- بادئ الموضوع yuda388
- تاريخ البدء
- 1,186
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
تأييد
0
حمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
k:الاخboob77
التقرير الاول:
ComboFix 08-06-30.2 - Saleh 2008-07-02 16:37:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.554 [GMT 2:00]
Running from: C:\Documents and Settings\Saleh\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\zlib.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.
2008-07-02 05:28 . 2008-07-02 05:28 268 --ah----- C:\sqmdata11.sqm
2008-07-02 05:28 . 2008-07-02 05:28 244 --ah----- C:\sqmnoopt11.sqm
2008-07-02 05:21 . 2008-07-02 16:34 <DIR> d-------- C:\Program Files\AutorunRemover
2008-07-02 01:14 . 2008-07-02 01:14 268 --ah----- C:\sqmdata10.sqm
2008-07-02 01:14 . 2008-07-02 01:14 244 --ah----- C:\sqmnoopt10.sqm
2008-07-02 01:09 . 2008-07-02 01:09 <DIR> d-------- C:\Documents and Settings\Saleh\EurekaLog
2008-07-01 14:27 . 2008-07-01 14:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-30 17:08 . 2008-06-30 17:35 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-30 17:08 . 2008-06-30 17:35 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-30 17:07 . 2008-06-30 21:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-30 17:07 . 2008-07-02 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-30 17:07 . 2008-07-02 16:57 7,528,224 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-30 17:07 . 2008-07-02 05:28 113,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-30 17:07 . 2008-07-02 16:56 48,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-30 17:07 . 2008-07-02 05:28 6,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-30 03:15 . 2008-06-30 16:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 03:02 . 2008-06-30 03:02 24,614 --a------ C:\WINDOWS\system32\10003.sks
2008-06-30 03:02 . 2008-06-30 03:02 1,009 --a------ C:\WINDOWS\system32\10002.sks
2008-06-30 03:02 . 2008-06-30 03:02 897 --a------ C:\WINDOWS\system32\10001.sks
2008-06-30 03:02 . 2008-06-30 03:02 280 --a------ C:\WINDOWS\system32\10004.sks
2008-06-30 02:59 . 2008-06-30 03:07 <DIR> d-------- C:\Program Files\SpyRemover Pro
2008-06-30 02:59 . 2008-06-30 02:59 2,380 --a------ C:\WINDOWS\system32\Blockeds
2008-06-30 02:59 . 2008-06-30 03:06 945 --a------ C:\WINDOWS\system32\sk_bho.ini
2008-06-28 13:05 . 2008-06-28 13:05 <DIR> d-------- C:\Program Files\Ipswitch
2008-06-28 13:05 . 2008-06-28 13:05 <DIR> d-------- C:\Documents and Settings\Saleh\Application Data\Ipswitch
2008-06-28 13:05 . 2008-06-28 13:05 <DIR> d-------- C:\Documents and Settings\Saleh\Application Data\InstallShield
2008-06-28 13:05 . 2008-06-28 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2008-06-28 13:05 . 2007-08-09 12:50 606,293 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-06-28 13:05 . 2007-08-09 12:50 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-06-28 01:10 . 2008-06-28 01:10 <DIR> d-------- C:\Program Files\TMC
2008-06-27 20:43 . 2008-06-28 12:41 <DIR> d-------- C:\ASM
2008-06-24 23:41 . 2008-06-24 23:41 <DIR> d-------- C:\Program Files\IconCool Software
2008-06-17 18:43 . 2008-06-17 18:43 268 --ah----- C:\sqmdata09.sqm
2008-06-17 18:43 . 2008-06-17 18:43 244 --ah----- C:\sqmnoopt09.sqm
2008-06-17 15:34 . 2008-06-17 15:34 268 --ah----- C:\sqmdata08.sqm
2008-06-17 15:34 . 2008-06-17 15:34 244 --ah----- C:\sqmnoopt08.sqm
2008-06-17 14:45 . 2008-06-17 14:45 268 --ah----- C:\sqmdata07.sqm
2008-06-17 14:45 . 2008-06-17 14:45 244 --ah----- C:\sqmnoopt07.sqm
2008-06-17 01:28 . 2008-06-17 01:28 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-17 00:16 . 2008-06-17 23:25 <DIR> d-------- C:\Program Files\الموسوعة القرآنية الشاملة
