هل جهازي مصاب او مخترق

ش

شمووخ انثى

زيزوومي نشيط
إنضم
30 نوفمبر 2009
المشاركات
111
مستوى التفاعل
0
النقاط
120
غير متصل
السلام عليكم


كيفكم المهم

جهازي شكلها مصاب او مخترق لانه يجيله حلات يصير بطيئ وساعات عادي
ومافيها برنامج حمايه اذا ماعليكم امر تعطوني احسن برنامج للفايروسات وابي برنامج لتسريع التحميل بعد :bleh:

>> كاني طراره واتشرط هع:d:


مشكورين ماتقصرون الله يعطيكم الف الف عافيه
 

توقيع : شمووخ انثى
ترتيب حسب التاريخ ترتيب حسب الأصوات
برامج الحمايه فيه قسم خاص للبرامج الحمايه <<<طبي وتخيري

وعلى ساس نشيك على جهازك

حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


بعدها اغلق جميع البرامج وخصوصا الانترنت اكسبلورر والماسنجر
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : algnral
تأييد 0
يسلمووووووووو اخوي بس تنصحني ابي واحد فيهم


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:49 م, on 07/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\My Documents\Zyzoom_HijackThis.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SPEEDBIT1 - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\SpeedBit.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\fix.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Unknown owner - G:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 14006 bytes
 
توقيع : شمووخ انثى
تأييد 0
طبقي التالي يا اختي
من تقرير الهيجاك احذفي القيم التاليه وفق الشرح بالصوره

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي




O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

كل قيم O3



mg%20(3).png


mg%20(4).png


بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم احذفي ESET او النود جيدا
بعد ذلك استخدمي التالي ووافينا بالتقارير

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



ثم نظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


 
توقيع : ®الإعصار®
تأييد 0
اممممم ضغطت على هذا

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



ComboFix 09-12-07.01 - user 12/07/2009 14:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.974.1033.18.2038.1434 [GMT -8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\SpeedBit Toolbar\Toolbar\tbhelper.dll
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\system32\kakle.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
D:\AUTORUN.INF
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys

((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.
2009-12-06 22:07 . 2009-12-06 22:07 91648 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-12-06 22:05 . 2009-12-06 22:05 -------- d-----w- c:\program files\SpeedBit Toolbar
2009-11-27 04:04 . 2009-11-27 04:04 -------- d-----w- c:\documents and settings\user\Application Data\Oberonv1002
2009-11-27 03:22 . 2009-04-23 20:52 750984 ----a-w- c:\windows\system32\Magentic Screensaver.scr
2009-11-27 03:22 . 2009-11-27 03:27 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Magentic
2009-11-27 03:22 . 2009-11-27 03:22 -------- d-----w- c:\program files\Magentic
2009-11-22 23:42 . 2009-12-07 22:29 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-18 11:14 . 2009-11-25 22:58 -------- d-----w- c:\program files\HiYo Games
2009-11-18 10:29 . 2009-11-18 10:29 -------- d-----w- c:\documents and settings\user\Application Data\Paltalk
2009-11-18 10:29 . 2009-11-18 10:29 -------- d-----w- c:\windows\PaltalkScene
2009-11-18 10:29 . 2009-11-18 10:30 -------- d-----w- c:\program files\Paltalk Messenger
2009-11-17 08:36 . 2009-11-17 08:36 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\AskToolbar
2009-11-17 08:35 . 2009-11-17 08:35 -------- d-----w- c:\program files\Ask.com
2009-11-17 08:30 . 2009-12-06 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-11-17 08:30 . 2009-12-06 22:06 -------- d-----w- c:\program files\DAP
2009-11-17 08:30 . 2009-12-06 22:02 -------- d-----w- c:\program files\SpeedBit Video Downloader
2009-11-16 15:47 . 2009-11-16 15:47 -------- d-----w- c:\windows\Sun
2009-11-15 07:08 . 2009-11-15 07:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-15 07:08 . 2009-11-15 07:08 -------- d-----w- c:\program files\Java
2009-11-15 07:07 . 2009-11-15 07:07 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-14 00:01 . 2009-12-05 16:35 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-11-14 00:01 . 2009-12-03 15:18 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-11-14 00:01 . 2009-12-05 16:56 -------- d-----w- c:\program files\Internet Download Manager
2009-11-11 19:48 . 2009-11-11 19:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-09 03:31 . 2009-11-12 00:39 0 ----a-w- c:\documents and settings\user\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 22:30 . 2009-11-01 19:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-06 02:43 . 2009-10-11 15:13 10 ----a-w- c:\windows\popcinfo.dat
2009-11-27 04:03 . 2009-11-01 19:47 -------- d-----w- c:\program files\IncrediGames
2009-11-25 22:52 . 2008-10-16 15:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 00:00 . 2008-10-16 16:17 321392 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-17 23:20 . 2008-10-16 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-17 20:29 . 2009-04-13 17:36 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-11-17 20:29 . 2009-04-13 17:36 2846720 ----a-w- c:\windows\system32\agsaamj.dll
2009-11-17 20:29 . 2009-04-13 17:36 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-11-17 20:29 . 2009-04-13 17:36 215552 ----a-w- c:\windows\system32\ALOWMVFile.dll
2009-11-17 20:29 . 2009-04-13 17:36 403968 ----a-w- c:\windows\system32\ALOWMAFile2.dll
2009-11-17 20:29 . 2009-04-13 17:36 753664 ----a-w- c:\windows\system32\agsaamg.dll
2009-11-17 20:29 . 2009-04-13 17:36 626688 ----a-w- c:\windows\system32\agsaamh.dll
2009-11-17 20:29 . 2009-04-13 17:36 188416 ----a-w- c:\windows\system32\ALOVideoFile.dll
2009-11-17 20:29 . 2009-04-13 17:36 495104 ----a-w- c:\windows\system32\ALOVideoCoreM.dll
2009-11-17 20:29 . 2009-04-13 17:36 551424 ----a-w- c:\windows\system32\agsaame.dll
2009-11-17 20:28 . 2009-04-13 17:36 544256 ----a-w- c:\windows\system32\agsaamd.dll
2009-11-17 20:28 . 2009-04-13 17:36 372736 ----a-w- c:\windows\system32\agsaamc.dll
2009-11-17 20:28 . 2009-04-13 17:36 780288 ----a-w- c:\windows\system32\ALOVideoCompress.dll
2009-11-17 20:28 . 2009-04-13 17:36 249856 ----a-w- c:\windows\system32\ALOQuickTimeFile.dll
2009-11-17 20:28 . 2009-04-13 17:36 538624 ----a-w- c:\windows\system32\agsaamb.dll
2009-11-17 20:28 . 2009-04-13 17:36 331776 ----a-w- c:\windows\system32\agsaama.dll
2009-11-17 20:28 . 2009-04-13 17:36 90112 ----a-w- c:\windows\system32\ALOAudioFormatSettings3.dll
2009-11-17 20:28 . 2009-04-13 17:36 877568 ----a-w- c:\windows\system32\ALOAudioFile2.dll
2009-11-17 20:28 . 2009-04-13 17:36 382464 ----a-w- c:\windows\system32\ALOAVIFile.dll
2009-11-17 20:28 . 2009-04-13 17:36 2846720 ----a-w- c:\windows\system32\ALOAudioCompress3.dll
2009-11-17 20:28 . 2009-04-13 17:36 778240 ----a-w- c:\windows\system32\ALOAudioCompress2.dll
2009-11-08 21:34 . 2009-04-13 17:46 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-01 19:47 . 2009-11-01 19:47 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-11-01 19:47 . 2009-11-01 19:47 -------- d-----w- c:\program files\Oberon Media
2009-11-01 10:16 . 2009-11-01 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2009-11-01 10:15 . 2009-11-01 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2009-11-01 10:15 . 2009-11-01 10:15 -------- d-----w- c:\program files\IncrediMail
2009-10-30 00:21 . 2009-10-30 00:21 -------- d-----w- c:\documents and settings\user\Application Data\HiYo
2009-10-30 00:21 . 2009-10-30 00:21 -------- d-----w- c:\program files\HiYo
2009-10-30 00:21 . 2009-10-30 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HiYo
2009-10-27 09:50 . 2009-10-27 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2009-10-20 09:10 . 2009-10-20 09:10 -------- d-----w- c:\documents and settings\user\Application Data\Playrix Entertainment
2009-10-20 09:08 . 2009-10-20 09:08 -------- d-----w- c:\program files\Playrix Entertainment
2009-10-11 12:41 . 2009-10-11 12:39 -------- d-----w- c:\program files\Zuma Deluxe
2009-10-11 12:35 . 2009-10-11 12:35 -------- d-----w- c:\program files\PopCap Games
2009-10-09 16:58 . 2009-04-13 17:45 -------- d-----w- c:\program files\Windows Live
2009-10-09 16:58 . 2009-10-09 16:58 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-09 16:57 . 2009-10-09 16:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-09 16:54 . 2009-10-09 16:54 -------- d-----w- c:\program files\Microsoft
2009-10-09 15:56 . 2009-10-09 15:56 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-26 03:20 . 2006-07-12 01:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-26 02:47 . 2009-04-13 17:36 344064 ----a-w- c:\windows\system32\dkll.dll
2009-09-26 02:47 . 2009-04-13 17:36 1986560 ----a-w- c:\windows\system32\akll.dll
2009-09-26 02:47 . 2009-04-13 17:36 196608 ----a-w- c:\windows\system32\maag.dll
2009-09-26 02:47 . 2009-04-13 17:36 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-09-10 23:16 . 2009-09-01 02:23 11382816 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2009-12-06 38384]
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2009-12-06 22:02 2655736 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-03 03:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-12-06 2598896]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-12-06 2598896]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-11-01 280008]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2009-04-23 488808]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-12-06 2799104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-06 137752]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-08 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"TrialReset"="c:\windows\fix.exe" [2008-04-28 208353]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-11-06 200704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-26 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-12-02 210288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-15 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-4-13 3450608]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-10-26 11551744]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImLc.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 7:21 AM 468224]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/16/2008 8:27 AM 105984]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.speedbit.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
ActiveSetup-{18AAA5C0-4FCB-11CF-AAX5-81CX1C605612} - c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\isei.exe
AddRemove-AnswerWorks - c:\windows\IsUninst.exe -fc:\program files\WexTech\AnswerWorks\Uninst.isu
AddRemove-Mario Forever Toolbar - c:\windows\Mario_Forever_Toolbar_Uninstaller_906.exe _?=c:\program files\Mario Forever Toolbar

