عندي مشكله مع الـ Avira AntiVir

[الضامي66]

سلام عليكم ..


مساء الخير للجميع ..

لو سمحتم عندي مشكلتين مش واحده وممكن اعرضها عليكم واللي عنده حل لا يبخل علينا ..

المشكله الاولى ::

وهي اني حملت ماسنجر ديسكفري وبعدها بيومين قمت وحذفته من عتدي لكن غثني برساله كل ما جيت ابفتح المسن تضهر لي الرساله هذي
---------------------------
MessengerDiscovery 2.Net Loader
---------------------------
Registry open error.
Please re-install or seek help on our forums.
---------------------------
OK
---------------------------


والمشكله الثانيه ::

اذا بغيت احدث Avira AntiVir

تطلع لي هذه الرساله

---------------------------
Avira AntiVir Personal - Free Antivirus
---------------------------
The following error occurred when trying to start the update:
The program to execute is invalid or destroyed..
---------------------------
OK
---------------------------


وأيضاً صار عندي الـ D والــ C ما يفتحون الا عن طريق Explore


ولا اعرف وش هي المشكله ؟؟

وجزاكم الله خيرا..


أخوكم ..

 

[MAAX]

الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

 

[الضامي66]

السلام عليكم..

هذا التقرير اللي طلع معي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:22 ص, on 13/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ksu.edu.sa:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7484 bytes

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

 

[الضامي66]

ComboFix 09-06-12.02 - USER 06/13/2009 1:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2940.2523 [GMT 3:00]
Running from: D:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\recycler\S-1-5-21-9294811633-1765901151-991737872-3299\hod.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys

((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.
2009-06-12 21:52 . 2009-06-12 21:52 -------- d-----w- c:\program files\Trend Micro
2009-06-12 21:14 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-12 21:14 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-12 21:14 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-12 21:14 . 2009-06-12 21:14 -------- d-----w- c:\program files\Avira
2009-06-12 21:14 . 2009-06-12 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-09 01:13 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-08 21:04 . 2007-10-23 06:27 110592 ----a-w- c:\documents and settings\USER\Application Data\U3\temp\cleanup.exe
2009-06-08 21:03 . 2008-05-02 07:41 3493888 ---ha-w- c:\documents and settings\USER\Application Data\U3\temp\Launchpad Removal.exe
2009-06-08 21:02 . 2009-06-08 21:04 -------- d-----w- c:\documents and settings\USER\Application Data\U3
2009-06-08 15:11 . 2009-06-09 00:29 -------- d-----w- c:\documents and settings\USER\Application Data\MessengerDiscovery 2
2009-06-06 10:26 . 2009-06-12 02:44 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Adobe
2009-06-06 10:26 . 2009-06-12 02:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 12:04 . 2008-03-14 07:31 100096 ----a-w- c:\windows\system32\drivers\br3gmdm.sys
2009-06-05 12:04 . 2009-06-05 12:04 -------- d-----w- c:\program files\BandRich
2009-06-05 11:40 . 2009-06-05 11:40 -------- d--h--w- c:\windows\PIF
2009-06-01 22:58 . 2009-06-01 22:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-01 22:57 . 2009-06-01 22:57 152576 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-01 22:54 . 2009-06-01 22:54 -------- d-----w- c:\windows\Sun
2009-06-01 17:28 . 2009-06-01 17:28 -------- d--h--w- c:\windows\$hf_mig$
2009-06-01 17:19 . 2009-06-01 17:19 75376 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\sgc15.exe
2009-06-01 17:19 . 2009-06-09 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-01 17:19 . 2009-06-09 21:50 -------- d-----w- c:\program files\NOS
2009-05-31 20:08 . 2009-05-31 20:08 667976 ----a-w- c:\windows\system32\360x180° Mekan.scr
2009-05-31 20:08 . 2009-05-31 20:08 -------- d-----w- c:\windows\system32\mekanlar
2009-05-31 20:08 . 2009-05-31 20:08 4096 ----a-w- c:\windows\d3dx.dat
2009-05-28 16:37 . 2009-05-28 16:37 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-27 11:16 . 2001-08-17 10:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-27 11:16 . 2001-08-17 10:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-27 11:16 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-27 11:16 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-27 09:52 . 2009-05-26 21:08 5167952 ----a-w- c:\program files\MsgPlusLive-481.exe
2009-05-27 09:49 . 2009-05-27 11:15 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-27 09:35 . 2009-06-07 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-27 09:32 . 2009-06-10 19:04 -------- d-----w- c:\program files\Circl Developement
2009-05-27 09:32 . 2009-05-27 09:55 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-27 09:32 . 2009-05-27 09:32 -------- d-----w- c:\program files\Windows Live
2009-05-27 09:29 . 2009-06-11 23:33 -------- d-----w- c:\documents and settings\USER\Contacts
2009-05-27 09:28 . 2009-06-08 15:10 -------- d-----w- c:\program files\MSN Messenger
2009-05-26 20:56 . 2009-06-08 21:19 -------- d-----w- c:\program files\Web Publish
2009-05-26 19:04 . 2009-05-26 19:04 -------- d-----w- c:\documents and settings\USER\Application Data\vlc
2009-05-26 19:04 . 2009-05-26 19:04 -------- d-s---w- c:\documents and settings\USER\UserData
2009-05-26 19:04 . 2009-05-29 00:33 -------- d-----w- c:\documents and settings\USER\Application Data\dvdcss
2009-05-26 19:04 . 2009-05-26 19:04 -------- d-----w- c:\documents and settings\USER\Application Data\GRETECH
2009-05-26 19:04 . 2009-05-26 19:04 -------- d-----w- c:\documents and settings\USER\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 22:58 . 2009-05-26 04:20 -------- d-----w- c:\program files\Java
2009-05-31 13:43 . 2009-05-26 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-27 09:31 . 2009-05-26 04:03 99496 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 05:36 . 2009-05-26 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TOSHIBA
2009-05-26 05:02 . 2009-05-26 04:30 -------- d-----w- c:\program files\TOSHIBA