2008-06-17 00:16 . 2008-06-17 20:35 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2008-06-15 23:35 . 2008-06-15 23:35 6,656 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-14 13:25 . 2008-06-14 13:25 <DIR> d-------- C:\Documents and Settings\SALEH-DA84F37F8\ASPNET
2008-06-14 13:25 . 2008-06-14 13:25 <DIR> d-------- C:\Documents and Settings\SALEH-DA84F37F8
2008-06-14 13:20 . 2008-06-14 13:20 <DIR> d-------- C:\Documents and Settings\Saleh\VSWebCache
2008-06-14 13:07 . 2008-06-14 13:09 <DIR> d-------- C:\Documents and Settings\Saleh\Oracle Jar Cache
2008-06-14 13:07 . 2008-06-14 13:07 <DIR> d-------- C:\Documents and Settings\Saleh\.jinit
2008-06-14 13:05 . 2008-06-14 13:05 <DIR> d-------- C:\Program Files\Oracle
2008-06-14 13:05 . 2006-05-16 04:50 45,164 --------- C:\WINDOWS\system32\plugincpl13126.cpl
2008-06-14 13:05 . 2006-05-16 04:49 36,962 --------- C:\WINDOWS\system32\ActPanel.dll
2008-06-14 12:16 . 2008-06-14 12:16 <DIR> d-------- C:\Program Files\Microsoft ACT
2008-06-14 12:16 . 2008-06-14 12:20 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-06-14 12:14 . 2008-06-14 12:51 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET
2008-06-13 20:05 . 2008-06-13 20:05 <DIR> d-------- C:\Documents and Settings\Saleh\WebSite1
2008-06-13 19:42 . 2008-06-13 19:42 76,288 --a------ C:\WINDOWS\system32\MSFLXGRD.oca
2008-06-13 19:42 . 2008-06-13 19:42 62,976 --a------ C:\WINDOWS\system32\shdocvw.oca
2008-06-13 18:36 . 2008-06-13 18:36 <DIR> d-------- C:\Documents and Settings\Saleh\Desktop1
2008-06-12 21:53 . 2008-06-13 00:47 <DIR> d-------- C:\Documents and Settings\Saleh\Application Data\Yahoo!
2008-06-12 21:52 . 2008-06-13 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-12 21:46 . 2008-06-13 00:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-08 12:42 . 2008-06-08 12:43 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-06-08 12:40 . 2008-06-08 12:54 <DIR> d-------- C:\Program Files\AutoCAD 2007
2008-06-08 12:40 . 2008-06-08 12:55 <DIR> d-------- C:\Documents and Settings\Saleh\Application Data\Autodesk
2008-06-08 12:40 . 2008-06-08 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-08 12:39 . 2008-06-08 12:44 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-08 12:39 . 2008-06-08 12:39 <DIR> d-------- C:\Program Files\Autodesk
2008-06-06 19:52 . 2008-06-06 19:52 <DIR> d-------- C:\Program Files\PSE
2008-06-06 19:50 . 2008-06-06 19:50 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-06-06 14:06 . 2008-06-06 14:06 <DIR> d-------- C:\Program Files\Dundas Software
2008-06-06 13:59 . 2008-06-06 14:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 14:35 --------- d-----w C:\Documents and Settings\Saleh\Application Data\DMCache
2008-07-02 14:18 --------- d-----w C:\Documents and Settings\Saleh\Application Data\MegauploadToolbar
2008-06-30 17:47 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-06-30 15:35 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-30 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-28 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 01:07 --------- d-----w C:\Documents and Settings\Saleh\Application Data\IDM
2008-06-14 11:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-14 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-14 10:58 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-06-14 10:24 --------- d-----w C:\Program Files\HTML Help Workshop
2008-06-04 08:12 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-01 00:46 --------- d-----w C:\Program Files\HP
2008-06-01 00:41 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-01 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-06-01 00:38 --------- d-----w C:\Documents and Settings\Saleh\Application Data\HP
