- بادئ الموضوع adnanms
- تاريخ البدء
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
نجم الشهر
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
وعليكم السلام
اعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
توقيع : Demo-dash
تأييد
0
اشكرك اخوي وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:12:30 ص, on 29/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\adnan\restorer32_a.exe
C:\Documents and Settings\adnan\Application Data\seres.exe
C:\Documents and Settings\adnan\Application Data\svcst.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\adnan\سطح المكتب\HiJackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\adnan\restorer32_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\adnan\Application Data\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\adnan\Application Data\svcst.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wbhwin32.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\STCKAS~1\adialhk.dll,C:\PROGRA~1\KASPER~1\STCKAS~1\kloehk.dll
O23 - Service: STC Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7516 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:12:30 ص, on 29/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\adnan\restorer32_a.exe
C:\Documents and Settings\adnan\Application Data\seres.exe
C:\Documents and Settings\adnan\Application Data\svcst.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\adnan\سطح المكتب\HiJackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\adnan\restorer32_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\adnan\Application Data\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\adnan\Application Data\svcst.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wbhwin32.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\STCKAS~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\STCKAS~1\adialhk.dll,C:\PROGRA~1\KASPER~1\STCKAS~1\kloehk.dll
O23 - Service: STC Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7516 bytes
تأييد
0
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
نجم الشهر
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
==============
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
==============
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : Demo-dash
تأييد
0
اشكرك بعمق وهذا التقرير ComboFix 09-09-28.01 - adnan 09/29/2009 6:32.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.2038.1680 [GMT 3:00]
Running from: c:\documents and settings\adnan\سطح المكتب\ComboFix.exe
AV: STC Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: STC Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\adnan\قائمة ابدأ\البرامج\بدء التشغيل\wbhwin32.exe
c:\documents and settings\adnan\Application Data\lizkavd.exe
c:\documents and settings\adnan\Application Data\qovuqodad.inf
c:\documents and settings\adnan\Application Data\seres.exe
c:\documents and settings\adnan\Application Data\svcst.exe
c:\documents and settings\adnan\Application Data\wiaserva.log
c:\documents and settings\adnan\Application Data\xemazij.bin
c:\documents and settings\adnan\Application Data\xyrodi.vbs
c:\documents and settings\adnan\Cookies\cywusa.sys
c:\documents and settings\adnan\Cookies\eqadec.scr
c:\documents and settings\adnan\Cookies\synanyhore.exe
c:\documents and settings\adnan\Cookies\upejygyfyx.dat
c:\documents and settings\adnan\Cookies\uroqakuje.reg
c:\documents and settings\adnan\Cookies\zonoso.pif
c:\documents and settings\adnan\Cookies\zuha.lib
c:\documents and settings\adnan\Local Settings\Application Data\ulisilin.ban
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\aqywigevi.inf
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\atygybo.inf
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\awufabamur.reg
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\lytoty._sy
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\ozogunar.dll
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\umag.reg
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\ykese.inf
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\ywyw._sy
c:\documents and settings\All Users\Application Data\eket.vbs
c:\documents and settings\All Users\Application Data\eletyvi.bat
c:\documents and settings\All Users\Application Data\ipag.lib
c:\documents and settings\All Users\Documents\bulado.dl
c:\documents and settings\All Users\Documents\fikikunoc.dl
c:\documents and settings\All Users\Documents\hunipejy.ban
c:\documents and settings\All Users\Documents\rarokyruw.sys
c:\documents and settings\All Users\Documents\ubiky.ban
c:\program files\Common Files\ofinosegyq.com
c:\program files\Common Files\vumygagisy.bat
c:\program files\Common Files\yzyrufi.dl
c:\windows\fuwine.vbs
c:\windows\hibyqodod.sys
c:\windows\Installer\2a8da.msi
c:\windows\luhet.bat
c:\windows\ogolamojas.inf
c:\windows\system32\_scui.cpl
c:\windows\system32\ieuinit.inf
c:\windows\system32\imipohyt.reg
c:\windows\system32\sufuw._dl
c:\windows\system32\unecy.bat
c:\windows\system32\yfyreluw.scr
c:\windows\wejukaf.reg
c:\windows\xamasyf._dl
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.
