- بادئ الموضوع abdoot
- تاريخ البدء
- 1,203
abu_youssef
المـــــــدير العـــــام
طـــاقم الإدارة
★★ نجم المنتدى ★★
نجم الشهر
كبار الشخصيات
فريق دعم البرامج العامة
- إنضم
- 15 فبراير 2008
- المشاركات
- 39,105
- مستوى التفاعل
- 70,061
- النقاط
- 13,270
- الإقامة
- www.zyzoom.org
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
السلام عليكم ورحمة الله
هدا موضوع قسم مشاكل وحلول
وفي انتظار نقل الموضوع من طرف الاخوة المشرفين
حمل هذه الآداتين
هدا موضوع قسم مشاكل وحلول
وفي انتظار نقل الموضوع من طرف الاخوة المشرفين
حمل هذه الآداتين
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : abu_youssef
تأييد
0
LINEZERO
زيزوومى محترف
غير متصل
بعد اذنك تم نقل الموضوع الى القسم المناسب
بالاظافة الا كلام الاحبه
قم بعمل التالي لااهنت
( 1 )
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
بانتظاررك
قم بعمل التالي لااهنت
( 1 )
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
بانتظاررك
توقيع : LINEZERO
تأييد
0
abu_youssef
المـــــــدير العـــــام
طـــاقم الإدارة
★★ نجم المنتدى ★★
نجم الشهر
كبار الشخصيات
فريق دعم البرامج العامة
- إنضم
- 15 فبراير 2008
- المشاركات
- 39,105
- مستوى التفاعل
- 70,061
- النقاط
- 13,270
- الإقامة
- www.zyzoom.org
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
توقيع : abu_youssef
تأييد
0
تأييد
0
اخوي لقد حذفت الفايروس بس ظهر عندي فيروس جديد الظاهر انه نسخ نفسه مرة اخرى
Trojan-PSW.Win32.Lmir
الله يسامحك يالكاسبر
تأييد
0
abu_youssef
المـــــــدير العـــــام
طـــاقم الإدارة
★★ نجم المنتدى ★★
نجم الشهر
كبار الشخصيات
فريق دعم البرامج العامة
- إنضم
- 15 فبراير 2008
- المشاركات
- 39,105
- مستوى التفاعل
- 70,061
- النقاط
- 13,270
- الإقامة
- www.zyzoom.org
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
توقيع : abu_youssef
تأييد
0
Logfile of HijackThis v1.99.1
Scan saved at 17:10, on 2008-05-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ExtraTools\ExtraDNS\ExtraDNS.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\الدليل المؤقت 1 لـ hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405;ftp=localhost:8081;https=localhost:8081;socks=localhost:1080
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Desktop Lock Express] "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\سطح المكتب\DTLEP.EXE" /B
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\SRNMIC~1\SOLOCFG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] "C:\Program Files\IDA\ida.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View Original Image - localhost\imageq.htm
O8 - Extra context menu item: إضافة إلى مضاد الشعارات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O10 - Broken Internet access because of LSP provider 'prxernsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC06B773-6FEE-43A3-82E0-B5B82A6C42A7}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Scan saved at 17:10, on 2008-05-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ExtraTools\ExtraDNS\ExtraDNS.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\الدليل المؤقت 1 لـ hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5405;ftp=localhost:8081;https=localhost:8081;socks=localhost:1080
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Desktop Lock Express] "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\سطح المكتب\DTLEP.EXE" /B
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\SRNMIC~1\SOLOCFG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] "C:\Program Files\IDA\ida.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ONSPEED\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ONSPEED\gui_resource.dll/328
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View Original Image - localhost\imageq.htm
O8 - Extra context menu item: إضافة إلى مضاد الشعارات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O10 - Broken Internet access because of LSP provider 'prxernsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC06B773-6FEE-43A3-82E0-B5B82A6C42A7}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
تأييد
0
LINEZERO
زيزوومى محترف
غير متصل
ياخوي اعمل هذي اول
وارفق التقرير
وارفق التقرير
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : LINEZERO
تأييد
0
غير متصل
يا الغالي
جرب طريقة تاج راسي Linezero
بعدين جرب تفحص عن طريق الوضع الآمن على شان تسلم من نسخ البرنامج لنفسه عدة مرات
وبعد ما تحذفه ادخل على الوضع الطبيعي وعطنا تقرير هايجاك جديد يكون أفضل
جرب طريقة تاج راسي Linezero
بعدين جرب تفحص عن طريق الوضع الآمن على شان تسلم من نسخ البرنامج لنفسه عدة مرات
وبعد ما تحذفه ادخل على الوضع الطبيعي وعطنا تقرير هايجاك جديد يكون أفضل
توقيع : Juve Guard
تأييد
0
اخوي ان شاءالله سوف اعمل بنصيحتك
تأييد
0
طبقت الطريقة الاولىفي الوضع الامن وعطلت برامج الحماية وبعد اعادة التشغيل للاسف لازال موجود
والصورة خير دليل
ComboFix 08-05-07.2 - Administrator 05/09/2008 19:31:41.2 - NTFSx86 MINIMAL
Running from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.187\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
.
