Dr.ZAIN
زيزوومى محترف
غير متصل
- بادئ الموضوع Dr.ZAIN
- تاريخ البدء
- 1,732
Dr.ZAIN
زيزوومى محترف
غير متصل
لاتزعل ولا على بالك ..
الهايجاك سليم حبيبي .. رغم ذلك هاك هو ..
المشكلة انو كل ما افتح الجهاز الاقي الخيار محطوط على اظهار الملفات المخفية .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:13 AM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\jargon.vbs"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: COWON Media Center - jetAudio.lnk = C:\Program Files\JetAudio\JetAudio.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{50A33052-840F-40B4-8F90-AEC01B3BD7EE}: NameServer = 10.40.155.34 10.40.155.33
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp WinStyler\WinStylerThemeSvc.exe
--
End of file - 6741 bytes
الهايجاك سليم حبيبي .. رغم ذلك هاك هو ..
المشكلة انو كل ما افتح الجهاز الاقي الخيار محطوط على اظهار الملفات المخفية .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:13 AM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\jargon.vbs"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: COWON Media Center - jetAudio.lnk = C:\Program Files\JetAudio\JetAudio.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{50A33052-840F-40B4-8F90-AEC01B3BD7EE}: NameServer = 10.40.155.34 10.40.155.33
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp WinStyler\WinStylerThemeSvc.exe
--
End of file - 6741 bytes
توقيع : Dr.ZAIN
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
والي يقولك مو سليم
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
احتفظ في التقرير
بس تخلص اعد تشغيل الجهاز
وعطني تقرير هايجاك مع تقرير الكمبوفيكس
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
احتفظ في التقرير
بس تخلص اعد تشغيل الجهاز
وعطني تقرير هايجاك مع تقرير الكمبوفيكس
توقيع : AbOdy
تأييد
0
Dr.ZAIN
زيزوومى محترف
غير متصل
وهذا هو التقرير عيوني :]
ComboFix 09-06-22.07 - FSC 06/23/2009 11:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.965.1033.18.502.208 [GMT 3:00]
Running from: c:\documents and settings\FSC\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 07:46 . 2009-06-23 07:46 -------- d-----w- c:\program files\Trend Micro
2009-06-23 02:30 . 2009-06-23 02:30 2945 --sha-r- c:\windows\jargon.vbs
2009-06-22 01:59 . 2009-06-22 01:59 2328704 ----a-w- c:\windows\system32\TUKernel.exe
2009-06-20 10:39 . 2009-06-20 10:57 -------- d-----w- c:\program files\ElcomSoft
2009-06-20 08:11 . 2009-06-20 08:11 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-20 08:11 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-20 08:11 . 2009-06-20 08:11 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-20 08:10 . 2009-06-20 08:11 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-20 08:10 . 2009-06-20 08:10 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-19 15:29 . 2009-06-19 15:29 -------- d-----w- c:\documents and settings\FSC\Application Data\Ashampoo
2009-06-19 15:03 . 2009-06-23 03:04 1 ----a-w- c:\documents and settings\FSC\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-19 15:02 . 2009-06-19 15:02 -------- d-----w- c:\documents and settings\FSC\Application Data\OpenOffice.org
2009-06-19 14:56 . 2009-06-19 14:57 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-18 14:05 . 2009-06-18 14:05 -------- d-----w- c:\program files\Microsoft
2009-06-18 13:57 . 2009-06-18 13:58 -------- d-----w- c:\documents and settings\FSC\Contacts
2009-06-18 13:57 . 2009-06-18 13:57 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-18 13:56 . 2009-06-18 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-06-18 13:56 . 2009-06-18 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-06-17 10:42 . 2009-06-17 10:42 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-17 04:19 . 2009-06-17 04:20 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Google
2009-06-17 04:17 . 2009-06-17 04:17 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-06-17 04:16 . 2009-06-17 04:16 118784 ----a-w- c:\windows\GREUninstall.exe
2009-06-17 04:16 . 2009-06-17 04:17 8187 ----a-w- c:\windows\mozver.dat
2009-06-16 10:26 . 2009-06-16 10:26 -------- d-----w- c:\documents and settings\FSC\Application Data\Kingston
2009-06-16 10:26 . 2009-06-16 10:26 1839104 ----a-w- c:\documents and settings\FSC\Application Data\Kingston\SecureTraveler.exe
2009-06-16 08:58 . 2009-06-16 08:56 69632 ----atw- c:\windows\system32\CarryLaunch.exe
2009-06-16 08:08 . 2005-01-19 02:15 28672 ----a-w- c:\windows\system32\regclass.dll
2009-06-16 05:53 . 2009-06-16 05:55 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\ApplicationHistory
2009-06-15 20:09 . 2009-06-15 20:09 -------- d-----w- c:\program files\SACC - TDL
2009-06-14 19:01 . 2009-06-14 19:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-14 18:26 . 2009-06-14 18:26 -------- d-----w- c:\documents and settings\FSC\Application Data\Windows Search
2009-06-14 18:07 . 2009-06-14 18:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-14 18:05 . 2009-06-14 18:05 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Identities
2009-06-14 18:05 . 2009-06-14 18:05 -------- d-----w- c:\documents and settings\FSC\Application Data\Windows Desktop Search
2009-06-14 18:04 . 2009-06-16 06:57 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-14 18:04 . 2009-06-14 18:04 -------- d-----w- c:\windows\system32\GroupPolicy
2009-06-14 18:04 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-06-14 18:04 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-06-14 18:04 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-06-14 18:02 . 2009-06-14 18:02 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-07 17:20 . 2009-06-07 17:20 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Chat Republic Games
2009-06-04 17:23 . 2009-06-04 17:23 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Adobe
2009-06-04 17:21 . 2009-06-04 17:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-04 12:07 . 2009-06-04 12:07 -------- d-----w- c:\windows\Performance
2009-06-04 12:06 . 2009-06-04 12:06 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Microsoft Corporation
2009-06-04 09:40 . 2009-06-04 09:40 -------- d-----w- C:\Hotspot Shield
2009-06-04 09:24 . 2009-06-19 07:21 -------- d--h--w- c:\windows\Icons
2009-06-04 09:24 . 2009-06-20 08:11 -------- d-----w- c:\documents and settings\FSC\Application Data\TuneUp Software
2009-06-04 09:23 . 2009-06-22 07:15 -------- d-----w- c:\program files\TuneUp WinStyler
2009-06-04 09:23 . 2009-06-20 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-03 13:31 . 2009-06-03 13:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-03 12:54 . 2008-04-14 02:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-06-03 11:56 . 2009-06-03 11:56 0 ----a-w- c:\windows\system32\cd.dat
2009-06-03 11:53 . 2009-06-03 11:53 -------- dc-h--w- c:\windows\ie8
2009-06-02 19:16 . 2009-06-02 19:16 -------- d-----w- c:\program files\Monster Trucks Nitro Demo
2009-05-31 11:20 . 2009-05-31 11:20 -------- d-----w- c:\windows\system32\Adobe
2009-05-30 07:29 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-30 07:29 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-28 09:34 . 2008-04-13 21:09 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2009-05-28 09:34 . 2008-04-13 21:16 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2009-05-28 09:34 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2009-05-28 09:34 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2009-05-28 09:34 . 2008-04-13 21:16 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2009-05-28 09:34 . 2008-04-13 21:16 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2009-05-28 09:34 . 2008-04-13 21:16 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2009-05-28 09:34 . 2008-04-14 02:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-05-28 09:28 . 2009-05-28 09:28 -------- d-----w- c:\windows\Album
2009-05-28 09:28 . 2009-05-28 09:28 -------- d-----w- c:\program files\VideoCAM Eye
2009-05-28 09:28 . 2005-06-20 18:27 390912 ----a-w- c:\windows\system32\drivers\snpstd.sys
2009-05-28 09:28 . 2004-09-24 07:58 36864 ----a-w- c:\windows\system32\vsnpstd.dll
2009-05-28 09:28 . 2004-02-16 10:59 61440 ----a-w- c:\windows\system32\csnpstd.dll
2009-05-28 09:28 . 2005-04-15 03:20 98304 ----a-w- c:\windows\system32\rsnpstd.dll
2009-05-28 09:28 . 2004-05-06 08:22 53248 ----a-w- c:\windows\system32\dsnpstd.dll
2009-05-28 09:28 . 2009-05-28 09:28 -------- d-----w- c:\program files\Common Files\VCAMEye
2009-05-28 09:28 . 2004-06-10 10:48 286720 ----a-w- c:\windows\vsnpstd.exe
2009-05-28 08:43 . 2009-06-12 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-28 08:24 . 2009-05-28 08:25 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-28 07:46 . 2009-06-04 09:40 -------- d-----w- c:\program files\Hotspot Shield
2009-05-28 06:29 . 2008-04-13 21:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-28 06:27 . 2007-08-08 09:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-05-28 06:27 . 2007-08-08 09:12 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-05-28 06:26 . 2009-05-28 06:26 -------- d-----w- c:\program files\Zain e-GO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 08:48 . 2009-04-23 03:54 -------- d-----w- c:\documents and settings\FSC\Application Data\DMCache
2009-06-19 21:55 . 2009-04-23 03:40 32024 ----a-w- c:\documents and settings\FSC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 14:40 . 2009-04-23 03:54 -------- d-----w- c:\documents and settings\FSC\Application Data\IDM
2009-06-18 14:04 . 2009-04-23 03:42 -------- d-----w- c:\program files\Windows Live
2009-06-17 10:42 . 2009-04-23 03:50 -------- d-----w- c:\program files\Common Files\Real
2009-06-17 10:42 . 2009-04-23 03:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-17 05:11 . 2004-08-04 15:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-06-17 04:17 . 2009-04-23 04:18 335 ----a-w- c:\windows\nsreg.dat
2009-06-15 20:09 . 2009-04-23 03:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 13:22 . 2009-04-23 02:51 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-01 18:13 . 2009-04-03 18:18 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-05-31 15:25 . 2009-04-23 03:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-30 07:37 . 2009-04-23 03:51 -------- d-----w- c:\program files\JetAudio
2009-05-24 21:24 . 2008-05-26 19:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-12 12:12 . 2009-04-23 02:58 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-04 15:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 08:47 . 2009-04-23 03:59 39456 ----a-w- c:\windows\system32\drivers\csdf.sys
2009-04-30 08:46 . 2009-04-23 03:59 36512 ----a-w- c:\windows\system32\drivers\crpf.sys
2009-04-30 08:45 . 2009-04-23 03:59 8456 ----a-w- c:\windows\system32\cnat.exe
2009-04-23 03:59 . 2009-04-23 03:59 3584 ----a-r- c:\documents and settings\FSC\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-04-23 03:54 . 2009-04-23 03:54 181680 ----a-w- c:\documents and settings\FSC\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-04-23 03:44 . 2009-04-23 03:44 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-04-23 03:44 . 2009-04-23 03:43 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-23 02:48 . 2009-04-23 02:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-17 12:26 . 2007-01-14 08:16 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 15:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-30 09:04 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-23 2745776]
"Google Update"="c:\documents and settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-17 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-22 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-17 198160]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-04-26 544768]
"autoMe"="wscript.exe" - c:\windows\system32\wscript.exe [2008-05-08 155648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
COWON Media Center - jetAudio.lnk - c:\program files\JetAudio\JetAudio.exe [2009-4-23 2760772]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [4/23/2009 6:59 AM 36512]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [4/23/2009 6:59 AM 39456]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [6/1/2009 9:13 PM 331312]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/20/2009 11:11 AM 604416]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [6/1/2009 9:58 PM 34352]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-706699826-725345543-1003.job
- c:\documents and settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-17 04:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-23 11:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{796472eb-d83f-40db-ae4f-3605bc13f090}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a7
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,c8,ce,dd,62,65,e1,1c,b8,ba,2f,df,57,c5,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,4f,a7,99,a3,0d,00,74,4a,2c,46,92,07,31,74,bf,a8,93,ce,56,87,
9e,4a,a7,8f,bf,4c,ad,ce,8f,2d,25,4c,ed,08,04,04,06,e3,12,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1160)
c:\windows\system32\SynTPFcs.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-23 11:49
ComboFix-quarantined-files.txt 2009-06-23 08:49
Pre-Run: 61,853,655,040 bytes free
Post-Run: 61,827,792,896 bytes free
236 --- E O F --- 2009-06-18 06:27
ComboFix 09-06-22.07 - FSC 06/23/2009 11:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.965.1033.18.502.208 [GMT 3:00]
Running from: c:\documents and settings\FSC\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 07:46 . 2009-06-23 07:46 -------- d-----w- c:\program files\Trend Micro
2009-06-23 02:30 . 2009-06-23 02:30 2945 --sha-r- c:\windows\jargon.vbs
2009-06-22 01:59 . 2009-06-22 01:59 2328704 ----a-w- c:\windows\system32\TUKernel.exe
2009-06-20 10:39 . 2009-06-20 10:57 -------- d-----w- c:\program files\ElcomSoft
2009-06-20 08:11 . 2009-06-20 08:11 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-20 08:11 . 2009-04-27 11:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-20 08:11 . 2009-06-20 08:11 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-20 08:10 . 2009-06-20 08:11 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-20 08:10 . 2009-06-20 08:10 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-19 15:29 . 2009-06-19 15:29 -------- d-----w- c:\documents and settings\FSC\Application Data\Ashampoo
2009-06-19 15:03 . 2009-06-23 03:04 1 ----a-w- c:\documents and settings\FSC\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-19 15:02 . 2009-06-19 15:02 -------- d-----w- c:\documents and settings\FSC\Application Data\OpenOffice.org
2009-06-19 14:56 . 2009-06-19 14:57 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-18 14:05 . 2009-06-18 14:05 -------- d-----w- c:\program files\Microsoft
2009-06-18 13:57 . 2009-06-18 13:58 -------- d-----w- c:\documents and settings\FSC\Contacts
2009-06-18 13:57 . 2009-06-18 13:57 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-18 13:56 . 2009-06-18 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-06-18 13:56 . 2009-06-18 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-06-17 10:42 . 2009-06-17 10:42 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-17 04:19 . 2009-06-17 04:20 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Google
2009-06-17 04:17 . 2009-06-17 04:17 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-06-17 04:16 . 2009-06-17 04:16 118784 ----a-w- c:\windows\GREUninstall.exe
2009-06-17 04:16 . 2009-06-17 04:17 8187 ----a-w- c:\windows\mozver.dat
2009-06-16 10:26 . 2009-06-16 10:26 -------- d-----w- c:\documents and settings\FSC\Application Data\Kingston
2009-06-16 10:26 . 2009-06-16 10:26 1839104 ----a-w- c:\documents and settings\FSC\Application Data\Kingston\SecureTraveler.exe
2009-06-16 08:58 . 2009-06-16 08:56 69632 ----atw- c:\windows\system32\CarryLaunch.exe
2009-06-16 08:08 . 2005-01-19 02:15 28672 ----a-w- c:\windows\system32\regclass.dll
2009-06-16 05:53 . 2009-06-16 05:55 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\ApplicationHistory
2009-06-15 20:09 . 2009-06-15 20:09 -------- d-----w- c:\program files\SACC - TDL
2009-06-14 19:01 . 2009-06-14 19:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-14 18:26 . 2009-06-14 18:26 -------- d-----w- c:\documents and settings\FSC\Application Data\Windows Search
2009-06-14 18:07 . 2009-06-14 18:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-14 18:05 . 2009-06-14 18:05 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Identities
2009-06-14 18:05 . 2009-06-14 18:05 -------- d-----w- c:\documents and settings\FSC\Application Data\Windows Desktop Search
2009-06-14 18:04 . 2009-06-16 06:57 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-14 18:04 . 2009-06-14 18:04 -------- d-----w- c:\windows\system32\GroupPolicy
2009-06-14 18:04 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-06-14 18:04 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-06-14 18:04 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-06-14 18:02 . 2009-06-14 18:02 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-07 17:20 . 2009-06-07 17:20 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Chat Republic Games
2009-06-04 17:23 . 2009-06-04 17:23 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Adobe
2009-06-04 17:21 . 2009-06-04 17:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-04 12:07 . 2009-06-04 12:07 -------- d-----w- c:\windows\Performance
2009-06-04 12:06 . 2009-06-04 12:06 -------- d-----w- c:\documents and settings\FSC\Local Settings\Application Data\Microsoft Corporation
2009-06-04 09:40 . 2009-06-04 09:40 -------- d-----w- C:\Hotspot Shield
2009-06-04 09:24 . 2009-06-19 07:21 -------- d--h--w- c:\windows\Icons
2009-06-04 09:24 . 2009-06-20 08:11 -------- d-----w- c:\documents and settings\FSC\Application Data\TuneUp Software
2009-06-04 09:23 . 2009-06-22 07:15 -------- d-----w- c:\program files\TuneUp WinStyler
2009-06-04 09:23 . 2009-06-20 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-03 13:31 . 2009-06-03 13:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-03 12:54 . 2008-04-14 02:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-06-03 11:56 . 2009-06-03 11:56 0 ----a-w- c:\windows\system32\cd.dat
2009-06-03 11:53 . 2009-06-03 11:53 -------- dc-h--w- c:\windows\ie8
2009-06-02 19:16 . 2009-06-02 19:16 -------- d-----w- c:\program files\Monster Trucks Nitro Demo
2009-05-31 11:20 . 2009-05-31 11:20 -------- d-----w- c:\windows\system32\Adobe
2009-05-30 07:29 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-30 07:29 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-28 09:34 . 2008-04-13 21:09 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2009-05-28 09:34 . 2008-04-13 21:16 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2009-05-28 09:34 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2009-05-28 09:34 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2009-05-28 09:34 . 2008-04-13 21:16 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2009-05-28 09:34 . 2008-04-13 21:16 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2009-05-28 09:34 . 2008-04-13 21:16 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2009-05-28 09:34 . 2008-04-14 02:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-05-28 09:28 . 2009-05-28 09:28 -------- d-----w- c:\windows\Album
2009-05-28 09:28 . 2009-05-28 09:28 -------- d-----w- c:\program files\VideoCAM Eye
2009-05-28 09:28 . 2005-06-20 18:27 390912 ----a-w- c:\windows\system32\drivers\snpstd.sys
2009-05-28 09:28 . 2004-09-24 07:58 36864 ----a-w- c:\windows\system32\vsnpstd.dll
2009-05-28 09:28 . 2004-02-16 10:59 61440 ----a-w- c:\windows\system32\csnpstd.dll
2009-05-28 09:28 . 2005-04-15 03:20 98304 ----a-w- c:\windows\system32\rsnpstd.dll
2009-05-28 09:28 . 2004-05-06 08:22 53248 ----a-w- c:\windows\system32\dsnpstd.dll
2009-05-28 09:28 . 2009-05-28 09:28 -------- d-----w- c:\program files\Common Files\VCAMEye
2009-05-28 09:28 . 2004-06-10 10:48 286720 ----a-w- c:\windows\vsnpstd.exe
2009-05-28 08:43 . 2009-06-12 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-28 08:24 . 2009-05-28 08:25 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-28 07:46 . 2009-06-04 09:40 -------- d-----w- c:\program files\Hotspot Shield
2009-05-28 06:29 . 2008-04-13 21:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-28 06:27 . 2007-08-08 09:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-05-28 06:27 . 2007-08-08 09:12 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-05-28 06:26 . 2009-05-28 06:26 -------- d-----w- c:\program files\Zain e-GO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 08:48 . 2009-04-23 03:54 -------- d-----w- c:\documents and settings\FSC\Application Data\DMCache
2009-06-19 21:55 . 2009-04-23 03:40 32024 ----a-w- c:\documents and settings\FSC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 14:40 . 2009-04-23 03:54 -------- d-----w- c:\documents and settings\FSC\Application Data\IDM
2009-06-18 14:04 . 2009-04-23 03:42 -------- d-----w- c:\program files\Windows Live
2009-06-17 10:42 . 2009-04-23 03:50 -------- d-----w- c:\program files\Common Files\Real
2009-06-17 10:42 . 2009-04-23 03:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-17 05:11 . 2004-08-04 15:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-06-17 04:17 . 2009-04-23 04:18 335 ----a-w- c:\windows\nsreg.dat
2009-06-15 20:09 . 2009-04-23 03:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 13:22 . 2009-04-23 02:51 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-01 18:13 . 2009-04-03 18:18 33840 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-05-31 15:25 . 2009-04-23 03:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-30 07:37 . 2009-04-23 03:51 -------- d-----w- c:\program files\JetAudio
2009-05-24 21:24 . 2008-05-26 19:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-12 12:12 . 2009-04-23 02:58 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-04 15:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 08:47 . 2009-04-23 03:59 39456 ----a-w- c:\windows\system32\drivers\csdf.sys
2009-04-30 08:46 . 2009-04-23 03:59 36512 ----a-w- c:\windows\system32\drivers\crpf.sys
2009-04-30 08:45 . 2009-04-23 03:59 8456 ----a-w- c:\windows\system32\cnat.exe
2009-04-23 03:59 . 2009-04-23 03:59 3584 ----a-r- c:\documents and settings\FSC\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-04-23 03:54 . 2009-04-23 03:54 181680 ----a-w- c:\documents and settings\FSC\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-04-23 03:44 . 2009-04-23 03:44 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-04-23 03:44 . 2009-04-23 03:43 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-23 02:48 . 2009-04-23 02:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-17 12:26 . 2007-01-14 08:16 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 15:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-30 09:04 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-23 2745776]
"Google Update"="c:\documents and settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-17 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-22 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-17 198160]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-04-26 544768]
"autoMe"="wscript.exe" - c:\windows\system32\wscript.exe [2008-05-08 155648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
COWON Media Center - jetAudio.lnk - c:\program files\JetAudio\JetAudio.exe [2009-4-23 2760772]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [4/23/2009 6:59 AM 36512]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [4/23/2009 6:59 AM 39456]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 12:07 PM 61424]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [6/1/2009 9:13 PM 331312]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/20/2009 11:11 AM 604416]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [6/1/2009 9:58 PM 34352]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-706699826-725345543-1003.job
- c:\documents and settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-17 04:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-23 11:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{796472eb-d83f-40db-ae4f-3605bc13f090}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a7
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,c8,ce,dd,62,65,e1,1c,b8,ba,2f,df,57,c5,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,4f,a7,99,a3,0d,00,74,4a,2c,46,92,07,31,74,bf,a8,93,ce,56,87,
9e,4a,a7,8f,bf,4c,ad,ce,8f,2d,25,4c,ed,08,04,04,06,e3,12,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1160)
c:\windows\system32\SynTPFcs.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-23 11:49
ComboFix-quarantined-files.txt 2009-06-23 08:49
Pre-Run: 61,853,655,040 bytes free
Post-Run: 61,827,792,896 bytes free
236 --- E O F --- 2009-06-18 06:27
توقيع : Dr.ZAIN
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
طيب يا الغالي
من تقرير الهايجاك حدد القيم واحذفها
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\jargon.vbs"
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
طريقه الحذف
.png)
.png)
من تقرير الهايجاك حدد القيم واحذفها
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\jargon.vbs"
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
طريقه الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
بعد ماتخلص
بعد ماتخلص
حمل هذا الملف وقوم بتشغيله
واتبع التالي كما موجود بالصور
ثانيا / ولتنظيف الجهاز بالكامل من مخلفات الملفات المؤقته وتصفح الانترنت
حمل الملف هذا واتبع الارشادات
ثالثا / وبعد الانتهاء منم جميع ما سبق ,, اعمل تقرير هايجاك جديد
وارفقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
واتبع التالي كما موجود بالصور
ثانيا / ولتنظيف الجهاز بالكامل من مخلفات الملفات المؤقته وتصفح الانترنت
حمل الملف هذا واتبع الارشادات
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثالثا / وبعد الانتهاء منم جميع ما سبق ,, اعمل تقرير هايجاك جديد
وارفقه بردك القادم
توقيع : AbOdy
تأييد
0
Dr.ZAIN
زيزوومى محترف
غير متصل
ما تغير شي ..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:44 PM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\FSC\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\FSC\Application Data\CyberScrub\Privacy Suite"
O4 - Global Startup: COWON Media Center - jetAudio.lnk = C:\Program Files\JetAudio\JetAudio.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{50A33052-840F-40B4-8F90-AEC01B3BD7EE}: NameServer = 10.40.155.34 10.40.155.33
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp WinStyler\WinStylerThemeSvc.exe
--
End of file - 6506 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:44 PM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\FSC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\FSC\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\FSC\Application Data\CyberScrub\Privacy Suite"
O4 - Global Startup: COWON Media Center - jetAudio.lnk = C:\Program Files\JetAudio\JetAudio.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{50A33052-840F-40B4-8F90-AEC01B3BD7EE}: NameServer = 10.40.155.34 10.40.155.33
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp WinStyler\WinStylerThemeSvc.exe
--
End of file - 6506 bytes
توقيع : Dr.ZAIN
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
قول من الأول يادكتور
عطل استعادة النظام حسب الشرح التالي
ادخل هذه الصفحة
وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
وارفعه على هذا الموقع
وارفق رابط التحميل بمشاركتك القادمة
ادخل هذه الصفحة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التقرير noor_mcafeeوارفعه على هذا الموقع
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وارفق رابط التحميل بمشاركتك القادمة
توقيع : AbOdy
تأييد
0
غير متصل
شكل هالفايروس جاي من المشرحه ^_*
الله يوفق في دراستك يارب .. والاخوان مايقصرون معاك
الله يوفق في دراستك يارب .. والاخوان مايقصرون معاك
توقيع : protection
تأييد
0
غير متصل
عبودي ماقصر .. خله ينظف جهازك بادوات التنظيف .. ثم أستخدم أداة أصلاح ماأتلفه الفيروس
أنت خبير سابق بالقسم هنا
توقيع : protection
تأييد
0
- الحالة