- بادئ الموضوع click
- تاريخ البدء
- 2,270
تأييد
0
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
click
زيزوومى مبدع
- إنضم
- 8 أكتوبر 2007
- المشاركات
- 1,075
- مستوى التفاعل
- 127
- النقاط
- 650
غير متصل
التقرير الأول من برنامج الكومبو فيكس وعلى فكرة لم يعمل ريستارت للجهاز
ComboFix 08-06-12.2 - Alftoh 06/15/2008 2:02:00.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.149 [GMT 3:00]
Running from: D:\Documents and Settings\Alftoh\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\MabryObj.dll
D:\WINDOWS\v10neformatic.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 10:24 --------- d-----w D:\Program Files\AviSynth 2.5
2008-06-13 22:23 2,079 ----a-w D:\WINDOWS\system32\M1achardks.dll
2008-06-12 14:06 32 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-12 14:06 32 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-12 14:06 32 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 14:06 32 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 15:04 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Nokia Multimedia Player
2008-06-09 20:14 0 ---ha-w D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-09 20:14 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-09 20:07 --------- d-----w D:\Program Files\Common Files\PCSuite
2008-06-09 20:07 --------- d-----w D:\Program Files\Common Files\Nokia
2008-06-09 20:03 --------- d-----w D:\Program Files\PC Connectivity Solution
2008-06-06 13:35 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\LimeWire
2008-05-31 11:48 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Media Player Classic
2008-05-29 20:14 --------- d-----w D:\Program Files\Cryptomathic
2008-05-29 18:11 88,774 ----a-w D:\WINDOWS\system32\drivers\klick.dat
2008-05-29 17:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 23:23 96,966 ----a-w D:\WINDOWS\system32\drivers\klin.dat
2008-05-28 23:23 112,144 ----a-w D:\WINDOWS\system32\drivers\kl1.sys
2008-05-24 03:55 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Thinstall
2008-05-23 13:03 --------- d-----w D:\Program Files\BuddyCheck
2008-05-23 13:03 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Nuotex
2008-05-23 12:26 --------- d-----w D:\Program Files\Common Files\Ahead
2008-05-19 22:34 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-19 22:33 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-05-18 00:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-17 13:36 4,608 ----a-w D:\WINDOWS\system32\w95inf32.dll
2008-05-17 13:36 2,272 ----a-w D:\WINDOWS\system32\w95inf16.dll
2008-05-17 08:55 --------- d-----w D:\Program Files\TelecomEgypt
2008-05-16 11:12 --------- d-----w D:\Program Files\ExtraTools
2008-05-12 22:21 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\IDM
2008-05-12 22:21 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\DMCache
2008-05-10 22:01 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Gracebyte Software
2008-05-10 17:39 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-10 17:39 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\skypePM
2008-05-10 17:03 160,107 ----a-w D:\WINDOWS\رفيق الأزواج Uninstaller.exe
2008-05-10 16:13 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\DAEMON Tools Pro
2008-05-10 15:14 4,100 ----a-w D:\WINDOWS\system32\hdvirffo.dll
2008-05-10 15:03 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\DAEMON Tools
2008-05-10 14:39 --------- d-----w D:\Program Files\Microsoft.NET
2008-05-10 14:39 --------- d-----w D:\Program Files\Microsoft ActiveSync
2008-05-10 14:39 --------- d-----w D:\Program Files\Common Files\L&H
2008-05-10 14:35 715,248 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-05-10 13:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-10 13:52 --------- d-----w D:\Program Files\MessengerPlus! 3
2008-05-09 13:54 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\TuneUp Software
2008-05-09 13:53 --------- d-----w D:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-09 13:51 --------- d-----w D:\Program Files\Kaspersky Lab
2008-05-09 13:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-09 13:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-09 13:48 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\EditPlus 2
2008-05-09 13:46 --------- d-----w D:\Program Files\Java
2008-05-09 13:46 --------- d-----w D:\Program Files\Common Files\Java
2008-05-09 13:45 --------- d-----w D:\Program Files\Teletext
2008-05-09 13:44 --------- d-----w D:\Program Files\LifeView TVR
2008-05-09 13:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-09 13:39 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Nokia
2008-05-09 13:37 --------- d-----w D:\Program Files\DIFX
2008-05-09 13:37 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\PC Suite
2008-05-09 13:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Installations
2008-05-09 13:35 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Nero
2008-05-09 13:28 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll
2008-05-09 13:28 348,160 ----a-w D:\WINDOWS\system32\msvcr71.dll
2008-05-09 13:28 --------- d-----w D:\Program Files\Real
2008-05-09 13:28 --------- d-----w D:\Program Files\Common Files\xing shared
2008-05-09 13:28 --------- d-----w D:\Program Files\Common Files\Real
2008-05-09 13:26 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\WeatherWatcher
2008-05-09 13:21 --------- d-----w D:\Program Files\FilGoal.com
2008-05-09 13:21 --------- d-----w D:\Program Files\Conduit
2008-05-09 13:19 --------- d-----w D:\Program Files\Skype
2008-05-09 13:19 --------- d-----w D:\Program Files\Common Files\Skype
2008-05-09 13:19 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-09 13:19 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Skype
2008-05-09 13:18 --------- d-----w D:\Program Files\Yahoo!
