مشكله نادره عند تشغيل البالتوك ..!

  • بادئ الموضوع بادئ الموضوع Y-A-S
  • تاريخ البدء تاريخ البدء
  • المشاهدات 654
Y

Y-A-S

زيزوومى متألق
إنضم
7 مايو 2009
المشاركات
327
مستوى التفاعل
2
النقاط
390
الإقامة
KSA
الموقع الالكتروني
www.sdsdsd.com
غير متصل
السلام عليكم ..

اسعد الله مساءكم .. ياشباب اليوم فرمت الجهاز وبعد تنزيل البرامج

لاحظت انه برنامج البالتوك في بعض الأحيان النادره يقفل ويجيني مربع حدوث الخطا اللي دايم نشوفه بالأجهزه ..

والأن حدثت مشكله ثانيه بالمتصفح انترنت اكسبلورر 8 وكأني لمحت مربع يقولي حدث خطا بسبب تول بار .." اختفى بسرعه المربع " وقلت مالي غير الزيزوم والمبدعين الي فيه يقولون لي اذا الجهاز فيه مشكله او شي .. :?:


سويت تقرير للهايجاك .. وابغاكم تقولون لي ايش الشي اللي احذفه او يكون هو المسؤول عن المشكله .. لأني بحل كل المشكاكل وانزل الديب فريز واريح راسي من المشاكل اللي كل يوم تطلع لي بالوندوز :cr:


التقرير : \


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:30:55 م, on 07/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SplitCam\SplitCam.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pc\My Documents\Downloads\Programs\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\Tray 16.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ChicThat] C:\DOCUME~1\pc\APPLIC~1\BLEHSL~1\DOESSTORE.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
--
End of file - 7228 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
احف التالي
O4 - HKCU\..\Run: [ChicThat] C:\DOCUME~1\pc\APPLIC~1\BLEHSL~1\DOESSTORE.exe
FONT=Times New Roman]
طريقة الحذف



mg%20%283%29.png





mg%20%284%29.png
[/FONT]


بعدها

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم



عطل برنامج الحمايه واستخدم اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png