---- Previous Run -------
.
C:\WINDOWS\artools.dll
C:\WINDOWS\prefs_bg.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\youtubex.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 15:27 449,996 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-09 15:27 33,051,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-09 15:27 151,040 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-09 15:27 1,566,240 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-09 14:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-05-09 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-09 13:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SlipStream
2008-05-09 11:31 6,656 ----a-w C:\WINDOWS\system32\drivers\RKPavProc.sys
2008-05-09 11:30 106 ----a-w C:\delete.bat
2008-05-09 11:18 --------- d-----w C:\Program Files\NFR
2008-05-09 10:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-09 10:11 --------- d-----w C:\Program Files\Unlocker
2008-05-08 22:13 --------- d-----w C:\Program Files\iKnowPS
2008-05-08 21:23 --------- d-----w C:\Program Files\Artera Turbo
2008-05-08 20:31 --------- d-----w C:\Program Files\Spyware Terminator
2008-05-08 09:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Desktopicon
2008-05-03 19:53 --------- d-----w C:\Program Files\WebGoo 4.0.0 Browser Arabic
2008-05-03 18:31 --------- d-----w C:\Program Files\Simple DNS Plus
2008-05-02 10:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-05-02 10:11 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-02 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-02 10:06 --------- d-----w C:\Program Files\ACD Systems
2008-05-02 10:04 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-05-01 17:41 --------- d-----w C:\Program Files\EZ Wipe
2008-05-01 11:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-01 10:33 --------- d-----w C:\Program Files\Driver Magician
2008-05-01 06:38 --------- d-----w C:\Program Files\Evrox
2008-05-01 06:18 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-04-28 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-28 18:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-28 18:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
2008-04-28 18:42 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-28 18:42 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-28 18:41 --------- d-----w C:\Program Files\Nokia
2008-04-28 18:40 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-28 18:40 --------- d-----w C:\Program Files\DIFX
2008-04-28 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-25 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-25 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-25 10:41 --------- d-----w C:\Program Files\Quran 4.0
2008-04-24 12:22 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-04-24 11:52 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-04-24 10:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MxBoost
2008-04-21 16:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ONSPEED_TOOLBAR
2008-04-21 15:54 176,103 ----a-w C:\smitfrau.reg
2008-04-21 15:54 1,428 ----a-w C:\sageset2005.reg
2008-04-21 15:51 1,458 ----a-w C:\smitfra.reg
2008-04-20 20:08 --------- d-----w C:\Program Files\Tank O Box
2008-04-20 20:05 --------- d-----w C:\Program Files\Space Strike
2008-04-20 20:03 --------- d-----w C:\Program Files\Desperate Space
2008-04-20 20:02 --------- d-----w C:\Program Files\Gunner 2
2008-04-20 19:57 --------- d-----w C:\Program Files\HistoryCleaner
2008-04-20 18:23 --------- d-----w C:\Program Files\RIP Strike Back
2008-04-20 16:09 --------- d-----w C:\Program Files\Air Strike 2
2008-04-20 16:05 --------- d-----w C:\Program Files\Bugatron
2008-04-20 15:22 --------- d-----w C:\Program Files\Uniblue
2008-04-19 15:24 --------- d-----w C:\Program Files\BaramgyFox Arabic Edition
2008-04-18 11:56 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-18 11:56 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-17 19:10 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-17 12:24 --------- d-----w C:\Program Files\onspeed_toolbar
2008-04-17 12:24 --------- d-----w C:\Program Files\ONSPEED
2008-04-17 11:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-04-17 11:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Internet Download Accelerator
2008-04-17 11:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ma-config.com
2008-04-17 11:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IE7Pro
2008-04-15 18:37 --------- d-----w C:\Program Files\WinUtilities