2009-09-29 03:01 . 2009-09-29 03:01 19516 ----a-w- c:\windows\nurige.dat
2009-09-29 03:01 . 2009-09-29 03:01 15254 ----a-w- c:\documents and settings\adnan\Local Settings\Application Data\ugahelo.dat
2009-09-29 01:09 . 2009-09-29 01:09 40448 ----a-w- c:\windows\system32\restorer32_a.exe
2009-09-29 01:09 . 2009-09-29 01:09 40448 ----a-w- c:\documents and settings\adnan\restorer32_a.exe
2009-09-27 12:28 . 2009-09-27 12:28 -------- d-----w- c:\program files\JLC's Software
2009-09-27 11:24 . 2009-09-27 11:24 0 ----a-w- c:\windows\nsreg.dat
2009-09-27 11:24 . 2009-09-27 11:24 -------- d-----w- c:\documents and settings\adnan\Local Settings\Application Data\Mozilla
2009-09-20 22:30 . 2009-09-20 22:30 -------- d-----w- c:\windows\system32\LogFiles
2009-09-08 03:46 . 2009-09-08 03:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-08 03:33 . 2009-09-08 03:46 -------- d-----w- c:\program files\Atheros
2009-09-08 01:37 . 2009-09-08 03:46 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility
2009-09-06 03:01 . 2009-09-06 03:01 -------- d-----w- c:\documents and settings\adnan\Local Settings\Application Data\Identities
2009-09-06 02:57 . 2009-09-06 02:57 -------- d-----w- C:\temp
2009-09-04 04:26 . 2009-09-04 04:26 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-09-04 04:21 . 2007-01-11 10:20 194304 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2009-09-04 03:18 . 2004-08-11 12:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-09-04 03:18 . 2009-09-04 04:16 -------- d-----w- c:\program files\Driver Magician
2009-09-04 03:14 . 2009-09-04 03:14 -------- d-----w- c:\program files\VS Revo Group
2009-09-03 23:28 . 2009-09-03 23:28 -------- d-----w- c:\documents and settings\adnan\Application Data\HTML Executable
2009-09-03 23:27 . 2009-09-04 04:16 -------- d-----w- c:\program files\TV
2009-09-03 22:58 . 2009-09-03 22:58 -------- d-----w- c:\documents and settings\adnan\Application Data\JLC's Software
2009-09-03 14:43 . 2009-09-17 03:18 -------- d-----w- c:\documents and settings\adnan\Application Data\Steady Recorder
2009-09-03 14:43 . 2009-09-03 14:43 -------- d-----w- c:\program files\Steady Recorder
2009-09-03 03:12 . 2009-09-03 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-02 03:59 . 2009-09-02 03:59 27264 ----a-w- c:\documents and settings\adnan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 03:23 . 2009-09-02 03:23 -------- d-----w- c:\windows\OPTIONS
2009-09-02 03:20 . 2009-09-04 20:30 -------- d-----w- c:\documents and settings\adnan\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 03:40 . 2009-08-15 00:57 974880 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-29 03:40 . 2009-08-15 00:57 10792 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-29 03:40 . 2009-08-15 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 03:38 . 2009-08-15 00:57 4044 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-29 03:38 . 2009-08-15 00:57 253984 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-29 03:11 . 2009-08-15 05:57 -------- d-----w- c:\documents and settings\adnan\Application Data\DMCache
2009-09-29 03:11 . 2001-09-19 12:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-09-29 03:11 . 2001-09-19 12:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-09-29 03:01 . 2009-09-29 03:01 13034 ----a-w- c:\program files\Common Files\yxix._sy
2009-09-29 03:01 . 2009-09-29 03:01 10590 ----a-w- c:\documents and settings\adnan\Application Data\ululogec.dat
2009-09-27 19:57 . 2009-08-20 03:27 -------- d-----w- c:\program files\Google
2009-09-26 11:02 . 2009-08-15 05:57 -------- d-----w- c:\documents and settings\adnan\Application Data\IDM
2009-09-26 08:18 . 2009-08-15 00:58 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-26 08:18 . 2009-08-15 00:58 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-08 03:33 . 2009-08-14 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-05 04:17 . 2009-08-15 05:57 -------- d-----w- c:\program files\Internet Download Manager
2009-09-04 04:25 . 2009-08-14 18:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-01 02:42 . 2009-08-15 06:00 -------- d-----w- c:\program files\Yahoo!