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-12-07 14:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c3,35,6a,c7,ef,be,e3,b3,44,77,9e,b5,51,d2,e8,01,c4,1d,08,ac,da,
73,e7,95,0e,7b,df,f7,db,55,e2,76,86,96,08,f9,16,9e,e2,39,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e4456fa3-01ee-45ba-9216-4b7fa49eaba9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000152
"Therad"=dword:00000016
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1640)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(2996)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Magentic\bin\MgApp.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\IncrediMail\bin\IMApp.exe
.
**************************************************************************
.
Completion time: 2009-12-07 14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 22:35
Pre-Run: 84,495,872,000 bytes free
Post-Run: 84,933,877,760 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 9EB038A44FE71A2D5412E4BAA6ABB5D5
 
توقيع : شمووخ انثى
تأييد 0
ممتاز بس ليتك تبدين من اول لاخر شيء الان خلصتي هذا

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


ننتظر البقيه
 
توقيع : ®الإعصار®
تأييد 0
لحين وصلت هنا

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

بقى الاداه الاخيره

SmitFraudFix v2.424
Scan done at 15:28:55.78, Mon 12/07/2009
Run from C:\Documents and Settings\user\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{33855FCE-BC93-4F51-82E6-D07A40A86BC2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33855FCE-BC93-4F51-82E6-D07A40A86BC2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{33855FCE-BC93-4F51-82E6-D07A40A86BC2}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
توقيع : شمووخ انثى
تأييد 0
امممممممممممممممممم بصراحه مافهمت فهمني اكثر
 
توقيع : شمووخ انثى
تأييد 0


يقصد يبي تقرير من هالاداه


حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


بعدها اغلق جميع البرامج وخصوصا الانترنت اكسبلورر والماسنجر
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم



 
التعديل الأخير بواسطة المشرف:
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:06, on 07/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\UBJ9GI1H\Zyzoom_HijackThis[1].exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
--
End of file - 2709 bytes
 
توقيع : شمووخ انثى
تأييد 0
اختي افحص جهازك بهذه الاداة


حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

 
توقيع : فارس الملاك
تأييد 0
اممممممممممم انا حملت هالبرنامج قبل ماشوف الموضوع وفحصت جهازي طلع عندي اربعين اصابه

معنا كذا صدفه هع
بس بسويه مره ثانيه زيادة الخير خيرين
 
توقيع : شمووخ انثى
تأييد 0
اختي بما انك فحصتي من قبل عطيني التقرير

افتحي البرنامج وروحي على logs

وضغطي على التقرير ونسخي الي فيه ولصقيه هنا
 
توقيع : فارس الملاك
تأييد 0
Malwarebytes' Anti-Malware 1.42
نسخة قاعدة البيانات: 3316
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
07/12/2009 09:55:43 م
mbam-log-2009-12-07 (21-55-43).txt
نوع البحث: بحث شامل (C:\|D:\|)
تم فحص: 218551
الوقت المنقضى: 30 minute(s), 17 second(s)
عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 2
قيم التسجيل المصابة: 0
بيانات التسجيل المصابة: 0
مجلدات مصابة: 0
ملفات مصابة: 38
عمليات الذاكرة المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
وحدات الذاكرة المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
مفاتيح التسجيل المصابة:
HKEY_CLASSES_ROOT\adobe photoshop 8.0 me.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\تعلم الفوتوشوب مع أبوتميم.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
قيم التسجيل المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
بيانات التسجيل المصابة:
(لم يتم الكشف عن أية عناصر ضارة)
مجلدات مصابة:
(لم يتم الكشف عن أية عناصر ضارة)
ملفات مصابة:
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\akvis\Chameleon.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\akvis\Coloriage.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\akvis\Decorator.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\akvis\Enhancer.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\akvis\FrameSuite.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\akvis\NoiseBuster.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\akvis\Retoucher.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\akvis\Chameleon.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\akvis\Coloriage.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\akvis\Decorator.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\akvis\Enhancer.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\akvis\FrameSuite.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\akvis\NoiseBuster.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\akvis\Retoucher.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop 7.0 ME\Plug-Ins\akvis\Chameleon.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop 7.0 ME\Plug-Ins\akvis\Coloriage.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop 7.0 ME\Plug-Ins\akvis\Decorator.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop 7.0 ME\Plug-Ins\akvis\Enhancer.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop 7.0 ME\Plug-Ins\akvis\FrameSuite.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop 7.0 ME\Plug-Ins\akvis\NoiseBuster.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop 7.0 ME\Plug-Ins\akvis\Retoucher.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop CS\Plug-Ins\akvis\Chameleon.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop CS\Plug-Ins\akvis\Coloriage.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop CS\Plug-Ins\akvis\Decorator.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop CS\Plug-Ins\akvis\Enhancer.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop CS\Plug-Ins\akvis\FrameSuite.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop CS\Plug-Ins\akvis\NoiseBuster.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Photoshop CS\Plug-Ins\akvis\Retoucher.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\AKVIS\Chameleon\Chameleon.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\AKVIS\Coloriage\Coloriage.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\AKVIS\Decorator\Decorator.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\AKVIS\Enhancer\Enhancer.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\AKVIS\Frame Suite\FrameSuite.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\AKVIS\Noise Buster\NoiseBuster.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\AKVIS\Retoucher\Retoucher.8bf (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Real\RealPlayer\Activator.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D11FAC7-9AA5-412B-A47D-842003E464C8}\RP73\A0098100.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D11FAC7-9AA5-412B-A47D-842003E464C8}\RP84\A0126784.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.
 
توقيع : شمووخ انثى
تأييد 0
تمام اختي

جهازك سليم باذن الله

تاكدي من ان برنامج الحماية النود شغال وتمام

>>> اذا كان لونه اخضر فعمناه انه شغاال
 
توقيع : فارس الملاك
تأييد 0
اممممممممم مايشتغل شكله مخرف او بمعنى اصح انا مخبصه فيها هع <<<
 
توقيع : شمووخ انثى
تأييد 0
طيب اختي صوري لي نافذة البرنامج

اذا ماتعرفين تصورين هذا الموضوع راح يفيدك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
توقيع : فارس الملاك
تأييد 0
بصراحه انا مو شايفتها هالبرنامج مادري يمكن لاني مانمت

او حذفتها مادري
 
توقيع : شمووخ انثى
تأييد 0

من ابدا ثم تشغيل ولصقي هذا

C:\Program Files\ESET\ESET Smart Security\egui.exe

ثم انتر

اذا اشتغل معاك تمام اذا مااشتغل احذفيه وعيدي تنصيبه من جديد


 
توقيع : فارس الملاك
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى