- بادئ الموضوع همسه غلا
- تاريخ البدء
- 822
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
و عليكم السلام و رحمة الله و بركته ...
حياك الله ...
أعمل التالي ...
حمل هذه الأداة ...
شغلها و روح على [ Do a system scan and save log ] ...
شوي و يعطيك تقرير داخل مفكرة ...
أنسخه كاملا ً ... و بشكل صحيح ...
و لصقه في ردك القادم ...
حياك الله ...
أعمل التالي ...
حمل هذه الأداة ...
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغلها و روح على [ Do a system scan and save log ] ...
شوي و يعطيك تقرير داخل مفكرة ...
أنسخه كاملا ً ... و بشكل صحيح ...
و لصقه في ردك القادم ...
توقيع : MMA_LORD_735
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:09:27 م, on 16/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\XP-2FD279E5.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrbywp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O4 - HKLM\..\Run: [XP-2FD279E5] C:\WINDOWS\system32\XP-2FD279E5.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: ،،،،،،.lnk = C:\WINDOWS\system32\XP-2FD279E5.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6145\SAService.exe
--
End of file - 9916 bytes
Scan saved at 06:09:27 م, on 16/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\XP-2FD279E5.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrbywp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O4 - HKLM\..\Run: [XP-2FD279E5] C:\WINDOWS\system32\XP-2FD279E5.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: ،،،،،،.lnk = C:\WINDOWS\system32\XP-2FD279E5.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} (clsUMS Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6145\SAService.exe
--
End of file - 9916 bytes
تأييد
0
kemo_2009
زيزوومى مميز
غير متصل
احذفي التالي من تقريرك
شكله فيروس ماسنجر
سوي هذه الطريقة عشان اعرف اذا كان فيروس الماسنجر
اضغطي ابدا >> تشغيل
ثم اكتبي regedit
اذا اتتك رسالة مكتوب فيها ( تم تعطيل ادارة التسجيل من قبل المسوؤل )
فهذا معناه انه فيروس
ادخلي على هذا الموضوع اذا اتتك الرسالة
اما اذا لم تات الرسالة وفح لك محرر التسجيل
فالكمبيوتر سليم وجاري البحث عن حل
انصحك تسوي scan للكمبيوتر للبحث عن الفيروسات مع تحديث مكافح الفيروسات
PHP:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
PHP:
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
PHP:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
PHP:
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://67.198.202.154/ReadUid.CABطريقة الحذف
شكله فيروس ماسنجر
سوي هذه الطريقة عشان اعرف اذا كان فيروس الماسنجر
اضغطي ابدا >> تشغيل
ثم اكتبي regedit
اذا اتتك رسالة مكتوب فيها ( تم تعطيل ادارة التسجيل من قبل المسوؤل )
فهذا معناه انه فيروس
ادخلي على هذا الموضوع اذا اتتك الرسالة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اما اذا لم تات الرسالة وفح لك محرر التسجيل
فالكمبيوتر سليم وجاري البحث عن حل
انصحك تسوي scan للكمبيوتر للبحث عن الفيروسات مع تحديث مكافح الفيروسات
التعديل الأخير بواسطة المشرف:
تأييد
0
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
مرحباً ...
عذراً على تأخير أخي ...
الله يعطكون العافية ...
أعمل التالي بترتــــيب ...
أولاً أغلق الأنتي فايروس ألي عندك ...
ثم ... حمل هذه الاداة ...
شغلها ... تظهر لك رسالة أضغط على [ Yes ] ...
تظهر رسالة بعدها مباشرة أيضاً أضغط على [ Yes ] ...
لح تشتغل الاداة و تسوي فحص ...
<< أثناء الفحص ممكن يسوي الجهاز ريستارد << أعادة تشغيل ...
بعد أعادة التشغيل ... تعود الاداة و تكمل فحص ...
أنتظر ولا تفتح أي برنامج حتى يظهر لك التقرير داخل مفكرة ...
و بهذا يكون أنتهى الفحص و التنظيف ...
أنسخ التقرير بشكل كامل ... و صحيح ...
و لصقه في ردك القادم ...
عذراً على تأخير أخي ...
الله يعطكون العافية ...
أعمل التالي بترتــــيب ...
أولاً أغلق الأنتي فايروس ألي عندك ...
ثم ... حمل هذه الاداة ...
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغلها ... تظهر لك رسالة أضغط على [ Yes ] ...
تظهر رسالة بعدها مباشرة أيضاً أضغط على [ Yes ] ...
لح تشتغل الاداة و تسوي فحص ...
<< أثناء الفحص ممكن يسوي الجهاز ريستارد << أعادة تشغيل ...
بعد أعادة التشغيل ... تعود الاداة و تكمل فحص ...
أنتظر ولا تفتح أي برنامج حتى يظهر لك التقرير داخل مفكرة ...
و بهذا يكون أنتهى الفحص و التنظيف ...
أنسخ التقرير بشكل كامل ... و صحيح ...
و لصقه في ردك القادم ...
توقيع : MMA_LORD_735
تأييد
0
ComboFix 09-06-16.05 - Administrator 06/17/2009 14:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1014.595 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\com.run
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\dp1.fne
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\eAPI.fne
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\internet.fne
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\krnln.fnr
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\RegEx.fnr
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\shell.fne
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\spec.fne
c:\documents and settings\Administrator\Start Menu\Programs\Startup\،،،،،،.lnk
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\internet.fne
c:\windows\system32\kakle.dll
c:\windows\system32\krnln.fnr
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll
c:\windows\system32\winitn.dll
c:\windows\system32\XP-2FD279E5.EXE
.
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.
2009-06-17 10:51 . 2009-06-17 10:51 -------- d-----w- c:\windows\LastGood
2009-06-15 13:16 . 2009-06-15 13:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-15 13:12 . 2009-06-15 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-06-15 13:12 . 2009-06-15 13:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2009-06-14 03:37 . 2009-06-14 03:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-07 00:54 . 2008-04-14 11:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-03 19:03 . 2009-06-03 20:12 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-30 15:09 . 2009-05-30 15:09 -------- d-----w- c:\windows\system32\LogFiles
2009-05-29 01:13 . 2009-06-17 07:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-05-29 01:13 . 2009-05-29 01:13 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-29 01:10 . 2009-06-17 08:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-05-28 22:43 . 2009-05-28 22:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-05-24 21:31 . 2008-08-26 13:17 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-05-24 21:31 . 2008-07-24 09:02 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-05-24 21:31 . 2008-04-14 06:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-05-24 21:31 . 2007-08-09 01:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-05-24 21:31 . 2009-05-24 21:31 -------- d-----w- c:\program files\Zain e-GO
2009-05-24 21:30 . 2008-04-13 21:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-24 21:30 . 2008-04-13 21:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-24 05:09 . 2009-05-24 05:09 -------- d-----w- c:\program files\LtUcx
2009-05-24 03:45 . 2009-06-03 05:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-05-24 03:20 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-05-24 03:17 . 2009-05-24 03:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-24 02:55 . 2009-05-24 02:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-24 02:01 . 2001-08-17 19:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-05-24 02:01 . 2001-08-17 19:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-05-24 02:01 . 2001-08-17 19:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-05-24 02:01 . 2001-08-17 19:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-05-24 02:01 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-05-24 02:01 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-05-24 02:01 . 2001-08-17 11:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-05-24 02:01 . 2001-08-17 11:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-05-24 02:01 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-05-24 02:01 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-05-24 02:01 . 2008-04-14 02:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-05-24 02:01 . 2008-04-14 02:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-05-24 01:59 . 2009-05-24 02:00 -------- d-----w- c:\program files\Ask Search Assistant
2009-05-24 01:57 . 2009-06-06 18:38 -------- d-----w- c:\documents and settings\Administrator\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 14:20 . 2009-05-22 23:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\SiteAdvisor
2009-06-03 19:05 . 2009-05-22 23:26 -------- d-----w- c:\program files\MSN Messenger
2009-06-03 19:02 . 2009-05-22 23:28 -------- d-----w- c:\program files\Windows Live
2009-05-24 04:53 . 2009-05-22 23:28 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-24 03:25 . 2009-05-22 21:49 73792 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 10:27 . 2009-05-22 23:30 -------- d-----w- c:\program files\Google
2009-05-23 00:01 . 2009-05-22 22:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 00:01 . 2009-05-23 00:00 -------- d-----w- c:\program files\Creative
2009-05-22 23:48 . 2009-05-22 23:40 -------- d-----w- c:\program files\McAfee
2009-05-22 23:45 . 2009-05-22 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-22 23:44 . 2009-05-22 23:44 -------- d-----w- c:\program files\SiteAdvisor
2009-05-22 23:44 . 2009-05-22 23:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\SiteAdvisor
2009-05-22 23:44 . 2009-05-22 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-22 23:43 . 2009-05-22 23:40 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-22 23:41 . 2009-05-22 23:40 -------- d-----w- c:\program files\McAfee.com
2009-05-22 23:37 . 2009-05-22 23:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-22 23:34 . 2009-05-22 23:33 -------- d-----w- c:\program files\CyberLink
2009-05-22 23:33 . 2009-05-22 22:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-22 23:33 . 2009-05-22 23:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-05-22 23:32 . 2009-05-22 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-22 23:32 . 2009-05-22 23:32 -------- d-----w- c:\program files\Yahoo!
2009-05-22 23:32 . 2009-05-22 23:32 -------- d-----w- c:\program files\VideoLAN
2009-05-22 23:31 . 2009-05-22 23:31 -------- d-----w- c:\program files\mpegable
2009-05-22 23:31 . 2009-05-22 23:31 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-22 23:31 . 2009-05-22 23:31 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-22 23:31 . 2009-05-22 23:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-05-22 23:21 . 2009-05-22 21:43 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-22 23:18 . 2009-05-22 23:18 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-22 23:18 . 2009-05-22 23:18 -------- d-----w- c:\program files\Real
2009-05-22 23:18 . 2009-05-22 23:18 -------- d-----w- c:\program files\Common Files\Real
2009-05-22 23:18 . 2009-05-22 23:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-22 23:18 . 2009-05-22 23:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-22 23:12 . 2009-05-22 23:12 -------- d-----w- c:\program files\Ahead
2009-05-22 23:12 . 2009-05-22 23:12 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-22 23:11 . 2009-05-22 23:11 2232 ----a-w- c:\windows\java\Packages\Data\Z5BJVNHJ.DAT
2009-05-22 23:11 . 2009-05-22 23:11 155995 ----a-w- c:\windows\java\Packages\BVZVNRTR.ZIP
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\EU9FXF39.DAT
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\JT7JVX7H.DAT
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\ZXJHJ3DB.DAT
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\PF37RZP3.DAT
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\G1NB3NNN.DAT
2009-05-22 23:10 . 2009-05-22 23:10 -------- d-----w- c:\program files\ACD
2009-05-22 23:02 . 2009-05-22 23:02 -------- d-----w- c:\program files\Microsoft.NET
2009-05-22 22:39 . 2009-05-22 22:39 -------- d-----w- c:\program files\SigmaTel
2009-05-22 22:38 . 2009-05-22 22:21 -------- d-----w- c:\program files\CONEXANT
2009-05-22 21:44 . 2009-05-22 21:44 -------- d-----w- c:\program files\microsoft frontpage
2009-05-22 21:40 . 2009-05-22 21:40 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-22 21:40 . 2009-05-22 21:40 -------- d-----w- c:\program files\Windows Media Connect 2
.
------- Sigcheck -------
[-] 2009-01-11 21:05 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-05-22 241080]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5748080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 211736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 124464]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-01-17 152144]
"SiteAdvisor"="c:\program files\SiteAdvisor\6145\SiteAdv.exe" [2007-06-21 36640]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-01-19 1152552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-22 259624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-23 195584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\program files\\mcafee\\mpf\\mc\\mpfalert.exe"=
"c:\\Program Files\\McAfee\\MPS\\mpsevh.exe"=
"c:\\WINDOWS\\V0330Mon.exe"=
"c:\\PROGRA~1\\McAfee\\MSC\\mcupdmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\program files\\mcafee\\msc\\mcuimgr.exe"=
"c:\\PROGRA~1\\ACD\\ACDSee\\ACDSee.exe"=
"c:\\Program Files\\McAfee\\MSK\\MskAgent.exe"=
"c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvsmap.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\SigmaTel\\C-Major Audio\\WDM\\stsystra.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [12/01/2009 12:04 ص 124928]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\npkphn.sys --> c:\windows\system32\drivers\npkphn.sys [?]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [23/05/2009 03:00 ص 157696]
.
Contents of the 'Scheduled Tasks' folder
2009-05-22 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-05-22 15:02]
2009-05-22 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-05-22 15:02]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-XP-2FD279E5 - c:\windows\system32\XP-2FD279E5.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.kw/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} - hxxp://voice4.alyaqot-voice.com/imscp/talkc38.cab
DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} - hxxp://voice4.alyaqot-voice.com/imscp/talka.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://174.36.94.105:1999/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://174.36.224.242/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-17 14:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-17 14:20
ComboFix-quarantined-files.txt 2009-06-17 11:20
Pre-Run: 19,693,187,072 bytes free
Post-Run: 22,119,505,920 bytes free
264
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1014.595 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\com.run
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\dp1.fne
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\eAPI.fne
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\internet.fne
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\krnln.fnr
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\RegEx.fnr
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\shell.fne
c:\docume~1\ADMINI~1\LOCALS~1\Temp\E_4\spec.fne
c:\documents and settings\Administrator\Start Menu\Programs\Startup\،،،،،،.lnk
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\internet.fne
c:\windows\system32\kakle.dll
c:\windows\system32\krnln.fnr
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll
c:\windows\system32\winitn.dll
c:\windows\system32\XP-2FD279E5.EXE
.
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.
2009-06-17 10:51 . 2009-06-17 10:51 -------- d-----w- c:\windows\LastGood
2009-06-15 13:16 . 2009-06-15 13:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-15 13:12 . 2009-06-15 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-06-15 13:12 . 2009-06-15 13:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2009-06-14 03:37 . 2009-06-14 03:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-06-07 00:54 . 2008-04-14 11:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-03 19:03 . 2009-06-03 20:12 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-30 15:09 . 2009-05-30 15:09 -------- d-----w- c:\windows\system32\LogFiles
2009-05-29 01:13 . 2009-06-17 07:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-05-29 01:13 . 2009-05-29 01:13 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-29 01:10 . 2009-06-17 08:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-05-28 22:43 . 2009-05-28 22:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-05-24 21:31 . 2008-08-26 13:17 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-05-24 21:31 . 2008-07-24 09:02 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-05-24 21:31 . 2008-04-14 06:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-05-24 21:31 . 2007-08-09 01:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-05-24 21:31 . 2009-05-24 21:31 -------- d-----w- c:\program files\Zain e-GO
2009-05-24 21:30 . 2008-04-13 21:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-24 21:30 . 2008-04-13 21:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-24 05:09 . 2009-05-24 05:09 -------- d-----w- c:\program files\LtUcx
2009-05-24 03:45 . 2009-06-03 05:14 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-05-24 03:20 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-05-24 03:17 . 2009-05-24 03:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-24 02:55 . 2009-05-24 02:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-24 02:01 . 2001-08-17 19:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-05-24 02:01 . 2001-08-17 19:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-05-24 02:01 . 2001-08-17 19:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-05-24 02:01 . 2001-08-17 19:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-05-24 02:01 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-05-24 02:01 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-05-24 02:01 . 2001-08-17 11:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-05-24 02:01 . 2001-08-17 11:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-05-24 02:01 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-05-24 02:01 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-05-24 02:01 . 2008-04-14 02:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-05-24 02:01 . 2008-04-14 02:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-05-24 01:59 . 2009-05-24 02:00 -------- d-----w- c:\program files\Ask Search Assistant
2009-05-24 01:57 . 2009-06-06 18:38 -------- d-----w- c:\documents and settings\Administrator\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 14:20 . 2009-05-22 23:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\SiteAdvisor
2009-06-03 19:05 . 2009-05-22 23:26 -------- d-----w- c:\program files\MSN Messenger
2009-06-03 19:02 . 2009-05-22 23:28 -------- d-----w- c:\program files\Windows Live
2009-05-24 04:53 . 2009-05-22 23:28 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-24 03:25 . 2009-05-22 21:49 73792 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 10:27 . 2009-05-22 23:30 -------- d-----w- c:\program files\Google
2009-05-23 00:01 . 2009-05-22 22:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 00:01 . 2009-05-23 00:00 -------- d-----w- c:\program files\Creative
2009-05-22 23:48 . 2009-05-22 23:40 -------- d-----w- c:\program files\McAfee
2009-05-22 23:45 . 2009-05-22 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-22 23:44 . 2009-05-22 23:44 -------- d-----w- c:\program files\SiteAdvisor
2009-05-22 23:44 . 2009-05-22 23:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\SiteAdvisor
2009-05-22 23:44 . 2009-05-22 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-22 23:43 . 2009-05-22 23:40 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-22 23:41 . 2009-05-22 23:40 -------- d-----w- c:\program files\McAfee.com
2009-05-22 23:37 . 2009-05-22 23:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-22 23:34 . 2009-05-22 23:33 -------- d-----w- c:\program files\CyberLink
2009-05-22 23:33 . 2009-05-22 22:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-22 23:33 . 2009-05-22 23:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-05-22 23:32 . 2009-05-22 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-22 23:32 . 2009-05-22 23:32 -------- d-----w- c:\program files\Yahoo!
2009-05-22 23:32 . 2009-05-22 23:32 -------- d-----w- c:\program files\VideoLAN
2009-05-22 23:31 . 2009-05-22 23:31 -------- d-----w- c:\program files\mpegable
2009-05-22 23:31 . 2009-05-22 23:31 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-22 23:31 . 2009-05-22 23:31 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-22 23:31 . 2009-05-22 23:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Paltalk
2009-05-22 23:21 . 2009-05-22 21:43 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-22 23:18 . 2009-05-22 23:18 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-22 23:18 . 2009-05-22 23:18 -------- d-----w- c:\program files\Real
2009-05-22 23:18 . 2009-05-22 23:18 -------- d-----w- c:\program files\Common Files\Real
2009-05-22 23:18 . 2009-05-22 23:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-22 23:18 . 2009-05-22 23:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-22 23:12 . 2009-05-22 23:12 -------- d-----w- c:\program files\Ahead
2009-05-22 23:12 . 2009-05-22 23:12 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-22 23:11 . 2009-05-22 23:11 2232 ----a-w- c:\windows\java\Packages\Data\Z5BJVNHJ.DAT
2009-05-22 23:11 . 2009-05-22 23:11 155995 ----a-w- c:\windows\java\Packages\BVZVNRTR.ZIP
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\EU9FXF39.DAT
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\JT7JVX7H.DAT
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\ZXJHJ3DB.DAT
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\PF37RZP3.DAT
2009-05-22 23:11 . 2009-05-22 23:11 2678 ----a-w- c:\windows\java\Packages\Data\G1NB3NNN.DAT
2009-05-22 23:10 . 2009-05-22 23:10 -------- d-----w- c:\program files\ACD
2009-05-22 23:02 . 2009-05-22 23:02 -------- d-----w- c:\program files\Microsoft.NET
2009-05-22 22:39 . 2009-05-22 22:39 -------- d-----w- c:\program files\SigmaTel
2009-05-22 22:38 . 2009-05-22 22:21 -------- d-----w- c:\program files\CONEXANT
2009-05-22 21:44 . 2009-05-22 21:44 -------- d-----w- c:\program files\microsoft frontpage
2009-05-22 21:40 . 2009-05-22 21:40 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-22 21:40 . 2009-05-22 21:40 -------- d-----w- c:\program files\Windows Media Connect 2
.
------- Sigcheck -------
[-] 2009-01-11 21:05 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-05-22 241080]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5748080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 211736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 124464]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-01-17 152144]
"SiteAdvisor"="c:\program files\SiteAdvisor\6145\SiteAdv.exe" [2007-06-21 36640]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-01-19 1152552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-22 259624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-23 195584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\program files\\mcafee\\mpf\\mc\\mpfalert.exe"=
"c:\\Program Files\\McAfee\\MPS\\mpsevh.exe"=
"c:\\WINDOWS\\V0330Mon.exe"=
"c:\\PROGRA~1\\McAfee\\MSC\\mcupdmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=
"c:\\program files\\mcafee\\msc\\mcuimgr.exe"=
"c:\\PROGRA~1\\ACD\\ACDSee\\ACDSee.exe"=
"c:\\Program Files\\McAfee\\MSK\\MskAgent.exe"=
"c:\\PROGRA~1\\mcafee\\VIRUSS~1\\mcvsmap.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\SigmaTel\\C-Major Audio\\WDM\\stsystra.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\MSN Messenger\\usnsvc.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [12/01/2009 12:04 ص 124928]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\npkphn.sys --> c:\windows\system32\drivers\npkphn.sys [?]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [23/05/2009 03:00 ص 157696]
.
Contents of the 'Scheduled Tasks' folder
2009-05-22 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-05-22 15:02]
2009-05-22 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-05-22 15:02]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-XP-2FD279E5 - c:\windows\system32\XP-2FD279E5.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.kw/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} - hxxp://voice4.alyaqot-voice.com/imscp/talkc38.cab
DPF: {9E45BE3C-DE06-4492-AB7D-E51447CF2ED0} - hxxp://voice4.alyaqot-voice.com/imscp/talka.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://174.36.94.105:1999/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://174.36.224.242/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-17 14:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-17 14:20
ComboFix-quarantined-files.txt 2009-06-17 11:20
Pre-Run: 19,693,187,072 bytes free
Post-Run: 22,119,505,920 bytes free
264
تأييد
0
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
أيضاً عذراً على تأخير :q: ...
عطينا تقرير هايجك جديد ...
<< أول مشاركة لي ...
عطينا تقرير هايجك جديد ...
<< أول مشاركة لي ...
توقيع : MMA_LORD_735
تأييد
0