2009-08-27 22:02 . 2009-08-27 22:02 -------- d-----w- c:\program files\WIDCOMM
2009-08-27 22:01 . 2009-08-27 22:01 -------- d-----w- c:\program files\SigmaTel
2009-08-27 22:00 . 2009-08-27 22:00 -------- d-----w- c:\program files\CONEXANT
2009-08-27 21:59 . 2009-08-25 04:04 -------- d-----w- c:\program files\DIFX
2009-08-27 21:57 . 2009-08-14 18:59 -------- d-----w- c:\program files\Dell
2009-08-27 21:55 . 2009-08-27 21:55 -------- d-----w- c:\program files\Marvell
2009-08-27 21:54 . 2009-08-27 21:54 -------- d-----w- c:\documents and settings\adnan\Application Data\TMP
2009-08-27 04:09 . 2009-08-27 04:09 -------- d-----w- c:\documents and settings\adnan\Application Data\Nokia Multimedia Player
2009-08-25 04:09 . 2009-08-25 04:09 -------- d-----w- c:\documents and settings\adnan\Application Data\Datalayer
2009-08-25 04:09 . 2009-08-25 04:09 -------- d-----w- c:\documents and settings\adnan\Application Data\Nokia
2009-08-25 04:06 . 2009-08-25 04:03 -------- d-----w- c:\program files\Nokia
2009-08-25 04:04 . 2009-08-25 04:03 -------- d-----w- c:\documents and settings\adnan\Application Data\PC Suite
2009-08-25 04:04 . 2009-08-25 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-08-25 04:03 . 2009-08-25 04:03 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-25 04:03 . 2009-08-25 04:03 -------- d-----w- c:\program files\Common Files\PCSuite
2009-08-20 04:18 . 2009-08-20 04:18 -------- d-----w- c:\program files\SMPlayer
2009-08-20 02:54 . 2009-08-20 02:51 -------- d-----w- c:\documents and settings\adnan\Application Data\Motive
2009-08-20 02:51 . 2009-08-20 02:51 -------- d-----w- c:\program files\Fahess_Activation
2009-08-20 02:51 . 2009-08-20 02:51 -------- d-----w- c:\program files\Common Files\Motive
2009-08-20 02:50 . 2009-08-20 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-08-18 17:20 . 2009-08-14 19:00 -------- d-----w- c:\program files\DellTPad
2009-08-17 17:14 . 2009-08-17 17:14 -------- d-----w- c:\program files\Intel
2009-08-17 17:14 . 2009-08-17 17:14 -------- d-----w- c:\program files\Modem Diagnostic Tool
2009-08-15 06:01 . 2009-08-15 06:00 -------- d-----w- c:\program files\CCleaner
2009-08-15 01:01 . 2009-08-15 01:01 -------- d-----w- c:\documents and settings\adnan\Application Data\Media Player Classic
2009-08-15 00:57 . 2009-08-15 00:57 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-14 19:46 . 2009-08-14 19:46 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-14 19:46 . 2009-08-14 19:45 -------- d-----w- c:\program files\Real
2009-08-14 19:46 . 2009-08-14 19:45 -------- d-----w- c:\program files\Common Files\Real
2009-08-14 19:45 . 2009-08-14 19:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-14 19:45 . 2009-08-14 19:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-14 19:44 . 2009-08-14 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-14 19:42 . 2009-08-14 19:42 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-14 19:42 . 2009-08-14 19:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-14 19:01 . 2009-08-14 19:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-08-14 19:01 . 2009-08-14 19:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-14 18:59 . 2009-08-14 18:59 -------- d-----w- c:\documents and settings\adnan\Application Data\InstallShield
2009-08-14 18:43 . 2009-08-14 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-08-14 18:24 . 2009-08-14 18:24 -------- d-----w- c:\program files\microsoft frontpage
2009-08-14 18:20 . 2009-08-14 18:20 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"restorer32_a"="c:\documents and settings\adnan\restorer32_a.exe" [2009-09-29 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-12-10 1228800]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-14 185896]
"AVP"="c:\program files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe" [2009-05-08 208616]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 138008]