2009-05-26 05:00 . 2009-05-26 05:00 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2009-05-26 05:00 . 2009-05-26 04:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 04:49 . 2009-05-26 04:49 -------- d-----w- c:\program files\Synaptics
2009-05-26 04:35 . 2009-05-26 04:35 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2009-05-26 04:31 . 2009-05-26 04:31 -------- d-----w- c:\documents and settings\USER\Application Data\InstallShield
2009-05-26 04:30 . 2009-05-26 04:30 -------- d-----w- c:\program files\ltmoh
2009-05-26 04:28 . 2009-05-26 04:28 -------- d-----w- c:\program files\Realtek
2009-05-26 04:28 . 2009-05-26 04:28 315392 ----a-w- c:\windows\HideWin.exe
2009-05-26 04:28 . 2009-05-26 04:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-26 04:26 . 2009-05-26 04:26 -------- d-----w- c:\program files\Intel
2009-05-26 04:20 . 2009-05-26 04:20 -------- d-----w- c:\program files\Common Files\Java
2009-05-26 04:20 . 2009-05-26 04:20 2232 ----a-w- c:\windows\java\Packages\Data\Z1NRPNNH.DAT
2009-05-26 04:20 . 2009-05-26 04:20 155995 ----a-w- c:\windows\java\Packages\M5V33HBD.ZIP
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\EOE0CQBB.DAT
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\0617V3TF.DAT
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\O9JHBFLR.DAT
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\CSCI97XZ.DAT
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\7H7HZFX3.DAT
2009-05-26 04:19 . 2009-05-26 04:19 -------- d-----w- c:\program files\GRETECH
2009-05-26 04:19 . 2009-05-26 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-26 04:19 . 2009-05-26 04:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-26 04:18 . 2009-05-26 04:18 -------- d-----w- c:\program files\CyberLink
2009-05-26 04:18 . 2009-05-26 04:16 -------- d-----w- c:\program files\mpegable
2009-05-26 04:17 . 2009-05-26 04:17 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-26 04:17 . 2009-05-26 04:17 -------- d-----w- c:\program files\Common Files\Real
2009-05-26 04:17 . 2009-05-26 04:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-26 04:17 . 2009-05-26 04:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-26 04:17 . 2009-05-26 04:17 -------- d-----w- c:\program files\Real
2009-05-26 04:16 . 2009-05-26 04:16 -------- d-----w- c:\program files\VideoLAN
2009-05-26 04:16 . 2009-05-26 04:16 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-26 04:16 . 2009-05-26 04:16 -------- d-----w- c:\program files\Microsoft Works
2009-05-26 04:16 . 2009-05-26 04:16 -------- d-----w- c:\program files\MSBuild
2009-05-26 04:14 . 2009-05-26 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-26 04:07 . 2009-05-26 03:57 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-26 03:58 . 2009-05-26 03:58 -------- d-----w- c:\program files\microsoft frontpage
2009-05-26 03:54 . 2009-05-26 03:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-05-23 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-26 185872]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 148888]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-31 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-31 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-31 141848]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1024000]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-31 16860672]
"TFncKy"="TFncKy.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-05-23 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-12-18 2360648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/06/2009 12:14 ص 108289]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [03/06/2008 10:12 ص 87264]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [26/05/2009 07:30 ص 5888]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [26/05/2009 07:33 ص 110080]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [05/06/2009 03:04 م 100096]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SSMDRV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = proxy.ksu.edu.sa:8080
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-13 01:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CF5001.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-12 1:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-12 22:10
Pre-Run: 63,270,133,760 bytes free
Post-Run: 63,720,472,576 bytes free
196

 

[MAAX]

الان اعمل تقرير هايجاك جديد

 

[فارس الملاك]

الان اعمل تقرير هايجاك جديد

k:k:k:​

 

[ابو تيمور]

اعتقد فايروس اوتورن

 

[الضامي66]

السلام عليكم ... مساء الخير اخوي ماكس


هذا التقرير الثاني ..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:07 م, on 14/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ksu.edu.sa:8080
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7756 bytes

 

[الضامي66]

ComboFix 09-06-13.09 - USER 06/14/2009 23:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2940.2536 [GMT 3:00]
Running from: D:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\recycler\S-1-5-21-6601608695-5016373099-819584395-0581\hod.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-13 10:32 . 2009-06-11 10:46 103184 --sh--r- C:\9dlvtiil.exe
2009-06-12 21:52 . 2009-06-12 21:52 -------- d-----w- c:\program files\Trend Micro
2009-06-12 21:14 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-12 21:14 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-12 21:14 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-12 21:14 . 2009-06-12 21:14 -------- d-----w- c:\program files\Avira
2009-06-12 21:14 . 2009-06-12 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-09 01:13 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-08 21:04 . 2007-10-23 06:27 110592 ----a-w- c:\documents and settings\USER\Application Data\U3\temp\cleanup.exe
2009-06-08 21:03 . 2008-05-02 07:41 3493888 ---ha-w- c:\documents and settings\USER\Application Data\U3\temp\Launchpad Removal.exe
2009-06-08 21:02 . 2009-06-08 21:04 -------- d-----w- c:\documents and settings\USER\Application Data\U3
2009-06-08 15:11 . 2009-06-09 00:29 -------- d-----w- c:\documents and settings\USER\Application Data\MessengerDiscovery 2
2009-06-06 10:26 . 2009-06-12 02:44 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Adobe
2009-06-06 10:26 . 2009-06-12 02:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 12:04 . 2008-03-14 07:31 100096 ----a-w- c:\windows\system32\drivers\br3gmdm.sys
2009-06-05 12:04 . 2009-06-05 12:04 -------- d-----w- c:\program files\BandRich
2009-06-05 11:40 . 2009-06-05 11:40 -------- d--h--w- c:\windows\PIF
2009-06-01 22:58 . 2009-06-01 22:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-01 22:57 . 2009-06-01 22:57 152576 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-01 22:54 . 2009-06-01 22:54 -------- d-----w- c:\windows\Sun
2009-06-01 17:28 . 2009-06-01 17:28 -------- d--h--w- c:\windows\$hf_mig$
2009-06-01 17:19 . 2009-06-01 17:19 75376 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\sgc15.exe
2009-06-01 17:19 . 2009-06-09 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-01 17:19 . 2009-06-09 21:50 -------- d-----w- c:\program files\NOS
2009-05-31 20:08 . 2009-05-31 20:08 667976 ----a-w- c:\windows\system32\360x180° Mekan.scr
2009-05-31 20:08 . 2009-05-31 20:08 -------- d-----w- c:\windows\system32\mekanlar
2009-05-31 20:08 . 2009-05-31 20:08 4096 ----a-w- c:\windows\d3dx.dat
2009-05-28 16:37 . 2009-05-28 16:37 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-27 11:16 . 2001-08-17 10:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-27 11:16 . 2001-08-17 10:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-27 11:16 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-27 11:16 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-27 09:52 . 2009-05-26 21:08 5167952 ----a-w- c:\program files\MsgPlusLive-481.exe
2009-05-27 09:49 . 2009-05-27 11:15 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-27 09:35 . 2009-06-07 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-27 09:32 . 2009-06-10 19:04 -------- d-----w- c:\program files\Circl Developement
2009-05-27 09:32 . 2009-05-27 09:55 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-27 09:32 . 2009-05-27 09:32 -------- d-----w- c:\program files\Windows Live
2009-05-27 09:29 . 2009-06-11 23:33 -------- d-----w- c:\documents and settings\USER\Contacts
2009-05-27 09:28 . 2009-06-08 15:10 -------- d-----w- c:\program files\MSN Messenger
2009-05-26 20:56 . 2009-06-08 21:19 -------- d-----w- c:\program files\Web Publish
2009-05-26 19:04 . 2009-05-26 19:04 -------- d-----w- c:\documents and settings\USER\Application Data\vlc
2009-05-26 19:04 . 2009-05-26 19:04 -------- d-s---w- c:\documents and settings\USER\UserData
2009-05-26 19:04 . 2009-05-29 00:33 -------- d-----w- c:\documents and settings\USER\Application Data\dvdcss
2009-05-26 19:04 . 2009-05-26 19:04 -------- d-----w- c:\documents and settings\USER\Application Data\GRETECH
2009-05-26 19:04 . 2009-05-26 19:04 -------- d-----w- c:\documents and settings\USER\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 22:58 . 2009-05-26 04:20 -------- d-----w- c:\program files\Java
2009-05-31 13:43 . 2009-05-26 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-27 09:31 . 2009-05-26 04:03 99496 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 05:36 . 2009-05-26 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TOSHIBA
