سما الروح
زيزوومي نشيط
- إنضم
- 31 مايو 2009
- المشاركات
- 119
- مستوى التفاعل
- 0
- النقاط
- 120
غير متصل
- بادئ الموضوع سما الروح
- تاريخ البدء
- 1,670
فارس الملاك
زيزوومى محترف
غير متصل
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
ولا تنسين تركبين برنامج حماااية
وشيلي الصح من على الكشف عن الاعدادات تلقائيا
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد
0
سما الروح
زيزوومي نشيط
- إنضم
- 31 مايو 2009
- المشاركات
- 119
- مستوى التفاعل
- 0
- النقاط
- 120
غير متصل
هذي الأداه الأولى بس اخوي
ما طلع لي الا خيار واحد وضغط yes
وما اعاد تشغيل الجهاز طلع لي المفكره بسرعه
ComboFix 09-05-31.05 - Siemens 06/13/2009 20:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.985.622 [GMT 3:00]
Running from: c:\documents and settings\Siemens\My Documents\ادوات\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.
2009-06-08 14:54 . 2009-06-08 14:56 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Adobe
2009-06-01 19:11 . 2009-06-01 21:06 462880 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-01 07:35 . 2009-06-01 07:37 82475 ----a-w- C:\oltci.exe
2009-06-01 07:22 . 2009-06-13 17:46 115660 ----a-w- c:\windows\system32\drivers\6e910b49.sys
2009-06-01 06:27 . 2009-06-13 17:46 115660 ----a-w- c:\windows\system32\drivers\4a207baf.sys
2009-06-01 06:26 . 2009-06-01 06:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-06-01 05:06 . 2009-06-01 07:37 7168 ----a-w- C:\undlh.exe
2009-06-01 04:47 . 2009-06-01 07:45 -------- d-----w- c:\windows\dhcp
2009-06-01 04:45 . 2009-06-01 04:45 -------- d-sh--r- c:\program files\MicPhone
2009-06-01 04:44 . 2009-06-13 17:46 115660 ----a-w- c:\windows\system32\drivers\396e5109.sys
2009-06-01 04:44 . 2009-06-01 04:44 7168 ----a-w- C:\ggqkybn.exe
2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Real
2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-01 01:21 . 2009-06-01 01:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-30 14:08 . 2009-05-30 21:24 30720 ----a-w- c:\documents and settings\Siemens\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-05-30 14:08 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Siemens\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-05-30 02:12 . 2009-05-30 02:12 -------- d-----w- c:\documents and settings\Siemens\Application Data\COWON
2009-05-30 02:10 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Siemens\Application Data\Macromedia\Flash Player\
2009-05-28 21:33 . 2009-05-28 21:33 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-28 21:33 . 2009-05-28 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-28 19:14 . 2009-05-28 19:14 -------- d-----w- c:\documents and settings\Siemens\Application Data\vlc
2009-05-28 19:07 . 2009-05-28 19:07 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\ACD Systems
2009-05-28 19:07 . 2009-05-28 19:07 -------- d-----w- c:\documents and settings\Siemens\Application Data\ACD Systems
2009-05-28 18:51 . 2009-05-28 18:51 -------- d-----w- c:\documents and settings\Siemens\Application Data\Media Player Classic
2009-05-28 18:12 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-28 15:51 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 14:17 . 2001-09-18 10:38 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-28 14:17 . 2001-09-18 10:38 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-28 14:17 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-28 14:17 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-28 14:12 . 2009-05-28 14:12 -------- d-s---w- c:\documents and settings\Siemens\UserData
2009-05-28 11:52 . 2009-05-28 11:52 152576 ----a-w- c:\documents and settings\Siemens\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-28 11:47 . 2009-05-28 11:47 -------- d-----w- c:\windows\Sun
2009-05-28 08:58 . 2009-05-28 17:01 -------- d--h--w- c:\windows\$hf_mig$
2009-05-27 21:16 . 2009-05-27 21:16 390664 ----a-w- c:\documents and settings\Siemens\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-27 18:18 . 2009-05-27 18:18 -------- d-----w- c:\documents and settings\Siemens\Contacts
2009-05-27 05:21 . 2009-05-27 05:21 -------- d-----w- c:\documents and settings\Siemens\Application Data\Yahoo!
2009-05-27 05:21 . 2009-05-27 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-27 05:21 . 2009-06-01 01:32 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 17:26 . 2001-09-19 15:00 40180 ----a-w- c:\windows\system32\perfc001.dat
2009-06-13 17:26 . 2001-09-19 15:00 251750 ----a-w- c:\windows\system32\perfh001.dat
2009-06-05 16:03 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\Siemens\Application Data\Skype
2009-06-01 21:06 . 2009-06-01 19:11 6500 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-01 07:32 . 2009-06-01 07:16 -------- d-----w- c:\documents and settings\Siemens\Application Data\cleaner
2009-06-01 07:16 . 2009-06-01 07:16 -------- d-----w- c:\documents and settings\Siemens\Application Data\CyberScrub
2009-06-01 06:23 . 2009-05-26 16:55 -------- d-----w- c:\program files\Google
2009-06-01 05:01 . 2009-05-26 17:04 -------- d-----w- c:\program files\MSN Messenger
2009-06-01 04:45 . 2004-08-03 23:14 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-01 01:22 . 2009-05-26 16:32 -------- d-----w- c:\program files\Common Files\Real
2009-06-01 01:22 . 2009-05-26 16:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-01 01:22 . 2009-05-26 16:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-30 22:14 . 2009-05-26 17:06 -------- d-----w- c:\program files\Windows Live
2009-05-28 18:13 . 2009-05-26 15:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-28 11:54 . 2009-05-26 16:58 -------- d-----w- c:\program files\Java
2009-05-27 22:46 . 2009-05-26 17:11 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-26 17:20 . 2009-05-26 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-05-26 17:20 . 2009-05-26 17:15 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-26 17:15 . 2009-05-26 17:15 -------- d-----w- c:\program files\Nero
2009-05-26 17:15 . 2009-05-26 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\program files\VideoLAN
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\program files\Skype
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\Siemens\Application Data\Paltalk
2009-05-26 17:04 . 2009-05-26 17:04 94632 ----a-w- c:\documents and settings\Siemens\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 17:03 . 2009-05-26 17:03 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-26 17:03 . 2009-05-26 17:03 -------- d-----w- c:\program files\mpegable
2009-05-26 17:00 . 2009-05-26 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-26 16:59 . 2009-05-26 16:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\Common Files\COWON
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\JetAudio
2009-05-26 16:58 . 2009-05-26 15:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 16:57 . 2009-05-26 16:57 2232 ----a-w- c:\windows\java\Packages\Data\Z71FJ5JN.DAT
2009-05-26 16:57 . 2009-05-26 16:57 155995 ----a-w- c:\windows\java\Packages\BNRZRPJB.ZIP
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\ZNX3NLF9.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\G9N93RFZ.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\S7VDZ3TV.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\NV9BTVB5.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\IAZ7J3XR.DAT
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\documents and settings\Siemens\Application Data\GRETECH
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\program files\GRETECH
2009-05-26 16:50 . 2009-05-26 16:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-26 16:47 . 2009-05-26 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 16:35 . 2009-05-26 16:35 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 16:32 . 2009-05-26 16:32 -------- d-----w- c:\program files\Real
2009-05-26 16:31 . 2009-05-26 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-26 16:31 . 2009-05-26 16:31 -------- d-----w- c:\program files\CyberLink
2009-05-26 16:29 . 2009-05-26 16:29 -------- d-----w- c:\program files\Microsoft.NET
2009-05-26 16:28 . 2009-05-26 16:28 -------- d-----w- c:\program files\Microsoft Works
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\Yahoo!
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\ACD Systems
2009-05-26 16:15 . 2009-05-26 16:15 -------- d-----w- c:\documents and settings\Siemens\Application Data\TOSHIBA
2009-05-26 16:09 . 2009-05-26 16:09 -------- d-----w- c:\program files\Toshiba
2009-05-26 16:06 . 2009-05-26 16:06 -------- d-----w- c:\program files\Launch Manager
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\program files\Atheros
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2009-05-26 16:04 . 2009-05-26 16:04 251 ----a-w- c:\windows\xUninstall.bat
2009-05-26 16:03 . 2009-05-26 16:03 -------- d-----w- c:\documents and settings\Siemens\Application Data\InstallShield
2009-05-26 16:02 . 2009-05-26 16:02 -------- d-----w- c:\program files\Synaptics
2009-05-26 16:02 . 2009-05-26 15:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-26 15:59 . 2009-05-26 15:59 -------- d-----w- c:\program files\Motorola
2009-05-26 15:57 . 2009-05-26 15:57 -------- d-----w- c:\program files\Realtek
2009-05-26 15:57 . 2009-05-26 15:57 315392 ----a-w- c:\windows\HideWin.exe
2009-05-26 15:53 . 2009-05-26 15:53 -------- d-----w- c:\program files\Intel
2009-05-26 15:45 . 2009-05-26 15:45 -------- d-----w- c:\program files\microsoft frontpage
2009-05-26 15:42 . 2009-05-26 15:42 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-04 00:55 . 2004-08-04 00:55 161547 --sha-r- c:\windows\system32\qyfmcoq.dll
.
------- Sigcheck -------
[-] 2009-06-01 04:45 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\dllcache\ndis.sys
[-] 2009-06-01 04:45 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-01_07.51.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-13 17:22 . 2009-06-13 17:22 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
+ 2001-09-19 15:00 . 2009-06-13 17:26 40190 c:\windows\system32\perfc009.dat
- 2001-09-19 15:00 . 2009-06-01 07:39 40190 c:\windows\system32\perfc009.dat
+ 2001-09-19 15:00 . 2009-06-13 17:26 311802 c:\windows\system32\perfh009.dat
- 2001-09-19 15:00 . 2009-06-01 07:39 311802 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-06-26 20005928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-11-29 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-01 198160]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [BU]
"Wbutton"="c:\program files\Launch Manager\WButton.exe" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2006-05-04 2808832]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-26 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3621:TCP"= 3621:TCP:fsdueguw
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/04/2008 05:55 م 84240]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [26/05/2009 07:06 م 118784]
S2 dqqojium;Windows Support;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:56 ص 14336]
S2 gupdate1c9e25748145436;خدمة تحديث Google (gupdate1c9e25748145436);c:\program files\Google\Update\GoogleUpdate.exe [01/06/2009 04:21 ص 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dqqojium
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a05122-507e-11de-9bdc-000df05f192b}]
\shell\autorun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
Contents of the 'Scheduled Tasks' folder
2009-06-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 01:21]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-13 20:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?x???0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A???u????????????w?h@???????????????A??r%???????A???@??J??vs@??J??f?u???@??J?????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A???u????????????w?h@???????????????A??r%???????A???@??J??vs@??J??f?u???@??J?????
Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A???u????????????w?h@???????????????A??r%???????A???@??J??vs@??J??f?u???@??J?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\396e5109]
"ImagePath"="\SystemRoot\System32\drivers\396e5109.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4a207baf]
"ImagePath"="\SystemRoot\System32\drivers\4a207baf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6e910b49]
"ImagePath"="\SystemRoot\System32\drivers\6e910b49.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dqqojium]
"ServiceDll"="c:\windows\system32\qyfmcoq.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1980)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-13 20:47
ComboFix-quarantined-files.txt 2009-06-13 17:46
ComboFix2.txt 2009-06-01 07:52
Pre-Run: 76,563,189,760 bytes free
Post-Run: 76,551,114,752 bytes free
242 --- E O F --- 2009-05-28 17:41
ما طلع لي الا خيار واحد وضغط yes
وما اعاد تشغيل الجهاز طلع لي المفكره بسرعه
ComboFix 09-05-31.05 - Siemens 06/13/2009 20:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.985.622 [GMT 3:00]
Running from: c:\documents and settings\Siemens\My Documents\ادوات\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.
2009-06-08 14:54 . 2009-06-08 14:56 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Adobe
2009-06-01 19:11 . 2009-06-01 21:06 462880 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-01 07:35 . 2009-06-01 07:37 82475 ----a-w- C:\oltci.exe
2009-06-01 07:22 . 2009-06-13 17:46 115660 ----a-w- c:\windows\system32\drivers\6e910b49.sys
2009-06-01 06:27 . 2009-06-13 17:46 115660 ----a-w- c:\windows\system32\drivers\4a207baf.sys
2009-06-01 06:26 . 2009-06-01 06:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-06-01 05:06 . 2009-06-01 07:37 7168 ----a-w- C:\undlh.exe
2009-06-01 04:47 . 2009-06-01 07:45 -------- d-----w- c:\windows\dhcp
2009-06-01 04:45 . 2009-06-01 04:45 -------- d-sh--r- c:\program files\MicPhone
2009-06-01 04:44 . 2009-06-13 17:46 115660 ----a-w- c:\windows\system32\drivers\396e5109.sys
2009-06-01 04:44 . 2009-06-01 04:44 7168 ----a-w- C:\ggqkybn.exe
2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Real
2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-01 01:21 . 2009-06-01 01:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-30 14:08 . 2009-05-30 21:24 30720 ----a-w- c:\documents and settings\Siemens\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-05-30 14:08 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Siemens\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-05-30 02:12 . 2009-05-30 02:12 -------- d-----w- c:\documents and settings\Siemens\Application Data\COWON
2009-05-30 02:10 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Siemens\Application Data\Macromedia\Flash Player\
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
2009-05-28 21:33 . 2009-05-28 21:33 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-28 21:33 . 2009-05-28 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-28 19:14 . 2009-05-28 19:14 -------- d-----w- c:\documents and settings\Siemens\Application Data\vlc
2009-05-28 19:07 . 2009-05-28 19:07 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\ACD Systems
2009-05-28 19:07 . 2009-05-28 19:07 -------- d-----w- c:\documents and settings\Siemens\Application Data\ACD Systems
2009-05-28 18:51 . 2009-05-28 18:51 -------- d-----w- c:\documents and settings\Siemens\Application Data\Media Player Classic
2009-05-28 18:12 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-28 15:51 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 14:17 . 2001-09-18 10:38 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-28 14:17 . 2001-09-18 10:38 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-28 14:17 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-28 14:17 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-28 14:12 . 2009-05-28 14:12 -------- d-s---w- c:\documents and settings\Siemens\UserData
2009-05-28 11:52 . 2009-05-28 11:52 152576 ----a-w- c:\documents and settings\Siemens\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-28 11:47 . 2009-05-28 11:47 -------- d-----w- c:\windows\Sun
2009-05-28 08:58 . 2009-05-28 17:01 -------- d--h--w- c:\windows\$hf_mig$
2009-05-27 21:16 . 2009-05-27 21:16 390664 ----a-w- c:\documents and settings\Siemens\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-27 18:18 . 2009-05-27 18:18 -------- d-----w- c:\documents and settings\Siemens\Contacts
2009-05-27 05:21 . 2009-05-27 05:21 -------- d-----w- c:\documents and settings\Siemens\Application Data\Yahoo!
2009-05-27 05:21 . 2009-05-27 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-27 05:21 . 2009-06-01 01:32 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 17:26 . 2001-09-19 15:00 40180 ----a-w- c:\windows\system32\perfc001.dat
2009-06-13 17:26 . 2001-09-19 15:00 251750 ----a-w- c:\windows\system32\perfh001.dat
2009-06-05 16:03 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\Siemens\Application Data\Skype
2009-06-01 21:06 . 2009-06-01 19:11 6500 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-01 07:32 . 2009-06-01 07:16 -------- d-----w- c:\documents and settings\Siemens\Application Data\cleaner
2009-06-01 07:16 . 2009-06-01 07:16 -------- d-----w- c:\documents and settings\Siemens\Application Data\CyberScrub
2009-06-01 06:23 . 2009-05-26 16:55 -------- d-----w- c:\program files\Google
2009-06-01 05:01 . 2009-05-26 17:04 -------- d-----w- c:\program files\MSN Messenger
2009-06-01 04:45 . 2004-08-03 23:14 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-01 01:22 . 2009-05-26 16:32 -------- d-----w- c:\program files\Common Files\Real
