- بادئ الموضوع الخاMلدي
- تاريخ البدء
- 897
LINEZERO
زيزوومى محترف
غير متصل
الله يعينك تودي الجهاز لشيخ يقراء عليه
:q:
لاااهنت اخوي اعمل التالي بالترتيب
:q:
لاااهنت اخوي اعمل التالي بالترتيب
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : LINEZERO
تأييد
0
يسلمك ربي اخوي
هذا المطلوب
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:34:13 م, on 21/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 3684 bytes
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
وهذا تقرير الاداة
ComboFix 09-07-20.05 - user 07/21/2009 19:27.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.375.188 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.
2009-07-19 17:02 . 2009-07-19 17:00 298104 ----a-w- c:\windows\system32\imon.dll
2009-07-19 17:02 . 2009-07-19 17:00 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-07-19 17:02 . 2009-07-19 17:00 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-07-19 16:57 . 2009-07-19 16:57 -------- d-----w- c:\program files\Eset
2009-07-19 16:46 . 2009-07-19 16:46 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-19 13:28 . 2009-07-19 13:28 -------- d-s---w- c:\documents and settings\user\UserData
2009-07-16 16:48 . 2009-07-16 16:49 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\WMTools Downloaded Files
2009-07-12 21:31 . 2009-07-12 21:31 -------- d-sh--w- C:\FOUND.019
2009-07-04 11:18 . 2009-07-04 11:18 -------- d-sh--w- C:\FOUND.018
2009-06-29 20:46 . 2009-07-19 17:16 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-28 10:26 . 2009-06-28 10:26 -------- d-sh--w- C:\FOUND.017
2009-06-28 10:10 . 2009-06-28 10:10 -------- d-sh--w- C:\FOUND.016
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 11:25 . 2009-05-29 11:25 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
2009-05-12 14:04 . 2009-04-23 15:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 12:13 . 2001-09-19 09:00 40940 ----a-w- c:\windows\system32\perfc001.dat
2009-04-28 12:13 . 2001-09-19 09:00 254130 ----a-w- c:\windows\system32\perfh001.dat
2009-04-25 11:54 . 2009-04-23 15:30 94632 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 16:19 . 2009-04-23 16:19 409102 ----a-w- c:\windows\system32\cdky1.reg
2009-04-23 16:19 . 2009-04-23 16:19 346 ----a-w- c:\windows\system32\cdky2.reg
2009-04-23 16:18 . 2009-04-23 16:18 47104 ------w- c:\windows\AKDeInstall.exe
2009-04-23 16:10 . 2009-04-23 16:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-23 16:10 . 2009-04-23 16:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-23 15:11 . 2009-04-23 15:11 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-23 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-07-19 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [19/07/2009 08:02 م 15424]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [23/04/2009 06:01 م 222336]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-21 19:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(456)
c:\windows\system32\antiwpa.dll
- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\imon.dll
.
Completion time: 2009-07-21 19:33
ComboFix-quarantined-files.txt 2009-07-21 16:33
Pre-Run: 18,925,142,016 bytes free
Post-Run: 18,953,895,936 bytes free
92
هذا المطلوب
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:34:13 م, on 21/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 3684 bytes
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
وهذا تقرير الاداة
ComboFix 09-07-20.05 - user 07/21/2009 19:27.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.375.188 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.
2009-07-19 17:02 . 2009-07-19 17:00 298104 ----a-w- c:\windows\system32\imon.dll
2009-07-19 17:02 . 2009-07-19 17:00 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-07-19 17:02 . 2009-07-19 17:00 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-07-19 16:57 . 2009-07-19 16:57 -------- d-----w- c:\program files\Eset
2009-07-19 16:46 . 2009-07-19 16:46 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-19 13:28 . 2009-07-19 13:28 -------- d-s---w- c:\documents and settings\user\UserData
2009-07-16 16:48 . 2009-07-16 16:49 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\WMTools Downloaded Files
2009-07-12 21:31 . 2009-07-12 21:31 -------- d-sh--w- C:\FOUND.019
2009-07-04 11:18 . 2009-07-04 11:18 -------- d-sh--w- C:\FOUND.018
2009-06-29 20:46 . 2009-07-19 17:16 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-28 10:26 . 2009-06-28 10:26 -------- d-sh--w- C:\FOUND.017
2009-06-28 10:10 . 2009-06-28 10:10 -------- d-sh--w- C:\FOUND.016
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 11:25 . 2009-05-29 11:25 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
2009-05-12 14:04 . 2009-04-23 15:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 12:13 . 2001-09-19 09:00 40940 ----a-w- c:\windows\system32\perfc001.dat
2009-04-28 12:13 . 2001-09-19 09:00 254130 ----a-w- c:\windows\system32\perfh001.dat
2009-04-25 11:54 . 2009-04-23 15:30 94632 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 16:19 . 2009-04-23 16:19 409102 ----a-w- c:\windows\system32\cdky1.reg
2009-04-23 16:19 . 2009-04-23 16:19 346 ----a-w- c:\windows\system32\cdky2.reg
2009-04-23 16:18 . 2009-04-23 16:18 47104 ------w- c:\windows\AKDeInstall.exe
2009-04-23 16:10 . 2009-04-23 16:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-23 16:10 . 2009-04-23 16:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-23 15:11 . 2009-04-23 15:11 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-23 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-07-19 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [19/07/2009 08:02 م 15424]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [23/04/2009 06:01 م 222336]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-21 19:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(456)
c:\windows\system32\antiwpa.dll
- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\imon.dll
.
Completion time: 2009-07-21 19:33
ComboFix-quarantined-files.txt 2009-07-21 16:33
Pre-Run: 18,925,142,016 bytes free
Post-Run: 18,953,895,936 bytes free
92
تأييد
0
كيف يتم ضبط الاعداد
تأييد
0