السلا عليكم ورحمة الله وبركاته
ابي منكم مساعده بهذا التقارير
والمشكله ان الجهاز يقفل من لوحده
وحطيتلكم تقرير الهيجك وتقرير ComboFix
هذا تقرير الهيجك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:24:08 ص, on 24/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Documents and Settings\marvel\سطح المكتب\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.138
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
--
End of file - 8013 bytes
==================================================
وهذا تقريرComboFix
ComboFix 09-07-22.08 - marvel 07/24/2009 6:02.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1014.609 [GMT 3:00]
Running from: c:\documents and settings\marvel\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.
2009-07-24 01:27 . 2009-07-24 01:27 -------- d-----w- c:\documents and settings\marvel\Application Data\TeamViewer
2009-07-24 01:26 . 2009-07-24 01:26 -------- d-----w- c:\program files\TeamViewer
2009-07-24 01:25 . 2009-07-24 01:25 -------- d-----w- c:\documents and settings\marvel\temp
2009-07-22 16:29 . 2009-07-22 16:29 -------- d-----w- c:\documents and settings\marvel\Application Data\oovootb
2009-07-06 06:35 . 2009-07-06 06:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-05 08:33 . 2009-07-05 08:33 -------- d-----w- c:\program files\iVocalize Web Conference 4
2009-06-27 11:43 . 2009-06-27 11:43 -------- d-----w- c:\documents and settings\marvel\Application Data\EmailNotifier
2009-06-26 19:42 . 2009-06-26 19:44 -------- d-----w- c:\documents and settings\marvel\Application Data\ooVoo Details
2009-06-26 19:42 . 2009-06-26 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 03:04 . 2009-04-16 02:11 -------- d-----w- c:\documents and settings\marvel\Application Data\Skype
2009-07-24 03:02 . 2001-09-19 11:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-07-24 03:02 . 2001-09-19 11:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-07-24 02:58 . 2009-04-09 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-24 02:13 . 2009-04-09 09:18 507936 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-24 02:13 . 2009-04-09 09:18 3864 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-24 02:13 . 2009-04-09 09:18 2311712 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-24 02:13 . 2009-04-09 09:18 20188 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-24 01:06 . 2009-04-16 02:13 -------- d-----w- c:\documents and settings\marvel\Application Data\skypePM
2009-07-23 09:10 . 2009-04-09 08:32 -------- d-----w- c:\program files\MSN Messenger
2009-07-23 09:00 . 2009-04-09 08:32 -------- d-----w- c:\program files\Yahoo!
2009-07-21 15:40 . 2009-04-10 00:00 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-06-29 18:43 . 2009-04-09 08:26 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-06-26 19:41 . 2009-04-09 08:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 20:51 . 2009-05-22 13:56 10240 ----a-w- c:\documents and settings\marvel\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-06-20 08:50 . 2009-06-20 08:50 -------- d-----w- c:\documents and settings\marvel\Application Data\Avant Profiles
2009-06-20 08:50 . 2009-06-20 08:50 -------- d-----w- c:\program files\Avant Browser
2009-06-17 19:32 . 2009-06-17 19:32 925696 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\MoodEditor.exe
2009-06-17 19:32 . 2009-06-17 19:32 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\zlib.dll
2009-06-17 19:32 . 2009-06-17 19:32 533504 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\CrashRpt.dll
2009-06-17 19:32 . 2009-06-17 19:32 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\dbghelp.dll
2009-06-16 20:11 . 2009-06-16 20:11 -------- d-----w- c:\documents and settings\marvel\Application Data\Reallusion
2009-06-16 20:10 . 2009-06-16 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-06-16 20:10 . 2009-06-16 20:10 -------- d-----w- c:\program files\Reallusion
2009-06-16 20:10 . 2009-04-09 08:15 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-16 20:07 . 2009-06-16 20:07 9843864 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\CT4SKypePlugIn20_Multi_Media.exe
2009-06-16 20:07 . 2009-06-16 20:07 77824 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\RLLauncher.exe
2009-06-08 22:32 . 2009-06-08 22:32 0 ----a-w- c:\windows\nsreg.dat
2009-06-04 04:07 . 2009-04-10 02:09 -------- d-----w- c:\program files\Circl Developement
2009-06-04 03:36 . 2009-04-09 15:54 -------- d-----w- c:\documents and settings\marvel\Application Data\burnpoprule
2009-06-02 21:39 . 2009-06-01 22:04 -------- d-----w- c:\program files\AskBarDis
2009-06-01 23:36 . 2009-06-01 21:59 -------- d-----w- c:\documents and settings\marvel\Application Data\Paltalk
2009-06-01 23:36 . 2009-06-01 21:59 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-24 18:18 . 2009-05-24 18:18 390664 ----a-w- c:\documents and settings\marvel\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-21 00:39 . 2009-04-09 09:18 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-21 00:39 . 2009-04-09 09:18 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-04-28 06:26 . 2009-04-28 06:26 323584 ----a-w- c:\windows\system32\swt-win32-3232.dll
2009-06-17 01:56 . 2009-06-08 22:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2008-03-29 16:19 1547776 6E932D21E116B51ED9D5157E31C48E33 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-24_02.15.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-19 11:00 . 2009-07-24 01:58 40326 c:\windows\system32\perfc009.dat
+ 2001-09-19 11:00 . 2009-07-24 03:02 40326 c:\windows\system32\perfc009.dat
+ 2001-09-19 11:00 . 2009-07-24 03:02 311938 c:\windows\system32\perfh009.dat
- 2001-09-19 11:00 . 2009-07-24 01:58 311938 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-06-16 5324584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-09 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\marvel\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*
isabledoVoo TCP المنفذ 443
"443:UDP"= 443:UDP:*isabledoVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP:*isabledoVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP:*isabledoVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP:*isabledoVoo UDP المنفذ 37675
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [09/04/2009 11:52 ص 105984]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 24592]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [09/04/2009 11:48 ص 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [09/04/2009 11:48 ص 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [09/04/2009 11:48 ص 7424]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\rnhlo.sys --> c:\windows\system32\drivers\rnhlo.sys [?]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 10.0.0.138
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\marvel\Application Data\Mozilla\Firefox\Profiles\3zjirnjx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com?pr=oovoo2_0
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-24 06:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2940)
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-07-24 6:08
ComboFix-quarantined-files.txt 2009-07-24 03:07
ComboFix2.txt 2009-07-24 02:22
Pre-Run: 20,011,040,768 bytes free
Post-Run: 20,186,701,824 bytes free
176
وشكرا :b:
ابي منكم مساعده بهذا التقارير
والمشكله ان الجهاز يقفل من لوحده
وحطيتلكم تقرير الهيجك وتقرير ComboFix
هذا تقرير الهيجك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:24:08 ص, on 24/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Documents and Settings\marvel\سطح المكتب\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.0.0.138
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
--
End of file - 8013 bytes
==================================================
وهذا تقريرComboFix
ComboFix 09-07-22.08 - marvel 07/24/2009 6:02.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1014.609 [GMT 3:00]
Running from: c:\documents and settings\marvel\سطح المكتب\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.
2009-07-24 01:27 . 2009-07-24 01:27 -------- d-----w- c:\documents and settings\marvel\Application Data\TeamViewer
2009-07-24 01:26 . 2009-07-24 01:26 -------- d-----w- c:\program files\TeamViewer
2009-07-24 01:25 . 2009-07-24 01:25 -------- d-----w- c:\documents and settings\marvel\temp
2009-07-22 16:29 . 2009-07-22 16:29 -------- d-----w- c:\documents and settings\marvel\Application Data\oovootb
2009-07-06 06:35 . 2009-07-06 06:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-05 08:33 . 2009-07-05 08:33 -------- d-----w- c:\program files\iVocalize Web Conference 4
2009-06-27 11:43 . 2009-06-27 11:43 -------- d-----w- c:\documents and settings\marvel\Application Data\EmailNotifier
2009-06-26 19:42 . 2009-06-26 19:44 -------- d-----w- c:\documents and settings\marvel\Application Data\ooVoo Details
2009-06-26 19:42 . 2009-06-26 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 03:04 . 2009-04-16 02:11 -------- d-----w- c:\documents and settings\marvel\Application Data\Skype
2009-07-24 03:02 . 2001-09-19 11:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-07-24 03:02 . 2001-09-19 11:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-07-24 02:58 . 2009-04-09 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-24 02:13 . 2009-04-09 09:18 507936 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-24 02:13 . 2009-04-09 09:18 3864 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-24 02:13 . 2009-04-09 09:18 2311712 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-24 02:13 . 2009-04-09 09:18 20188 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-24 01:06 . 2009-04-16 02:13 -------- d-----w- c:\documents and settings\marvel\Application Data\skypePM
2009-07-23 09:10 . 2009-04-09 08:32 -------- d-----w- c:\program files\MSN Messenger
2009-07-23 09:00 . 2009-04-09 08:32 -------- d-----w- c:\program files\Yahoo!
2009-07-21 15:40 . 2009-04-10 00:00 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-06-29 18:43 . 2009-04-09 08:26 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-06-26 19:41 . 2009-04-09 08:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 20:51 . 2009-05-22 13:56 10240 ----a-w- c:\documents and settings\marvel\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-06-20 08:50 . 2009-06-20 08:50 -------- d-----w- c:\documents and settings\marvel\Application Data\Avant Profiles
2009-06-20 08:50 . 2009-06-20 08:50 -------- d-----w- c:\program files\Avant Browser
2009-06-17 19:32 . 2009-06-17 19:32 925696 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\MoodEditor.exe
2009-06-17 19:32 . 2009-06-17 19:32 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\zlib.dll
2009-06-17 19:32 . 2009-06-17 19:32 533504 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\CrashRpt.dll
2009-06-17 19:32 . 2009-06-17 19:32 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\dbghelp.dll
2009-06-16 20:11 . 2009-06-16 20:11 -------- d-----w- c:\documents and settings\marvel\Application Data\Reallusion
2009-06-16 20:10 . 2009-06-16 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-06-16 20:10 . 2009-06-16 20:10 -------- d-----w- c:\program files\Reallusion
2009-06-16 20:10 . 2009-04-09 08:15 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-16 20:07 . 2009-06-16 20:07 9843864 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\CT4SKypePlugIn20_Multi_Media.exe
2009-06-16 20:07 . 2009-06-16 20:07 77824 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\RLLauncher.exe
2009-06-08 22:32 . 2009-06-08 22:32 0 ----a-w- c:\windows\nsreg.dat
2009-06-04 04:07 . 2009-04-10 02:09 -------- d-----w- c:\program files\Circl Developement
2009-06-04 03:36 . 2009-04-09 15:54 -------- d-----w- c:\documents and settings\marvel\Application Data\burnpoprule
2009-06-02 21:39 . 2009-06-01 22:04 -------- d-----w- c:\program files\AskBarDis
2009-06-01 23:36 . 2009-06-01 21:59 -------- d-----w- c:\documents and settings\marvel\Application Data\Paltalk
2009-06-01 23:36 . 2009-06-01 21:59 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-24 18:18 . 2009-05-24 18:18 390664 ----a-w- c:\documents and settings\marvel\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-21 00:39 . 2009-04-09 09:18 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-21 00:39 . 2009-04-09 09:18 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-04-28 06:26 . 2009-04-28 06:26 323584 ----a-w- c:\windows\system32\swt-win32-3232.dll
2009-06-17 01:56 . 2009-06-08 22:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
------- Sigcheck -------
[-] 2008-03-29 16:19 1547776 6E932D21E116B51ED9D5157E31C48E33 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-24_02.15.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-19 11:00 . 2009-07-24 01:58 40326 c:\windows\system32\perfc009.dat
+ 2001-09-19 11:00 . 2009-07-24 03:02 40326 c:\windows\system32\perfc009.dat
+ 2001-09-19 11:00 . 2009-07-24 03:02 311938 c:\windows\system32\perfh009.dat
- 2001-09-19 11:00 . 2009-07-24 01:58 311938 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-06-16 5324584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-09 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\marvel\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*
isabledoVoo TCP المنفذ 443"443:UDP"= 443:UDP:*
isabledoVoo UDP المنفذ 443"37674:TCP"= 37674:TCP:*
isabledoVoo TCP المنفذ 37674"37674:UDP"= 37674:UDP:*
isabledoVoo UDP المنفذ 37674"37675:UDP"= 37675:UDP:*
isabledoVoo UDP المنفذ 37675R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 33808]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [09/04/2009 11:52 ص 105984]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 24592]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [09/04/2009 11:48 ص 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [09/04/2009 11:48 ص 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [09/04/2009 11:48 ص 7424]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\rnhlo.sys --> c:\windows\system32\drivers\rnhlo.sys [?]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 10.0.0.138
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\marvel\Application Data\Mozilla\Firefox\Profiles\3zjirnjx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com?pr=oovoo2_0
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-24 06:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2940)
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-07-24 6:08
ComboFix-quarantined-files.txt 2009-07-24 03:07
ComboFix2.txt 2009-07-24 02:22
Pre-Run: 20,011,040,768 bytes free
Post-Run: 20,186,701,824 bytes free
176
وشكرا :b:
