- بادئ الموضوع نسنوسه
- تاريخ البدء
- 1,082
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
وعليكم السلام
حياكي ربي
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
حياكي ربي
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46, on 2009-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\User\سطح المكتب\reem\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 3344 bytes
Scan saved at 19:46, on 2009-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\User\سطح المكتب\reem\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 3344 bytes
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
يعطيكي العافية
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
وبعدها عطيني تقرير هايجاك جديد مع هذا التقرير
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
وبعدها عطيني تقرير هايجاك جديد مع هذا التقرير
توقيع : AbOdy
تأييد
0
ComboFix 09-06-13.09 - User 06/15/2009 19:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.2037.1633 [GMT 3:00]
Running from: c:\documents and settings\User\سطح المكتب\reem\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-13 13:53 . 2009-06-13 13:53 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ACD Systems
2009-06-13 13:53 . 2009-06-13 13:53 -------- d-----w- c:\documents and settings\User\Application Data\ACD Systems
2009-06-13 13:14 . 2001-09-18 11:04 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-13 13:14 . 2004-08-03 21:55 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-13 13:14 . 2004-08-03 19:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-13 13:14 . 2004-08-03 19:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-25 21:21 . 2009-05-25 21:21 -------- d-----w- c:\windows\Sun
2009-05-24 07:16 . 2009-05-24 22:00 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2009-05-24 07:16 . 2009-05-24 07:16 556200 ----a-w- c:\program files\ChromeSetup.exe
2009-05-20 00:37 . 2009-05-20 00:37 -------- d-----w- c:\documents and settings\User\Application Data\Nero
2009-05-19 19:39 . 2009-05-19 19:39 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Adobe
2009-05-18 00:02 . 2009-05-18 13:31 -------- d-----w- c:\program files\CodeStuff
2009-05-16 23:13 . 2007-08-24 03:03 159744 ----a-r- c:\windows\system32\igfxres.dll
2009-05-16 18:07 . 2009-05-16 18:07 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 13:50 . 2009-05-07 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-15 13:47 . 2001-09-19 12:00 59680 ----a-w- c:\windows\system32\perfc001.dat
2009-06-15 13:47 . 2001-09-19 12:00 331070 ----a-w- c:\windows\system32\perfh001.dat
2009-06-07 16:01 . 2009-05-16 16:43 -------- d-----w- c:\program files\JAP
2009-05-20 14:12 . 2009-05-07 16:58 -------- d-----w- c:\program files\mpegable
2009-05-17 12:18 . 2009-05-07 17:04 -------- d-----w- c:\program files\ESET
2009-05-16 23:08 . 2009-05-07 15:29 16608 ----a-w- c:\windows\gdrv.sys
2009-05-16 16:43 . 2009-05-16 16:43 -------- d-----w- c:\program files\JavaSoft
2009-05-16 16:43 . 2009-05-07 15:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-16 14:46 . 2009-05-07 15:00 95216 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 14:41 . 2009-05-07 17:02 -------- d-----w- c:\program files\Windows Live
2009-05-16 14:41 . 2009-05-16 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-16 14:40 . 2009-05-16 14:40 -------- d-----w- c:\program files\Microsoft
2009-05-16 14:40 . 2009-05-16 14:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-16 14:03 . 2009-05-16 14:03 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-16 03:52 . 2009-05-16 03:52 -------- d-----w- c:\documents and settings\User\Application Data\Media Player Classic
