جهازي به ملفات تجسس وفيروسات او لا

ا

الكآسر

زيزوومي جديد
إنضم
19 فبراير 2009
المشاركات
54
مستوى التفاعل
3
النقاط
50
غير متصل
بسم الله الرحمن الرحيم

احيي ادارة زيزوم على هذا المنتدى الجديد وبعد

أنا شآك ان جهازي مخترق

عموما عملت التقارير كلها :king:

تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:27:40 م, on 20/11/09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: &لوحة مفاتيح ظاهرية - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: فحص عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe

--
End of file - 5393 bytes

=================================================


تقرير Bitdefender


BitDefender QuickScan Beta v0.9.7.8
-----------------------------------

Scan date: Fri Nov 20 19:40:46 2009
Machine ID: D87C671B

Warning: Low execution rights. Please run QuickScan/browser as Administrator.


No infection found.
---------------------


Processes
---------
<unsigned> Internet Download Manager (IDM) 3196 C:\Program Files\Internet Download Manager\IDMan.exe

<verified> RealNetworks Scheduler 3320 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Java(TM) Platform SE binary 1496 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Kaspersky Anti-Virus 1288 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
<verified> WebToolBar component 5432 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
<verified> Firefox 6084 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Windows Defender User Interface 3280 C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Messenger 444 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Windows Sidebar 744 C:\Program Files\Windows Sidebar\sidebar.exe
<verified> WinZip Executable 2524 C:\Program Files\WinZip\WZQKPICK.EXE
<verified> Windows Explorer 3228 C:\Windows\Explorer.EXE
<verified> Desktop Window Manager 2516 C:\Windows\system32\Dwm.exe
<verified> Task Scheduler Engine 620 C:\Windows\system32\taskeng.exe
<verified> Windows Update 2780 C:\Windows\system32\wuauclt.exe


Network activity
----------------



Autoruns and critical files
---------------------------

<verified> RealNetworks Scheduler C:\Program Files\Common Files\Real\Update_OB\realsched.exe
<verified> Java(TM) Platform SE binary C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
<verified> Kaspersky OE plugin loader c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll
<verified> Mozilla 3 Virtual Keyboard c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll
<verified> Windows Defender User Interface C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Messenger C:\program files\windows live\messenger\msnmsgr.exe
<verified> Windows Sidebar C:\program files\windows sidebar\sidebar.exe
<verified> WinZip Executable C:\Program Files\WinZip\WZQKPICK.EXE
<verified> Shell Browser UI Library C:\Windows\System32\browseui.dll
<verified> Logon Visualizer C:\Windows\system32\klogon.dll
<verified> Userinit Logon Application c:\windows\system32\userinit.exe
<verified> Web Site Monitor C:\Windows\System32\webcheck.dll


Browser plugins
---------------
<unsigned> RealJukebox Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<unsigned> 6.0.12.448 C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> RealJukebox Netscape Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned> 6.0.12.448 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

<verified> WindowsLiveLogin.dll c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> IDM BHO Module c:\program files\internet download manager\idmiecc.dll
<verified> Java(TM) Platform SE binary c:\program files\java\jre6\bin\jp2ssv.dll
<verified> IE Virtual Keyboard c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
<verified> WebToolBar component c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
<verified> LeapFTP IE Plugin c:\program files\leapftp 3.0\lftpie.dll
<verified> NPRuntime Script Plug-in Library for Java(TM) Depl C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> RealPlayer(tm) LiveConnect-Enabled Plug-In C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified> RealPlayer(tm) LiveConnect-Enabled Plug-In C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified> RealPlayer Download and Record Plugin c:\program files\real\realplayer\rpbrowserrecordplugin.dll
<verified> Windows Presentation Foundation (WPF) plug-in for C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Internet Explorer C:\Windows\System32\ieframe.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Microsoft Windows Sockets 2.0 Service Provider C:\Windows\System32\mswsock.dll
<verified> E-mail Naming Shim Provider C:\Windows\System32\NapiNSP.dll
<verified> Network Location Awareness 2 C:\Windows\System32\nlaapi.dll
<verified> PNRP Name Space Provider C:\Windows\System32\pnrpnsp.dll
<verified> LDAP RnR Provider DLL C:\Windows\System32\winrnr.dll
<verified> Windows Sockets Helper DLL C:\Windows\System32\wshbth.dll


Scan
----

No file uploaded.

