مشكلة في الاكسبلورا + تقرير الهايجاك

[tedatasoft]

السلام عليكم

الانترنت اكسبورا والفايروكس او اي متصفح يعنى لما بتفح النت وافتح يجيبلى

the page cannot displayed

واضغط تحديث كذا مرة وبعد كدة يشتغل وبعد كدة يجيبها تانى ويشتغل تانى وهكذا

وده تقرير الهايجالك

Logfile of HijackThis v1.99.1
Scan saved at 06:04:18 ص, on 17/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\igfxsrvc.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\winhveuht.exe
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\winoqfht.exe
H:\المنتديات\منتدى الربيع\منتدى te data\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: is-UUHA3.lnk = C:\Documents and Settings\prof.ahmed4d.XPWINDOWS7\Desktop\Virus Removal Tool\is-UUHA3\startup.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS.0\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\wpdshserviceobj.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: WMI Sync DB (WMISYMD) - Unknown owner - C:\WINDOWS.0\system\wmisym.exe

 

[ugugx]

يرجى وضع التقرير كامل وبدون تنسيق ولا اقتباس
​

 

[tedatasoft]

Logfile of HijackThis v1.99.1
Scan saved at 06:04:18 ص, on 17/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\igfxsrvc.exe
C:\WINDOWS.0\system32\hkcmd.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\winhveuht.e xe
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\winoqfht.ex e
H:\المنتديات\منتدى الربيع\منتدى te data\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.0\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: is-UUHA3.lnk = C:\Documents and Settings\prof.ahmed4d.XPWINDOWS7\Desktop\Virus Removal Tool\is-UUHA3\startup.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS.0\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\wpdshserviceobj.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: WMI Sync DB (WMISYMD) - Unknown owner - C:\WINDOWS.0\system\wmisym.exe

 

[أعتز بك]

أخي لا تقم بالنسخ من الأقتباس ووضعه في ردك

أعمل تقرير جديد وأنسخه

 

[tedatasoft]

Logfile of HijackThis v1.99.1
Scan saved at 11:46:25 ص, on 19/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\windhya.exe
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\dnofea.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\winpfpik.exe
H:\المنتديات\منتدى الربيع\منتدى te data\hijackthis_199\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: WMI Sync DB (WMISYMD) - Unknown owner - C:\WINDOWS.0\system\wmisym.exe

 

[tedatasoft]

وده تقرير ال ComboFix

ComboFix 09-04-03.01 - prof.ahmed4d 06/19/2009 8:05:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1015.659 [GMT 7:00]
Running from: h:\برامج رائعة\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows.0\system32\drivers\sysdrv32.sys
.
---- Previous Run -------
.
c:\windows.0\system32\drivers\sysdrv32.sys

.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 01:06 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\DMCache
2009-06-19 00:57 13,817,888 --sha-w c:\windows.0\system32\drivers\fidbox.dat
2009-06-18 23:35 --------- d-----w c:\program files\Team JPN
2009-06-18 21:43 147,344 --sha-w c:\windows.0\system32\drivers\fidbox.idx
2009-06-17 09:10 --------- d-----w c:\program files\microsoft frontpage
2009-06-17 09:10 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Microsoft Web Folders
2009-06-16 19:36 237,568 ----a-w c:\windows.0\system32\NeroCheck.exe
2009-06-16 19:36 147,456 ------r c:\windows.0\Alcmtr.exe
2009-06-16 19:34 317,976 ----a-w c:\windows.0\system32\hkcmd.exe
2009-06-16 19:34 301,592 ----a-w c:\windows.0\system32\igfxtray.exe
2009-06-16 19:34 285,208 ----a-w c:\windows.0\system32\igfxpers.exe
2009-06-16 16:31 845,312 ----a-w c:\windows.0\system32\bq.exe
2009-06-16 16:26 845,312 ----a-w c:\windows.0\system32\sg.exe
2009-06-16 16:15 845,312 ----a-w c:\windows.0\system32\cg.exe
2009-06-15 19:05 315,392 ----a-w c:\windows.0\HideWin.exe
2009-06-15 19:05 16,608 ----a-w c:\windows.0\gdrv.sys
2009-06-14 18:52 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Saba
2009-06-14 18:52 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Centra
2009-06-14 18:43 --------- d-----w c:\program files\Centra
2009-06-14 00:43 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Thinstall
2009-06-13 23:40 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\FastStone
2009-06-13 22:07 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\VitySoft
2009-06-13 21:39 410,984 ----a-w c:\windows.0\system32\deploytk.dll
2009-06-13 21:39 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\McAfee
2009-06-12 19:15 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\uTorrent
2009-06-11 11:57 --------- d-----w c:\program files\Dracula Origin
2009-06-10 11:06 --------- d-----w c:\program files\WorldOfGoo
2009-06-10 05:08 --------- d-----w c:\program files\Neighbours From Hell 5
2009-06-09 20:12 --------- d-----w c:\program files\Microsoft Windows Vista Upgrade Advisor
2009-06-09 20:12 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft Corporation
2009-06-08 15:09 --------- d-----w c:\program files\Ahead
2009-06-08 09:36 --------- d-----w c:\program files\Common Files\Ahead
2009-06-08 09:34 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Ahead
2009-06-08 00:13 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Download Manager
2009-06-07 04:05 --------- d-----w c:\program files\Real
2009-06-07 04:04 --------- d-----w c:\program files\MSN Messenger
2009-06-06 15:37 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\FlashFXP
2009-06-06 09:12 155,995 ----a-w c:\windows.0\java\Packages\0ZZHZBTB.ZIP
2009-06-04 15:30 --------- d-----w c:\program files\UltraISO
2009-06-04 15:28 --------- d-----w c:\program files\Common Files\EZB Systems
2009-06-04 11:28 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\IDM
2009-06-04 06:18 --------- d-----w c:\program files\K-Lite Codec Pack
2009-06-04 05:52 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\GRETECH
2009-06-03 08:32 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Foxit
2009-06-03 06:07 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\2DBoy
2009-06-02 18:24 6,632 ----a-w c:\program files\un_Internet Download Manager_16575.txt
2009-06-02 18:24 --------- d-----w c:\program files\Internet Download Manager
2009-06-02 15:35 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-06-01 22:15 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\InstallShield
2009-06-01 09:31 --------- d-----w c:\program files\Windows Media Connect 2
2009-05-31 14:46 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\uTorrent
2009-05-31 13:46 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\DMCache
2009-05-31 10:48 31,615 ----a-w C:\كتاب الاختراق.zip
2009-05-31 06:46 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\Download Manager
2009-05-28 06:33 --------- d-----w c:\program files\ARAR
2009-05-27 10:01 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\Super-Cow
2009-05-26 09:27 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\GRETECH
2009-05-26 09:26 --------- d-----w c:\program files\GRETECH
2009-05-25 02:49 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\ArcSoft
2009-05-25 02:08 --------- d-----w c:\program files\Readiris Pro 9
2009-05-25 02:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-05-25 01:59 --------- d-----w c:\program files\Common Files\InstallShield
2009-05-24 03:06 --------- d-----w c:\program files\Opera
2009-05-24 00:54 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\Media Player Classic
2009-05-23 01:36 --------- d-----w c:\program files\Ares
2009-05-22 16:38 --------- d-----w c:\program files\Common Files\Business Objects
2009-05-22 02:20 --------- d-----w c:\program files\FLV Player
2009-05-21 01:22 --------- d-----w c:\program files\Google
2009-05-21 01:22 --------- d-----w c:\program files\GameHouse
2009-05-19 18:18 --------- d-----w c:\program files\Microsoft Works
2009-05-18 19:06 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\IDM
2009-05-17 14:56 --------- d-----w c:\program files\Company
2009-05-15 02:41 --------- d-----w c:\program files\Flash Movie Player
2009-05-13 17:26 --------- d-----w c:\program files\ColorPicker v2.06
2009-05-13 09:25 --------- d-----w c:\program files\Common Files\Adobe
2009-05-13 09:17 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-05-12 00:13 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\FlashFXP
2009-05-11 23:34 --------- d-----w c:\program files\Windows Live
2009-05-11 23:34 --------- d-----w c:\program files\Messenger Plus! Live
2009-05-11 23:34 --------- d-----w c:\program files\Circle Deelopement
2009-05-11 23:00 --------- d-----w c:\program files\Nero
2009-05-11 22:49 --------- d-----w c:\program files\ScanDrv6
2009-05-11 21:52 --------- d-----w c:\program files\Yahoo!
2009-05-11 21:52 --------- d-----w c:\program files\Real Alternative
2009-05-11 21:48 --------- d-----w c:\program files\Microsoft.NET
2009-05-11 21:25 --------- d-----w c:\program files\Realtek
2009-05-11 21:24 --------- d-----w c:\program files\Java
2009-05-11 21:23 --------- d-----w c:\program files\iVocalize Web Conference 4
2009-05-11 21:23 --------- d-----w c:\program files\All2Chat
2009-05-11 20:52 --------- d-----w c:\program files\Kaspersky Lab
2009-05-11 20:51 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\InstallShield
2009-05-11 20:49 --------- d-----w c:\program files\uTorrent
2009-05-11 20:49 --------- d-----w c:\program files\Foxit Software
2009-05-11 20:49 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\Foxit
2009-05-11 20:41 --------- d-----w c:\program files\Intel
2009-05-11 20:33 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\OtakuSoftware
2009-05-11 20:32 --------- d-----w c:\program files\Windows7
2009-05-11 20:31 --------- d-----w c:\program files\RocketDock
2009-05-07 06:07 --------- d-----w c:\program files\zAlwil Software
2008-09-28 15:00 439,440 ----a-w c:\program files\un_Internet Download Manager_16575.exe
2009-05-21 01:22 109,568 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

03/21/2008 01:36 AM 578560 f92d8964b5286de225bd2b6bf89764be c:\windows.0\system32\user32.dll

04/28/2008 04:25 PM 920064 88348f8c92c28ba99fe49bd392100ce0 c:\windows.0\system32\wininet.dll

04/28/2008 04:24 PM 547328 a55b8899d2ea2e800061bcfd456e34dc c:\windows.0\system32\winlogon.exe

04/26/2008 10:58 AM 2185216 e184a0cf10cadd2b4f5af0a31e8627d6 c:\windows.0\system32\ntkrnlpa.exe

04/26/2008 10:44 AM 2306560 0f733106a818383806060abc29fe0f3a c:\windows.0\system32\ntoskrnl.exe

08/19/2008 01:17 AM 1616384 4a90f51b778fa0157f60d206e8b37d2a c:\windows.0\explorer.exe

04/28/2008 04:22 PM 25088 b5e8782d4af1b3756f38e11e7c157bbe c:\windows.0\system32\ctfmon.exe

03/21/2008 01:36 AM 989696 9a8d604748d9fe73b66021e5782a4a3c c:\windows.0\system32\kernel32.dll
.
((((((((((((((((((((((((((((( SnapShot@Fri 06-19-2009_ 7.57.00.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-19 01:01:26 16,384 ----atw c:\windows.0\Temp\Perflib_Perfdata_170.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [04/28/2008 04:22 PM 25088]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [04/28/2009 12:01 AM 2938288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [04/26/2008 10:44 AM 123904 c:\windows.0\system32\advpack.dll]

c:\documents and settings\prof.ahmed4d\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 187392]

c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [8/9/2008 9:18:32 PM 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"k:\\sagp.pif"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\WINDOWS.0\\Explorer.EXE"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS.0\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqsnotify.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=

R1 is-UUHA3drv;is-UUHA3drv;c:\windows.0\system32\drivers\15268082.sys [6/17/2009 2:32:13 AM 148496]
R2 WMISYMD;WMI Sync DB;c:\windows.0\system\wmisym.exe [6/16/2009 9:13:37 PM 845312]
R3 abp470n5;abp470n5;\??\c:\windows.0\system32\drivers\lnnlfs.sys --> c:\windows.0\system32\drivers\lnnlfs.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mStart Page = about:blank
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS.0/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Mozilla\Firefox\Profiles\qus36v6c.default\
FF - component: c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Mozilla\Firefox\Profiles\qus36v6c.default\extensions\firedownload@mozilla.org\components\firedownload.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCentraUpdater.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-19 08:06:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows.0\system\wmisym.exe [496] 0x86392DA0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\cscui.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows.0\system32\setupapi.dll
.
Completion time: 06/19/2009 8:08:06
ComboFix-quarantined-files.txt 2009-06-19 01:08:03

Pre-Run: 778,604,544 bytes free
Post-Run: 774,647,808 bytes free

240

 

[tedatasoft]

وده تقرير ال ComboFix

ComboFix 09-04-03.01 - prof.ahmed4d 06/19/2009 8:05:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1015.659 [GMT 7:00]
Running from: h:\برامج رائعة\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows.0\system32\drivers\sysdrv32.sys
.
---- Previous Run -------
.
c:\windows.0\system32\drivers\sysdrv32.sys

.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 01:06 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\DMCache
2009-06-19 00:57 13,817,888 --sha-w c:\windows.0\system32\drivers\fidbox.dat
2009-06-18 23:35 --------- d-----w c:\program files\Team JPN
2009-06-18 21:43 147,344 --sha-w c:\windows.0\system32\drivers\fidbox.idx
2009-06-17 09:10 --------- d-----w c:\program files\microsoft frontpage
2009-06-17 09:10 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Microsoft Web Folders
2009-06-16 19:36 237,568 ----a-w c:\windows.0\system32\NeroCheck.exe
2009-06-16 19:36 147,456 ------r c:\windows.0\Alcmtr.exe
2009-06-16 19:34 317,976 ----a-w c:\windows.0\system32\hkcmd.exe
2009-06-16 19:34 301,592 ----a-w c:\windows.0\system32\igfxtray.exe
2009-06-16 19:34 285,208 ----a-w c:\windows.0\system32\igfxpers.exe
2009-06-16 16:31 845,312 ----a-w c:\windows.0\system32\bq.exe
2009-06-16 16:26 845,312 ----a-w c:\windows.0\system32\sg.exe
2009-06-16 16:15 845,312 ----a-w c:\windows.0\system32\cg.exe
2009-06-15 19:05 315,392 ----a-w c:\windows.0\HideWin.exe
2009-06-15 19:05 16,608 ----a-w c:\windows.0\gdrv.sys
2009-06-14 18:52 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Saba
2009-06-14 18:52 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Centra
2009-06-14 18:43 --------- d-----w c:\program files\Centra
2009-06-14 00:43 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Thinstall
2009-06-13 23:40 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\FastStone
2009-06-13 22:07 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\VitySoft
2009-06-13 21:39 410,984 ----a-w c:\windows.0\system32\deploytk.dll
2009-06-13 21:39 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\McAfee
2009-06-12 19:15 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\uTorrent
2009-06-11 11:57 --------- d-----w c:\program files\Dracula Origin
2009-06-10 11:06 --------- d-----w c:\program files\WorldOfGoo
2009-06-10 05:08 --------- d-----w c:\program files\Neighbours From Hell 5
2009-06-09 20:12 --------- d-----w c:\program files\Microsoft Windows Vista Upgrade Advisor
2009-06-09 20:12 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft Corporation
2009-06-08 15:09 --------- d-----w c:\program files\Ahead
2009-06-08 09:36 --------- d-----w c:\program files\Common Files\Ahead
2009-06-08 09:34 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Ahead
2009-06-08 00:13 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Download Manager
2009-06-07 04:05 --------- d-----w c:\program files\Real
2009-06-07 04:04 --------- d-----w c:\program files\MSN Messenger
2009-06-06 15:37 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\FlashFXP
2009-06-06 09:12 155,995 ----a-w c:\windows.0\java\Packages\0ZZHZBTB.ZIP
2009-06-04 15:30 --------- d-----w c:\program files\UltraISO
2009-06-04 15:28 --------- d-----w c:\program files\Common Files\EZB Systems
2009-06-04 11:28 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\IDM
2009-06-04 06:18 --------- d-----w c:\program files\K-Lite Codec Pack
2009-06-04 05:52 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\GRETECH
2009-06-03 08:32 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Foxit
2009-06-03 06:07 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\2DBoy
2009-06-02 18:24 6,632 ----a-w c:\program files\un_Internet Download Manager_16575.txt
2009-06-02 18:24 --------- d-----w c:\program files\Internet Download Manager
2009-06-02 15:35 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-06-01 22:15 --------- d-----w c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\InstallShield
2009-06-01 09:31 --------- d-----w c:\program files\Windows Media Connect 2
2009-05-31 14:46 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\uTorrent
2009-05-31 13:46 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\DMCache
2009-05-31 10:48 31,615 ----a-w C:\كتاب الاختراق.zip
2009-05-31 06:46 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\Download Manager
2009-05-28 06:33 --------- d-----w c:\program files\ARAR
2009-05-27 10:01 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\Super-Cow
2009-05-26 09:27 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\GRETECH
2009-05-26 09:26 --------- d-----w c:\program files\GRETECH
2009-05-25 02:49 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\ArcSoft
2009-05-25 02:08 --------- d-----w c:\program files\Readiris Pro 9
2009-05-25 02:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-05-25 01:59 --------- d-----w c:\program files\Common Files\InstallShield
2009-05-24 03:06 --------- d-----w c:\program files\Opera
2009-05-24 00:54 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\Media Player Classic
2009-05-23 01:36 --------- d-----w c:\program files\Ares
2009-05-22 16:38 --------- d-----w c:\program files\Common Files\Business Objects
2009-05-22 02:20 --------- d-----w c:\program files\FLV Player
2009-05-21 01:22 --------- d-----w c:\program files\Google
2009-05-21 01:22 --------- d-----w c:\program files\GameHouse
2009-05-19 18:18 --------- d-----w c:\program files\Microsoft Works
2009-05-18 19:06 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\IDM
2009-05-17 14:56 --------- d-----w c:\program files\Company
2009-05-15 02:41 --------- d-----w c:\program files\Flash Movie Player
2009-05-13 17:26 --------- d-----w c:\program files\ColorPicker v2.06
2009-05-13 09:25 --------- d-----w c:\program files\Common Files\Adobe
2009-05-13 09:17 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-05-12 00:13 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\FlashFXP
2009-05-11 23:34 --------- d-----w c:\program files\Windows Live
2009-05-11 23:34 --------- d-----w c:\program files\Messenger Plus! Live
2009-05-11 23:34 --------- d-----w c:\program files\Circle Deelopement
2009-05-11 23:00 --------- d-----w c:\program files\Nero
2009-05-11 22:49 --------- d-----w c:\program files\ScanDrv6
2009-05-11 21:52 --------- d-----w c:\program files\Yahoo!
2009-05-11 21:52 --------- d-----w c:\program files\Real Alternative
2009-05-11 21:48 --------- d-----w c:\program files\Microsoft.NET
2009-05-11 21:25 --------- d-----w c:\program files\Realtek
2009-05-11 21:24 --------- d-----w c:\program files\Java
2009-05-11 21:23 --------- d-----w c:\program files\iVocalize Web Conference 4
2009-05-11 21:23 --------- d-----w c:\program files\All2Chat
2009-05-11 20:52 --------- d-----w c:\program files\Kaspersky Lab
2009-05-11 20:51 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\InstallShield
2009-05-11 20:49 --------- d-----w c:\program files\uTorrent
2009-05-11 20:49 --------- d-----w c:\program files\Foxit Software
2009-05-11 20:49 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\Foxit
2009-05-11 20:41 --------- d-----w c:\program files\Intel
2009-05-11 20:33 --------- d-----w c:\documents and settings\prof.ahmed4d\Application Data\OtakuSoftware
2009-05-11 20:32 --------- d-----w c:\program files\Windows7
2009-05-11 20:31 --------- d-----w c:\program files\RocketDock
2009-05-07 06:07 --------- d-----w c:\program files\zAlwil Software
2008-09-28 15:00 439,440 ----a-w c:\program files\un_Internet Download Manager_16575.exe
2009-05-21 01:22 109,568 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

03/21/2008 01:36 AM 578560 f92d8964b5286de225bd2b6bf89764be c:\windows.0\system32\user32.dll

04/28/2008 04:25 PM 920064 88348f8c92c28ba99fe49bd392100ce0 c:\windows.0\system32\wininet.dll

04/28/2008 04:24 PM 547328 a55b8899d2ea2e800061bcfd456e34dc c:\windows.0\system32\winlogon.exe

04/26/2008 10:58 AM 2185216 e184a0cf10cadd2b4f5af0a31e8627d6 c:\windows.0\system32\ntkrnlpa.exe

04/26/2008 10:44 AM 2306560 0f733106a818383806060abc29fe0f3a c:\windows.0\system32\ntoskrnl.exe

08/19/2008 01:17 AM 1616384 4a90f51b778fa0157f60d206e8b37d2a c:\windows.0\explorer.exe

04/28/2008 04:22 PM 25088 b5e8782d4af1b3756f38e11e7c157bbe c:\windows.0\system32\ctfmon.exe

03/21/2008 01:36 AM 989696 9a8d604748d9fe73b66021e5782a4a3c c:\windows.0\system32\kernel32.dll
.
((((((((((((((((((((((((((((( SnapShot@Fri 06-19-2009_ 7.57.00.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-19 01:01:26 16,384 ----atw c:\windows.0\Temp\Perflib_Perfdata_170.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [04/28/2008 04:22 PM 25088]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [04/28/2009 12:01 AM 2938288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [04/26/2008 10:44 AM 123904 c:\windows.0\system32\advpack.dll]

c:\documents and settings\prof.ahmed4d\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 187392]

c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [8/9/2008 9:18:32 PM 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"k:\\sagp.pif"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\WINDOWS.0\\Explorer.EXE"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS.0\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqsnotify.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=

R1 is-UUHA3drv;is-UUHA3drv;c:\windows.0\system32\drivers\15268082.sys [6/17/2009 2:32:13 AM 148496]
R2 WMISYMD;WMI Sync DB;c:\windows.0\system\wmisym.exe [6/16/2009 9:13:37 PM 845312]
R3 abp470n5;abp470n5;\??\c:\windows.0\system32\drivers\lnnlfs.sys --> c:\windows.0\system32\drivers\lnnlfs.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mStart Page = about:blank
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS.0/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Mozilla\Firefox\Profiles\qus36v6c.default\
FF - component: c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\prof.ahmed4d.XPWINDOWS7\Application Data\Mozilla\Firefox\Profiles\qus36v6c.default\extensions\firedownload@mozilla.org\components\firedownload.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCentraUpdater.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-19 08:06:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows.0\system\wmisym.exe [496] 0x86392DA0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows.0\system32\SETUPAPI.dll
c:\windows.0\system32\cscui.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows.0\system32\setupapi.dll
.
Completion time: 06/19/2009 8:08:06
ComboFix-quarantined-files.txt 2009-06-19 01:08:03

Pre-Run: 778,604,544 bytes free
Post-Run: 774,647,808 bytes free

240

 

[ugugx]

اخى يرجى عمل تقرير جديد + عمل لصق له فى الرد كاملا
​

 

[tedatasoft]

اخى الكريم والله العظيم التقرير كامل والانترنت اكسبلورا بيفصل وبضغط تحديث بتاع 20 مرة ويشتغل ويفصل تانى

وده التقرير كامل اهه

Logfile of HijackThis v1.99.1
Scan saved at 11:50:46 ص, on 19/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\windhya.exe
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\dnofea.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\DOCUME~1\PROFAH~1.XPW\LOCALS~1\Temp\winpfpik.exe
H:\المنتديات\منتدى الربيع\منتدى te data\hijackthis_199\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: WMI Sync DB (WMISYMD) - Unknown owner - C:\WINDOWS.0\system\wmisym.exe

 

[MAAX]

حمل اداة الكاسبر التلقائيه ( اول رابط بالقائمه ) لتنظيف الجهاز وعمل تقرير للجهاز ... واحفظه على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قوم بتشغيل اداة الكاسبر ،، لحظات وسوف تظهر لك واجهة البرنامج ... وتظهر شاشة الفحص والتنظيف السوداء
انتظر حتى تختفي ( تقريبا ساعه ) ... عندها يظهر لك تقرير بالعمليه
انسخه وارفقه بردك القادم
​