2009-06-01 01:22 . 2009-05-26 16:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-01 01:22 . 2009-05-26 16:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-30 22:14 . 2009-05-26 17:06 -------- d-----w- c:\program files\Windows Live
2009-05-28 18:13 . 2009-05-26 15:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-28 11:54 . 2009-05-26 16:58 -------- d-----w- c:\program files\Java
2009-05-27 22:46 . 2009-05-26 17:11 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-26 17:20 . 2009-05-26 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-05-26 17:20 . 2009-05-26 17:15 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-26 17:15 . 2009-05-26 17:15 -------- d-----w- c:\program files\Nero
2009-05-26 17:15 . 2009-05-26 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\program files\VideoLAN
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\program files\Skype
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\Siemens\Application Data\Paltalk
2009-05-26 17:04 . 2009-05-26 17:04 94632 ----a-w- c:\documents and settings\Siemens\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 17:03 . 2009-05-26 17:03 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-26 17:03 . 2009-05-26 17:03 -------- d-----w- c:\program files\mpegable
2009-05-26 17:00 . 2009-05-26 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-26 16:59 . 2009-05-26 16:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\Common Files\COWON
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\JetAudio
2009-05-26 16:58 . 2009-05-26 15:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 16:57 . 2009-05-26 16:57 2232 ----a-w- c:\windows\java\Packages\Data\Z71FJ5JN.DAT
2009-05-26 16:57 . 2009-05-26 16:57 155995 ----a-w- c:\windows\java\Packages\BNRZRPJB.ZIP
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\ZNX3NLF9.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\G9N93RFZ.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\S7VDZ3TV.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\NV9BTVB5.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\IAZ7J3XR.DAT
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\documents and settings\Siemens\Application Data\GRETECH
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\program files\GRETECH
2009-05-26 16:50 . 2009-05-26 16:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-26 16:47 . 2009-05-26 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 16:35 . 2009-05-26 16:35 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 16:32 . 2009-05-26 16:32 -------- d-----w- c:\program files\Real
2009-05-26 16:31 . 2009-05-26 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-26 16:31 . 2009-05-26 16:31 -------- d-----w- c:\program files\CyberLink
2009-05-26 16:29 . 2009-05-26 16:29 -------- d-----w- c:\program files\Microsoft.NET
2009-05-26 16:28 . 2009-05-26 16:28 -------- d-----w- c:\program files\Microsoft Works
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\Yahoo!
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\ACD Systems
2009-05-26 16:15 . 2009-05-26 16:15 -------- d-----w- c:\documents and settings\Siemens\Application Data\TOSHIBA
2009-05-26 16:09 . 2009-05-26 16:09 -------- d-----w- c:\program files\Toshiba
2009-05-26 16:06 . 2009-05-26 16:06 -------- d-----w- c:\program files\Launch Manager
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\program files\Atheros
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2009-05-26 16:04 . 2009-05-26 16:04 251 ----a-w- c:\windows\xUninstall.bat
2009-05-26 16:03 . 2009-05-26 16:03 -------- d-----w- c:\documents and settings\Siemens\Application Data\InstallShield
2009-05-26 16:02 . 2009-05-26 16:02 -------- d-----w- c:\program files\Synaptics
2009-05-26 16:02 . 2009-05-26 15:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-26 15:59 . 2009-05-26 15:59 -------- d-----w- c:\program files\Motorola
2009-05-26 15:57 . 2009-05-26 15:57 -------- d-----w- c:\program files\Realtek
2009-05-26 15:57 . 2009-05-26 15:57 315392 ----a-w- c:\windows\HideWin.exe
2009-05-26 15:53 . 2009-05-26 15:53 -------- d-----w- c:\program files\Intel
2009-05-26 15:45 . 2009-05-26 15:45 -------- d-----w- c:\program files\microsoft frontpage
2009-05-26 15:42 . 2009-05-26 15:42 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-04 00:55 . 2004-08-04 00:55 161547 --sha-r- c:\windows\system32\qyfmcoq.dll
.