2009-05-26 05:02 . 2009-05-26 04:30 -------- d-----w- c:\program files\TOSHIBA
2009-05-26 05:00 . 2009-05-26 05:00 -------- d-----w- c:\program files\REALTEK RTL8187B Wireless LAN Driver
2009-05-26 05:00 . 2009-05-26 04:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 04:49 . 2009-05-26 04:49 -------- d-----w- c:\program files\Synaptics
2009-05-26 04:35 . 2009-05-26 04:35 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2009-05-26 04:31 . 2009-05-26 04:31 -------- d-----w- c:\documents and settings\USER\Application Data\InstallShield
2009-05-26 04:30 . 2009-05-26 04:30 -------- d-----w- c:\program files\ltmoh
2009-05-26 04:28 . 2009-05-26 04:28 -------- d-----w- c:\program files\Realtek
2009-05-26 04:28 . 2009-05-26 04:28 315392 ----a-w- c:\windows\HideWin.exe
2009-05-26 04:28 . 2009-05-26 04:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-26 04:26 . 2009-05-26 04:26 -------- d-----w- c:\program files\Intel
2009-05-26 04:20 . 2009-05-26 04:20 -------- d-----w- c:\program files\Common Files\Java
2009-05-26 04:20 . 2009-05-26 04:20 2232 ----a-w- c:\windows\java\Packages\Data\Z1NRPNNH.DAT
2009-05-26 04:20 . 2009-05-26 04:20 155995 ----a-w- c:\windows\java\Packages\M5V33HBD.ZIP
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\EOE0CQBB.DAT
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\0617V3TF.DAT
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\O9JHBFLR.DAT
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\CSCI97XZ.DAT
2009-05-26 04:20 . 2009-05-26 04:20 2678 ----a-w- c:\windows\java\Packages\Data\7H7HZFX3.DAT
2009-05-26 04:19 . 2009-05-26 04:19 -------- d-----w- c:\program files\GRETECH
2009-05-26 04:19 . 2009-05-26 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-26 04:19 . 2009-05-26 04:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-26 04:18 . 2009-05-26 04:18 -------- d-----w- c:\program files\CyberLink
2009-05-26 04:18 . 2009-05-26 04:16 -------- d-----w- c:\program files\mpegable
2009-05-26 04:17 . 2009-05-26 04:17 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-26 04:17 . 2009-05-26 04:17 -------- d-----w- c:\program files\Common Files\Real
2009-05-26 04:17 . 2009-05-26 04:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-26 04:17 . 2009-05-26 04:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-26 04:17 . 2009-05-26 04:17 -------- d-----w- c:\program files\Real
2009-05-26 04:16 . 2009-05-26 04:16 -------- d-----w- c:\program files\VideoLAN
2009-05-26 04:16 . 2009-05-26 04:16 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-26 04:16 . 2009-05-26 04:16 -------- d-----w- c:\program files\Microsoft Works
2009-05-26 04:16 . 2009-05-26 04:16 -------- d-----w- c:\program files\MSBuild
2009-05-26 04:14 . 2009-05-26 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-26 04:07 . 2009-05-26 03:57 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-26 03:58 . 2009-05-26 03:58 -------- d-----w- c:\program files\microsoft frontpage
2009-05-26 03:54 . 2009-05-26 03:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-06-12_22.09.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-14 18:49 . 2009-06-14 18:49 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat
+ 2004-05-23 12:00 . 2009-06-14 18:53 59774 c:\windows\system32\perfc009.dat
- 2004-05-23 12:00 . 2009-06-12 21:15 59774 c:\windows\system32\perfc009.dat
+ 2009-06-12 21:14 . 2009-06-12 23:38 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2004-05-23 12:00 . 2009-06-14 18:53 395534 c:\windows\system32\perfh009.dat
- 2004-05-23 12:00 . 2009-06-12 21:15 395534 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-05-23 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-26 185872]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 148888]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-31 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-31 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-31 141848]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1024000]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-31 16860672]
"TFncKy"="TFncKy.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-05-23 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-12-18 2360648]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/06/2009 12:14 ص 108289]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [03/06/2008 10:12 ص 87264]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [26/05/2009 07:30 ص 5888]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [26/05/2009 07:33 ص 110080]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [05/06/2009 03:04 م 100096]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = proxy.ksu.edu.sa:8080
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-14 23:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-14 23:25
ComboFix-quarantined-files.txt 2009-06-14 20:25
ComboFix2.txt 2009-06-12 22:10
Pre-Run: 63,392,718,848 bytes free
Post-Run: 63,508,766,720 bytes free
187