005.png

ثم قم بعمل تقرير هايجاك جديد
 
التعديل الأخير بواسطة المشرف:
تأييد 0
تقرير الـ combofix



ComboFix 09-06-06.04 - pc 06/07/2009 18:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1014.644 [GMT 3:00]
Running from: c:\documents and settings\pc\My Documents\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {B02B524A-0C22-45DD-A6D1-70C7010CE58E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.
2009-06-07 15:01 . 2009-06-07 15:04 4096 ----a-w- c:\documents and settings\pc\Application Data\IDM\DwnlData\pc\SmitfraudFix_27\SmitfraudFix.exe
2009-06-07 14:08 . 2008-02-15 09:49 159744 ----a-w- c:\windows\system32\igfxres.dll
2009-06-07 14:05 . 2008-02-15 10:12 57344 ----a-w- c:\windows\system32\igxprd32.dll
2009-06-07 14:05 . 2008-02-15 10:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2009-06-07 14:05 . 2008-02-15 10:12 1670144 ----a-w- c:\windows\system32\igxpdv32.dll
2009-06-07 14:05 . 2008-02-15 10:12 2643968 ----a-w- c:\windows\system32\igxpdx32.dll
2009-06-07 14:05 . 2008-02-15 10:12 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2009-06-07 14:05 . 2008-02-15 10:12 151040 ----a-w- c:\windows\system32\igxpgd32.dll
2009-06-07 14:05 . 2008-03-07 09:56 920088 ----a-w- c:\windows\system32\igxpun.exe
2009-06-07 14:05 . 2006-11-10 05:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-06-07 09:54 . 2009-06-07 09:54 -------- d-----w- c:\documents and settings\pc\Application Data\Media Player Classic
2009-06-07 09:40 . 2009-06-07 14:05 -------- d-----w- c:\windows\system32\Lang
2009-06-07 09:37 . 2009-06-07 09:37 -------- d-----w- c:\program files\TOSHIBA
2009-06-07 08:15 . 2006-08-01 12:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-06-07 08:15 . 2008-04-13 21:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-06-07 08:15 . 2008-04-13 21:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-06-07 08:15 . 2008-04-13 21:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-06-07 08:15 . 2008-04-13 21:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-06-07 08:15 . 2008-04-13 19:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-06-07 08:15 . 2008-04-13 21:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-06-07 08:15 . 2008-04-13 21:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-06-07 08:15 . 2008-04-13 21:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-06-07 06:09 . 2009-06-07 06:09 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2009-06-07 06:07 . 2009-06-07 06:07 -------- d-----w- c:\program files\SplitCam
2009-06-07 06:00 . 2009-06-07 06:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-07 05:47 . 2009-06-07 06:35 -------- d-----w- c:\documents and settings\pc\Application Data\Paltalk
2009-06-07 05:47 . 2009-06-07 05:48 -------- d-----w- c:\program files\Paltalk Messenger
2009-06-07 05:47 . 2009-06-07 05:47 -------- d-----w- c:\windows\PaltalkScene
2009-06-07 05:36 . 2007-07-25 15:17 90880 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-06-07 04:52 . 2009-06-07 04:52 0 ----a-w- c:\windows\nsreg.dat
2009-06-07 04:51 . 2009-06-07 04:51 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Mozilla
2009-06-07 04:45 . 2009-06-07 04:45 -------- d-----w- c:\windows\Sun
2009-06-07 01:00 . 2008-04-14 00:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 15:11 . 2009-06-06 23:38 -------- d-----w- c:\documents and settings\pc\Application Data\DMCache
2009-06-07 14:13 . 2008-04-15 11:00 71384 ----a-w- c:\windows\system32\perfc001.dat
2009-06-07 14:13 . 2008-04-15 11:00 375946 ----a-w- c:\windows\system32\perfh001.dat
2009-06-07 09:38 . 2009-06-06 22:32 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-07 09:37 . 2009-06-06 22:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 08:14 . 2009-06-06 23:53 -------- d-----w- c:\program files\Realtek
2009-06-07 08:14 . 2009-06-07 08:14 315392 ----a-w- c:\windows\HideWin.exe
2009-06-07 07:21 . 2009-06-07 00:24 -------- d-----w- c:\documents and settings\pc\Application Data\bleh slow
2009-06-07 07:21 . 2009-06-07 00:20 -------- d-----w- c:\program files\Circle Deveopement
2009-06-07 04:40 . 2009-06-06 22:27 -------- d-----w- c:\program files\Internet Download Manager
2009-06-07 00:43 . 2009-06-07 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-07 00:35 . 2009-06-07 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\each new axis love
2009-06-07 00:34 . 2009-06-07 00:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-07 00:34 . 2009-06-07 00:34 -------- d-----w- c:\program files\Common Files\Real
2009-06-07 00:34 . 2009-04-07 12:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-07 00:34 . 2009-06-07 00:34 -------- d-----w- c:\program files\Real
2009-06-07 00:33 . 2009-06-07 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-07 00:33 . 2009-06-07 00:33 -------- d-----w- c:\program files\Avira
2009-06-07 00:24 . 2009-06-07 00:24 -------- d-----w- c:\program files\bleh slow
2009-06-07 00:20 . 2009-06-07 00:20 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-07 00:19 . 2009-06-07 00:19 16504 ----a-w- c:\documents and settings\pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 00:09 . 2009-06-07 00:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-07 00:03 . 2009-06-07 00:03 -------- d-----w- c:\program files\CamStudio
2009-06-06 23:47 . 2009-06-06 23:38 -------- d-----w- c:\documents and settings\pc\Application Data\IDM
