السلام عليكم ورحمة الله
تعرض جهازي لفيروس من نوع :Surabaya in my birthday - W32/Drowor.worm
وقرأت عنه هنا وحذفت ملفات الريجستري
قمت بعمل الفورمات للجهاز و لاحظت اصابة الجهاز من جديد بنفس الفيروس حيث ينتقل له من باقي الاقسام
بعد تركيب برنامج حماية النود واسباي وير دكتور عملت مسح للجهاز لكن المشكلة تتمثل فيما يلي
كل محتويات الهارديسك تم اختفاؤها حيث لاتظهر في الاقسام مع أنها موجودة وذلك من خلال خصايص القرص وحجمه حتي مجلد الfرامج programes filesلا اثر له
الرجاء المساعدة فيما يلي
حذف الفيروس من الجهاز دون حذف محتويات أقسام الهارديسك اتي لايوجد عليها النظام تشغيل
كيفية اظهار مجلد البرامج
عملت فحص للجهاز بواسطة اداة ComboFix وهذا هو التقرير :
ComboFix 09-07-01.04 - ehah 07/02/2009 16:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2022 [GMT 4:00]
Running from: c:\documents and settings\ehah\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-07-02 11:57 . 2009-07-02 11:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-02 09:30 . 2009-07-02 09:30 -------- d-sh--w- c:\documents and settings\ehah\PrivacIE
2009-07-02 09:29 . 2009-07-02 09:29 -------- d-sh--w- c:\documents and settings\ehah\IETldCache
2009-07-02 09:19 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-02 09:19 . 2009-07-02 09:19 -------- d-----w- c:\windows\ie8updates
2009-07-02 09:19 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-02 09:19 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-02 09:19 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 09:19 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-02 09:17 . 2009-07-02 09:19 -------- dc-h--w- c:\windows\ie8
2009-07-02 09:12 . 2009-07-02 09:19 -------- d-----w- c:\documents and settings\ehah\Contacts
2009-07-02 01:26 . 2009-07-02 01:26 -------- d-----w- c:\windows\system32\KB905474
2009-07-02 01:26 . 2009-03-10 18:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-07-02 01:26 . 2009-03-10 18:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-07-02 01:17 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-02 01:17 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-07-02 01:17 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-02 01:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-02 01:16 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-02 01:15 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-02 01:15 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-07-02 01:14 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-02 01:14 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-01 09:28 . 2003-06-18 13:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-07-01 09:27 . 2009-07-01 09:27 -------- d-----w- c:\program files\Common Files\L&H
2009-07-01 09:27 . 2009-07-01 09:27 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-01 09:26 . 2009-07-01 09:26 -------- d-----w- c:\program files\Microsoft Works
2009-07-01 09:26 . 2009-07-01 09:27 -------- d-----w- c:\windows\SHELLNEW
2009-07-01 09:15 . 2009-07-01 09:15 198064 ----a-w- c:\documents and settings\ehah\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-01 09:15 . 2009-07-02 12:17 -------- d-----w- c:\documents and settings\ehah\Application Data\DMCache
2009-07-01 09:15 . 2009-07-01 09:16 -------- d-----w- c:\documents and settings\ehah\Application Data\IDM
2009-07-01 09:15 . 2009-07-02 09:27 -------- d-----w- c:\program files\Internet Download Manager
2009-07-01 07:20 . 2009-07-01 07:36 -------- d-----w- c:\documents and settings\ehah\Local Settings\Application Data\************
2009-07-01 07:20 . 2009-07-01 07:20 -------- d-----w- c:\program files\Conduit
2009-07-01 07:20 . 2009-07-01 07:20 -------- d-----w- c:\documents and settings\ehah\Local Settings\Application Data\Conduit
2009-07-01 07:20 . 2009-07-01 07:27 -------- d-----w- c:\program files\************
2009-07-01 07:20 . 2009-07-01 07:20 -------- d-----w- c:\documents and settings\ehah\Application Data\4shared Desktop
2009-07-01 07:20 . 2009-07-01 07:20 -------- d-----w- c:\program files\4shared Desktop
2009-07-01 06:56 . 2009-07-01 06:56 -------- d-----w- c:\program files\Nimbuzz
2009-07-01 06:41 . 2005-09-29 08:28 212992 ----a-w- c:\windows\system32\Sky2PCUI.dll