"restorer32_a"="c:\windows\system32\restorer32_a.exe" [2009-09-29 40448]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 405504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 32784]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [28/08/2009 01:01 ص 108032]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 24592]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [04/09/2009 07:21 ص 194304]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\adnan\Application Data\Mozilla\Firefox\Profiles\65kq4kg2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\documents and settings\adnan\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-mserv - c:\documents and settings\adnan\Application Data\seres.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-09-29 06:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1448)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\PCSuite\Services\NclBTHandler.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-29 6:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 03:42
Pre-Run: 45,666,656,256 bytes free
Post-Run: 45,802,201,088 bytes free
244
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.2038.1680 [GMT 3:00]
Running from: c:\documents and settings\adnan\سطح المكتب\ComboFix.exe
AV: STC Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: STC Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\adnan\قائمة ابدأ\البرامج\بدء التشغيل\wbhwin32.exe
c:\documents and settings\adnan\Application Data\lizkavd.exe
c:\documents and settings\adnan\Application Data\qovuqodad.inf
c:\documents and settings\adnan\Application Data\seres.exe
c:\documents and settings\adnan\Application Data\svcst.exe
c:\documents and settings\adnan\Application Data\wiaserva.log
c:\documents and settings\adnan\Application Data\xemazij.bin
c:\documents and settings\adnan\Application Data\xyrodi.vbs
c:\documents and settings\adnan\Cookies\cywusa.sys
c:\documents and settings\adnan\Cookies\eqadec.scr
c:\documents and settings\adnan\Cookies\synanyhore.exe
c:\documents and settings\adnan\Cookies\upejygyfyx.dat
c:\documents and settings\adnan\Cookies\uroqakuje.reg
c:\documents and settings\adnan\Cookies\zonoso.pif
c:\documents and settings\adnan\Cookies\zuha.lib
c:\documents and settings\adnan\Local Settings\Application Data\ulisilin.ban
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\aqywigevi.inf
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\atygybo.inf
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\awufabamur.reg
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\lytoty._sy
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\ozogunar.dll
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\umag.reg
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\ykese.inf
c:\documents and settings\adnan\Local Settings\Temporary Internet Files\ywyw._sy
c:\documents and settings\All Users\Application Data\eket.vbs
c:\documents and settings\All Users\Application Data\eletyvi.bat
c:\documents and settings\All Users\Application Data\ipag.lib
c:\documents and settings\All Users\Documents\bulado.dl
c:\documents and settings\All Users\Documents\fikikunoc.dl
c:\documents and settings\All Users\Documents\hunipejy.ban
c:\documents and settings\All Users\Documents\rarokyruw.sys
c:\documents and settings\All Users\Documents\ubiky.ban
c:\program files\Common Files\ofinosegyq.com
c:\program files\Common Files\vumygagisy.bat
c:\program files\Common Files\yzyrufi.dl
c:\windows\fuwine.vbs
c:\windows\hibyqodod.sys
c:\windows\Installer\2a8da.msi
c:\windows\luhet.bat
c:\windows\ogolamojas.inf
c:\windows\system32\_scui.cpl
c:\windows\system32\ieuinit.inf
c:\windows\system32\imipohyt.reg
c:\windows\system32\sufuw._dl
c:\windows\system32\unecy.bat
c:\windows\system32\yfyreluw.scr
c:\windows\wejukaf.reg
c:\windows\xamasyf._dl
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.
2009-09-29 03:01 . 2009-09-29 03:01 19516 ----a-w- c:\windows\nurige.dat
2009-09-29 03:01 . 2009-09-29 03:01 15254 ----a-w- c:\documents and settings\adnan\Local Settings\Application Data\ugahelo.dat
2009-09-29 01:09 . 2009-09-29 01:09 40448 ----a-w- c:\windows\system32\restorer32_a.exe
2009-09-29 01:09 . 2009-09-29 01:09 40448 ----a-w- c:\documents and settings\adnan\restorer32_a.exe
2009-09-27 12:28 . 2009-09-27 12:28 -------- d-----w- c:\program files\JLC's Software
2009-09-27 11:24 . 2009-09-27 11:24 0 ----a-w- c:\windows\nsreg.dat
2009-09-27 11:24 . 2009-09-27 11:24 -------- d-----w- c:\documents and settings\adnan\Local Settings\Application Data\Mozilla
2009-09-20 22:30 . 2009-09-20 22:30 -------- d-----w- c:\windows\system32\LogFiles
2009-09-08 03:46 . 2009-09-08 03:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-08 03:33 . 2009-09-08 03:46 -------- d-----w- c:\program files\Atheros
2009-09-08 01:37 . 2009-09-08 03:46 -------- d-----w- c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility
2009-09-06 03:01 . 2009-09-06 03:01 -------- d-----w- c:\documents and settings\adnan\Local Settings\Application Data\Identities
2009-09-06 02:57 . 2009-09-06 02:57 -------- d-----w- C:\temp
2009-09-04 04:26 . 2009-09-04 04:26 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-09-04 04:21 . 2007-01-11 10:20 194304 ----a-r- c:\windows\system32\drivers\RTL8187.sys
2009-09-04 03:18 . 2004-08-11 12:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-09-04 03:18 . 2009-09-04 04:16 -------- d-----w- c:\program files\Driver Magician
2009-09-04 03:14 . 2009-09-04 03:14 -------- d-----w- c:\program files\VS Revo Group
2009-09-03 23:28 . 2009-09-03 23:28 -------- d-----w- c:\documents and settings\adnan\Application Data\HTML Executable
2009-09-03 23:27 . 2009-09-04 04:16 -------- d-----w- c:\program files\TV
2009-09-03 22:58 . 2009-09-03 22:58 -------- d-----w- c:\documents and settings\adnan\Application Data\JLC's Software
2009-09-03 14:43 . 2009-09-17 03:18 -------- d-----w- c:\documents and settings\adnan\Application Data\Steady Recorder
2009-09-03 14:43 . 2009-09-03 14:43 -------- d-----w- c:\program files\Steady Recorder
2009-09-03 03:12 . 2009-09-03 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-02 03:59 . 2009-09-02 03:59 27264 ----a-w- c:\documents and settings\adnan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 03:23 . 2009-09-02 03:23 -------- d-----w- c:\windows\OPTIONS
2009-09-02 03:20 . 2009-09-04 20:30 -------- d-----w- c:\documents and settings\adnan\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 03:40 . 2009-08-15 00:57 974880 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-29 03:40 . 2009-08-15 00:57 10792 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-29 03:40 . 2009-08-15 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 03:38 . 2009-08-15 00:57 4044 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-29 03:38 . 2009-08-15 00:57 253984 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-29 03:11 . 2009-08-15 05:57 -------- d-----w- c:\documents and settings\adnan\Application Data\DMCache
2009-09-29 03:11 . 2001-09-19 12:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-09-29 03:11 . 2001-09-19 12:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-09-29 03:01 . 2009-09-29 03:01 13034 ----a-w- c:\program files\Common Files\yxix._sy
2009-09-29 03:01 . 2009-09-29 03:01 10590 ----a-w- c:\documents and settings\adnan\Application Data\ululogec.dat
2009-09-27 19:57 . 2009-08-20 03:27 -------- d-----w- c:\program files\Google
2009-09-26 11:02 . 2009-08-15 05:57 -------- d-----w- c:\documents and settings\adnan\Application Data\IDM
2009-09-26 08:18 . 2009-08-15 00:58 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-26 08:18 . 2009-08-15 00:58 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-08 03:33 . 2009-08-14 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-05 04:17 . 2009-08-15 05:57 -------- d-----w- c:\program files\Internet Download Manager
2009-09-04 04:25 . 2009-08-14 18:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-01 02:42 . 2009-08-15 06:00 -------- d-----w- c:\program files\Yahoo!
2009-08-27 22:02 . 2009-08-27 22:02 -------- d-----w- c:\program files\WIDCOMM
2009-08-27 22:01 . 2009-08-27 22:01 -------- d-----w- c:\program files\SigmaTel
2009-08-27 22:00 . 2009-08-27 22:00 -------- d-----w- c:\program files\CONEXANT
2009-08-27 21:59 . 2009-08-25 04:04 -------- d-----w- c:\program files\DIFX
2009-08-27 21:57 . 2009-08-14 18:59 -------- d-----w- c:\program files\Dell
2009-08-27 21:55 . 2009-08-27 21:55 -------- d-----w- c:\program files\Marvell
2009-08-27 21:54 . 2009-08-27 21:54 -------- d-----w- c:\documents and settings\adnan\Application Data\TMP
2009-08-27 04:09 . 2009-08-27 04:09 -------- d-----w- c:\documents and settings\adnan\Application Data\Nokia Multimedia Player
2009-08-25 04:09 . 2009-08-25 04:09 -------- d-----w- c:\documents and settings\adnan\Application Data\Datalayer
2009-08-25 04:09 . 2009-08-25 04:09 -------- d-----w- c:\documents and settings\adnan\Application Data\Nokia
2009-08-25 04:06 . 2009-08-25 04:03 -------- d-----w- c:\program files\Nokia
2009-08-25 04:04 . 2009-08-25 04:03 -------- d-----w- c:\documents and settings\adnan\Application Data\PC Suite
2009-08-25 04:04 . 2009-08-25 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-08-25 04:03 . 2009-08-25 04:03 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-25 04:03 . 2009-08-25 04:03 -------- d-----w- c:\program files\Common Files\PCSuite
2009-08-20 04:18 . 2009-08-20 04:18 -------- d-----w- c:\program files\SMPlayer
2009-08-20 02:54 . 2009-08-20 02:51 -------- d-----w- c:\documents and settings\adnan\Application Data\Motive
2009-08-20 02:51 . 2009-08-20 02:51 -------- d-----w- c:\program files\Fahess_Activation
2009-08-20 02:51 . 2009-08-20 02:51 -------- d-----w- c:\program files\Common Files\Motive
2009-08-20 02:50 . 2009-08-20 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-08-18 17:20 . 2009-08-14 19:00 -------- d-----w- c:\program files\DellTPad
2009-08-17 17:14 . 2009-08-17 17:14 -------- d-----w- c:\program files\Intel
2009-08-17 17:14 . 2009-08-17 17:14 -------- d-----w- c:\program files\Modem Diagnostic Tool
2009-08-15 06:01 . 2009-08-15 06:00 -------- d-----w- c:\program files\CCleaner
2009-08-15 01:01 . 2009-08-15 01:01 -------- d-----w- c:\documents and settings\adnan\Application Data\Media Player Classic
2009-08-15 00:57 . 2009-08-15 00:57 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-14 19:46 . 2009-08-14 19:46 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-14 19:46 . 2009-08-14 19:45 -------- d-----w- c:\program files\Real
2009-08-14 19:46 . 2009-08-14 19:45 -------- d-----w- c:\program files\Common Files\Real
2009-08-14 19:45 . 2009-08-14 19:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-14 19:45 . 2009-08-14 19:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-14 19:44 . 2009-08-14 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-14 19:43 . 2009-08-14 19:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-14 19:42 . 2009-08-14 19:42 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-14 19:42 . 2009-08-14 19:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-14 19:01 . 2009-08-14 19:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-08-14 19:01 . 2009-08-14 19:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-14 18:59 . 2009-08-14 18:59 -------- d-----w- c:\documents and settings\adnan\Application Data\InstallShield
2009-08-14 18:43 . 2009-08-14 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-08-14 18:24 . 2009-08-14 18:24 -------- d-----w- c:\program files\microsoft frontpage
2009-08-14 18:20 . 2009-08-14 18:20 22144 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"restorer32_a"="c:\documents and settings\adnan\restorer32_a.exe" [2009-09-29 40448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-12-10 1228800]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-14 185896]
"AVP"="c:\program files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe" [2009-05-08 208616]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 138008]
"restorer32_a"="c:\windows\system32\restorer32_a.exe" [2009-09-29 40448]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 405504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 06:29 م 32784]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [28/08/2009 01:01 ص 108032]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 07:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 06:06 م 24592]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [04/09/2009 07:21 ص 194304]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: إضافة إلى حاجب إعلان الشعار - c:\program files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\adnan\Application Data\Mozilla\Firefox\Profiles\65kq4kg2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\documents and settings\adnan\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-mserv - c:\documents and settings\adnan\Application Data\seres.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-09-29 06:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1448)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BCMWLTRY.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\PCSuite\Services\NclBTHandler.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-29 6:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 03:42
Pre-Run: 45,666,656,256 bytes free
Post-Run: 45,802,201,088 bytes free
244
تأييد
0
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
نجم الشهر
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
تمام
الان اعمل التالي
الان اعمل التالي
حمل هذا البرنامج
ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير
وبعد انتهاء الفحص اعمل التالي
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبعد انتهاء الفحص اعمل التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
توقيع : Demo-dash
تأييد
0
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
29/09/2009 07:20:37 ص
mbam-log-2009-09-29 (07-20-32).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 113993
Time elapsed: 16 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Internet Download Manager\Patch 5.xx.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{806B2760-F367-4EBF-9460-0375B5D83141}\RP27\A0005377.exe (Trojan.Agent) -> No action taken.
E:\System Volume Information\_restore{A38A1279-FCDD-45DE-BF01-8B5D4CE38A93}\RP79\A0048281.exe (Malware.Packer.Krunchy) -> No action taken.
C:\Documents and Settings\adnan\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
Database version: 2775
Windows 5.1.2600 Service Pack 2
29/09/2009 07:20:37 ص
mbam-log-2009-09-29 (07-20-32).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 113993
Time elapsed: 16 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Internet Download Manager\Patch 5.xx.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{806B2760-F367-4EBF-9460-0375B5D83141}\RP27\A0005377.exe (Trojan.Agent) -> No action taken.
E:\System Volume Information\_restore{A38A1279-FCDD-45DE-BF01-8B5D4CE38A93}\RP79\A0048281.exe (Malware.Packer.Krunchy) -> No action taken.
C:\Documents and Settings\adnan\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
تأييد
0
نعم ذهبت الرسالة واعتقد ان كل شي تمام مع الشكر الجزيل
والله يعطيك العافية وشكر للك
وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:51:40 ص, on 29/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\adnan\restorer32_a.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Documents and Settings\adnan\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\adnan\restorer32_a.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: STC Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6638 bytes
والله يعطيك العافية وشكر للك
وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:51:40 ص, on 29/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\adnan\restorer32_a.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Documents and Settings\adnan\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\adnan\restorer32_a.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: إضافة إلى حاجب إعلان الشعار - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إحصائيات حماية حركة زيارة الويب - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: STC Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\STC Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6638 bytes
تأييد
0
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
نجم الشهر
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
خلاص اخي التقرير سليم ايضا
احذف هالقيمة فقط
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
وانتهى ودمت في حفظ الله
احذف هالقيمة فقط
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وانتهى ودمت في حفظ الله
توقيع : Demo-dash
تأييد
0
- الحالة