2008-04-14 15:15 --------- d-----w C:\Program Files\Shareaza
2008-04-14 15:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-04-13 18:39 --------- d-----w C:\Program Files\USDownloader
2008-04-12 15:33 --------- d-----w C:\Program Files\Internet Download Manager
2008-04-12 15:15 --------- d-----w C:\Program Files\No Trace
2008-04-11 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-04-11 17:54 94,208 ----a-w C:\WINDOWS\system32\viscomaudiodata.dll
2008-04-11 17:53 18,595,840 ----a-w C:\WINDOWS\system32\coredata.dll
2008-04-11 17:52 --------- d-----w C:\Program Files\Ozone
2008-04-11 12:29 --------- d-----w C:\Program Files\Eraser
2008-04-11 11:36 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-11 11:31 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-11 10:57 --------- d-----w C:\Program Files\Nero
2008-04-11 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-07 20:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Auslogics
2008-04-07 19:54 --------- d-----w C:\Program Files\Auslogics
2008-04-05 15:31 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-04-03 19:36 --------- d-----w C:\Program Files\Speeditup Free
2008-04-03 09:58 --------- d-----w C:\Program Files\Registry Shower 2007
2008-04-03 09:38 --------- d-----w C:\Program Files\PC Shower 2008
2008-03-30 18:26 --------- d-----w C:\Program Files\Google Hacks
2008-03-30 13:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2008-03-28 18:55 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-28 15:52 --------- d-----w C:\Program Files\Reshade
2008-03-28 10:25 --------- d-----w C:\Program Files\Real
2008-03-28 10:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-28 10:24 --------- d-----w C:\Program Files\Common Files\Real
2008-03-28 10:01 --------- d-----w C:\Program Files\CubedLabs
2008-03-28 09:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-28 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-28 09:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-03-27 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2004-01-01 09:44 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
2004-01-01 09:44 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((( snapshot@Fri 05-09-2008_ 1.17.49.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 21:13:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 15:29:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-09-18 08:09:20 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 1999-12-09 10:19:48 66,560 ----a-w C:\WINDOWS\system32\nfr_zip32.dll
- 2008-05-08 21:01:21 59,906 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2008-05-09 14:53:52 59,906 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-05-08 21:01:21 59,916 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-09 14:53:52 59,916 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-08 21:01:21 333,894 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2008-05-09 14:53:52 333,894 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-05-08 21:01:21 397,696 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-09 14:53:52 397,696 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2003-06-05 17:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{A66AA08A-9BF0-4e87-99E6-6972731D6B99}]
10/19/2007 05:49 AM 602112 --a------ C:\Program Files\ONSPEED\Prefetch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:56 AM 15360]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [12/15/2006 06:38 PM 2048512]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 02:27 PM 219520]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [02/21/2008 01:59 PM 937392]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe" [03/02/2008 05:58 PM 6731312]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM 49152]
"Desktop Lock Express"="C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\سطح المكتب\DTLEP.exe" [05/30/2004 05:59 PM 90112]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [01/08/2007 08:33 AM 81920]
"NvMediaCenter"="RUNDLL32.exe" [08/04/2004 04:56 AM 33280 C:\WINDOWS\system32\rundll32.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [12/18/2007 01:43 AM 227856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/28/2008 02:23 PM 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/18/2007 07:55 PM 8523776]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM 2221352]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [03/28/2008 10:48 PM 2834432]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM 271360]
"iKnowPS"="C:\Program Files\iKnowPS\iKnowPS.exe" [11/24/2005 10:12 PM 114688]
"SlipStream"="C:\Program Files\ONSPEED\onspeedcore.exe" [10/19/2007 05:49 AM 344064]
"SoloSentry"="C:\SRNMIC~1\SOLOSENT.EXE" [10/14/2007 11:46 AM 77824]
"SoloSchedule"="C:\SRNMIC~1\SOLOCFG.EXE" [10/14/2007 11:43 AM 303104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="" []
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM 1241088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [08/04/2004 04:56 AM 388608 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [08/04/2004 02:59 AM 44544]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [03/01/2008 04:53 PM 124928 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
ONSPEED.lnk - C:\Program Files\ONSPEED\onspeedgui.exe [2008-04-17 16:24:19 229376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Artera Turbo\\artera.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\www.cproxy.com\\CPROXY.exe"=
"C:\\Program Files\\ExtraTools\\ExtraDNS\\ExtraDNS.dll"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
S1 Dev_UNIDRV;Dev_UNIDRV;C:\WINDOWS\system32\Drivers\UNIDRV.SYS [01/23/2008 01:52 PM]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [03/28/2008 10:55 PM]
S2 MSF32;MSF32;C:\Program Files\MySecretFolder XP\MSF32.SYS [04/22/2006 12:00 AM]
S2 sensorsview;sensorsview;C:\WINDOWS\system32\drivers\sensorsview.sys [08/17/2007 08:00 PM]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 04:56 AM]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 02:28 PM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [01/26/2008 11:59 PM]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [08/03/2004 11:01 PM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - MDMXSDK
*Newly Created Service* - ZNTPORT
.
s of the 'Scheduled Tasks' folder
"2008-05-09 14:47:32 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-08 23:30:47 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-04-22 22:16:43 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-02-08 14:11:40 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-09 14:49:12 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-05-09 19:34:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 05/09/2008 19:36:57
ComboFix-quarantined-files.txt 2008-05-09 15:36:02
Pre-Run: 22,084,272,128 bytes free
Post-Run: 22,109,003,776 bytes free
270 --- E O F --- 2008-05-03 17:10:04
والصورة خير دليل
ComboFix 08-05-07.2 - Administrator 05/09/2008 19:31:41.2 - NTFSx86 MINIMAL
Running from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.187\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
.
---- Previous Run -------
.
C:\WINDOWS\artools.dll
C:\WINDOWS\prefs_bg.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\winitn.dll
C:\WINDOWS\youtubex.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 15:27 449,996 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-09 15:27 33,051,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-09 15:27 151,040 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-09 15:27 1,566,240 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-09 14:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-05-09 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-09 13:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SlipStream
2008-05-09 11:31 6,656 ----a-w C:\WINDOWS\system32\drivers\RKPavProc.sys
2008-05-09 11:30 106 ----a-w C:\delete.bat
2008-05-09 11:18 --------- d-----w C:\Program Files\NFR
2008-05-09 10:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-09 10:11 --------- d-----w C:\Program Files\Unlocker
2008-05-08 22:13 --------- d-----w C:\Program Files\iKnowPS
2008-05-08 21:23 --------- d-----w C:\Program Files\Artera Turbo
2008-05-08 20:31 --------- d-----w C:\Program Files\Spyware Terminator
2008-05-08 09:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2008-05-07 20:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Desktopicon
2008-05-03 19:53 --------- d-----w C:\Program Files\WebGoo 4.0.0 Browser Arabic
2008-05-03 18:31 --------- d-----w C:\Program Files\Simple DNS Plus
2008-05-02 10:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-05-02 10:11 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-02 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-02 10:06 --------- d-----w C:\Program Files\ACD Systems
2008-05-02 10:04 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-05-01 17:41 --------- d-----w C:\Program Files\EZ Wipe