2009-07-01 05:40 . 2009-07-02 11:20 85880 ----a-w- c:\documents and settings\ehah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 05:36 . 2009-07-01 05:36 -------- d-----w- c:\documents and settings\ehah\Local Settings\Application Data\Temp
2009-07-01 05:36 . 2009-07-01 05:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-01 05:35 . 2009-07-01 05:35 -------- d-----w- c:\program files\Microsoft.NET
2009-07-01 05:26 . 2009-07-01 05:47 -------- d-----w- c:\program files\AskBarDis
2009-07-01 05:25 . 2009-07-01 05:25 -------- d-----w- c:\program files\Foxit Software
2009-07-01 05:25 . 2009-07-01 05:25 -------- d-----w- c:\documents and settings\ehah\Application Data\Foxit
2009-07-01 05:24 . 2009-07-01 05:24 -------- d-----w- c:\documents and settings\ehah\Local Settings\Application Data\Real
2009-07-01 05:24 . 2009-07-01 05:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-01 05:24 . 2009-07-01 05:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-01 05:24 . 2009-07-01 05:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-01 05:24 . 2009-07-01 05:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-01 05:23 . 2009-07-01 05:24 -------- d-----w- c:\program files\Common Files\Real
2009-07-01 05:23 . 2009-07-01 05:23 -------- d-----w- c:\program files\Real
2009-07-01 05:22 . 2009-07-01 05:22 -------- d-----w- c:\program files\GRETECH
2009-07-01 04:26 . 2009-07-01 04:26 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-01 04:25 . 2009-07-01 04:25 -------- d-----w- c:\program files\MSBuild
2009-07-01 04:25 . 2009-07-01 04:25 -------- d-----w- c:\program files\Reference Assemblies
2009-07-01 04:25 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-01 04:25 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-01 04:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-01 04:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-01 04:25 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-01 04:25 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-01 04:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-30 22:24 . 2009-06-30 22:24 -------- d-----w- c:\windows\system32\scripting
2009-06-30 22:24 . 2009-06-30 22:24 -------- d-----w- c:\windows\l2schemas
2009-06-30 22:24 . 2009-06-30 22:24 -------- d-----w- c:\windows\system32\en
2009-06-30 22:24 . 2009-06-30 22:24 -------- d-----w- c:\windows\system32\bits
2009-06-30 22:20 . 2009-06-30 22:22 -------- d-----w- c:\program files\UltraVPN
2009-06-30 22:19 . 2009-06-30 22:25 -------- d-----w- c:\windows\ServicePackFiles
2009-06-30 22:13 . 2009-06-30 22:14 -------- d-----w- c:\program files\Hotspot Shield
2009-06-30 21:57 . 2004-08-03 18:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-06-30 21:44 . 2009-07-02 09:19 -------- d--h--w- c:\windows\$hf_mig$
2009-06-30 21:38 . 2008-10-16 10:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-30 21:27 . 2009-07-01 06:44 -------- d-----w- c:\program files\ProgDVB
2009-06-30 19:46 . 2009-06-30 19:46 -------- d-----w- c:\program files\McAfee
2009-06-30 18:19 . 2005-07-22 02:12 39936 ----a-r- c:\windows\system32\P16X.dll
2009-06-30 18:19 . 2002-04-10 17:41 65536 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2009-06-30 18:19 . 2002-04-10 17:41 65536 ----a-r- c:\windows\system32\A3d.dll
2009-06-30 18:19 . 2002-04-22 00:26 33792 ----a-r- c:\windows\system32\P16XRes.Dll
2009-06-30 18:19 . 2005-07-22 02:20 1275776 ----a-r- c:\windows\system32\drivers\P16X.sys
2009-06-30 18:19 . 2009-06-30 18:19 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-30 18:19 . 2009-07-01 04:05 -------- d-----w- c:\program files\MSN Messenger
2009-06-30 17:05 . 2009-06-30 17:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-30 17:05 . 2009-07-02 12:00 -------- d-----w- c:\documents and settings\ehah\Application Data\skypePM
2009-06-30 17:03 . 2009-07-02 12:12 -------- d-----w- c:\documents and settings\ehah\Application Data\Skype
2009-06-30 17:03 . 2009-06-30 17:03 -------- d-----w- c:\program files\Skype
2009-06-30 17:03 . 2009-06-30 17:03 -------- d-----w- c:\program files\Common Files\Skype
