51:50 م, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
F:\HiJackThis.exe
F:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-448539723-573735546-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-448539723-573735546-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5204 bytes
Scan saved at 02:51:50 م, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
F:\HiJackThis.exe
F:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-448539723-573735546-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-448539723-573735546-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5204 bytes
تأييد
0
قم بحذف القيمة الاتيه :
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
ثم استخدم
واخبرنا هل تم حل المشكله ام لا ؟
بالتوفيق
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
ثم استخدم
اداة لاصلاح الاكسبلورر
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
واخبرنا هل تم حل المشكله ام لا ؟
بالتوفيق
توقيع : king_man
تأييد
0