2008-05-09 13:18 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-05-09 13:17 --------- d-----w D:\Program Files\MSN Messenger
2008-05-09 13:11 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 13:01 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Talkback
2008-04-14 02:55 1,804 ----a-w D:\WINDOWS\system32\Dcache.bin
2008-04-14 02:46 329,728 ----a-w D:\WINDOWS\system32\netsetup.exe
2008-04-14 02:43 92,424 ----a-w D:\WINDOWS\system32\rdpdd.dll
2008-04-14 02:43 87,176 ----a-w D:\WINDOWS\system32\rdpwsx.dll
2008-04-14 02:43 40,840 ----a-w D:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 02:43 299,520 ----a-w D:\WINDOWS\system32\drmclien.dll
2008-04-14 02:43 299,520 ----a-w D:\WINDOWS\system32\dllcache\drmclien.dll
2008-04-14 02:43 21,896 ----a-w D:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 02:43 2,109,440 ----a-w D:\WINDOWS\system32\dllcache\wmvcore.dll
2008-04-14 02:43 139,656 ----a-w D:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 02:43 12,168 ----a-w D:\WINDOWS\system32\tsddd.dll
2008-04-14 02:43 12,040 ----a-w D:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 02:41 98,304 ----a-w D:\WINDOWS\system32\actxprxy.dll
2008-04-14 02:40 67,584 ----a-w D:\WINDOWS\system32\dllcache\pmigrate.dll
2008-04-14 02:40 53,760 ----a-w D:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-04-14 02:40 53,279 ------w D:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:40 4,126 ----a-w D:\WINDOWS\system32\msdxmlc.dll
2008-04-14 02:40 4,126 ----a-w D:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 02:40 3,584 ----a-w D:\WINDOWS\system32\msafd.dll
2008-04-14 02:40 175,104 ----a-w D:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-04-14 02:40 15,872 ----a-w D:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 02:40 15,360 ----a-w D:\WINDOWS\system32\dllcache\padrs804.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{dae6f2e0-1d7b-4928-8a26-84e69271d804}]
03/13/2008 10:30 AM 1524248 --a------ D:\Program Files\FilGoal.com\tbFilG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DAE6F2E0-1D7B-4928-8A26-84E69271D804}"= "D:\Program Files\FilGoal.com\tbFilG.dll" [03/13/2008 10:30 AM 1524248]
[HKEY_CLASSES_ROOT\clsid\{dae6f2e0-1d7b-4928-8a26-84e69271d804}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DAE6F2E0-1D7B-4928-8A26-84E69271D804}"= D:\Program Files\FilGoal.com\tbFilG.dll [03/13/2008 10:30 AM 1524248]
[HKEY_CLASSES_ROOT\clsid\{dae6f2e0-1d7b-4928-8a26-84e69271d804}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="D:\Program Files\MessengerPlus! 3\MsgPlus.exe" [05/10/2008 04:53 PM 190024]
"Nokia.PCSync"="G:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [03/26/2008 06:41 PM 1232896]
"PC Suite Tray"="G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [04/16/2008 12:53 PM 1079808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [09/01/2004 10:00 AM 208952]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [09/01/2004 10:00 AM 455168]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [09/01/2004 10:00 AM 455168]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM 132496]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/09/2008 04:28 PM 185896]
"MessengerPlus3"="D:\Program Files\MessengerPlus! 3\MsgPlus.exe" [05/10/2008 04:53 PM 190024]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"RRT-Auto"="D:\Documents and Settings\Alftoh\Desktop\RRT.exe" [ ]
"SystemInit"="" []
"Karen"="" []
"raVe"="" []
"Win32BaseServiceMOD"="" []
"startIE"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"raVe"="" []
"Driver32"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 05:42 AM 15360]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - G:\Program Files\MSI\Bluetooth Software\BTTray.exe [3/31/2004 5:13:32 PM 507965]
Microtek Scanner Finder.lnk - G:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [3/24/2008 8:22:37 PM 335872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
G:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer]
D:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
--a------ 05/10/2004 05:34 AM 454656 D:\Program Files\LifeView TVR\RecSche.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
D:\W
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 02/01/2008 05:22 PM 21898024 D:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 10/02/2001 02:42 AM 10752 g:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
D:\WINDOWS\WDVRCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"G:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\النسخ الإحتياطية\\الهـــــامة\\Shear 5400\\السيرفرات العاملة\\waelbob\\ShareMax.exe"=
"G:\\النسخ الإحتياطية\\الهـــــامة\\Shear 5400\\السيرفرات العاملة\\hatch\\ShareMax.exe"=
"G:\\النسخ الإحتياطية\\الهـــــامة\\Shear 5400\\السيرفرات العاملة\\طبيب الحق\\ShareMax.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
"2008-06-06 14:15:04 D:\WINDOWS\Tasks\1-Click Maintenance.job"
- G:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-06-15 02:18:57
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
Completion time: 06/15/2008 2:22:22
ComboFix-quarantined-files.txt 2008-06-14 23:22:08
Pre-Run: 720,326,656 bytes free
Post-Run: 712,110,080 bytes free
237 --- E O F --- 2008-05-09 13:42:49
ComboFix 08-06-12.2 - Alftoh 06/15/2008 2:02:00.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.149 [GMT 3:00]
Running from: D:\Documents and Settings\Alftoh\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\MabryObj.dll
D:\WINDOWS\v10neformatic.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 10:24 --------- d-----w D:\Program Files\AviSynth 2.5
2008-06-13 22:23 2,079 ----a-w D:\WINDOWS\system32\M1achardks.dll
2008-06-12 14:06 32 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-12 14:06 32 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-12 14:06 32 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 14:06 32 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 15:04 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Nokia Multimedia Player
2008-06-09 20:14 0 ---ha-w D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-09 20:14 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-09 20:07 --------- d-----w D:\Program Files\Common Files\PCSuite
2008-06-09 20:07 --------- d-----w D:\Program Files\Common Files\Nokia
2008-06-09 20:03 --------- d-----w D:\Program Files\PC Connectivity Solution
2008-06-06 13:35 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\LimeWire
2008-05-31 11:48 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Media Player Classic
2008-05-29 20:14 --------- d-----w D:\Program Files\Cryptomathic
2008-05-29 18:11 88,774 ----a-w D:\WINDOWS\system32\drivers\klick.dat
2008-05-29 17:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-28 23:23 96,966 ----a-w D:\WINDOWS\system32\drivers\klin.dat
2008-05-28 23:23 112,144 ----a-w D:\WINDOWS\system32\drivers\kl1.sys
2008-05-24 03:55 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Thinstall
2008-05-23 13:03 --------- d-----w D:\Program Files\BuddyCheck
2008-05-23 13:03 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Nuotex
2008-05-23 12:26 --------- d-----w D:\Program Files\Common Files\Ahead
2008-05-19 22:34 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-19 22:33 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-05-18 00:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-17 13:36 4,608 ----a-w D:\WINDOWS\system32\w95inf32.dll
2008-05-17 13:36 2,272 ----a-w D:\WINDOWS\system32\w95inf16.dll
2008-05-17 08:55 --------- d-----w D:\Program Files\TelecomEgypt
2008-05-16 11:12 --------- d-----w D:\Program Files\ExtraTools
2008-05-12 22:21 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\IDM
2008-05-12 22:21 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\DMCache
2008-05-10 22:01 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Gracebyte Software
2008-05-10 17:39 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-10 17:39 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\skypePM
2008-05-10 17:03 160,107 ----a-w D:\WINDOWS\رفيق الأزواج Uninstaller.exe
2008-05-10 16:13 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\DAEMON Tools Pro
2008-05-10 15:14 4,100 ----a-w D:\WINDOWS\system32\hdvirffo.dll
2008-05-10 15:03 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\DAEMON Tools
2008-05-10 14:39 --------- d-----w D:\Program Files\Microsoft.NET
2008-05-10 14:39 --------- d-----w D:\Program Files\Microsoft ActiveSync
2008-05-10 14:39 --------- d-----w D:\Program Files\Common Files\L&H
2008-05-10 14:35 715,248 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-05-10 13:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-10 13:52 --------- d-----w D:\Program Files\MessengerPlus! 3
2008-05-09 13:54 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\TuneUp Software
2008-05-09 13:53 --------- d-----w D:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-09 13:51 --------- d-----w D:\Program Files\Kaspersky Lab
2008-05-09 13:51 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-09 13:50 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-09 13:48 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\EditPlus 2
2008-05-09 13:46 --------- d-----w D:\Program Files\Java
2008-05-09 13:46 --------- d-----w D:\Program Files\Common Files\Java
2008-05-09 13:45 --------- d-----w D:\Program Files\Teletext
2008-05-09 13:44 --------- d-----w D:\Program Files\LifeView TVR
2008-05-09 13:39 --------- d-----w D:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-09 13:39 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Nokia
2008-05-09 13:37 --------- d-----w D:\Program Files\DIFX
2008-05-09 13:37 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\PC Suite
2008-05-09 13:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Installations
2008-05-09 13:35 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Nero
2008-05-09 13:28 499,712 ----a-w D:\WINDOWS\system32\msvcp71.dll
2008-05-09 13:28 348,160 ----a-w D:\WINDOWS\system32\msvcr71.dll
2008-05-09 13:28 --------- d-----w D:\Program Files\Real
2008-05-09 13:28 --------- d-----w D:\Program Files\Common Files\xing shared
2008-05-09 13:28 --------- d-----w D:\Program Files\Common Files\Real
2008-05-09 13:26 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\WeatherWatcher
2008-05-09 13:21 --------- d-----w D:\Program Files\FilGoal.com
2008-05-09 13:21 --------- d-----w D:\Program Files\Conduit
2008-05-09 13:19 --------- d-----w D:\Program Files\Skype
2008-05-09 13:19 --------- d-----w D:\Program Files\Common Files\Skype
2008-05-09 13:19 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-09 13:19 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Skype
2008-05-09 13:18 --------- d-----w D:\Program Files\Yahoo!
2008-05-09 13:18 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-05-09 13:17 --------- d-----w D:\Program Files\MSN Messenger
2008-05-09 13:11 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 13:01 --------- d-----w D:\Documents and Settings\Alftoh\Application Data\Talkback
2008-04-14 02:55 1,804 ----a-w D:\WINDOWS\system32\Dcache.bin
2008-04-14 02:46 329,728 ----a-w D:\WINDOWS\system32\netsetup.exe
2008-04-14 02:43 92,424 ----a-w D:\WINDOWS\system32\rdpdd.dll
2008-04-14 02:43 87,176 ----a-w D:\WINDOWS\system32\rdpwsx.dll
2008-04-14 02:43 40,840 ----a-w D:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 02:43 299,520 ----a-w D:\WINDOWS\system32\drmclien.dll
2008-04-14 02:43 299,520 ----a-w D:\WINDOWS\system32\dllcache\drmclien.dll
2008-04-14 02:43 21,896 ----a-w D:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 02:43 2,109,440 ----a-w D:\WINDOWS\system32\dllcache\wmvcore.dll
2008-04-14 02:43 139,656 ----a-w D:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 02:43 12,168 ----a-w D:\WINDOWS\system32\tsddd.dll
2008-04-14 02:43 12,040 ----a-w D:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 02:41 98,304 ----a-w D:\WINDOWS\system32\actxprxy.dll
2008-04-14 02:40 67,584 ----a-w D:\WINDOWS\system32\dllcache\pmigrate.dll
2008-04-14 02:40 53,760 ----a-w D:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-04-14 02:40 53,279 ------w D:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:40 4,126 ----a-w D:\WINDOWS\system32\msdxmlc.dll
2008-04-14 02:40 4,126 ----a-w D:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 02:40 3,584 ----a-w D:\WINDOWS\system32\msafd.dll
2008-04-14 02:40 175,104 ----a-w D:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-04-14 02:40 15,872 ----a-w D:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 02:40 15,360 ----a-w D:\WINDOWS\system32\dllcache\padrs804.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{dae6f2e0-1d7b-4928-8a26-84e69271d804}]
03/13/2008 10:30 AM 1524248 --a------ D:\Program Files\FilGoal.com\tbFilG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DAE6F2E0-1D7B-4928-8A26-84E69271D804}"= "D:\Program Files\FilGoal.com\tbFilG.dll" [03/13/2008 10:30 AM 1524248]
[HKEY_CLASSES_ROOT\clsid\{dae6f2e0-1d7b-4928-8a26-84e69271d804}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DAE6F2E0-1D7B-4928-8A26-84E69271D804}"= D:\Program Files\FilGoal.com\tbFilG.dll [03/13/2008 10:30 AM 1524248]
[HKEY_CLASSES_ROOT\clsid\{dae6f2e0-1d7b-4928-8a26-84e69271d804}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="D:\Program Files\MessengerPlus! 3\MsgPlus.exe" [05/10/2008 04:53 PM 190024]
"Nokia.PCSync"="G:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [03/26/2008 06:41 PM 1232896]
"PC Suite Tray"="G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [04/16/2008 12:53 PM 1079808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [09/01/2004 10:00 AM 208952]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [09/01/2004 10:00 AM 455168]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [09/01/2004 10:00 AM 455168]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM 132496]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/09/2008 04:28 PM 185896]
"MessengerPlus3"="D:\Program Files\MessengerPlus! 3\MsgPlus.exe" [05/10/2008 04:53 PM 190024]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
"RRT-Auto"="D:\Documents and Settings\Alftoh\Desktop\RRT.exe" [ ]
"SystemInit"="" []
"Karen"="" []
"raVe"="" []
"Win32BaseServiceMOD"="" []
"startIE"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"raVe"="" []
"Driver32"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 05:42 AM 15360]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - G:\Program Files\MSI\Bluetooth Software\BTTray.exe [3/31/2004 5:13:32 PM 507965]
Microtek Scanner Finder.lnk - G:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [3/24/2008 8:22:37 PM 335872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
G:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer]
D:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
--a------ 05/10/2004 05:34 AM 454656 D:\Program Files\LifeView TVR\RecSche.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
D:\W
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 02/01/2008 05:22 PM 21898024 D:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 10/02/2001 02:42 AM 10752 g:\Program Files\Winamp\Winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
D:\WINDOWS\WDVRCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"G:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\النسخ الإحتياطية\\الهـــــامة\\Shear 5400\\السيرفرات العاملة\\waelbob\\ShareMax.exe"=
"G:\\النسخ الإحتياطية\\الهـــــامة\\Shear 5400\\السيرفرات العاملة\\hatch\\ShareMax.exe"=
"G:\\النسخ الإحتياطية\\الهـــــامة\\Shear 5400\\السيرفرات العاملة\\طبيب الحق\\ShareMax.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
*Newly Created Service* - CATCHME
.
s of the 'Scheduled Tasks' folder
"2008-06-06 14:15:04 D:\WINDOWS\Tasks\1-Click Maintenance.job"
- G:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-06-15 02:18:57
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
Completion time: 06/15/2008 2:22:22
ComboFix-quarantined-files.txt 2008-06-14 23:22:08
Pre-Run: 720,326,656 bytes free
Post-Run: 712,110,080 bytes free
237 --- E O F --- 2008-05-09 13:42:49
توقيع : click
تأييد
0
click
زيزوومى مبدع
- إنضم
- 8 أكتوبر 2007
- المشاركات
- 1,075
- مستوى التفاعل
- 127
- النقاط
- 650
غير متصل
تقرير الهايجاك اخي الغالي
Logfile of HijackThis v1.99.1
Scan saved at 02:26:16 ص, on 15/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Messenger\msmsgs.exe
G:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\lvhidsvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\svchost.exe
G:\Program Files\MSI\Bluetooth Software\BTTray.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
G:\PROGRA~2\MSI\BLUETO~1\BTSTAC~1.EXE
D:\WINDOWS\explorer.exe
D:\Documents and Settings\Alftoh\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FilGoal.com Toolbar - {dae6f2e0-1d7b-4928-8a26-84e69271d804} - D:\Program Files\FilGoal.com\tbFilG.dll
O3 - Toolbar: FilGoal.com Toolbar - {dae6f2e0-1d7b-4928-8a26-84e69271d804} - D:\Program Files\FilGoal.com\tbFilG.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RRT-Auto] D:\Documents and Settings\Alftoh\Desktop\RRT.exe auto
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Nokia.PCSync] "G:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microtek Scanner Finder.lnk = G:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://g:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - G:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - G:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - G:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - G:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - g:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF99C3BC-5036-4656-987B-385DADD0FAE8}: NameServer = 163.121.128.134,163.121.128.135
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - D:\WINDOWS\system32\wowctl2.dll
O18 - Protocol: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - D:\WINDOWS\system32\eztoolslib2.dll
O18 - Protocol: x-zip - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: zip - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - G:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - D:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
ولك كل الشكر
Logfile of HijackThis v1.99.1
Scan saved at 02:26:16 ص, on 15/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Messenger\msmsgs.exe
G:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\lvhidsvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\svchost.exe
G:\Program Files\MSI\Bluetooth Software\BTTray.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
G:\PROGRA~2\MSI\BLUETO~1\BTSTAC~1.EXE
D:\WINDOWS\explorer.exe
D:\Documents and Settings\Alftoh\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FilGoal.com Toolbar - {dae6f2e0-1d7b-4928-8a26-84e69271d804} - D:\Program Files\FilGoal.com\tbFilG.dll
O3 - Toolbar: FilGoal.com Toolbar - {dae6f2e0-1d7b-4928-8a26-84e69271d804} - D:\Program Files\FilGoal.com\tbFilG.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RRT-Auto] D:\Documents and Settings\Alftoh\Desktop\RRT.exe auto
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Nokia.PCSync] "G:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "G:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microtek Scanner Finder.lnk = G:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://g:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - G:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - G:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - G:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - G:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - g:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - G:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF99C3BC-5036-4656-987B-385DADD0FAE8}: NameServer = 163.121.128.134,163.121.128.135
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - D:\WINDOWS\system32\wowctl2.dll
O18 - Protocol: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - D:\WINDOWS\system32\eztoolslib2.dll
O18 - Protocol: x-zip - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: zip - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - G:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - D:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
ولك كل الشكر
توقيع : click
تأييد
0
LINEZERO
زيزوومى محترف
غير متصل
بعد اذن اخي بووب
(1)
قم بعمل فحص جديد بواسطة الهايجاك >>> ثم تحديد القيم التاليه وحذفهم
(2)
نزل الأداة عندك
واغلق برنامج الحمايه قبل تنزليها
ويستحسن تشغيلها في الوضع الآمن
وبعد التشغيل اضغط رقم ( 2 ) بعدين انتر
اتركها تفحص لين تعطيك اختيار بتنظيف الريجستري ام لا
اكتب حرف ( y ) بعدين انتر
بعد ما تنتهي يطلع لك تقرير
ارفعه لي برابط
(3)
تقرير هايجاك جديد
(1)
قم بعمل فحص جديد بواسطة الهايجاك >>> ثم تحديد القيم التاليه وحذفهم
كود:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF99C3BC-5036-4656-987B-385DADD0FAE8}: NameServer = [URL="http://www.hijackthis.de/whois.php"]163.121.128.134[/URL],[URL="http://www.hijackthis.de/whois.php"]163.121.128.135[/URL]
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - D:\WINDOWS\system32\wowctl2.dll
O18 - Protocol: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - D:\WINDOWS\system32\eztoolslib2.dll
O18 - Protocol: x-zip - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O18 - Protocol: zip - {8D32BA61-D15B-11D4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)(2)
نزل الأداة عندك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
واغلق برنامج الحمايه قبل تنزليها
ويستحسن تشغيلها في الوضع الآمن
وبعد التشغيل اضغط رقم ( 2 ) بعدين انتر
اتركها تفحص لين تعطيك اختيار بتنظيف الريجستري ام لا
اكتب حرف ( y ) بعدين انتر
بعد ما تنتهي يطلع لك تقرير
ارفعه لي برابط
(3)
تقرير هايجاك جديد
توقيع : LINEZERO
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
عزيزي شوف المشاركة الي قبل مشاركتك في الصفحة الثالثة
تحياتي
تحياتي
توقيع : فارس الملاك
تأييد
0