2008-05-28 01:22 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll
2008-05-28 01:22 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-05-27 20:34 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-27 20:34 --------- d-----w C:\Program Files\Common Files\Real
2008-05-27 20:33 --------- d-----w C:\Program Files\Real
2008-05-24 15:19 --------- d-----w C:\Program Files\MSDN
2008-05-24 15:08 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-24 15:08 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-05-24 15:08 --------- d-----w C:\Program Files\Business s
2008-05-24 15:07 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-05-24 15:05 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-05-24 15:05 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-24 14:53 --------- d-----w C:\Program Files\MSBuild
2008-05-24 14:50 --------- d-----w C:\Program Files\Microsoft SDKs
2008-05-24 14:48 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-05-24 14:43 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-24 14:39 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-24 14:27 --------- d-----w C:\Program Files\UniTicker
2008-05-23 20:37 398,400 ----a-w C:\WINDOWS\system32\osenxpresource.dll
2008-05-23 00:41 --------- d-----w C:\Documents and Settings\Saleh\Application Data\DivX
2008-05-22 20:52 --------- d-----w C:\Program Files\URUSoft
2008-05-22 20:16 426,872 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-22 12:49 --------- d-----w C:\Documents and Settings\Saleh\Application Data\Sony
2008-05-19 22:26 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-05-19 21:58 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-19 21:56 --------- d-----w C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-05-19 21:50 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-19 21:44 --------- d-----w C:\Program Files\Common Files\Business s
2008-05-19 21:43 --------- d-----w C:\Program Files\CE Remote Tools
2008-05-19 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-05-19 21:13 --------- d-----w C:\Program Files\Web Publish
2008-05-19 20:03 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-19 20:03 --------- d-----w C:\Documents and Settings\Saleh\Application Data\Media Player Classic
2008-05-19 20:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-19 20:01 --------- d-----w C:\Program Files\Ahead
2008-05-19 19:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-19 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-19 19:17 --------- d-----w C:\Program Files\Webshots
2008-05-19 19:15 --------- d-----w C:\Documents and Settings\Saleh\Application Data\Webshots
2008-05-19 19:14 --------- d-----w C:\Program Files\Riva
2008-05-19 19:14 --------- d-----w C:\Program Files\MegauploadToolbar
2008-05-19 19:12 --------- d-----w C:\Program Files\MSN Messenger
2008-05-19 19:11 --------- d-----w C:\Program Files\DivX
2008-05-19 19:10 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-19 19:04 --------- d-----w C:\Program Files\UltraISO
2008-05-19 19:04 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-05-19 19:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-19 19:01 172,032 ------w C:\WINDOWS\Setup1.exe
2008-05-19 18:58 --------- d-----w C:\Program Files\Crystal Player
2008-05-19 15:37 --------- d-----w C:\Program Files\JetAudio
2008-05-19 15:37 --------- d-----w C:\Documents and Settings\Saleh\Application Data\COWON
2008-05-19 12:10 --------- d-----w C:\Documents and Settings\Saleh\Application Data\Uniblue
2008-05-19 10:15 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-19 10:15 --------- d-----w C:\Program Files\Realtek