------- Sigcheck -------
[-] 2009-06-01 04:45 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\dllcache\ndis.sys
[-] 2009-06-01 04:45 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-01_07.51.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-13 17:22 . 2009-06-13 17:22 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
+ 2001-09-19 15:00 . 2009-06-13 17:26 40190 c:\windows\system32\perfc009.dat
- 2001-09-19 15:00 . 2009-06-01 07:39 40190 c:\windows\system32\perfc009.dat
+ 2001-09-19 15:00 . 2009-06-13 17:26 311802 c:\windows\system32\perfh009.dat
- 2001-09-19 15:00 . 2009-06-01 07:39 311802 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-06-26 20005928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-11-29 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-01 198160]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [BU]
"Wbutton"="c:\program files\Launch Manager\WButton.exe" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2006-05-04 2808832]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-26 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3621:TCP"= 3621:TCP:fsdueguw
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/04/2008 05:55 م 84240]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [26/05/2009 07:06 م 118784]
S2 dqqojium;Windows Support;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:56 ص 14336]
S2 gupdate1c9e25748145436;خدمة تحديث Google (gupdate1c9e25748145436);c:\program files\Google\Update\GoogleUpdate.exe [01/06/2009 04:21 ص 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dqqojium
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a05122-507e-11de-9bdc-000df05f192b}]
\shell\autorun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
Contents of the 'Scheduled Tasks' folder
2009-06-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 01:21]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-13 20:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?x???0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A???u????????????w?h@???????????????A??r%???????A???@??J??vs@??J??f?u???@??J?????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A???u????????????w?h@???????????????A??r%???????A???@??J??vs@??J??f?u???@??J?????
Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A???u????????????w?h@???????????????A??r%???????A???@??J??vs@??J??f?u???@??J?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\396e5109]
"ImagePath"="\SystemRoot\System32\drivers\396e5109.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4a207baf]
"ImagePath"="\SystemRoot\System32\drivers\4a207baf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6e910b49]
"ImagePath"="\SystemRoot\System32\drivers\6e910b49.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dqqojium]
"ServiceDll"="c:\windows\system32\qyfmcoq.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1980)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-13 20:47
ComboFix-quarantined-files.txt 2009-06-13 17:46
ComboFix2.txt 2009-06-01 07:52
Pre-Run: 76,563,189,760 bytes free
Post-Run: 76,551,114,752 bytes free
242 --- E O F --- 2009-05-28 17:41
توقيع : سما الروح
تأييد
0
سما الروح
زيزوومي نشيط
- إنضم
- 31 مايو 2009
- المشاركات
- 119
- مستوى التفاعل
- 0
- النقاط
- 120
غير متصل
وهذا التقرير الثاني ^^
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:43 م, on 13/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Siemens\My Documents\ادوات\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: خدمة تحديث Google (gupdate1c9e25748145436) (gupdate1c9e25748145436) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 7651 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:43 م, on 13/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Siemens\My Documents\ادوات\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: خدمة تحديث Google (gupdate1c9e25748145436) (gupdate1c9e25748145436) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 7651 bytes
توقيع : سما الروح
تأييد
0
عاشق الصيانة
زيزوومي جديد
- إنضم
- 21 مايو 2009
- المشاركات
- 436
- مستوى التفاعل
- 1
- النقاط
- 0
غير متصل
اية هدة المشكلة من خدمة الاتصلات . اعمل التالي من زايد شي . ادهب الى ادوات . ومن تم خيارات الانترنت . ومن تم الاتصال. تم ادهب الى اعدادات LAN . تمت اعمل علامة صح امام . الكشف عن الاعدادات التلقائية . يعني اول شي . وجرب
وان شاء الله تنحل المشكلة
وان شاء الله تنحل المشكلة
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
عزيزي هل تم ازالة علامة الصح ام لا ؟؟
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
شوف ياغالي ,,, حمل هذه الاداة ,,واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
توقيع : فارس الملاك
تأييد
0
سما الروح
زيزوومي نشيط
- إنضم
- 31 مايو 2009
- المشاركات
- 119
- مستوى التفاعل
- 0
- النقاط
- 120
غير متصل
SmitFraudFix v2.422
Scan done at 21:22:31.54, Sat 06/13/2009
Run from F:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AED7DD6-7B22-4DB7-ACD3-6B3CBDD57B68}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5AED7DD6-7B22-4DB7-ACD3-6B3CBDD57B68}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5AED7DD6-7B22-4DB7-ACD3-6B3CBDD57B68}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
جزاك ربي كل خير
هذا التقرير ^^"
Scan done at 21:22:31.54, Sat 06/13/2009
Run from F:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AED7DD6-7B22-4DB7-ACD3-6B3CBDD57B68}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5AED7DD6-7B22-4DB7-ACD3-6B3CBDD57B68}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5AED7DD6-7B22-4DB7-ACD3-6B3CBDD57B68}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
جزاك ربي كل خير
هذا التقرير ^^"
توقيع : سما الروح
تأييد
0