2009-06-06 23:44 . 2009-06-06 23:44 -------- d-----w- c:\program files\Intel
2009-06-06 23:38 . 2009-06-06 23:38 181680 ----a-w- c:\documents and settings\pc\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-06 23:37 . 2009-06-06 23:37 -------- d-----w- c:\program files\ma-config.com
2009-06-06 23:37 . 2009-06-06 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-06-06 23:06 . 2009-06-06 23:06 -------- d-----w- c:\program files\Realtek WLAN driver
2009-06-06 23:03 . 2009-06-06 22:33 -------- d-----w- c:\program files\Atheros
2009-06-06 23:03 . 2009-06-06 23:03 -------- d-----w- c:\documents and settings\pc\Application Data\InstallShield
2009-06-06 23:02 . 2009-06-06 23:02 -------- d-----w- c:\program files\DIFX
2009-06-06 22:32 . 2009-06-06 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2009-06-06 22:28 . 2009-06-06 22:28 -------- d-----w- c:\program files\Windows Live
2009-06-06 22:28 . 2009-06-06 22:28 318 ----a-r- c:\documents and settings\pc\Application Data\Microsoft\Installer\{1CB92574-96F2-467B-B793-5CEB35C40C29}\ARPPRODUCTICON.exe
2009-06-06 22:27 . 2009-06-06 22:27 318 ----a-r- c:\documents and settings\pc\Application Data\Microsoft\Installer\{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}\ARPPRODUCTICON.exe
2009-06-06 22:27 . 2009-06-06 22:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-06 22:27 . 2009-06-06 22:27 -------- d-----w- c:\program files\Java
2009-06-06 22:27 . 2009-06-06 22:27 -------- d-----w- c:\program files\UltraISO
2009-06-06 22:27 . 2009-06-06 22:27 -------- d-----w- c:\program files\Extension Changer
2009-06-06 22:26 . 2009-06-06 22:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-06 22:13 . 2009-06-06 22:13 2272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-06 22:13 . 2009-06-06 22:13 -------- d-----w- c:\program files\MSBuild
2009-06-06 22:13 . 2009-06-06 22:13 -------- d-----w- c:\program files\Reference Assemblies
2009-06-06 22:05 . 2009-06-06 22:05 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-06 22:02 . 2009-06-06 22:02 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-06 22:02 . 2009-06-06 22:02 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-09 06:47 . 2009-06-06 23:44 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-04-07 12:41 . 2009-04-07 12:41 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-04-07 12:41 . 2009-04-07 12:41 139264 ----a-w- c:\windows\system32\sfc_os.dll
2009-04-07 12:39 . 2009-04-07 12:39 1574912 ----a-w- c:\windows\system32\wmvencod.dll
2009-04-07 12:38 . 2009-04-07 12:38 45056 ----a-w- c:\windows\system32\mfc71CHT.dll
2009-03-30 07:33 . 2009-06-07 00:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-03-24 13:08 . 2009-06-07 00:33 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-03-16 18:18 . 2009-06-06 22:08 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 18:18 . 2009-06-06 22:08 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 18:18 . 2009-06-06 22:08 235352 ----a-w- c:\windows\system32\XactEngine3_4.dll
2009-03-16 18:18 . 2009-06-06 22:08 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-13 21:25 . 2009-04-25 03:55 25088 ----a-w- c:\windows\system32\msxml3a.dll
2009-03-09 19:27 . 2009-06-06 22:08 4178264 ----a-w- c:\windows\system32\d3dx9_41.dll
2009-03-09 19:27 . 2009-06-06 22:08 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 19:27 . 2009-06-06 22:08 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
.
------- Sigcheck -------
[-] 2008-11-07 08:52 1571328 CA1867A515E40A015BA6D9ADD83FB823 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-22 2745776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-07 198160]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-7 113664]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-4-25 11057664]
«©م، ¢¬نïé Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [07/06/2009 03:33 ص 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [07/06/2009 03:33 ص 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [07/06/2009 03:33 ص 432897]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [07/06/2009 02:03 ص 57408]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 05:13 م 234864]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-07 c:\windows\Tasks\User_Feed_Synchronization-{6225C888-F9DB-4BFA-9E2D-4F0E8098D4C6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-axis love poll lite - c:\documents and settings\All Users\Application Data\each new axis love\Tray 16.exe
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\xgq9i4y7.default\
FF - component: c:\documents and settings\pc\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-07 18:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1372)
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-06-07 18:12
ComboFix-quarantined-files.txt 2009-06-07 15:12
Pre-Run: 66,445,709,312 bytes free
Post-Run: 66,523,742,208 bytes free
203



تقرير SmitFraudFix


SmitFraudFix v2.419
Scan done at 18:15:32.84, Sun 06/07/2009
Run from C:\Documents and Settings\pc\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) Wireless WiFi Link 4965AGN - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8C928F51-10EB-4CC7-8CF5-F23FB1D892E7}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8C928F51-10EB-4CC7-8CF5-F23FB1D892E7}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8C928F51-10EB-4CC7-8CF5-F23FB1D892E7}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى