- بادئ الموضوع ms.mous
- تاريخ البدء
- 850
SUL6AN
عضو شرف
غير متصل
اهلا بك اختي الكريمه
هذي تعني ان فيه ملفات مؤقته
وتبي تنظيف
الحـل:-
حملي هذي الاداه
هذي تعني ان فيه ملفات مؤقته
وتبي تنظيف
الحـل:-
حملي هذي الاداه
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
بالتوفيق
توقيع : SUL6AN
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
الله يحييك اخوي
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد
0
ms.mous
زيزوومي جديد
غير متصل
التقرير,,,:king:
*************************************
كود:
Logfile of Trend Micro HijackThis v2.0.2
كود:
[LEFT][SIZE=4]Scan saved at 06:38:20 م, on 02/07/2009[/SIZE]
[LEFT][SIZE=4]Platform: Windows XP SP2 (WinNT 5.01.2600)[/SIZE]
[SIZE=4]MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)[/SIZE]
[SIZE=4]Boot mode: Normal[/SIZE]
[SIZE=4]Running processes:[/SIZE]
[SIZE=4]C:\WINDOWS\System32\smss.exe[/SIZE]
[SIZE=4]C:\WINDOWS\system32\winlogon.exe[/SIZE]
[SIZE=4]C:\WINDOWS\system32\services.exe[/SIZE]
[SIZE=4]C:\WINDOWS\system32\lsass.exe[/SIZE]
[SIZE=4]C:\WINDOWS\system32\svchost.exe[/SIZE]
[SIZE=4]C:\WINDOWS\System32\svchost.exe[/SIZE]
[SIZE=4]C:\WINDOWS\system32\spoolsv.exe[/SIZE]
[SIZE=4]C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe[/SIZE]
[SIZE=4]C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[/SIZE]
[SIZE=4]C:\WINDOWS\Explorer.EXE[/SIZE]
[SIZE=4]C:\WINDOWS\system32\igfxtray.exe[/SIZE]
[SIZE=4]C:\WINDOWS\system32\hkcmd.exe[/SIZE]
[SIZE=4]C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[/SIZE]
[SIZE=4]C:\Program Files\Common Files\Real\Update_OB\realsched.exe[/SIZE]
[SIZE=4]C:\WINDOWS\system32\rundll32.exe[/SIZE]
[SIZE=4]C:\Program Files\MSN Messenger\MsnMsgr.Exe[/SIZE]
[SIZE=4]C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[/SIZE]
[SIZE=4]C:\Program Files\Messenger\msmsgs.exe[/SIZE]
[SIZE=4]C:\WINDOWS\system32\ctfmon.exe[/SIZE]
[SIZE=4]C:\Program Files\Skype\Phone\Skype.exe[/SIZE]
[SIZE=4]C:\Program Files\WinZip\WZQKPICK.EXE[/SIZE]
[SIZE=4]C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[/SIZE]
[SIZE=4]C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[/SIZE]
[SIZE=4]C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[/SIZE]
[SIZE=4]C:\Program Files\Internet Explorer\iexplore.exe[/SIZE]
[SIZE=4]C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe[/SIZE]
[SIZE=4]C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe[/SIZE]
[SIZE=4]C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe[/SIZE]
[SIZE=4]C:\Program Files\internet explorer\iexplore.exe[/SIZE]
[SIZE=4]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[/SIZE]
[SIZE=4]C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[/SIZE]
[SIZE=4]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [/SIZE][URL="http://search.conduit.com?SearchSource=10&ctid=CT2233703"][SIZE=4]http://search.conduit.com?SearchSource=10&ctid=CT2233703[/SIZE][/URL]
[SIZE=4]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [/SIZE][URL="http://go.microsoft.com/fwlink/?LinkId=69157"][SIZE=4]http://go.microsoft.com/fwlink/?LinkId=69157[/SIZE][/URL]
[SIZE=4]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [/SIZE][URL="http://go.microsoft.com/fwlink/?LinkId=54896"][SIZE=4]http://go.microsoft.com/fwlink/?LinkId=54896[/SIZE][/URL]
[SIZE=4]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [/SIZE][URL="http://go.microsoft.com/fwlink/?LinkId=54896"][SIZE=4]http://go.microsoft.com/fwlink/?LinkId=54896[/SIZE][/URL]
[SIZE=4]R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll[/SIZE]
[SIZE=4]O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll[/SIZE]
[SIZE=4]O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll[/SIZE]
[SIZE=4]O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll[/SIZE]
[SIZE=4]O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll[/SIZE]
[SIZE=4]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/SIZE]
[SIZE=4]O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/SIZE]
[SIZE=4]O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll[/SIZE]
[SIZE=4]O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe[/SIZE]
[SIZE=4]O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe[/SIZE]
[SIZE=4]O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"[/SIZE]
[SIZE=4]O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot[/SIZE]
[SIZE=4]O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe[/SIZE]
[SIZE=4]O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent[/SIZE]
[SIZE=4]O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe[/SIZE]
[SIZE=4]O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"[/SIZE]
[SIZE=4]O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background[/SIZE]
[SIZE=4]O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"[/SIZE]
[SIZE=4]O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background[/SIZE]
[SIZE=4]O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe[/SIZE]
[SIZE=4]O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet[/SIZE]
[SIZE=4]O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized[/SIZE]
[SIZE=4]O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')[/SIZE]
[SIZE=4]O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')[/SIZE]
[SIZE=4]O4 - Startup: necsys32.exe[/SIZE]
[SIZE=4]O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE[/SIZE]
[SIZE=4]O4 - Global Startup: icwsetup.exe[/SIZE]
[SIZE=4]O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe[/SIZE]
[SIZE=4]O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe[/SIZE]
[SIZE=4]O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000[/SIZE]
[SIZE=4]O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll[/SIZE]
[SIZE=4]O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll[/SIZE]
[SIZE=4]O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL[/SIZE]
[SIZE=4]O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/SIZE]
[SIZE=4]O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe[/SIZE]
[SIZE=4]O17 - HKLM\System\CCS\Services\Tcpip\..\{23451723-0006-4B12-89C1-8FD34DC42081}: NameServer = 84.23.101.84 84.23.101.85[/SIZE]
[SIZE=4]O17 - HKLM\System\CS1\Services\Tcpip\..\{23451723-0006-4B12-89C1-8FD34DC42081}: NameServer = 84.23.101.84 84.23.101.85[/SIZE]
[SIZE=4]O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL[/SIZE]
[SIZE=4]O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe[/SIZE]
[SIZE=4]O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe[/SIZE]
[SIZE=4]O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe[/SIZE]
[SIZE=4]O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[/SIZE]
[SIZE=4]O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[/SIZE]
[SIZE=4]O24 - Desktop Component 0: (no name) - [/SIZE][URL="file:///C:/Documents%20and%20Settings/User/Desktop/نف%AD%A7ت%20%A7لنووووو%B1ي/قصــــــــائد"][SIZE=4]file:///C:/Documents%20and%20Settings/User/Desktop/نف%AD%A7ت%20%A7لنووووو%B1ي/قصــــــــائد[/SIZE][/URL][SIZE=4] عتـــــــــاب 00_files/vbulletin_global.js[/SIZE]
[SIZE=4]--[/SIZE]
[SIZE=4]End of file - 6905 bytes[/SIZE][/LEFT]*********************************
توقيع : ms.mous
تأييد
0
ms.mous
زيزوومي جديد
غير متصل
Scan saved at 06:38:20 م, on 02/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: necsys32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: icwsetup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{23451723-0006-4B12-89C1-8FD34DC42081}: NameServer = 84.23.101.84 84.23.101.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{23451723-0006-4B12-89C1-8FD34DC42081}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: (no name) -
--
End of file - 6905 bytes
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: necsys32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: icwsetup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{23451723-0006-4B12-89C1-8FD34DC42081}: NameServer = 84.23.101.84 84.23.101.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{23451723-0006-4B12-89C1-8FD34DC42081}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: (no name) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عتـــــــــاب 00_files/vbulletin_global.js--
End of file - 6905 bytes
توقيع : ms.mous
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
حدد القيم واحذفها
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O4 - Startup: necsys32.exe
O4 - Global Startup: icwsetup.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/User/Desktop/نف%AD%A7ت%2 0%A7لنووووو%B1ي/قص&# 1600;ـــــــائد عتـــــــــ 575;ب 00_files/vbulletin_global.js
طريقة الحذف
.png)
.png)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O4 - Startup: necsys32.exe
O4 - Global Startup: icwsetup.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/User/Desktop/نف%AD%A7ت%2 0%A7لنووووو%B1ي/قص&# 1600;ـــــــائد عتـــــــــ 575;ب 00_files/vbulletin_global.js
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
بعد عمل المطلوب اعمل التالي
بعد عمل المطلوب اعمل التالي
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
وعطني التقرير مع تقرير هايجاك جديد
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
وعطني التقرير مع تقرير هايجاك جديد
توقيع : AbOdy
تأييد
0
ms.mous
زيزوومي جديد
غير متصل
تقرير الاداه*********************************
ComboFix 09-07-01.04 - User 07/02/2009 20:09.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.246.62 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus 6.0 *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
c:\documents and settings\All Users\Documents\My Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\000C522C\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Sample Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Videos\Desktop_.ini
c:\documents and settings\User\Application Data\wiaserva.log
c:\documents and settings\User\My Documents\lab225\Desktop_.ini
c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-06-30 23:40 . 2009-06-30 23:40 -------- d-----w- c:\documents and settings\User\Application Data\4shared Desktop
2009-06-30 23:40 . 2009-06-30 23:40 -------- d-----w- c:\program files\4shared Desktop
2009-06-24 17:27 . 2009-06-24 17:27 -------- d-sh--w- C:\FOUND.002
2009-06-18 12:56 . 2009-06-18 12:56 -------- d-sh--w- C:\FOUND.001
2009-06-13 23:11 . 2009-06-28 23:40 103998 ----a-w- c:\windows\system32\drivers\b0b4b392.sys
2009-06-08 20:51 . 2009-06-08 20:51 -------- d-----w- c:\program files\Trend Micro
2009-06-07 11:30 . 2009-06-07 11:30 -------- d-sh--w- C:\FOUND.000
2009-06-06 22:52 . 2009-06-06 22:52 -------- d--h--w- c:\windows\$hf_mig$
2009-06-06 19:04 . 2009-06-06 19:04 -------- d-----w- c:\program files\Readme Log Mail
2009-06-04 15:25 . 2009-06-04 15:25 -------- d-sh--w- C:\FOUND.014
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 02:59 . 2008-04-14 01:48 32276480 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-03 02:59 . 2008-04-14 01:48 119864 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-03 02:59 . 2008-04-14 01:48 112416 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-03 02:59 . 2008-04-14 01:48 1121744 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-03 02:59 . 2009-02-05 17:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-01 23:59 . 2009-07-01 23:59 -------- d-----w- c:\documents and settings\User\Application Data\CyberScrub
2009-07-01 23:59 . 2009-07-01 23:59 -------- d-----w- c:\documents and settings\User\Application Data\cleaner
2009-06-14 13:28 . 2008-04-14 01:06 95024 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 15:10 . 2009-05-26 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-26 15:10 . 2009-05-26 15:10 -------- d-----w- c:\program files\Yahoo!
2009-05-22 04:31 . 2009-05-26 15:10 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-17 12:55 . 2009-05-17 12:55 -------- d-----w- c:\program files\SWiSHmax
2009-05-10 14:19 . 2009-05-10 14:19 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-10 14:19 . 2009-05-10 14:19 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-05-10 13:35 . 2009-05-10 13:35 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-05-10 13:34 . 2009-05-10 13:34 -------- d-----w- c:\program files\Common Files\Skype
2009-05-10 13:34 . 2009-05-10 13:34 -------- d-----r- c:\program files\Skype
2009-05-10 13:34 . 2009-05-10 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-21 07:51 . 2009-04-21 07:51 9216 ----a-w- C:\e3539r.exe
2004-08-04 07:56 . 2004-08-04 07:56 135360 --sh--r- c:\windows\system32\vcocy.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-08_23.46.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 01:53 . 2008-04-14 01:54 29696 c:\windows\Installer\3769e.msi
+ 2008-04-14 00:30 . 2009-06-14 13:25 335464 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 00:58 . 2008-04-14 00:58 264704 c:\windows\Installer\74420.msi
+ 2008-04-16 01:09 . 2008-04-16 01:09 100352 c:\windows\Installer\5a75e.msi
+ 2009-05-26 15:10 . 2009-05-26 15:10 331264 c:\windows\Installer\57a17d.msi
+ 2008-04-14 01:55 . 2008-04-14 01:55 164352 c:\windows\Installer\376a4.msi
+ 2008-04-14 01:53 . 2008-04-14 01:53 873984 c:\windows\Installer\37698.msi
+ 2009-03-18 17:09 . 2009-03-18 17:09 378880 c:\windows\Installer\330fef.msi
+ 2009-03-18 17:09 . 2009-03-18 17:09 260096 c:\windows\Installer\330fe9.msi
+ 2004-07-17 18:35 . 2004-07-17 18:35 1326080 c:\windows\system32\webfldrs.msi
+ 2008-04-14 01:23 . 2008-04-14 01:23 5797376 c:\windows\Installer\d0974.msi
+ 2009-04-04 11:16 . 2009-04-04 11:16 1035264 c:\windows\Installer\6bb96.msi
+ 2008-04-16 01:05 . 2008-04-16 01:05 6448128 c:\windows\Installer\5a758.msi
+ 2008-04-14 01:48 . 2008-04-14 01:48 1299968 c:\windows\Installer\37690.msi
+ 2008-04-14 01:47 . 2008-04-14 01:47 3537408 c:\windows\Installer\3768c.msi
+ 2009-05-10 13:35 . 2009-05-10 13:35 1602048 c:\windows\Installer\187fa0.msi
+ 2008-04-14 01:53 . 2007-01-19 20:21 16829440 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-22 4351216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\User\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
"ClearPageFileAtShutDown"="c:\documents and settings\User\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-12-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-12-10 126976]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-14 185896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-06-10 1337344]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-13 106560]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"8969:TCP"= 8969:TCP:xfmcye
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [03/10/2008 10:41 ص 87264]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [04/04/2009 04:16 ص 104192]
S1 b0b4b392;b0b4b392;c:\windows\system32\drivers\b0b4b392.sys [13/06/2009 04:11 م 103998]
S2 onwjrgdx;Support Windows;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:56 ص 14336]
S4 OracleOraHome81Agent;OracleOraHome81Agent;d:\oracle\Ora81\bin\dbsnmp.exe --> d:\oracle\Ora81\bin\dbsnmp.exe [?]
S4 OracleOraHome81ClientCache;OracleOraHome81ClientCache;d:\oracle\Ora81\BIN\ONRSD.EXE --> d:\oracle\Ora81\BIN\ONRSD.EXE [?]
S4 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer;d:\oracle\Ora81\bin\vppdc.exe --> d:\oracle\Ora81\bin\vppdc.exe [?]
S4 OracleOraHome81TNSListener;OracleOraHome81TNSListener;d:\oracle\Ora81\BIN\TNSLSNR --> d:\oracle\Ora81\BIN\TNSLSNR [?]
S4 OracleServiceAA;OracleServiceAA;d:\oracle\ora81\bin\ORACLE.EXE AA --> d:\oracle\ora81\bin\ORACLE.EXE AA [?]
S4 OracleWebAssistant0;OracleWebAssistant0;d:\oracle\Ora81\BIN\OWASTSVR.EXE --> d:\oracle\Ora81\BIN\OWASTSVR.EXE [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
onwjrgdx
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Internet Connection Wizard Setup Tool - c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe
.
------- Supplementary Scan -------
.
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-02 20:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome81TNSListener]
"ImagePath"="d:\oracle\Ora81\BIN\TNSLSNR "
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\onwjrgdx]
"ServiceDll"="c:\windows\system32\vcocy.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\klogon.dll
.
Completion time: 2009-07-03 20:15
ComboFix-quarantined-files.txt 2009-07-03 03:15
ComboFix2.txt 2009-06-08 23:51
Pre-Run: 15,265,136,640 bytes free
Post-Run: 15,249,637,376 bytes free
179
***************************************************
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.246.62 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus 6.0 *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
c:\documents and settings\All Users\Documents\My Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\000C522C\Desktop_.ini
c:\documents and settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Sample Pictures\Desktop_.ini
c:\documents and settings\All Users\Documents\My Videos\Desktop_.ini
c:\documents and settings\User\Application Data\wiaserva.log
c:\documents and settings\User\My Documents\lab225\Desktop_.ini
c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-06-30 23:40 . 2009-06-30 23:40 -------- d-----w- c:\documents and settings\User\Application Data\4shared Desktop
2009-06-30 23:40 . 2009-06-30 23:40 -------- d-----w- c:\program files\4shared Desktop
2009-06-24 17:27 . 2009-06-24 17:27 -------- d-sh--w- C:\FOUND.002
2009-06-18 12:56 . 2009-06-18 12:56 -------- d-sh--w- C:\FOUND.001
2009-06-13 23:11 . 2009-06-28 23:40 103998 ----a-w- c:\windows\system32\drivers\b0b4b392.sys
2009-06-08 20:51 . 2009-06-08 20:51 -------- d-----w- c:\program files\Trend Micro
2009-06-07 11:30 . 2009-06-07 11:30 -------- d-sh--w- C:\FOUND.000
2009-06-06 22:52 . 2009-06-06 22:52 -------- d--h--w- c:\windows\$hf_mig$
2009-06-06 19:04 . 2009-06-06 19:04 -------- d-----w- c:\program files\Readme Log Mail
2009-06-04 15:25 . 2009-06-04 15:25 -------- d-sh--w- C:\FOUND.014
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 02:59 . 2008-04-14 01:48 32276480 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-03 02:59 . 2008-04-14 01:48 119864 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-03 02:59 . 2008-04-14 01:48 112416 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-03 02:59 . 2008-04-14 01:48 1121744 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-03 02:59 . 2009-02-05 17:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-01 23:59 . 2009-07-01 23:59 -------- d-----w- c:\documents and settings\User\Application Data\CyberScrub
2009-07-01 23:59 . 2009-07-01 23:59 -------- d-----w- c:\documents and settings\User\Application Data\cleaner
2009-06-14 13:28 . 2008-04-14 01:06 95024 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 15:10 . 2009-05-26 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-26 15:10 . 2009-05-26 15:10 -------- d-----w- c:\program files\Yahoo!
2009-05-22 04:31 . 2009-05-26 15:10 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-17 12:55 . 2009-05-17 12:55 -------- d-----w- c:\program files\SWiSHmax
2009-05-10 14:19 . 2009-05-10 14:19 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-10 14:19 . 2009-05-10 14:19 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-05-10 13:35 . 2009-05-10 13:35 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-05-10 13:34 . 2009-05-10 13:34 -------- d-----w- c:\program files\Common Files\Skype
2009-05-10 13:34 . 2009-05-10 13:34 -------- d-----r- c:\program files\Skype
2009-05-10 13:34 . 2009-05-10 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-21 07:51 . 2009-04-21 07:51 9216 ----a-w- C:\e3539r.exe
2004-08-04 07:56 . 2004-08-04 07:56 135360 --sh--r- c:\windows\system32\vcocy.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-08_23.46.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 01:53 . 2008-04-14 01:54 29696 c:\windows\Installer\3769e.msi
+ 2008-04-14 00:30 . 2009-06-14 13:25 335464 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 00:58 . 2008-04-14 00:58 264704 c:\windows\Installer\74420.msi
+ 2008-04-16 01:09 . 2008-04-16 01:09 100352 c:\windows\Installer\5a75e.msi
+ 2009-05-26 15:10 . 2009-05-26 15:10 331264 c:\windows\Installer\57a17d.msi
+ 2008-04-14 01:55 . 2008-04-14 01:55 164352 c:\windows\Installer\376a4.msi
+ 2008-04-14 01:53 . 2008-04-14 01:53 873984 c:\windows\Installer\37698.msi
+ 2009-03-18 17:09 . 2009-03-18 17:09 378880 c:\windows\Installer\330fef.msi
+ 2009-03-18 17:09 . 2009-03-18 17:09 260096 c:\windows\Installer\330fe9.msi
+ 2004-07-17 18:35 . 2004-07-17 18:35 1326080 c:\windows\system32\webfldrs.msi
+ 2008-04-14 01:23 . 2008-04-14 01:23 5797376 c:\windows\Installer\d0974.msi
+ 2009-04-04 11:16 . 2009-04-04 11:16 1035264 c:\windows\Installer\6bb96.msi
+ 2008-04-16 01:05 . 2008-04-16 01:05 6448128 c:\windows\Installer\5a758.msi
+ 2008-04-14 01:48 . 2008-04-14 01:48 1299968 c:\windows\Installer\37690.msi
+ 2008-04-14 01:47 . 2008-04-14 01:47 3537408 c:\windows\Installer\3768c.msi
+ 2009-05-10 13:35 . 2009-05-10 13:35 1602048 c:\windows\Installer\187fa0.msi
+ 2008-04-14 01:53 . 2007-01-19 20:21 16829440 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-22 4351216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="c:\documents and settings\User\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
"ClearPageFileAtShutDown"="c:\documents and settings\User\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-12-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-12-10 126976]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-14 185896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-06-10 1337344]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-13 106560]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009"8969:TCP"= 8969:TCP:xfmcye
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [03/10/2008 10:41 ص 87264]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [04/04/2009 04:16 ص 104192]
S1 b0b4b392;b0b4b392;c:\windows\system32\drivers\b0b4b392.sys [13/06/2009 04:11 م 103998]
S2 onwjrgdx;Support Windows;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:56 ص 14336]
S4 OracleOraHome81Agent;OracleOraHome81Agent;d:\oracle\Ora81\bin\dbsnmp.exe --> d:\oracle\Ora81\bin\dbsnmp.exe [?]
S4 OracleOraHome81ClientCache;OracleOraHome81ClientCache;d:\oracle\Ora81\BIN\ONRSD.EXE --> d:\oracle\Ora81\BIN\ONRSD.EXE [?]
S4 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer;d:\oracle\Ora81\bin\vppdc.exe --> d:\oracle\Ora81\bin\vppdc.exe [?]
S4 OracleOraHome81TNSListener;OracleOraHome81TNSListener;d:\oracle\Ora81\BIN\TNSLSNR --> d:\oracle\Ora81\BIN\TNSLSNR [?]
S4 OracleServiceAA;OracleServiceAA;d:\oracle\ora81\bin\ORACLE.EXE AA --> d:\oracle\ora81\bin\ORACLE.EXE AA [?]
S4 OracleWebAssistant0;OracleWebAssistant0;d:\oracle\Ora81\BIN\OWASTSVR.EXE --> d:\oracle\Ora81\BIN\OWASTSVR.EXE [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
onwjrgdx
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Internet Connection Wizard Setup Tool - c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe
.
------- Supplementary Scan -------
.
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-02 20:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome81TNSListener]
"ImagePath"="d:\oracle\Ora81\BIN\TNSLSNR "
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\onwjrgdx]
"ServiceDll"="c:\windows\system32\vcocy.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\klogon.dll
.
Completion time: 2009-07-03 20:15
ComboFix-quarantined-files.txt 2009-07-03 03:15
ComboFix2.txt 2009-06-08 23:51
Pre-Run: 15,265,136,640 bytes free
Post-Run: 15,249,637,376 bytes free
179
***************************************************
تقرير الهايجاك,,,,,,,,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:16:58 م, on 02/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 5189 bytes
Scan saved at 08:16:58 م, on 02/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 5189 bytes
توقيع : ms.mous
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
يعطيك العافية
من الهايجاك احذف
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
ثم اعمل التالي
حمل هذا الملف وقوم بتشغيله
واتبع التالي كما موجود بالصور
وبعدها اعد تشغيل الجهاز وخبرنا بالنتائج
من الهايجاك احذف
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
ثم اعمل التالي
حمل هذا الملف وقوم بتشغيله
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
واتبع التالي كما موجود بالصور
وبعدها اعد تشغيل الجهاز وخبرنا بالنتائج
توقيع : AbOdy
تأييد
0
- الحالة