2009-06-30 17:03 . 2009-06-30 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 11:06 . 2009-06-30 13:19 -------- d-----w- c:\program files\DVBViewerTE
2009-07-01 06:41 . 2009-06-30 13:17 -------- d-----w- c:\program files\TechniSat DVB
2009-07-01 06:41 . 2009-06-30 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-01 06:40 . 2009-06-30 10:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-01 05:24 . 2009-06-30 10:46 -------- d-----w- c:\program files\Google
2009-06-30 22:26 . 2009-06-30 10:19 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-30 16:25 . 2009-06-30 10:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-30 16:25 . 2009-06-30 10:47 -------- d-----w- c:\program files\Spyware Doctor
2009-06-30 14:43 . 2009-06-30 14:43 -------- d-----w- c:\program files\trend micro
2009-06-30 13:45 . 2009-06-30 13:44 -------- d-----w- c:\program files\TV Expert
2009-06-30 13:39 . 2009-06-30 13:33 -------- d-----w- c:\program files\Creative
2009-06-30 13:37 . 2009-06-30 13:33 -------- d--h--w- c:\program files\Creative Installation Information
2009-06-30 13:33 . 2009-06-30 13:33 -------- d-----w- c:\program files\Common Files\Creative
2009-06-30 13:18 . 2009-06-30 13:18 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-30 11:42 . 2009-06-30 11:42 -------- d-----w- c:\documents and settings\ehah\Application Data\ESET
2009-06-30 11:33 . 2009-06-30 11:33 -------- d-----w- c:\program files\ESET
2009-06-30 11:33 . 2009-06-30 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-30 10:56 . 2009-06-30 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-30 10:51 . 2009-06-30 10:47 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-30 10:47 . 2009-06-30 10:47 -------- d-----w- c:\documents and settings\ehah\Application Data\PC Tools
2009-06-30 10:35 . 2009-06-30 10:30 -------- d-----w- c:\program files\Intel
2009-06-30 10:33 . 2009-06-30 10:33 -------- d-----w- c:\program files\SigmaTel
2009-06-30 10:24 . 2009-06-30 10:24 -------- d-----w- c:\program files\MSXML 4.0
2009-06-30 10:20 . 2009-06-30 10:20 -------- d-----w- c:\program files\microsoft frontpage
2009-06-30 10:17 . 2009-06-30 10:17 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-14 11:49 . 2009-05-14 11:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 11:49 . 2009-05-14 11:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 11:49 . 2009-05-14 11:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 11:47 . 2009-05-14 11:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 11:41 . 2009-05-14 11:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 05:15 . 2004-08-03 22:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-03 21:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 22:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-07-01 07:27 2094616 ----a-w- c:\program files\************\tb4sh1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 08:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AFProg"="c:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-26 118784]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-21 86016]
"TV Card Remote Control Device Monitor"="c:\windows\713xRMT.exe" [2007-09-13 466944]
"openvpn-gui"="c:\program files\UltraVPN\bin\openvpn-gui.exe" [2009-06-24 414882]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-06-10 1337344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-21 1519616]
c:\documents and settings\ehah\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\cinetray.exe [2002-9-18 98304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-6-30 368640]
TV Expert Schedule Agent.lnk - c:\program files\TV Expert\ADTVScheduleAgent.exe [2009-6-30 45056]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/30/2009 2:47 PM 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/30/2009 2:56 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/30/2009 2:56 PM 39200]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/30/2009 2:48 PM 159600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [6/30/2009 5:42 PM 907136]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [6/30/2009 5:16 PM 343040]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [8/1/2008 2:42 AM 25216]
S2 gupdate1c9fa0c2dd19512;Google Update Service (gupdate1c9fa0c2dd19512);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2009 9:24 AM 133104]
S3 aic32p;aic32p;\??\c:\windows\system32\drivers\lslhf.sys --> c:\windows\system32\drivers\lslhf.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/30/2009 2:47 PM 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/30/2009 2:47 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/30/2009 2:56 PM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 05:24]
2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 05:24]
2009-07-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-02 18:18]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SigmatelSysTrayApp - sttray.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2233703
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-02 16:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1544)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(2132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-02 16:19
ComboFix-quarantined-files.txt 2009-07-02 12:19
Pre-Run: 89,474,023,424 bytes free
Post-Run: 89,599,815,680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
245 --- E O F --- 2009-07-02 09:20
وهذ تقرير بأداة
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:47 PM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\713xRMT.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\TV Expert\ADTVScheduleAgent.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\UltraVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: TV Expert Schedule Agent.lnk = C:\Program Files\TV Expert\ADTVScheduleAgent.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9fa0c2dd19512) (gupdate1c9fa0c2dd19512) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
--
End of file - 8234 bytes
وفي الانتظار وشكرا وجزاكم الله خيرا
تعرض جهازي لفيروس من نوع :Surabaya in my birthday - W32/Drowor.worm
وقرأت عنه هنا وحذفت ملفات الريجستري
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
قمت بعمل الفورمات للجهاز و لاحظت اصابة الجهاز من جديد بنفس الفيروس حيث ينتقل له من باقي الاقسام
بعد تركيب برنامج حماية النود واسباي وير دكتور عملت مسح للجهاز لكن المشكلة تتمثل فيما يلي
كل محتويات الهارديسك تم اختفاؤها حيث لاتظهر في الاقسام مع أنها موجودة وذلك من خلال خصايص القرص وحجمه حتي مجلد الfرامج programes filesلا اثر له
الرجاء المساعدة فيما يلي
حذف الفيروس من الجهاز دون حذف محتويات أقسام الهارديسك اتي لايوجد عليها النظام تشغيل
كيفية اظهار مجلد البرامج
عملت فحص للجهاز بواسطة اداة ComboFix وهذا هو التقرير :
ComboFix 09-07-01.04 - ehah 07/02/2009 16:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2022 [GMT 4:00]
Running from: c:\documents and settings\ehah\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-07-02 11:57 . 2009-07-02 11:57 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-07-02 09:30 . 2009-07-02 09:30 -------- d-sh--w- c:\documents and settings\ehah\PrivacIE
2009-07-02 09:29 . 2009-07-02 09:29 -------- d-sh--w- c:\documents and settings\ehah\IETldCache
2009-07-02 09:19 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-02 09:19 . 2009-07-02 09:19 -------- d-----w- c:\windows\ie8updates
2009-07-02 09:19 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-02 09:19 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-02 09:19 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 09:19 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-02 09:17 . 2009-07-02 09:19 -------- dc-h--w- c:\windows\ie8
2009-07-02 09:12 . 2009-07-02 09:19 -------- d-----w- c:\documents and settings\ehah\Contacts
2009-07-02 01:26 . 2009-07-02 01:26 -------- d-----w- c:\windows\system32\KB905474
2009-07-02 01:26 . 2009-03-10 18:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-07-02 01:26 . 2009-03-10 18:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-07-02 01:17 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-02 01:17 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-07-02 01:17 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-02 01:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-02 01:16 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-02 01:15 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-02 01:15 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-07-02 01:14 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-02 01:14 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-01 09:28 . 2003-06-18 13:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-07-01 09:27 . 2009-07-01 09:27 -------- d-----w- c:\program files\Common Files\L&H
2009-07-01 09:27 . 2009-07-01 09:27 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-01 09:26 . 2009-07-01 09:26 -------- d-----w- c:\program files\Microsoft Works
2009-07-01 09:26 . 2009-07-01 09:27 -------- d-----w- c:\windows\SHELLNEW
2009-07-01 09:15 . 2009-07-01 09:15 198064 ----a-w- c:\documents and settings\ehah\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-01 09:15 . 2009-07-02 12:17 -------- d-----w- c:\documents and settings\ehah\Application Data\DMCache
2009-07-01 09:15 . 2009-07-01 09:16 -------- d-----w- c:\documents and settings\ehah\Application Data\IDM
2009-07-01 09:15 . 2009-07-02 09:27 -------- d-----w- c:\program files\Internet Download Manager
2009-07-01 07:20 . 2009-07-01 07:36 -------- d-----w- c:\documents and settings\ehah\Local Settings\Application Data\************
2009-07-01 07:20 . 2009-07-01 07:20 -------- d-----w- c:\program files\Conduit
2009-07-01 07:20 . 2009-07-01 07:20 -------- d-----w- c:\documents and settings\ehah\Local Settings\Application Data\Conduit
2009-07-01 07:20 . 2009-07-01 07:27 -------- d-----w- c:\program files\************
2009-07-01 07:20 . 2009-07-01 07:20 -------- d-----w- c:\documents and settings\ehah\Application Data\4shared Desktop
2009-07-01 07:20 . 2009-07-01 07:20 -------- d-----w- c:\program files\4shared Desktop
2009-07-01 06:56 . 2009-07-01 06:56 -------- d-----w- c:\program files\Nimbuzz
2009-07-01 06:41 . 2005-09-29 08:28 212992 ----a-w- c:\windows\system32\Sky2PCUI.dll
2009-07-01 05:40 . 2009-07-02 11:20 85880 ----a-w- c:\documents and settings\ehah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 05:36 . 2009-07-01 05:36 -------- d-----w- c:\documents and settings\ehah\Local Settings\Application Data\Temp
2009-07-01 05:36 . 2009-07-01 05:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-01 05:35 . 2009-07-01 05:35 -------- d-----w- c:\program files\Microsoft.NET
2009-07-01 05:26 . 2009-07-01 05:47 -------- d-----w- c:\program files\AskBarDis
2009-07-01 05:25 . 2009-07-01 05:25 -------- d-----w- c:\program files\Foxit Software
2009-07-01 05:25 . 2009-07-01 05:25 -------- d-----w- c:\documents and settings\ehah\Application Data\Foxit
2009-07-01 05:24 . 2009-07-01 05:24 -------- d-----w- c:\documents and settings\ehah\Local Settings\Application Data\Real
2009-07-01 05:24 . 2009-07-01 05:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-01 05:24 . 2009-07-01 05:24 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-01 05:24 . 2009-07-01 05:24 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-01 05:24 . 2009-07-01 05:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-01 05:23 . 2009-07-01 05:24 -------- d-----w- c:\program files\Common Files\Real
2009-07-01 05:23 . 2009-07-01 05:23 -------- d-----w- c:\program files\Real
2009-07-01 05:22 . 2009-07-01 05:22 -------- d-----w- c:\program files\GRETECH
2009-07-01 04:26 . 2009-07-01 04:26 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-01 04:25 . 2009-07-01 04:25 -------- d-----w- c:\program files\MSBuild
2009-07-01 04:25 . 2009-07-01 04:25 -------- d-----w- c:\program files\Reference Assemblies
2009-07-01 04:25 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-01 04:25 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-01 04:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-01 04:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-01 04:25 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-01 04:25 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-01 04:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-30 22:24 . 2009-06-30 22:24 -------- d-----w- c:\windows\system32\scripting
2009-06-30 22:24 . 2009-06-30 22:24 -------- d-----w- c:\windows\l2schemas
2009-06-30 22:24 . 2009-06-30 22:24 -------- d-----w- c:\windows\system32\en
2009-06-30 22:24 . 2009-06-30 22:24 -------- d-----w- c:\windows\system32\bits
2009-06-30 22:20 . 2009-06-30 22:22 -------- d-----w- c:\program files\UltraVPN
2009-06-30 22:19 . 2009-06-30 22:25 -------- d-----w- c:\windows\ServicePackFiles
2009-06-30 22:13 . 2009-06-30 22:14 -------- d-----w- c:\program files\Hotspot Shield
2009-06-30 21:57 . 2004-08-03 18:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-06-30 21:44 . 2009-07-02 09:19 -------- d--h--w- c:\windows\$hf_mig$
2009-06-30 21:38 . 2008-10-16 10:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-30 21:27 . 2009-07-01 06:44 -------- d-----w- c:\program files\ProgDVB
2009-06-30 19:46 . 2009-06-30 19:46 -------- d-----w- c:\program files\McAfee
2009-06-30 18:19 . 2005-07-22 02:12 39936 ----a-r- c:\windows\system32\P16X.dll
2009-06-30 18:19 . 2002-04-10 17:41 65536 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2009-06-30 18:19 . 2002-04-10 17:41 65536 ----a-r- c:\windows\system32\A3d.dll
2009-06-30 18:19 . 2002-04-22 00:26 33792 ----a-r- c:\windows\system32\P16XRes.Dll
2009-06-30 18:19 . 2005-07-22 02:20 1275776 ----a-r- c:\windows\system32\drivers\P16X.sys
2009-06-30 18:19 . 2009-06-30 18:19 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-30 18:19 . 2009-07-01 04:05 -------- d-----w- c:\program files\MSN Messenger
2009-06-30 17:05 . 2009-06-30 17:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-30 17:05 . 2009-07-02 12:00 -------- d-----w- c:\documents and settings\ehah\Application Data\skypePM
2009-06-30 17:03 . 2009-07-02 12:12 -------- d-----w- c:\documents and settings\ehah\Application Data\Skype
2009-06-30 17:03 . 2009-06-30 17:03 -------- d-----w- c:\program files\Skype
2009-06-30 17:03 . 2009-06-30 17:03 -------- d-----w- c:\program files\Common Files\Skype
2009-06-30 17:03 . 2009-06-30 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 11:06 . 2009-06-30 13:19 -------- d-----w- c:\program files\DVBViewerTE
2009-07-01 06:41 . 2009-06-30 13:17 -------- d-----w- c:\program files\TechniSat DVB
2009-07-01 06:41 . 2009-06-30 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-01 06:40 . 2009-06-30 10:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-01 05:24 . 2009-06-30 10:46 -------- d-----w- c:\program files\Google
2009-06-30 22:26 . 2009-06-30 10:19 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-30 16:25 . 2009-06-30 10:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-30 16:25 . 2009-06-30 10:47 -------- d-----w- c:\program files\Spyware Doctor
2009-06-30 14:43 . 2009-06-30 14:43 -------- d-----w- c:\program files\trend micro
2009-06-30 13:45 . 2009-06-30 13:44 -------- d-----w- c:\program files\TV Expert
2009-06-30 13:39 . 2009-06-30 13:33 -------- d-----w- c:\program files\Creative
2009-06-30 13:37 . 2009-06-30 13:33 -------- d--h--w- c:\program files\Creative Installation Information
2009-06-30 13:33 . 2009-06-30 13:33 -------- d-----w- c:\program files\Common Files\Creative
2009-06-30 13:18 . 2009-06-30 13:18 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-30 11:42 . 2009-06-30 11:42 -------- d-----w- c:\documents and settings\ehah\Application Data\ESET
2009-06-30 11:33 . 2009-06-30 11:33 -------- d-----w- c:\program files\ESET
2009-06-30 11:33 . 2009-06-30 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-30 10:56 . 2009-06-30 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-30 10:51 . 2009-06-30 10:47 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-30 10:47 . 2009-06-30 10:47 -------- d-----w- c:\documents and settings\ehah\Application Data\PC Tools
2009-06-30 10:35 . 2009-06-30 10:30 -------- d-----w- c:\program files\Intel
2009-06-30 10:33 . 2009-06-30 10:33 -------- d-----w- c:\program files\SigmaTel
2009-06-30 10:24 . 2009-06-30 10:24 -------- d-----w- c:\program files\MSXML 4.0
2009-06-30 10:20 . 2009-06-30 10:20 -------- d-----w- c:\program files\microsoft frontpage
2009-06-30 10:17 . 2009-06-30 10:17 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-14 11:49 . 2009-05-14 11:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 11:49 . 2009-05-14 11:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 11:49 . 2009-05-14 11:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 11:47 . 2009-05-14 11:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 11:41 . 2009-05-14 11:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 05:15 . 2004-08-03 22:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-03 21:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 22:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2009-07-01 07:27 2094616 ----a-w- c:\program files\************\tb4sh1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 08:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AFProg"="c:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-26 118784]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-21 86016]
"TV Card Remote Control Device Monitor"="c:\windows\713xRMT.exe" [2007-09-13 466944]
"openvpn-gui"="c:\program files\UltraVPN\bin\openvpn-gui.exe" [2009-06-24 414882]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2009-06-10 1337344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-21 1519616]
c:\documents and settings\ehah\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\cinetray.exe [2002-9-18 98304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-6-30 368640]
TV Expert Schedule Agent.lnk - c:\program files\TV Expert\ADTVScheduleAgent.exe [2009-6-30 45056]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/30/2009 2:47 PM 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/30/2009 2:56 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/30/2009 2:56 PM 39200]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/30/2009 2:48 PM 159600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [6/30/2009 5:42 PM 907136]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [6/30/2009 5:16 PM 343040]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [8/1/2008 2:42 AM 25216]
S2 gupdate1c9fa0c2dd19512;Google Update Service (gupdate1c9fa0c2dd19512);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2009 9:24 AM 133104]
S3 aic32p;aic32p;\??\c:\windows\system32\drivers\lslhf.sys --> c:\windows\system32\drivers\lslhf.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/30/2009 2:47 PM 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/30/2009 2:47 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/30/2009 2:56 PM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 05:24]
2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 05:24]
2009-07-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-02 18:18]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SigmatelSysTrayApp - sttray.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2233703
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-02 16:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1544)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(2132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-02 16:19
ComboFix-quarantined-files.txt 2009-07-02 12:19
Pre-Run: 89,474,023,424 bytes free
Post-Run: 89,599,815,680 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
245 --- E O F --- 2009-07-02 09:20
وهذ تقرير بأداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:47 PM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\713xRMT.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\TV Expert\ADTVScheduleAgent.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ************ Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\************\tb4sh1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\UltraVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AFProg] C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: TV Expert Schedule Agent.lnk = C:\Program Files\TV Expert\ADTVScheduleAgent.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9fa0c2dd19512) (gupdate1c9fa0c2dd19512) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
--
End of file - 8234 bytes
وفي الانتظار وشكرا وجزاكم الله خيرا