Scan finished - communication took 7 sec
Total traffic - 0.04 MB sent, 2.75 KB recvd
Scanned 1056 files and modules - 69 seconds

=====================================

تقرير
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


Runscanner logfile

* = signed file
- = file not found

General info
------------
Computer name : SULTAN-PC
Creation time : 20/11/09 07:32:17 م
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16916
OS : Windows Vista (TM) Home Premium
OS Build : 6000
OS SP :
RunScanner Version : 1.8.0.0
User Language : Arabic (Saudi Arabia)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
C:\AppServ\Apache2.2\bin\httpd.exe (Apache Software Foundation)
C:\AppServ\Apache2.2\bin\httpd.exe (Apache Software Foundation)
* C:\Windows\system32\csrss.exe (Microsoft Corporation)
* C:\Windows\system32\csrss.exe (Microsoft Corporation)
* C:\Windows\system32\Dwm.exe (Microsoft Corporation)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Windows\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
* C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
* C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
* C:\Windows\system32\lsass.exe (Microsoft Corporation)
* C:\Windows\system32\lsm.exe (Microsoft Corporation)
* C:\Windows\system32\SLsvc.exe (Microsoft Corporation)
* C:\Windows\system32\SearchIndexer.exe (Microsoft Corporation)
C:\AppServ\MySQL\bin\mysqld-nt.exe
* C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
* C:\Users\sultan\Desktop\RunScanner.exe (Runscanner.net)
* C:\Windows\system32\services.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
* C:\Windows\system32\taskeng.exe (Microsoft Corporation)
* C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
* C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
* C:\Windows\Explorer.EXE (Microsoft Corporation)
* C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
* C:\Windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
* C:\Windows\system32\wininit.exe (Microsoft Corporation)
* C:\Windows\system32\wuauclt.exe (Microsoft Corporation)
* C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

Unrated items
-------------
002 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
005 * C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
006 * C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
010 C:\AppServ\Apache2.2\bin\httpd.exe (Apache2.2)
010 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Internet Security)
011 * C:\Windows\system32\DRIVERS\klim6.sys (Kaspersky Anti-Virus NDIS 6 Filter)
011 * C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab Boot Guard Driver)
011 * C:\Windows\system32\DRIVERS\klif.sys (Kaspersky Lab Driver)
011 * C:\Windows\system32\DRIVERS\klmouflt.sys (Kaspersky Lab KLMOUFLT)
011 * C:\Windows\system32\DRIVERS\kl1.sys (kl1)
042 GUID / CLSID not found {4248FE82-7FCB-46AC-B270-339F08212110}
042 GUID / CLSID not found {CCF151D8-D089-449F-A5A4-D9909053F20F}
052 GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
052 * C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.) {0055C089-8582-441B-A0BF-17B458C2A3A8}
052 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
052 * C:\PROGRA~1\LEAPFT~1.0\lftpie.dll (LeapWare) {A5479DA1-7843-43A7-B5C0-BE342C77B629}
052 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) {E33CF602-D945-461A-83F0-819F76A199F8}
061 * C:\PROGRA~1\LEAPFT~1.0\lftpshl.dll (LeapWare) {724B06C1-D4EE-11D5-8B17-000103219699}
061 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
061 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79305-84BE-11CE-9641-444553540000}
061 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79306-84BE-11CE-9641-444553540000}
061 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79307-84BE-11CE-9641-444553540000}
067 * C:\Windows\system32\klogon.dll (Kaspersky Lab)
100 Start Page HKCU :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

104 GUID / CLSID not found {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
105 Add to Anti-Banner : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
105 تحميل الكل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEGetAll.htm
105 تحميل بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEExt.htm
105 تحميل محتوى FLV بواسطة Internet Download Manager : C:\Program Files\Internet Download Manager\IEGetVL.htm
121 * C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab)
121 * C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
170 {79df723a-cd74-11de-a779-806e6f6e6963} : F:\2008.EXE
173 GUID / CLSID not found
173 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
173 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
221 GUID / CLSID not found
221 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
221 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
225 GUID / CLSID not found
225 GUID / CLSID not found
225 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
225 * C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
225 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
225 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
227 GUID / CLSID not found
227 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79304-84BE-11CE-9641-444553540000}
251 GUID / CLSID not found
251 * C:\Program Files\WinZip\wzshlstb.dll (WinZip Computing, S.L.) {E0D79305-84BE-11CE-9641-444553540000}

Missing files
-------------
010 C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini
011 c:\windows\system32\drivers\blbdrive.sys
011 c:\windows\system32\DRIVERS\ipinip.sys
011 c:\windows\system32\DRIVERS\nwlnkflt.sys
011 c:\windows\system32\DRIVERS\nwlnkfwd.sys
032 rdpclip