2008-05-19 10:13 --------- d-----w C:\Program Files\Intel
2008-05-19 10:08 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-19 09:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-19 00:29 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-29 06:41 7,034,727 ----a-w C:\WINDOWS\system32\SRPRSig.dll
2008-04-29 06:39 5,644,127 ----a-w C:\WINDOWS\system32\SRPFSig.dll
2008-04-29 06:38 505,648 ----a-w C:\WINDOWS\system32\SRPESig.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-10-11 08:25 2553264]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-13 09:05 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-13 09:05 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-13 09:05 94208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-27 22:33 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 09:02 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-03-13 09:02 2879488 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
C:\Documents and Settings\Saleh\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-05-19 21:15:09 157008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-05-20 00:28:56 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c7d34b9-4471-11dd-aafe-0019d1ed18fe}]
\Shell\AutoRun\command - G:\t9peum02.exe
\Shell\explore\Command - G:\t9peum02.exe
\Shell\open\Command - G:\t9peum02.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff38721b-2733-11dd-a5d6-0019d1ed18fe}]
\Shell\AutoRun\command - F:\adgiygu.exe
\Shell\explore\Command - F:\adgiygu.exe
\Shell\open\Command - F:\adgiygu.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-SpyRemoverPro - C:\PROGRA~1\SPYREM~1\SpyRemoverPro.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-07-02 16:56:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-02 17:04:12
ComboFix-quarantined-files.txt 2008-07-02 14:58:50
Pre-Run: 45,975,064,576 bytes free
Post-Run: 46,101,360,640 bytes free
237
التقرير الثاني:
Logfile of HijackThis v1.99.1
Scan saved at 5:12:46 PM, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Documents and Settings\Saleh\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} (JInitiator 1.3.1.26) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
التقرير الاول:
ComboFix 08-06-30.2 - Saleh 2008-07-02 16:37:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.554 [GMT 2:00]
Running from: C:\Documents and Settings\Saleh\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\zlib.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.
2008-07-02 05:28 . 2008-07-02 05:28 268 --ah----- C:\sqmdata11.sqm
2008-07-02 05:28 . 2008-07-02 05:28 244 --ah----- C:\sqmnoopt11.sqm
2008-07-02 05:21 . 2008-07-02 16:34 <DIR> d-------- C:\Program Files\AutorunRemover
2008-07-02 01:14 . 2008-07-02 01:14 268 --ah----- C:\sqmdata10.sqm
2008-07-02 01:14 . 2008-07-02 01:14 244 --ah----- C:\sqmnoopt10.sqm
2008-07-02 01:09 . 2008-07-02 01:09 <DIR> d-------- C:\Documents and Settings\Saleh\EurekaLog
2008-07-01 14:27 . 2008-07-01 14:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-30 17:08 . 2008-06-30 17:35 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-30 17:08 . 2008-06-30 17:35 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-30 17:07 . 2008-06-30 21:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-30 17:07 . 2008-07-02 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-30 17:07 . 2008-07-02 16:57 7,528,224 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-30 17:07 . 2008-07-02 05:28 113,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-30 17:07 . 2008-07-02 16:56 48,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-30 17:07 . 2008-07-02 05:28 6,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-30 03:15 . 2008-06-30 16:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 03:02 . 2008-06-30 03:02 24,614 --a------ C:\WINDOWS\system32\10003.sks
2008-06-30 03:02 . 2008-06-30 03:02 1,009 --a------ C:\WINDOWS\system32\10002.sks
2008-06-30 03:02 . 2008-06-30 03:02 897 --a------ C:\WINDOWS\system32\10001.sks
2008-06-30 03:02 . 2008-06-30 03:02 280 --a------ C:\WINDOWS\system32\10004.sks
2008-06-30 02:59 . 2008-06-30 03:07 <DIR> d-------- C:\Program Files\SpyRemover Pro
2008-06-30 02:59 . 2008-06-30 02:59 2,380 --a------ C:\WINDOWS\system32\Blockeds
2008-06-30 02:59 . 2008-06-30 03:06 945 --a------ C:\WINDOWS\system32\sk_bho.ini
2008-06-28 13:05 . 2008-06-28 13:05 <DIR> d-------- C:\Program Files\Ipswitch
2008-06-28 13:05 . 2008-06-28 13:05 <DIR> d-------- C:\Documents and Settings\Saleh\Application Data\Ipswitch
2008-06-28 13:05 . 2008-06-28 13:05 <DIR> d-------- C:\Documents and Settings\Saleh\Application Data\InstallShield
2008-06-28 13:05 . 2008-06-28 13:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2008-06-28 13:05 . 2007-08-09 12:50 606,293 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-06-28 13:05 . 2007-08-09 12:50 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-06-28 01:10 . 2008-06-28 01:10 <DIR> d-------- C:\Program Files\TMC
2008-06-27 20:43 . 2008-06-28 12:41 <DIR> d-------- C:\ASM
2008-06-24 23:41 . 2008-06-24 23:41 <DIR> d-------- C:\Program Files\IconCool Software
2008-06-17 18:43 . 2008-06-17 18:43 268 --ah----- C:\sqmdata09.sqm
2008-06-17 18:43 . 2008-06-17 18:43 244 --ah----- C:\sqmnoopt09.sqm
2008-06-17 15:34 . 2008-06-17 15:34 268 --ah----- C:\sqmdata08.sqm
2008-06-17 15:34 . 2008-06-17 15:34 244 --ah----- C:\sqmnoopt08.sqm
2008-06-17 14:45 . 2008-06-17 14:45 268 --ah----- C:\sqmdata07.sqm
2008-06-17 14:45 . 2008-06-17 14:45 244 --ah----- C:\sqmnoopt07.sqm
2008-06-17 01:28 . 2008-06-17 01:28 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-17 00:16 . 2008-06-17 23:25 <DIR> d-------- C:\Program Files\الموسوعة القرآنية الشاملة
2008-06-17 00:16 . 2008-06-17 20:35 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2008-06-15 23:35 . 2008-06-15 23:35 6,656 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-14 13:25 . 2008-06-14 13:25 <DIR> d-------- C:\Documents and Settings\SALEH-DA84F37F8\ASPNET
2008-06-14 13:25 . 2008-06-14 13:25 <DIR> d-------- C:\Documents and Settings\SALEH-DA84F37F8
2008-06-14 13:20 . 2008-06-14 13:20 <DIR> d-------- C:\Documents and Settings\Saleh\VSWebCache
2008-06-14 13:07 . 2008-06-14 13:09 <DIR> d-------- C:\Documents and Settings\Saleh\Oracle Jar Cache
2008-06-14 13:07 . 2008-06-14 13:07 <DIR> d-------- C:\Documents and Settings\Saleh\.jinit
2008-06-14 13:05 . 2008-06-14 13:05 <DIR> d-------- C:\Program Files\Oracle
2008-06-14 13:05 . 2006-05-16 04:50 45,164 --------- C:\WINDOWS\system32\plugincpl13126.cpl
2008-06-14 13:05 . 2006-05-16 04:49 36,962 --------- C:\WINDOWS\system32\ActPanel.dll
2008-06-14 12:16 . 2008-06-14 12:16 <DIR> d-------- C:\Program Files\Microsoft ACT
2008-06-14 12:16 . 2008-06-14 12:20 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-06-14 12:14 . 2008-06-14 12:51 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET
2008-06-13 20:05 . 2008-06-13 20:05 <DIR> d-------- C:\Documents and Settings\Saleh\WebSite1
2008-06-13 19:42 . 2008-06-13 19:42 76,288 --a------ C:\WINDOWS\system32\MSFLXGRD.oca
2008-06-13 19:42 . 2008-06-13 19:42 62,976 --a------ C:\WINDOWS\system32\shdocvw.oca
2008-06-13 18:36 . 2008-06-13 18:36 <DIR> d-------- C:\Documents and Settings\Saleh\Desktop1
2008-06-12 21:53 . 2008-06-13 00:47 <DIR> d-------- C:\Documents and Settings\Saleh\Application Data\Yahoo!
2008-06-12 21:52 . 2008-06-13 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-12 21:46 . 2008-06-13 00:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-08 12:42 . 2008-06-08 12:43 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-06-08 12:40 . 2008-06-08 12:54 <DIR> d-------- C:\Program Files\AutoCAD 2007
2008-06-08 12:40 . 2008-06-08 12:55 <DIR> d-------- C:\Documents and Settings\Saleh\Application Data\Autodesk
2008-06-08 12:40 . 2008-06-08 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-08 12:39 . 2008-06-08 12:44 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-08 12:39 . 2008-06-08 12:39 <DIR> d-------- C:\Program Files\Autodesk
2008-06-06 19:52 . 2008-06-06 19:52 <DIR> d-------- C:\Program Files\PSE
2008-06-06 19:50 . 2008-06-06 19:50 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-06-06 14:06 . 2008-06-06 14:06 <DIR> d-------- C:\Program Files\Dundas Software
2008-06-06 13:59 . 2008-06-06 14:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 14:35 --------- d-----w C:\Documents and Settings\Saleh\Application Data\DMCache
2008-07-02 14:18 --------- d-----w C:\Documents and Settings\Saleh\Application Data\MegauploadToolbar
2008-06-30 17:47 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-06-30 15:35 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-30 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-28 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 01:07 --------- d-----w C:\Documents and Settings\Saleh\Application Data\IDM
2008-06-14 11:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-14 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-14 10:58 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-06-14 10:24 --------- d-----w C:\Program Files\HTML Help Workshop
2008-06-04 08:12 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-01 00:46 --------- d-----w C:\Program Files\HP
2008-06-01 00:41 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-01 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-06-01 00:38 --------- d-----w C:\Documents and Settings\Saleh\Application Data\HP
2008-05-28 01:22 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll
2008-05-28 01:22 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-05-27 20:34 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-27 20:34 --------- d-----w C:\Program Files\Common Files\Real
2008-05-27 20:33 --------- d-----w C:\Program Files\Real
2008-05-24 15:19 --------- d-----w C:\Program Files\MSDN
2008-05-24 15:08 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-24 15:08 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-05-24 15:08 --------- d-----w C:\Program Files\Business s
2008-05-24 15:07 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-05-24 15:05 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-05-24 15:05 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-24 14:53 --------- d-----w C:\Program Files\MSBuild
2008-05-24 14:50 --------- d-----w C:\Program Files\Microsoft SDKs
2008-05-24 14:48 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-05-24 14:43 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-24 14:39 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-24 14:27 --------- d-----w C:\Program Files\UniTicker
2008-05-23 20:37 398,400 ----a-w C:\WINDOWS\system32\osenxpresource.dll
2008-05-23 00:41 --------- d-----w C:\Documents and Settings\Saleh\Application Data\DivX
2008-05-22 20:52 --------- d-----w C:\Program Files\URUSoft
2008-05-22 20:16 426,872 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-22 12:49 --------- d-----w C:\Documents and Settings\Saleh\Application Data\Sony
2008-05-19 22:26 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-05-19 21:58 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-19 21:56 --------- d-----w C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-05-19 21:50 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-19 21:44 --------- d-----w C:\Program Files\Common Files\Business s
2008-05-19 21:43 --------- d-----w C:\Program Files\CE Remote Tools
2008-05-19 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-05-19 21:13 --------- d-----w C:\Program Files\Web Publish
2008-05-19 20:03 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-19 20:03 --------- d-----w C:\Documents and Settings\Saleh\Application Data\Media Player Classic
2008-05-19 20:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-19 20:01 --------- d-----w C:\Program Files\Ahead
2008-05-19 19:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-19 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-19 19:17 --------- d-----w C:\Program Files\Webshots
2008-05-19 19:15 --------- d-----w C:\Documents and Settings\Saleh\Application Data\Webshots
2008-05-19 19:14 --------- d-----w C:\Program Files\Riva
2008-05-19 19:14 --------- d-----w C:\Program Files\MegauploadToolbar
2008-05-19 19:12 --------- d-----w C:\Program Files\MSN Messenger
2008-05-19 19:11 --------- d-----w C:\Program Files\DivX
2008-05-19 19:10 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-19 19:04 --------- d-----w C:\Program Files\UltraISO
2008-05-19 19:04 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-05-19 19:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-19 19:01 172,032 ------w C:\WINDOWS\Setup1.exe
2008-05-19 18:58 --------- d-----w C:\Program Files\Crystal Player
2008-05-19 15:37 --------- d-----w C:\Program Files\JetAudio
2008-05-19 15:37 --------- d-----w C:\Documents and Settings\Saleh\Application Data\COWON
2008-05-19 12:10 --------- d-----w C:\Documents and Settings\Saleh\Application Data\Uniblue
2008-05-19 10:15 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-19 10:15 --------- d-----w C:\Program Files\Realtek
2008-05-19 10:13 --------- d-----w C:\Program Files\Intel
2008-05-19 10:08 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-19 09:45 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-19 00:29 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-29 06:41 7,034,727 ----a-w C:\WINDOWS\system32\SRPRSig.dll
2008-04-29 06:39 5,644,127 ----a-w C:\WINDOWS\system32\SRPFSig.dll
2008-04-29 06:38 505,648 ----a-w C:\WINDOWS\system32\SRPESig.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-10-11 08:25 2553264]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-03-13 09:05 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-03-13 09:05 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-03-13 09:05 94208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-27 22:33 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 09:02 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-03-13 09:02 2879488 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
C:\Documents and Settings\Saleh\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-05-19 21:15:09 157008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-05-20 00:28:56 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c7d34b9-4471-11dd-aafe-0019d1ed18fe}]
\Shell\AutoRun\command - G:\t9peum02.exe
\Shell\explore\Command - G:\t9peum02.exe
\Shell\open\Command - G:\t9peum02.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff38721b-2733-11dd-a5d6-0019d1ed18fe}]
\Shell\AutoRun\command - F:\adgiygu.exe
\Shell\explore\Command - F:\adgiygu.exe
\Shell\open\Command - F:\adgiygu.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-SpyRemoverPro - C:\PROGRA~1\SPYREM~1\SpyRemoverPro.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-07-02 16:56:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-02 17:04:12
ComboFix-quarantined-files.txt 2008-07-02 14:58:50
Pre-Run: 45,975,064,576 bytes free
Post-Run: 46,101,360,640 bytes free
237
التقرير الثاني:
Logfile of HijackThis v1.99.1
Scan saved at 5:12:46 PM, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Documents and Settings\Saleh\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} (JInitiator 1.3.1.26) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
تأييد
0
KinXG BlacK
زيزوومى متألق
غير متصل
عطل استعادة النظام
جهاز الكمبيوتر
كليك يمين
خصائص
استعادة النظام
كليك يمين
خصائص
استعادة النظام
ضع علامة صح أمام ايقاف ااستعادة النظام ..إلخ
تطبق ....بيطلع لك تخذير ...اختر نعم ...
ثم موافق ..
ثم موافق ..
---------------------------
حمل هذا الملف
من هنا
من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل جميع الملفات فيه وإذا طلب اضافة شئ للمحرر التسجيل
اختر ..نعم
بنتظار النتائج ...:d:
التعديل الأخير بواسطة المشرف:
توقيع : KinXG BlacK
تأييد
0
KinXG BlacK
زيزوومى متألق
غير متصل
وياليت هذي الأداة لصلح ماتلفه الفيروسات لمسجل النظام
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبنسبه
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
احدفه وأعد تثبيه أما وإذا كان محذوف
احذف ما تبقى منه بهذي الأداة
اداة kaspersky
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل الاداة وضع الارقام كما بالصورة
توقيع : KinXG BlacK
تأييد
0