2009-05-16 02:43 . 2009-05-07 17:03 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-13 10:04 . 2009-05-13 10:04 -------- d-----w- c:\documents and settings\User\Application Data\ATI
2009-05-13 10:04 . 2009-05-13 10:04 0 ----a-w- c:\windows\ativpsrm.bin
2009-05-13 09:56 . 2009-05-13 09:56 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-05-07 17:08 . 2009-05-07 17:08 -------- d-----w- c:\program files\Nero
2009-05-07 17:08 . 2009-05-07 17:08 -------- d-----w- c:\program files\Common Files\Nero
2009-05-07 17:08 . 2009-05-07 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-07 17:04 . 2009-05-07 17:04 298104 ----a-w- c:\windows\system32\imon.dll
2009-05-07 17:04 . 2009-05-07 17:04 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-05-07 17:04 . 2009-05-07 17:04 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-05-07 17:02 . 2009-05-07 17:02 45056 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2009-05-07 17:02 . 2009-05-07 15:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-07 17:01 . 2009-05-07 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-07 17:00 . 2009-05-07 17:00 -------- d-----w- c:\program files\CyberLink
2009-05-07 16:59 . 2009-05-07 16:59 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-07 16:59 . 2009-05-07 16:59 -------- d-----w- c:\program files\Real
2009-05-07 16:59 . 2009-05-07 16:59 -------- d-----w- c:\program files\Common Files\Real
2009-05-07 16:59 . 2009-05-07 16:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-07 16:59 . 2009-05-07 16:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-07 16:58 . 2009-05-07 16:58 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-07 16:53 . 2009-05-07 16:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-07 16:20 . 2009-05-07 16:20 -------- d-----w- c:\program files\GameHouse
2009-05-07 16:20 . 2009-05-07 16:20 -------- d-----w- c:\program files\Zuma Deluxe
2009-05-07 16:20 . 2009-05-07 16:20 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-07 16:19 . 2009-05-07 16:19 -------- d-----w- c:\program files\JetAudio
2009-05-07 16:19 . 2009-05-07 16:19 -------- d-----w- c:\program files\GRETECH
2009-05-07 16:18 . 2009-05-07 16:18 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-07 16:18 . 2009-05-07 16:18 -------- d-----w- c:\program files\ACD Systems
2009-05-07 16:18 . 2009-05-07 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-07 16:18 . 2009-05-07 16:18 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-05-07 16:18 . 2009-05-07 16:17 -------- d-----w- c:\program files\Java
2009-05-07 16:17 . 2009-05-07 16:17 -------- d-----w- c:\program files\Common Files\Java
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\YPV7RJXV.DAT
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\VR3DRHJ1.DAT
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\OVZ7N1B1.DAT
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\0DRT7BNX.DAT
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\E9RDJFF7.DAT
2009-05-07 16:17 . 2009-05-07 16:17 -------- d-----w- c:\program files\Internet Download Manager
2009-05-07 16:17 . 2009-05-07 16:17 -------- d-----w- c:\program files\القاموس
2009-05-07 16:17 . 2009-05-07 16:16 -------- d-----w- c:\program files\Typing Arabic
2009-05-07 16:16 . 2009-05-07 16:16 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-07 16:04 . 2009-05-07 16:04 -------- d-----w- c:\program files\Microsoft.NET
2009-05-07 16:04 . 2009-05-07 16:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-07 15:50 . 2009-05-07 15:50 -------- d-----w- c:\program files\CONEXANT
2009-05-07 15:34 . 2009-05-07 15:31 -------- d-----w- c:\program files\Realtek
2009-05-07 15:33 . 2009-05-07 15:33 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2009-05-07 15:31 . 2009-05-07 15:31 315392 ----a-w- c:\windows\HideWin.exe
2009-05-07 15:29 . 2009-05-07 15:29 -------- d-----w- c:\program files\Intel
2009-05-07 15:01 . 2009-05-07 14:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 14:41 . 2009-05-07 14:41 -------- d-----w- c:\program files\microsoft frontpage
2009-05-07 14:38 . 2009-05-07 14:38 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-17_12.28.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 05:18 . 2004-04-05 21:01 45139 c:\windows\system32\RMBin\tools\videolumaadj.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 49249 c:\windows\system32\RMBin\tools\videocolorconverter.dll
+ 2009-05-20 05:18 . 2004-04-05 21:03 77920 c:\windows\system32\RMBin\tools\rnaudiopacketizer.dll
+ 2009-05-20 05:18 . 2004-04-05 21:03 69718 c:\windows\system32\RMBin\tools\rnaudiocodec.dll
+ 2009-05-20 05:18 . 2004-04-05 21:02 86110 c:\windows\system32\RMBin\tools\rmsessionformat.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 57443 c:\windows\system32\RMBin\tools\mpeg4audiopacketizer.dll
+ 2009-05-20 05:18 . 2004-04-05 20:59 53321 c:\windows\system32\RMBin\tools\mediasink.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 53325 c:\windows\system32\RMBin\tools\eventpack.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 36864 c:\windows\system32\RMBin\tools\enlv3260.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 53327 c:\windows\system32\RMBin\tools\audiometer.dll
+ 2009-05-20 05:18 . 2004-04-05 21:04 65634 c:\windows\system32\RMBin\tools\audiolosslesscodec.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 49235 c:\windows\system32\RMBin\tools\audiolimiter.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 53341 c:\windows\system32\RMBin\tools\audiofmtconverter.dll
+ 2009-05-20 05:18 . 2004-04-05 21:08 61493 c:\windows\system32\RMBin\plugins\smplfsys.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 61440 c:\windows\system32\RMBin\plugins\sdpp3260.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 45056 c:\windows\system32\RMBin\plugins\rn5a3260.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 40960 c:\windows\system32\RMBin\plugins\basc3260.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 49152 c:\windows\system32\RMBin\plugins\auth3260.dll
+ 2009-05-20 05:18 . 2004-04-05 21:05 65602 c:\windows\system32\RMBin\codecs\cook.dll
+ 2009-05-20 05:18 . 2003-05-21 23:50 73793 c:\windows\system32\RMBin\codecs\atrc.dll
+ 2001-09-19 12:00 . 2009-06-15 13:47 59576 c:\windows\system32\perfc009.dat
+ 2009-05-20 05:18 . 2009-05-20 05:19 90112 c:\windows\system32\agsaami.dll
+ 2009-05-20 05:18 . 2009-05-20 05:18 53760 c:\windows\system\ppacklib.dll
+ 2009-05-20 05:18 . 2004-04-05 21:04 106582 c:\windows\system32\RMBin\tools\rnvideocodec.dll
+ 2009-05-20 05:18 . 2004-04-05 21:00 241736 c:\windows\system32\RMBin\tools\rmwriter.dll
+ 2009-05-20 05:18 . 2004-02-24 07:19 356352 c:\windows\system32\RMBin\tools\rmto3260.dll
+ 2009-05-20 05:18 . 2004-02-24 07:19 548864 c:\windows\system32\RMBin\tools\rmme3260.dll
+ 2009-05-20 05:18 . 2004-04-05 20:59 856132 c:\windows\system32\RMBin\tools\encsession.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 327767 c:\windows\system32\RMBin\tools\audioresampler.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 272896 c:\windows\system32\RMBin\pncrt.dll
+ 2009-05-20 05:18 . 2004-04-05 21:06 262204 c:\windows\system32\RMBin\plugins\rmwrtr.dll
+ 2009-05-20 05:18 . 2004-04-05 21:05 102465 c:\windows\system32\RMBin\codecs\sipr.dll
+ 2009-05-20 05:18 . 2004-04-05 21:05 155702 c:\windows\system32\RMBin\codecs\ralf.dll
+ 2009-05-20 05:18 . 2004-04-05 21:05 548940 c:\windows\system32\RMBin\codecs\raac.dll
+ 2009-05-20 05:18 . 2004-04-05 21:08 479298 c:\windows\system32\RMBin\codecs\erv4.dll
+ 2009-05-20 05:18 . 2004-04-05 21:07 266306 c:\windows\system32\RMBin\codecs\erv3.dll
+ 2009-05-20 05:18 . 2005-01-19 14:45 376899 c:\windows\system32\RMBin\codecs\erv2.dll
+ 2009-05-20 05:18 . 2004-07-02 14:33 327749 c:\windows\system32\RMBin\codecs\drvc.dll
+ 2009-05-20 05:18 . 2004-07-02 14:33 176195 c:\windows\system32\RMBin\codecs\drv2.dll
+ 2009-05-20 05:18 . 2004-07-02 14:33 102464 c:\windows\system32\RMBin\codecs\drv1.dll
+ 2009-05-20 05:18 . 2004-04-05 21:04 548919 c:\windows\system32\RMBin\codecs\colorcvt.dll
+ 2001-09-19 12:00 . 2009-06-15 13:47 395336 c:\windows\system32\perfh009.dat
+ 2009-05-20 05:18 . 2009-05-20 05:19 196608 c:\windows\system32\maag.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 237568 c:\windows\system32\lame_enc.dll
+ 2008-10-03 23:29 . 2004-08-03 21:38 700928 c:\windows\system32\drivers\ati2mtag.sys
+ 2008-10-03 22:00 . 2004-08-03 21:55 516768 c:\windows\system32\dllcache\ativvaxx.dll
+ 2008-10-03 23:29 . 2004-08-03 21:38 700928 c:\windows\system32\dllcache\ati2mtag.sys
+ 2008-10-03 22:40 . 2004-08-03 21:55 201728 c:\windows\system32\dllcache\ati2dvag.dll
+ 2008-10-03 21:32 . 2004-08-03 21:55 229376 c:\windows\system32\dllcache\ati2cqag.dll
+ 2008-10-03 22:00 . 2004-08-03 21:55 516768 c:\windows\system32\ativvaxx.dll
+ 2008-10-03 22:40 . 2004-08-03 21:55 201728 c:\windows\system32\ati2dvag.dll
+ 2008-10-03 21:32 . 2004-08-03 21:55 229376 c:\windows\system32\ati2cqag.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 823296 c:\windows\system32\agsaamh.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 610304 c:\windows\system32\agsaamg.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 671869 c:\windows\system32\agsaame.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 643072 c:\windows\system32\agsaamd.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 372736 c:\windows\system32\agsaamc.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 638976 c:\windows\system32\agsaamb.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 315392 c:\windows\system32\agsaama.dll
- 2009-05-07 15:00 . 2009-05-07 15:00 166912 c:\windows\Installer\{350C97B7-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
+ 2009-06-15 16:35 . 2009-06-15 16:35 166912 c:\windows\Installer\{350C97B7-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
+ 2008-10-03 22:17 . 2004-08-03 21:55 1888992 c:\windows\system32\dllcache\ati3duag.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 1212416 c:\windows\system32\ckll.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 1245184 c:\windows\system32\bkll.dll
+ 2008-10-03 22:17 . 2004-08-03 21:55 1888992 c:\windows\system32\ati3duag.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 1986560 c:\windows\system32\akll.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 2535424 c:\windows\system32\agsaamj.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-07 949376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-07 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-05-07 15424]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
.
- - - - ORPHANS REMOVED - - - -
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = 127.0.0.1:4001
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-15 19:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\imon.dll
.
Completion time: 2009-06-15 20:00
ComboFix-quarantined-files.txt 2009-06-15 17:00
ComboFix2.txt 2009-05-17 12:28
Pre-Run: 63,916,728,320 bytes free
Post-Run: 65,150,337,024 bytes free
223
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.2037.1633 [GMT 3:00]
Running from: c:\documents and settings\User\سطح المكتب\reem\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\kakle.dll
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-13 13:53 . 2009-06-13 13:53 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ACD Systems
2009-06-13 13:53 . 2009-06-13 13:53 -------- d-----w- c:\documents and settings\User\Application Data\ACD Systems
2009-06-13 13:14 . 2001-09-18 11:04 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-13 13:14 . 2004-08-03 21:55 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-13 13:14 . 2004-08-03 19:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-13 13:14 . 2004-08-03 19:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-25 21:21 . 2009-05-25 21:21 -------- d-----w- c:\windows\Sun
2009-05-24 07:16 . 2009-05-24 22:00 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2009-05-24 07:16 . 2009-05-24 07:16 556200 ----a-w- c:\program files\ChromeSetup.exe
2009-05-20 00:37 . 2009-05-20 00:37 -------- d-----w- c:\documents and settings\User\Application Data\Nero
2009-05-19 19:39 . 2009-05-19 19:39 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Adobe
2009-05-18 00:02 . 2009-05-18 13:31 -------- d-----w- c:\program files\CodeStuff
2009-05-16 23:13 . 2007-08-24 03:03 159744 ----a-r- c:\windows\system32\igfxres.dll
2009-05-16 18:07 . 2009-05-16 18:07 -------- d-----w- c:\documents and settings\User\Application Data\CyberLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 13:50 . 2009-05-07 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-15 13:47 . 2001-09-19 12:00 59680 ----a-w- c:\windows\system32\perfc001.dat
2009-06-15 13:47 . 2001-09-19 12:00 331070 ----a-w- c:\windows\system32\perfh001.dat
2009-06-07 16:01 . 2009-05-16 16:43 -------- d-----w- c:\program files\JAP
2009-05-20 14:12 . 2009-05-07 16:58 -------- d-----w- c:\program files\mpegable
2009-05-17 12:18 . 2009-05-07 17:04 -------- d-----w- c:\program files\ESET
2009-05-16 23:08 . 2009-05-07 15:29 16608 ----a-w- c:\windows\gdrv.sys
2009-05-16 16:43 . 2009-05-16 16:43 -------- d-----w- c:\program files\JavaSoft
2009-05-16 16:43 . 2009-05-07 15:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-16 14:46 . 2009-05-07 15:00 95216 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 14:41 . 2009-05-07 17:02 -------- d-----w- c:\program files\Windows Live
2009-05-16 14:41 . 2009-05-16 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-16 14:40 . 2009-05-16 14:40 -------- d-----w- c:\program files\Microsoft
2009-05-16 14:40 . 2009-05-16 14:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-16 14:03 . 2009-05-16 14:03 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-16 03:52 . 2009-05-16 03:52 -------- d-----w- c:\documents and settings\User\Application Data\Media Player Classic
2009-05-16 02:43 . 2009-05-07 17:03 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-13 10:04 . 2009-05-13 10:04 -------- d-----w- c:\documents and settings\User\Application Data\ATI
2009-05-13 10:04 . 2009-05-13 10:04 0 ----a-w- c:\windows\ativpsrm.bin
2009-05-13 09:56 . 2009-05-13 09:56 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-05-07 17:08 . 2009-05-07 17:08 -------- d-----w- c:\program files\Nero
2009-05-07 17:08 . 2009-05-07 17:08 -------- d-----w- c:\program files\Common Files\Nero
2009-05-07 17:08 . 2009-05-07 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-07 17:04 . 2009-05-07 17:04 298104 ----a-w- c:\windows\system32\imon.dll
2009-05-07 17:04 . 2009-05-07 17:04 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-05-07 17:04 . 2009-05-07 17:04 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-05-07 17:02 . 2009-05-07 17:02 45056 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2009-05-07 17:02 . 2009-05-07 15:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-07 17:01 . 2009-05-07 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-07 17:00 . 2009-05-07 17:00 -------- d-----w- c:\program files\CyberLink
2009-05-07 16:59 . 2009-05-07 16:59 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-07 16:59 . 2009-05-07 16:59 -------- d-----w- c:\program files\Real
2009-05-07 16:59 . 2009-05-07 16:59 -------- d-----w- c:\program files\Common Files\Real
2009-05-07 16:59 . 2009-05-07 16:20 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-07 16:59 . 2009-05-07 16:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-07 16:58 . 2009-05-07 16:58 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-07 16:53 . 2009-05-07 16:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-07 16:20 . 2009-05-07 16:20 -------- d-----w- c:\program files\GameHouse
2009-05-07 16:20 . 2009-05-07 16:20 -------- d-----w- c:\program files\Zuma Deluxe
2009-05-07 16:20 . 2009-05-07 16:20 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-07 16:19 . 2009-05-07 16:19 -------- d-----w- c:\program files\JetAudio
2009-05-07 16:19 . 2009-05-07 16:19 -------- d-----w- c:\program files\GRETECH
2009-05-07 16:18 . 2009-05-07 16:18 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-07 16:18 . 2009-05-07 16:18 -------- d-----w- c:\program files\ACD Systems
2009-05-07 16:18 . 2009-05-07 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-07 16:18 . 2009-05-07 16:18 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-05-07 16:18 . 2009-05-07 16:17 -------- d-----w- c:\program files\Java
2009-05-07 16:17 . 2009-05-07 16:17 -------- d-----w- c:\program files\Common Files\Java
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\YPV7RJXV.DAT
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\VR3DRHJ1.DAT
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\OVZ7N1B1.DAT
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\0DRT7BNX.DAT
2009-05-07 16:17 . 2009-05-07 16:17 2678 ----a-w- c:\windows\java\Packages\Data\E9RDJFF7.DAT
2009-05-07 16:17 . 2009-05-07 16:17 -------- d-----w- c:\program files\Internet Download Manager
2009-05-07 16:17 . 2009-05-07 16:17 -------- d-----w- c:\program files\القاموس
2009-05-07 16:17 . 2009-05-07 16:16 -------- d-----w- c:\program files\Typing Arabic
2009-05-07 16:16 . 2009-05-07 16:16 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-07 16:04 . 2009-05-07 16:04 -------- d-----w- c:\program files\Microsoft.NET
2009-05-07 16:04 . 2009-05-07 16:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-07 15:50 . 2009-05-07 15:50 -------- d-----w- c:\program files\CONEXANT
2009-05-07 15:34 . 2009-05-07 15:31 -------- d-----w- c:\program files\Realtek
2009-05-07 15:33 . 2009-05-07 15:33 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2009-05-07 15:31 . 2009-05-07 15:31 315392 ----a-w- c:\windows\HideWin.exe
2009-05-07 15:29 . 2009-05-07 15:29 -------- d-----w- c:\program files\Intel
2009-05-07 15:01 . 2009-05-07 14:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 14:41 . 2009-05-07 14:41 -------- d-----w- c:\program files\microsoft frontpage
2009-05-07 14:38 . 2009-05-07 14:38 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-05-17_12.28.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 05:18 . 2004-04-05 21:01 45139 c:\windows\system32\RMBin\tools\videolumaadj.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 49249 c:\windows\system32\RMBin\tools\videocolorconverter.dll
+ 2009-05-20 05:18 . 2004-04-05 21:03 77920 c:\windows\system32\RMBin\tools\rnaudiopacketizer.dll
+ 2009-05-20 05:18 . 2004-04-05 21:03 69718 c:\windows\system32\RMBin\tools\rnaudiocodec.dll
+ 2009-05-20 05:18 . 2004-04-05 21:02 86110 c:\windows\system32\RMBin\tools\rmsessionformat.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 57443 c:\windows\system32\RMBin\tools\mpeg4audiopacketizer.dll
+ 2009-05-20 05:18 . 2004-04-05 20:59 53321 c:\windows\system32\RMBin\tools\mediasink.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 53325 c:\windows\system32\RMBin\tools\eventpack.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 36864 c:\windows\system32\RMBin\tools\enlv3260.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 53327 c:\windows\system32\RMBin\tools\audiometer.dll
+ 2009-05-20 05:18 . 2004-04-05 21:04 65634 c:\windows\system32\RMBin\tools\audiolosslesscodec.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 49235 c:\windows\system32\RMBin\tools\audiolimiter.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 53341 c:\windows\system32\RMBin\tools\audiofmtconverter.dll
+ 2009-05-20 05:18 . 2004-04-05 21:08 61493 c:\windows\system32\RMBin\plugins\smplfsys.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 61440 c:\windows\system32\RMBin\plugins\sdpp3260.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 45056 c:\windows\system32\RMBin\plugins\rn5a3260.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 40960 c:\windows\system32\RMBin\plugins\basc3260.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 49152 c:\windows\system32\RMBin\plugins\auth3260.dll
+ 2009-05-20 05:18 . 2004-04-05 21:05 65602 c:\windows\system32\RMBin\codecs\cook.dll
+ 2009-05-20 05:18 . 2003-05-21 23:50 73793 c:\windows\system32\RMBin\codecs\atrc.dll
+ 2001-09-19 12:00 . 2009-06-15 13:47 59576 c:\windows\system32\perfc009.dat
+ 2009-05-20 05:18 . 2009-05-20 05:19 90112 c:\windows\system32\agsaami.dll
+ 2009-05-20 05:18 . 2009-05-20 05:18 53760 c:\windows\system\ppacklib.dll
+ 2009-05-20 05:18 . 2004-04-05 21:04 106582 c:\windows\system32\RMBin\tools\rnvideocodec.dll
+ 2009-05-20 05:18 . 2004-04-05 21:00 241736 c:\windows\system32\RMBin\tools\rmwriter.dll
+ 2009-05-20 05:18 . 2004-02-24 07:19 356352 c:\windows\system32\RMBin\tools\rmto3260.dll
+ 2009-05-20 05:18 . 2004-02-24 07:19 548864 c:\windows\system32\RMBin\tools\rmme3260.dll
+ 2009-05-20 05:18 . 2004-04-05 20:59 856132 c:\windows\system32\RMBin\tools\encsession.dll
+ 2009-05-20 05:18 . 2004-04-05 21:01 327767 c:\windows\system32\RMBin\tools\audioresampler.dll
+ 2009-05-20 05:18 . 2002-12-06 11:02 272896 c:\windows\system32\RMBin\pncrt.dll
+ 2009-05-20 05:18 . 2004-04-05 21:06 262204 c:\windows\system32\RMBin\plugins\rmwrtr.dll
+ 2009-05-20 05:18 . 2004-04-05 21:05 102465 c:\windows\system32\RMBin\codecs\sipr.dll
+ 2009-05-20 05:18 . 2004-04-05 21:05 155702 c:\windows\system32\RMBin\codecs\ralf.dll
+ 2009-05-20 05:18 . 2004-04-05 21:05 548940 c:\windows\system32\RMBin\codecs\raac.dll
+ 2009-05-20 05:18 . 2004-04-05 21:08 479298 c:\windows\system32\RMBin\codecs\erv4.dll
+ 2009-05-20 05:18 . 2004-04-05 21:07 266306 c:\windows\system32\RMBin\codecs\erv3.dll
+ 2009-05-20 05:18 . 2005-01-19 14:45 376899 c:\windows\system32\RMBin\codecs\erv2.dll
+ 2009-05-20 05:18 . 2004-07-02 14:33 327749 c:\windows\system32\RMBin\codecs\drvc.dll
+ 2009-05-20 05:18 . 2004-07-02 14:33 176195 c:\windows\system32\RMBin\codecs\drv2.dll
+ 2009-05-20 05:18 . 2004-07-02 14:33 102464 c:\windows\system32\RMBin\codecs\drv1.dll
+ 2009-05-20 05:18 . 2004-04-05 21:04 548919 c:\windows\system32\RMBin\codecs\colorcvt.dll
+ 2001-09-19 12:00 . 2009-06-15 13:47 395336 c:\windows\system32\perfh009.dat
+ 2009-05-20 05:18 . 2009-05-20 05:19 196608 c:\windows\system32\maag.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 237568 c:\windows\system32\lame_enc.dll
+ 2008-10-03 23:29 . 2004-08-03 21:38 700928 c:\windows\system32\drivers\ati2mtag.sys
+ 2008-10-03 22:00 . 2004-08-03 21:55 516768 c:\windows\system32\dllcache\ativvaxx.dll
+ 2008-10-03 23:29 . 2004-08-03 21:38 700928 c:\windows\system32\dllcache\ati2mtag.sys
+ 2008-10-03 22:40 . 2004-08-03 21:55 201728 c:\windows\system32\dllcache\ati2dvag.dll
+ 2008-10-03 21:32 . 2004-08-03 21:55 229376 c:\windows\system32\dllcache\ati2cqag.dll
+ 2008-10-03 22:00 . 2004-08-03 21:55 516768 c:\windows\system32\ativvaxx.dll
+ 2008-10-03 22:40 . 2004-08-03 21:55 201728 c:\windows\system32\ati2dvag.dll
+ 2008-10-03 21:32 . 2004-08-03 21:55 229376 c:\windows\system32\ati2cqag.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 823296 c:\windows\system32\agsaamh.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 610304 c:\windows\system32\agsaamg.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 671869 c:\windows\system32\agsaame.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 643072 c:\windows\system32\agsaamd.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 372736 c:\windows\system32\agsaamc.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 638976 c:\windows\system32\agsaamb.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 315392 c:\windows\system32\agsaama.dll
- 2009-05-07 15:00 . 2009-05-07 15:00 166912 c:\windows\Installer\{350C97B7-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
+ 2009-06-15 16:35 . 2009-06-15 16:35 166912 c:\windows\Installer\{350C97B7-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
+ 2008-10-03 22:17 . 2004-08-03 21:55 1888992 c:\windows\system32\dllcache\ati3duag.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 1212416 c:\windows\system32\ckll.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 1245184 c:\windows\system32\bkll.dll
+ 2008-10-03 22:17 . 2004-08-03 21:55 1888992 c:\windows\system32\ati3duag.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 1986560 c:\windows\system32\akll.dll
+ 2009-05-20 05:18 . 2009-05-20 05:19 2535424 c:\windows\system32\agsaamj.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-07 949376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-07 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-05-07 15424]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
.
- - - - ORPHANS REMOVED - - - -
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = 127.0.0.1:4001
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-15 19:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\imon.dll
.
Completion time: 2009-06-15 20:00
ComboFix-quarantined-files.txt 2009-06-15 17:00
ComboFix2.txt 2009-05-17 12:28
Pre-Run: 63,916,728,320 bytes free
Post-Run: 65,150,337,024 bytes free
223
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
التقارير تعتبر سليمه
المشكلة انه عندك اكسبلور اصدار 6
وهالأصدار قديم وفيه مشاكل كثيره
رابط تحميل الاكسبلورر 7
رابط التعريب
طريقة التعريب
اغلق الاكسبلورر بعد التثبيت ثم دبل كلك على ملف التعريب وثبت بشكل عادي
وبإذن الله رح تزول المشكلة
المشكلة انه عندك اكسبلور اصدار 6
وهالأصدار قديم وفيه مشاكل كثيره
رابط تحميل الاكسبلورر 7
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
رابط التعريب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
طريقة التعريب
اغلق الاكسبلورر بعد التثبيت ثم دبل كلك على ملف التعريب وثبت بشكل عادي
وبإذن الله رح تزول المشكلة
توقيع : AbOdy
تأييد
0
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
مرحباً ...
عن أذن البطل ...
عطيني أخي تقرير هايجك جديد ...
عن أذن البطل ...
عطيني أخي تقرير هايجك جديد ...
توقيع : MMA_LORD_735
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49, on 2009-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\User\سطح المكتب\reem\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 3402 bytes
Scan saved at 20:49, on 2009-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\User\سطح المكتب\reem\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 3402 bytes
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
حددي القيم واحذفيها
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
طريقة الحذف
.png)
.png)
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ويفضل اغلاق الأكسبلور عند حذف القيم
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ويفضل اغلاق الأكسبلور عند حذف القيم
توقيع : AbOdy
تأييد
0
- الحالة