بانتظار مساعدتكم :b:



 

ترتيب حسب التاريخ ترتيب حسب الأصوات
انا ما اعرف احلل التقارير الغريبه اعرف تحليل الهايجاك انتظرني الان يتم التحليل
 
توقيع : ولد ابوظبي
تأييد 0
طيب تقرير الهايجاك يقول بئن جهازك مصاب

والحل



امسح هاذي القيم




O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)



O2 - BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll
 
توقيع : ولد ابوظبي
تأييد 0
بانتظار التاكيد من اصحاب الخبرة
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
التقرير

ComboFix 09-11-20.05 - sultan 11/21/2009 12:28.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1256.966.1033.18.894.288 [GMT -8:00]
Running from: c:\users\sultan\Desktop\ComboFix.exe
AV: برنامج Kaspersky لأمان الإنترنت *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: برنامج Kaspersky لأمان الإنترنت *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: برنامج Kaspersky لأمان الإنترنت *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3171190113-1178466381-1857302624-500
c:\$recycle.bin\S-1-5-21-492640494-164261517-1832090052-500

.
((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 20:35 . 2009-11-21 20:35 -------- d-----w- c:\users\sultan\AppData\Local\temp
2009-11-21 20:35 . 2009-11-21 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-21 20:27 . 2009-11-21 20:27 24576 d-----w- C:\32788R22FWJFW
2009-11-21 05:25 . 2009-11-21 05:25 -------- d-----w- c:\program files\Nsasoft
2009-11-21 05:19 . 2009-11-21 05:19 4096 d-----w- c:\program files\Top Password
2009-11-21 03:40 . 2009-11-21 14:17 -------- d-----w- c:\users\sultan\AppData\Roaming\QuickScan
2009-11-21 03:40 . 2009-10-29 23:39 679936 ----a-w- c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-21 03:40 . 2009-10-29 23:39 614400 ----a-w- c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-21 03:30 . 2009-11-21 03:30 -------- d-----w- c:\users\sultan\AppData\Local\Runscanner.net
2009-11-21 03:27 . 2009-11-21 03:27 -------- d-----w- c:\program files\Trend Micro
2009-11-19 18:08 . 2009-11-19 18:08 -------- d-----w- C:\AppServ
2009-11-18 11:34 . 2009-11-18 11:35 599157 ----a-w- c:\users\sultan\AppData\Roaming\IDM\DwnlData\sultan\appserv-win32-2.6.0_109\appserv-win32-2.6.0.exe
2009-11-16 22:24 . 2009-11-16 22:24 34304 ----a-w- c:\users\sultan\AppData\Roaming\Thinstall\Microsoft Office FrontPage 2003\1000000600002i\verclsid.exe
2009-11-16 02:06 . 2009-11-16 02:06 -------- d-----w- c:\users\sultan\AppData\Roaming\Moyea
2009-11-16 02:01 . 2009-11-16 02:01 -------- d-----w- c:\program files\Moyea
2009-11-16 01:48 . 2009-11-16 01:48 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-16 01:47 . 2009-11-16 01:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-16 01:47 . 2009-11-16 01:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-16 01:47 . 2009-11-16 01:48 4096 d-----w- c:\program files\Common Files\Real
2009-11-16 01:46 . 2009-11-16 01:47 -------- d-----w- c:\program files\Real
2009-11-16 00:19 . 2009-11-16 00:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-16 00:17 . 2009-11-16 00:17 -------- d-----w- c:\program files\Java
2009-11-15 18:11 . 2009-11-15 18:11 34304 ----a-w- c:\users\sultan\AppData\Roaming\Thinstall\Microsoft Office FrontPage 2003\3000000043900002i\FRONTPG.EXE
2009-11-15 18:11 . 2009-11-15 18:11 34304 ----a-w- c:\users\sultan\AppData\Roaming\Thinstall\Microsoft Office FrontPage 2003\4000004d00002i\MDM.EXE
2009-11-15 18:09 . 2009-11-15 18:09 -------- d-----w- c:\users\sultan\AppData\Roaming\Thinstall
2009-11-14 23:13 . 2009-11-14 23:14 -------- d-----w- c:\users\sultan\AppData\Local\Google
2009-11-14 23:13 . 2009-10-08 00:56 872960 ----a-w- c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-14 23:13 . 2009-10-08 00:56 43008 ----a-w- c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-14 23:13 . 2009-10-08 00:56 340480 ----a-w- c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-14 23:13 . 2009-10-08 00:55 346624 ----a-w- c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-14 11:15 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-11-14 11:15 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-11-14 11:15 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-11-14 11:15 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-11-14 11:15 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2009-11-14 11:15 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-11-14 11:15 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-11-14 11:02 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-11-14 11:01 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-11-14 11:01 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-14 11:01 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-11-14 11:01 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2009-11-13 13:10 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-13 13:10 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-13 13:10 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-13 13:10 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 13:10 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-13 13:10 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-13 13:10 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 13:09 . 2009-08-07 03:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 13:09 . 2009-08-07 02:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 18:33 . 2009-11-12 18:33 4096 d-----w- c:\program files\LeapFTP 3.0