2008-05-01 11:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-01 10:33 --------- d-----w C:\Program Files\Driver Magician
2008-05-01 06:38 --------- d-----w C:\Program Files\Evrox
2008-05-01 06:18 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-04-28 19:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-28 18:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-28 18:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
2008-04-28 18:42 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-28 18:42 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-28 18:41 --------- d-----w C:\Program Files\Nokia
2008-04-28 18:40 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-28 18:40 --------- d-----w C:\Program Files\DIFX
2008-04-28 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-25 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-25 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-25 10:41 --------- d-----w C:\Program Files\Quran 4.0
2008-04-24 12:22 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-04-24 11:52 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-04-24 10:56 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MxBoost
2008-04-21 16:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ONSPEED_TOOLBAR
2008-04-21 15:54 176,103 ----a-w C:\smitfrau.reg
2008-04-21 15:54 1,428 ----a-w C:\sageset2005.reg
2008-04-21 15:51 1,458 ----a-w C:\smitfra.reg
2008-04-20 20:08 --------- d-----w C:\Program Files\Tank O Box
2008-04-20 20:05 --------- d-----w C:\Program Files\Space Strike
2008-04-20 20:03 --------- d-----w C:\Program Files\Desperate Space
2008-04-20 20:02 --------- d-----w C:\Program Files\Gunner 2
2008-04-20 19:57 --------- d-----w C:\Program Files\HistoryCleaner
2008-04-20 18:23 --------- d-----w C:\Program Files\RIP Strike Back
2008-04-20 16:09 --------- d-----w C:\Program Files\Air Strike 2
2008-04-20 16:05 --------- d-----w C:\Program Files\Bugatron
2008-04-20 15:22 --------- d-----w C:\Program Files\Uniblue
2008-04-19 15:24 --------- d-----w C:\Program Files\BaramgyFox Arabic Edition
2008-04-18 11:56 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-18 11:56 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-17 19:10 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-17 12:24 --------- d-----w C:\Program Files\onspeed_toolbar
2008-04-17 12:24 --------- d-----w C:\Program Files\ONSPEED
2008-04-17 11:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-04-17 11:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Internet Download Accelerator
2008-04-17 11:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ma-config.com
2008-04-17 11:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IE7Pro
2008-04-15 18:37 --------- d-----w C:\Program Files\WinUtilities
2008-04-14 15:15 --------- d-----w C:\Program Files\Shareaza
2008-04-14 15:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-04-13 18:39 --------- d-----w C:\Program Files\USDownloader
2008-04-12 15:33 --------- d-----w C:\Program Files\Internet Download Manager
2008-04-12 15:15 --------- d-----w C:\Program Files\No Trace
2008-04-11 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-04-11 17:54 94,208 ----a-w C:\WINDOWS\system32\viscomaudiodata.dll
2008-04-11 17:53 18,595,840 ----a-w C:\WINDOWS\system32\coredata.dll
2008-04-11 17:52 --------- d-----w C:\Program Files\Ozone
2008-04-11 12:29 --------- d-----w C:\Program Files\Eraser
2008-04-11 11:36 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-11 11:31 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-11 10:57 --------- d-----w C:\Program Files\Nero
2008-04-11 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-07 20:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Auslogics
2008-04-07 19:54 --------- d-----w C:\Program Files\Auslogics
2008-04-05 15:31 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-04-03 19:36 --------- d-----w C:\Program Files\Speeditup Free
2008-04-03 09:58 --------- d-----w C:\Program Files\Registry Shower 2007
2008-04-03 09:38 --------- d-----w C:\Program Files\PC Shower 2008
2008-03-30 18:26 --------- d-----w C:\Program Files\Google Hacks
2008-03-30 13:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2008-03-28 18:55 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-28 15:52 --------- d-----w C:\Program Files\Reshade
2008-03-28 10:25 --------- d-----w C:\Program Files\Real
2008-03-28 10:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-28 10:24 --------- d-----w C:\Program Files\Common Files\Real
2008-03-28 10:01 --------- d-----w C:\Program Files\CubedLabs
2008-03-28 09:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-03-28 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-03-28 09:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-03-27 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2004-01-01 09:44 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
2004-01-01 09:44 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((( snapshot@Fri 05-09-2008_ 1.17.49.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 21:13:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 15:29:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-09-18 08:09:20 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 1999-12-09 10:19:48 66,560 ----a-w C:\WINDOWS\system32\nfr_zip32.dll
- 2008-05-08 21:01:21 59,906 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2008-05-09 14:53:52 59,906 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-05-08 21:01:21 59,916 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-09 14:53:52 59,916 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-08 21:01:21 333,894 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2008-05-09 14:53:52 333,894 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-05-08 21:01:21 397,696 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-09 14:53:52 397,696 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2003-06-05 17:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{A66AA08A-9BF0-4e87-99E6-6972731D6B99}]
10/19/2007 05:49 AM 602112 --a------ C:\Program Files\ONSPEED\Prefetch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:56 AM 15360]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [12/15/2006 06:38 PM 2048512]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 02:27 PM 219520]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [02/21/2008 01:59 PM 937392]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe" [03/02/2008 05:58 PM 6731312]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM 49152]
"Desktop Lock Express"="C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\سطح المكتب\DTLEP.exe" [05/30/2004 05:59 PM 90112]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [01/08/2007 08:33 AM 81920]
"NvMediaCenter"="RUNDLL32.exe" [08/04/2004 04:56 AM 33280 C:\WINDOWS\system32\rundll32.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [12/18/2007 01:43 AM 227856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/28/2008 02:23 PM 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/18/2007 07:55 PM 8523776]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM 2221352]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [03/28/2008 10:48 PM 2834432]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM 271360]
"iKnowPS"="C:\Program Files\iKnowPS\iKnowPS.exe" [11/24/2005 10:12 PM 114688]
"SlipStream"="C:\Program Files\ONSPEED\onspeedcore.exe" [10/19/2007 05:49 AM 344064]
"SoloSentry"="C:\SRNMIC~1\SOLOSENT.EXE" [10/14/2007 11:46 AM 77824]
"SoloSchedule"="C:\SRNMIC~1\SOLOCFG.EXE" [10/14/2007 11:43 AM 303104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="" []
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM 1241088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [08/04/2004 04:56 AM 388608 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [08/04/2004 02:59 AM 44544]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [03/01/2008 04:53 PM 124928 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
ONSPEED.lnk - C:\Program Files\ONSPEED\onspeedgui.exe [2008-04-17 16:24:19 229376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Artera Turbo\\artera.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\www.cproxy.com\\CPROXY.exe"=
"C:\\Program Files\\ExtraTools\\ExtraDNS\\ExtraDNS.dll"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
S1 Dev_UNIDRV;Dev_UNIDRV;C:\WINDOWS\system32\Drivers\UNIDRV.SYS [01/23/2008 01:52 PM]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [03/28/2008 10:55 PM]
S2 MSF32;MSF32;C:\Program Files\MySecretFolder XP\MSF32.SYS [04/22/2006 12:00 AM]
S2 sensorsview;sensorsview;C:\WINDOWS\system32\drivers\sensorsview.sys [08/17/2007 08:00 PM]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 04:56 AM]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 02:28 PM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [01/26/2008 11:59 PM]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [08/03/2004 11:01 PM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - MDMXSDK
*Newly Created Service* - ZNTPORT
.
s of the 'Scheduled Tasks' folder
"2008-05-09 14:47:32 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-08 23:30:47 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-04-22 22:16:43 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-02-08 14:11:40 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-09 14:49:12 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\BrOnZ Patch Pro\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-05-09 19:34:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 05/09/2008 19:36:57
ComboFix-quarantined-files.txt 2008-05-09 15:36:02
Pre-Run: 22,084,272,128 bytes free
Post-Run: 22,109,003,776 bytes free
270 --- E O F --- 2008-05-03 17:10:04
تأييد
0
وهذا تقرير الهايجاك
Logfile of HijackThis v1.99.1
Scan saved at 20:16, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\WINDOWS\system32\svchost.exe
C:\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe
C:\Program Files\ExtraTools\ExtraDNS\ExtraDNS.dll
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Artera Turbo\ARTERAUI.EXE
C:\Program Files\Artera Turbo\ARTERA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\الدليل المؤقت 1 لـ hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8081;http=localhost:8081;https=localhost:8081;socks=localhost:1080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Desktop Lock Express] "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\سطح المكتب\DTLEP.EXE" /B
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\SRNMIC~1\SOLOCFG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] "C:\Program Files\IDA\ida.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View Original Image - localhost\imageq.htm
O8 - Extra context menu item: إضافة إلى مضاد الشعارات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O10 - Broken Internet access because of LSP provider 'prxernsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC06B773-6FEE-43A3-82E0-B5B82A6C42A7}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:16, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ONSPEED\onspeedcore.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\WINDOWS\system32\svchost.exe
C:\SRNMIC~1\SOLOCFG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ONSPEED\onspeedgui.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe
C:\Program Files\ExtraTools\ExtraDNS\ExtraDNS.dll
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Artera Turbo\ARTERAUI.EXE
C:\Program Files\Artera Turbo\ARTERA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\الدليل المؤقت 1 لـ hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8081;http=localhost:8081;https=localhost:8081;socks=localhost:1080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - C:\Program Files\ONSPEED\Prefetch.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ONSPEED Toolbar - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - C:\PROGRA~1\ONSPEE~1\ONSPEE~1.DLL
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\aavgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Desktop Lock Express] "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\سطح المكتب\DTLEP.EXE" /B
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\SRNMIC~1\SOLOCFG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] "C:\Program Files\IDA\ida.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View Original Image - localhost\imageq.htm
O8 - Extra context menu item: إضافة إلى مضاد الشعارات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O10 - Broken Internet access because of LSP provider 'prxernsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC06B773-6FEE-43A3-82E0-B5B82A6C42A7}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 127.0.0.1,149.174.211.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1 149.174.211.5
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
تأييد
0
غير متصل
اخوي
انت سوي سكان بالوضع الآمن بالكاسبر ولا شغلت الأداة لحالها بدون سكان ؟
انت سوي سكان بالوضع الآمن بالكاسبر ولا شغلت الأداة لحالها بدون سكان ؟
توقيع : Juve Guard
تأييد
0
LINEZERO
زيزوومى محترف
غير متصل
C:\SRNMIC~1\SOLOSENT.EXE
C:\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\ExtraTools\ExtraDNS\ExtraDNS.dll
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O8 - Extra context menu item: View Original Image - localhost\imageq.htm
O10 - Broken Internet access because of LSP provider 'prxernsp.dll' missing
حدد القيم التاليه وقم بحذفها
ثم اعمل تقرير اخر
C:\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\ExtraTools\ExtraDNS\ExtraDNS.dll
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O8 - Extra context menu item: View Original Image - localhost\imageq.htm
O10 - Broken Internet access because of LSP provider 'prxernsp.dll' missing
حدد القيم التاليه وقم بحذفها
ثم اعمل تقرير اخر
توقيع : LINEZERO
تأييد
0
تأييد
0
مافهمت كيف اقوم بالتحديد
اسف لاني بتعبك عندي
اذا كان بالهايجاك ماحصلت القيم بالضبط نفس الكلام
:b::b::b::b::b::b::b::b::b::b::b::b::b:
تأييد
0
الحمد لله تم حذف الفايروس اعتقد السبب لاني شغلت اكثر من 60 اداه لحذف الفيروسات واظن ان وحده منهن اصابت الهدف اخي شكرا جزيلا بالنسبة للقيم
اللي انته مخلنهم ماطبقته سابحث عنها
القيمة الثانية تتعلق ببرنامج اعتمد عليه في تسريع الجهاز
واخاف احذفه ويروح علي
ارجو ان توافيني بكيفية العمل
وشكرا لاهتمامك بالموضوع
اللي انته مخلنهم ماطبقته سابحث عنها
القيمة الثانية تتعلق ببرنامج اعتمد عليه في تسريع الجهاز
واخاف احذفه ويروح علي
ارجو ان توافيني بكيفية العمل
وشكرا لاهتمامك بالموضوع
تأييد
0