2009-11-12 11:03 . 2009-11-12 11:03 2031104 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 11:01 . 2009-11-12 11:01 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 20:52 . 2009-11-11 20:52 -------- d-----w- c:\windows\PCHEALTH
2009-11-11 20:49 . 2009-11-11 20:50 4096 dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-11-11 20:49 . 2009-11-11 20:52 -------- d-----w- c:\program files\Windows Live
2009-11-11 20:48 . 2009-11-11 20:48 -------- d-----w- c:\programdata\WLInstaller
2009-11-11 20:29 . 2009-11-11 20:29 268800 ----a-w- c:\windows\system32\es.dll
2009-11-11 20:27 . 2009-11-11 20:27 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-11-11 20:27 . 2009-11-11 20:27 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-11-11 20:27 . 2009-11-11 20:27 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-11 20:25 . 2009-11-11 20:25 696832 ----a-w- c:\windows\system32\localspl.dll
2009-11-10 14:07 . 2009-11-10 14:07 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-11-10 14:07 . 2009-11-10 14:07 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-11-10 14:07 . 2009-11-10 14:07 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-11-10 14:07 . 2009-11-10 14:07 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-11-10 14:07 . 2009-11-10 14:07 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-11-10 14:07 . 2009-11-10 14:07 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-11-10 14:07 . 2009-11-10 14:07 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-11-10 14:07 . 2009-11-10 14:07 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-11-10 13:50 . 2009-11-10 13:50 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-11-10 13:47 . 2009-11-10 14:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-10 13:47 . 2009-11-10 14:07 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-10 13:46 . 2009-11-21 20:26 4096 d-----w- c:\programdata\Kaspersky Lab
2009-11-10 13:46 . 2009-11-10 13:46 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-10 13:43 . 2009-11-10 13:43 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-11-10 12:57 . 2009-11-10 12:57 -------- d-----w- c:\program files\mpegable
2009-11-10 12:57 . 2009-11-10 12:57 47104 ------w- c:\windows\AKDeInstall.exe
2009-11-10 12:04 . 2009-11-10 12:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-10 12:02 . 2009-11-10 12:02 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-11-10 12:02 . 2009-11-10 12:02 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-11-10 12:02 . 2009-11-10 12:02 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-11-10 12:02 . 2009-11-10 12:02 272896 ----a-w- c:\windows\system32\polstore.dll
2009-11-10 12:00 . 2009-11-10 12:00 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-10 12:00 . 2009-11-10 12:00 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-10 12:00 . 2009-11-10 12:00 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-10 12:00 . 2009-11-10 12:00 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-11-10 12:00 . 2009-11-10 12:00 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-11-10 12:00 . 2009-11-10 12:00 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-11-10 11:57 . 2009-11-10 11:57 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-11-10 11:57 . 2009-11-10 11:57 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-11-10 11:57 . 2009-11-10 11:57 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-11-10 11:57 . 2009-11-10 11:57 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2009-11-10 11:57 . 2009-11-10 11:57 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-11-10 11:57 . 2009-11-10 11:57 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-11-10 11:57 . 2009-11-10 11:57 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2009-11-10 11:57 . 2009-11-10 11:57 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2009-11-10 11:56 . 2009-11-10 11:56 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-11-10 11:55 . 2009-11-10 11:55 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-11-10 11:55 . 2009-11-10 11:55 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-11-10 11:54 . 2009-11-10 11:54 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-11-10 11:54 . 2009-11-10 11:54 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-11-10 11:54 . 2009-11-10 11:54 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-11-10 11:54 . 2009-11-10 11:54 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-11-10 11:54 . 2009-11-10 11:54 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-11-10 11:54 . 2009-11-10 11:54 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-11-10 11:52 . 2009-11-10 11:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-11-10 11:52 . 2009-11-10 11:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-11-10 11:52 . 2009-11-10 11:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-11-10 11:52 . 2009-11-10 11:52 24064 ----a-w- c:\windows\system32\lpk.dll
2009-11-10 11:52 . 2009-11-10 11:52 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-11-10 11:52 . 2009-11-10 11:52 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-11-10 11:51 . 2009-11-10 11:51 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-10 11:50 . 2009-11-10 11:50 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-10 11:50 . 2009-11-10 11:50 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-11-10 11:49 . 2009-11-10 11:49 98816 ----a-w- c:\windows\system32\mfps.dll
2009-11-10 11:49 . 2009-11-10 11:49 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-11-10 11:49 . 2009-11-10 11:49 2855424 ----a-w- c:\windows\system32\mf.dll
2009-11-10 11:49 . 2009-11-10 11:49 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-11-10 11:49 . 2009-11-10 11:49 2048 ----a-w- c:\windows\system32\mferror.dll
2009-11-10 11:46 . 2009-11-10 11:46 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-11-10 11:42 . 2009-11-10 11:42 71680 ----a-w- c:\windows\system32\atl.dll
2009-11-10 11:41 . 2009-11-10 11:41 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-11-10 11:40 . 2009-11-10 11:40 41984 ----a-w- c:\windows\system32\drivers\monitor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 20:16 . 2007-01-08 03:20 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-12 11:09 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-10 14:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-10 14:56 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-11-10 14:56 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-11-10 14:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-10 11:58 . 2009-11-10 11:58 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-11-10 11:58 . 2009-11-10 11:58 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-11-10 11:58 . 2009-11-10 11:58 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-11-10 11:58 . 2009-11-10 11:58 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-11-10 11:58 . 2009-11-10 11:58 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-11-10 11:58 . 2009-11-10 11:58 15360 ----a-w- c:\windows\system32\netevent.dll
2009-11-10 11:58 . 2009-11-10 11:58 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-11-10 11:58 . 2009-11-10 11:58 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-11-10 11:58 . 2009-11-10 11:58 10240 ----a-w- c:\windows\system32\finger.exe
2009-11-10 11:58 . 2009-11-10 11:58 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-11-10 11:58 . 2009-11-10 11:58 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-11-10 11:58 . 2009-11-10 11:58 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-11-10 11:58 . 2009-11-10 11:58 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-11-10 11:44 . 2009-11-10 11:44 72704 ----a-w- c:\windows\system32\admparse.dll
2009-11-10 11:44 . 2009-11-10 11:44 832512 ----a-w- c:\windows\system32\wininet.dll
2009-11-10 11:44 . 2009-11-10 11:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-11-10 11:44 . 2009-11-10 11:44 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-11-10 11:44 . 2009-11-10 11:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-10 11:44 . 2009-11-10 11:44 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-11-10 11:22 . 2009-11-10 11:22 1963520 ----a-w- c:\windows\system32\NlsData001b.dll
2009-11-10 11:19 . 2009-11-10 11:19 1585664 ----a-w- c:\windows\system32\setupapi.dll
2009-11-09 21:28 . 2009-11-09 21:28 48600 ----a-w- c:\users\sultan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-09 10:43 . 2009-09-09 09:52 210352 ----a-w- c:\windows\system32\idmmbc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-10 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-11-10 1006264]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-16 198160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-10-13 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/08 08:41 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/09 06:50 م 21008]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17/01/08 09:37 ص 24635]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/09 08:59 م 19472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.vb.cocoa-ar.com
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=ar&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\sultan\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\users\sultan\AppData\Roaming\Mozilla\Firefox\Profiles\iiox03sk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-11-21 12:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3171190113-1178466381-1857302624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="ba"
"b"="NOTEPAD.EXE"

[HKEY_USERS\S-1-5-21-3171190113-1178466381-1857302624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithProgids]
"ctt‎_auto_file"=hex(0):
.
Completion time: 2009-11-21 12:37
ComboFix-quarantined-files.txt 2009-11-21 20:37

Pre-Run: 30,237,138,944 bytes free
Post-Run: 30,590,263,296 bytes free

- - End Of File - - 295542FF83F423B617182E7E42A9E29A

 
تأييد 0
تأييد 0
تم بس حبيت اعرف احذف القيم الي قال عليها الاخ باول الردود او لا



O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)



O2 - BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll
 
تأييد 0
بقايا برامج محذوفة
ويفترض انها حذفت الان
اعمل تقرير للتاكد منها
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى