Maheeb
زيزوومي جديد
- إنضم
- 18 يونيو 2008
- المشاركات
- 99
- مستوى التفاعل
- 3
- النقاط
- 110
غير متصل
- بادئ الموضوع Maheeb
- تاريخ البدء
- 3,391
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
طيـب أخي أعمل التالي تماما :::
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
كلك يـمين على الأداة واكمل الشرح :
ثم قم بتشغيلها واتبع الشرح :
(2)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
كلك يـمين على الأداة واكمل الشرح :
ثم قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
(2)
حمل أداة الهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
توقيع : Al jNtEeL
تأييد
0
Maheeb
زيزوومي جديد
- إنضم
- 18 يونيو 2008
- المشاركات
- 99
- مستوى التفاعل
- 3
- النقاط
- 110
غير متصل
هذا التقرير بالبرنامج الاول بس في ملاحظتين الكاسبري سكاي اكتشف فايروس او تروجن عند تشغيل الاداه هذي الشي الثاني لما يقم البرنامج باعاده تشغيل جهازي اتركك مع التقرير
ComboFix 08-08-10.05 - user 08/11/2008 1:56:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.1.1025.18.1118 [GMT 3:00]
Running from: C:\Users\user\Desktop\مجلد جديد\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 23:03 --------- d-----w C:\Users\user\AppData\Roaming\DMCache
2008-08-10 23:00 16,692,512 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-10 23:00 12,978 ----a-w C:\Users\user\AppData\Roaming\nvModes.dat
2008-08-10 13:20 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-10 05:07 222,548 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-05 22:18 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-23 12:22 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-17 15:36 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-17 15:30 --------- d-----w C:\ProgramData\Nero
2008-07-17 15:30 --------- d-----w C:\Program Files\Nero
2008-07-16 14:20 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-16 05:21 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 22:55 --------- d-----w C:\Program Files\Windows Live
2008-07-05 23:11 --------- d-----w C:\Users\user\AppData\Roaming\Ahead
2008-07-04 22:57 203,776 ----a-w C:\Windows\System32\clrviddc.dll
2008-07-04 10:06 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-04 00:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-04 00:00 --------- d-----w C:\ProgramData\NOS
2008-07-03 18:10 --------- d-----w C:\ProgramData\Ahead
2008-07-03 17:57 --------- d-----w C:\Program Files\NOS
2008-07-02 01:48 --------- d-----w C:\Program Files\TOSHIBA
2008-06-30 23:46 --------- d-----w C:\Users\user\AppData\Roaming\IDM
2008-06-28 23:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-28 01:29 --------- d-----w C:\Program Files\Magentic
2008-06-28 01:21 --------- d-----w C:\Program Files\MSECache
2008-06-28 00:26 --------- d-----w C:\Users\user\AppData\Roaming\ACD Systems
2008-06-28 00:25 --------- d-----w C:\ProgramData\ACD Systems
2008-06-28 00:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-28 00:25 --------- d-----w C:\Program Files\ACD Systems
2008-06-28 00:01 --------- d-----w C:\ProgramData\Messenger Plus!
2008-06-27 16:41 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-27 14:48 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-06-27 14:21 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-27 11:45 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-06-26 22:36 174 --sha-w C:\Program Files\desktop.ini
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Journal
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Defender
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Calendar
2008-06-26 22:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-26 22:02 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-26 11:27 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-26 04:32 --------- d-----w C:\Program Files\Google
2008-06-26 04:06 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-26 03:40 --------- d-----w C:\ProgramData\WLInstaller
2008-06-26 03:34 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 03:11 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-26 02:58 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 02:29 --------- d-----w C:\Program Files\MSBuild
2008-06-26 02:29 --------- d-----w C:\Program Files\Microsoft Works
2008-06-26 02:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-26 02:23 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-26 02:22 --------- d-----w C:\Users\user\AppData\Roaming\PeerNetworking
2008-06-26 01:53 --------- d-----w C:\ProgramData\WinZip
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-24 23:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-24 23:25 --------- d-----w C:\Program Files\Common Files\Real
2008-06-24 23:17 499,712 ----a-w C:\Windows\System32\msvcp71.dll
2008-06-24 23:17 348,160 ----a-w C:\Windows\System32\msvcr71.dll
2008-06-24 23:17 --------- d-----w C:\Program Files\Real
2008-06-24 23:07 --------- d--h--w C:\ProgramData\CanonBJ
2008-06-24 22:33 155,995 ----a-w C:\Windows\Java\Packages\MF1FPZ3D.ZIP
2008-06-24 21:27 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-06-24 21:27 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-06-24 21:27 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-06-24 21:27 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-06-24 21:25 988,216 ----a-w C:\Windows\System32\winload.exe
2008-06-24 21:25 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-06-24 21:25 615,992 ----a-w C:\Windows\System32\ci.dll
2008-06-24 21:25 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-06-24 21:25 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-06-24 21:25 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-06-24 21:25 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-06-24 21:25 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-06-24 21:25 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-06-24 21:25 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-06-24 21:23 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-06-24 21:22 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-06-24 21:18 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-06-24 21:18 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-06-24 21:17 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-24 21:17 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-24 21:17 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-24 21:17 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-24 21:17 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-24 21:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-24 21:17 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-06-24 21:14 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-06-24 21:13 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-06-24 21:13 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-06-24 21:11 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-06-24 13:17 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-24 13:17 315,392 ----a-w C:\Windows\HideWin.exe
2008-06-24 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 13:17 --------- d-----w C:\Program Files\Realtek
2008-06-24 13:05 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [10/01/2007 09:45 PM 840704]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 10:33 AM 202240]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 10:33 AM 1233920]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [03/09/2008 11:00 AM 480648]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/22/2008 11:13 AM 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/25/2008 02:25 AM 185896]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/03/2008 10:51 AM 1045800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/13/2007 11:40 AM 90191]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/13/2007 11:40 AM 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/13/2007 11:40 AM 7766016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [05/28/2008 08:27 AM 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [04/08/2008 09:56 AM 1647912]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [02/13/2007 09:30 AM 405504]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"RtHDVCpl"="RtHDVCpl.exe" [02/15/2007 05:07 PM 4390912 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 16:57:26 2756608]
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-06-24 15:44:12 69632]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{BE777129-71E2-48B3-8781-EF7132191ADE}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{1A9AB14C-F8C0-49E4-90E6-13720CAD9A10}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"TCP Query User{09E787EA-182C-4777-A76B-4884E0CF5281}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{7425FF8D-22DC-4E0F-9C7E-EB8300D3A5CC}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"{415B871A-52CD-4C86-9756-8C43C72393E6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E37C7DB6-714E-4A74-A2C3-D85802585447}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CC5336D1-9105-4328-8D67-6388A58B9CDC}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0688D7CC-039C-45C4-98EA-398A34640BD6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E315AABE-2EAC-46FD-AA66-B7EB2FE3350A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{853E1D32-23E2-43F8-8549-1CC3C242FD28}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{62C5EA47-A422-459D-B33E-27BEDD41C2BE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{738E5D11-CE22-4AD1-9107-CF203FD859F6}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{4285942A-E062-469F-97CA-1488F51F8088}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{E91963B2-06C9-4741-9BEC-116784B0E8B8}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{7B7E7EFC-F747-4951-98A6-83BAE8F56D45}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{1A5CF0F8-5C48-480D-9501-71CD63A4349A}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{05582915-44A0-4155-B11E-EBC0E1DF8A0D}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{477C9F01-03EA-4A2D-B3F4-78559DDF29AA}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{4DFDAA11-A598-4270-9DE0-9B83229A0A73}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{CFF53A00-5615-4B24-8E5A-5D6CCBAD1352}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{578E1E2B-1D04-4F2F-988E-BE13880F5755}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{CEA3436F-5D4D-4A02-85B0-EC6B3C81BED6}C:\\program files\\amsn\\bin\\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{742DF8E2-0023-412F-B8BA-0AAACC23BABE}C:\\program files\\amsn\\bin\\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application
"{2886269B-1437-4FE1-ABCE-9984D8735EB3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CB6AF541-1441-409B-8F32-AD41934BE236}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0BCFF2D2-CA82-4ABC-8F8A-B7B1C782EEFE}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{4FD2F2BD-A0C7-4A58-99A3-A79D50BF1F4E}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [04/04/2007 02:59 PM]
S4 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [06/26/2008 10:24 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{364007c4-46a6-11dd-b04e-00037ad9ba0f}]
\shell\AutoRun\command - H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60e6182e-41ef-11dd-84ec-00037ad9ba0f}]
\shell\AutoRun\command - D:\fppg1.exe
\shell\explore\Command - D:\fppg1.exe
\shell\open\Command - D:\fppg1.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-11 02:03:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 08/11/2008 2:07:05
ComboFix-quarantined-files.txt 2008-08-10 23:06:37
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 178,816,483,328 bytes free
215 --- E O F --- 2008-08-07 08:05:06
ComboFix 08-08-10.05 - user 08/11/2008 1:56:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.1.1025.18.1118 [GMT 3:00]
Running from: C:\Users\user\Desktop\مجلد جديد\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 23:03 --------- d-----w C:\Users\user\AppData\Roaming\DMCache
2008-08-10 23:00 16,692,512 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-10 23:00 12,978 ----a-w C:\Users\user\AppData\Roaming\nvModes.dat
2008-08-10 13:20 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-10 05:07 222,548 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-05 22:18 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-23 12:22 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-17 15:36 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-17 15:30 --------- d-----w C:\ProgramData\Nero
2008-07-17 15:30 --------- d-----w C:\Program Files\Nero
2008-07-16 14:20 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-16 05:21 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 22:55 --------- d-----w C:\Program Files\Windows Live
2008-07-05 23:11 --------- d-----w C:\Users\user\AppData\Roaming\Ahead
2008-07-04 22:57 203,776 ----a-w C:\Windows\System32\clrviddc.dll
2008-07-04 10:06 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-04 00:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-04 00:00 --------- d-----w C:\ProgramData\NOS
2008-07-03 18:10 --------- d-----w C:\ProgramData\Ahead
2008-07-03 17:57 --------- d-----w C:\Program Files\NOS
2008-07-02 01:48 --------- d-----w C:\Program Files\TOSHIBA
2008-06-30 23:46 --------- d-----w C:\Users\user\AppData\Roaming\IDM
2008-06-28 23:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-28 01:29 --------- d-----w C:\Program Files\Magentic
2008-06-28 01:21 --------- d-----w C:\Program Files\MSECache
2008-06-28 00:26 --------- d-----w C:\Users\user\AppData\Roaming\ACD Systems
2008-06-28 00:25 --------- d-----w C:\ProgramData\ACD Systems
2008-06-28 00:25 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-28 00:25 --------- d-----w C:\Program Files\ACD Systems
2008-06-28 00:01 --------- d-----w C:\ProgramData\Messenger Plus!
2008-06-27 16:41 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-27 14:48 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-06-27 14:21 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-27 11:45 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-06-26 22:36 174 --sha-w C:\Program Files\desktop.ini
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Journal
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Defender
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-26 22:24 --------- d-----w C:\Program Files\Windows Calendar
2008-06-26 22:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-26 22:02 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-26 11:27 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-26 04:32 --------- d-----w C:\Program Files\Google
2008-06-26 04:06 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-26 03:40 --------- d-----w C:\ProgramData\WLInstaller
2008-06-26 03:34 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 03:11 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-26 02:58 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 02:29 --------- d-----w C:\Program Files\MSBuild
2008-06-26 02:29 --------- d-----w C:\Program Files\Microsoft Works
2008-06-26 02:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-26 02:23 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-26 02:22 --------- d-----w C:\Users\user\AppData\Roaming\PeerNetworking
2008-06-26 01:53 --------- d-----w C:\ProgramData\WinZip
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-24 23:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-24 23:25 --------- d-----w C:\Program Files\Common Files\Real
2008-06-24 23:17 499,712 ----a-w C:\Windows\System32\msvcp71.dll
2008-06-24 23:17 348,160 ----a-w C:\Windows\System32\msvcr71.dll
2008-06-24 23:17 --------- d-----w C:\Program Files\Real
2008-06-24 23:07 --------- d--h--w C:\ProgramData\CanonBJ
2008-06-24 22:33 155,995 ----a-w C:\Windows\Java\Packages\MF1FPZ3D.ZIP
2008-06-24 21:27 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-06-24 21:27 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-06-24 21:27 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-06-24 21:27 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-06-24 21:25 988,216 ----a-w C:\Windows\System32\winload.exe
2008-06-24 21:25 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-06-24 21:25 615,992 ----a-w C:\Windows\System32\ci.dll
2008-06-24 21:25 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-06-24 21:25 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-06-24 21:25 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-06-24 21:25 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-06-24 21:25 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-06-24 21:25 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-06-24 21:25 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-06-24 21:23 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-06-24 21:22 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-06-24 21:18 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-06-24 21:18 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-06-24 21:17 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-24 21:17 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-24 21:17 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-24 21:17 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-24 21:17 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-24 21:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-24 21:17 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-06-24 21:14 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-06-24 21:13 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-06-24 21:13 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-06-24 21:11 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-06-24 13:17 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-24 13:17 315,392 ----a-w C:\Windows\HideWin.exe
2008-06-24 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 13:17 --------- d-----w C:\Program Files\Realtek
2008-06-24 13:05 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [10/01/2007 09:45 PM 840704]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 10:33 AM 202240]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 10:33 AM 1233920]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [03/09/2008 11:00 AM 480648]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/22/2008 11:13 AM 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/25/2008 02:25 AM 185896]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/03/2008 10:51 AM 1045800]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/13/2007 11:40 AM 90191]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/13/2007 11:40 AM 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/13/2007 11:40 AM 7766016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [05/28/2008 08:27 AM 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [04/08/2008 09:56 AM 1647912]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [02/13/2007 09:30 AM 405504]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"RtHDVCpl"="RtHDVCpl.exe" [02/15/2007 05:07 PM 4390912 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 16:57:26 2756608]
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-06-24 15:44:12 69632]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{BE777129-71E2-48B3-8781-EF7132191ADE}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{1A9AB14C-F8C0-49E4-90E6-13720CAD9A10}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"TCP Query User{09E787EA-182C-4777-A76B-4884E0CF5281}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{7425FF8D-22DC-4E0F-9C7E-EB8300D3A5CC}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe:Kaspersky Internet Security 2009 Setup
"{415B871A-52CD-4C86-9756-8C43C72393E6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E37C7DB6-714E-4A74-A2C3-D85802585447}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CC5336D1-9105-4328-8D67-6388A58B9CDC}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0688D7CC-039C-45C4-98EA-398A34640BD6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E315AABE-2EAC-46FD-AA66-B7EB2FE3350A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{853E1D32-23E2-43F8-8549-1CC3C242FD28}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{62C5EA47-A422-459D-B33E-27BEDD41C2BE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{738E5D11-CE22-4AD1-9107-CF203FD859F6}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{4285942A-E062-469F-97CA-1488F51F8088}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{E91963B2-06C9-4741-9BEC-116784B0E8B8}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{7B7E7EFC-F747-4951-98A6-83BAE8F56D45}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{1A5CF0F8-5C48-480D-9501-71CD63A4349A}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{05582915-44A0-4155-B11E-EBC0E1DF8A0D}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{477C9F01-03EA-4A2D-B3F4-78559DDF29AA}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{4DFDAA11-A598-4270-9DE0-9B83229A0A73}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{CFF53A00-5615-4B24-8E5A-5D6CCBAD1352}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{578E1E2B-1D04-4F2F-988E-BE13880F5755}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{CEA3436F-5D4D-4A02-85B0-EC6B3C81BED6}C:\\program files\\amsn\\bin\\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{742DF8E2-0023-412F-B8BA-0AAACC23BABE}C:\\program files\\amsn\\bin\\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application
"{2886269B-1437-4FE1-ABCE-9984D8735EB3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CB6AF541-1441-409B-8F32-AD41934BE236}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0BCFF2D2-CA82-4ABC-8F8A-B7B1C782EEFE}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{4FD2F2BD-A0C7-4A58-99A3-A79D50BF1F4E}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [04/04/2007 02:59 PM]
S4 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [06/26/2008 10:24 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{364007c4-46a6-11dd-b04e-00037ad9ba0f}]
\shell\AutoRun\command - H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60e6182e-41ef-11dd-84ec-00037ad9ba0f}]
\shell\AutoRun\command - D:\fppg1.exe
\shell\explore\Command - D:\fppg1.exe
\shell\open\Command - D:\fppg1.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-08-11 02:03:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 08/11/2008 2:07:05
ComboFix-quarantined-files.txt 2008-08-10 23:06:37
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 178,816,483,328 bytes free
215 --- E O F --- 2008-08-07 08:05:06
توقيع : Maheeb
تأييد
0
Maheeb
زيزوومي جديد
- إنضم
- 18 يونيو 2008
- المشاركات
- 99
- مستوى التفاعل
- 3
- النقاط
- 110
غير متصل
هذا الثاني
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:18:04 ص, on 11/08/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\user\Desktop\مجلد جديد\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7240 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:18:04 ص, on 11/08/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\user\Desktop\مجلد جديد\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 7240 bytes
توقيع : Maheeb
تأييد
0
KinXG BlacK
زيزوومى متألق
غير متصل
من قائمة اضافة وازالة البرامج
احذف
برنامج
NMBgMonitor
مو وين محمله ؟؟ومتى ؟؟
واعمل تقرير جديد
احذف
برنامج
NMBgMonitor
مو وين محمله ؟؟ومتى ؟؟
واعمل تقرير جديد
توقيع : KinXG BlacK
تأييد
0
KinXG BlacK
زيزوومى متألق
غير متصل
قبل لاتعمل تقرير جديد
حمل هالبرنامج لنتظيف نظامك
..:: شرح التنظيف بالبرنامج ::..
..:: شرح تصحيح أخطاء الرجستري بالبرنامج ::..
حمل هالبرنامج لنتظيف نظامك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
..:: شرح التنظيف بالبرنامج ::..
..:: شرح تصحيح أخطاء الرجستري بالبرنامج ::..
توقيع : KinXG BlacK
تأييد
0
Maheeb
زيزوومي جديد
- إنضم
- 18 يونيو 2008
- المشاركات
- 99
- مستوى التفاعل
- 3
- النقاط
- 110
غير متصل
اخوي سويت سكان بالبرنامج اللي قلت بس ما صار اي شي بخصوص الصفحه البيضا اللي تطلع لي مع بدايه التشغيل صفحه انترنت بس بيضا مره مافيها ولا كلمه وبرضوو المشكله الثانيه هي لما ادخل مواقع الدردشه واحد يعطيني رابط ما يفتح معي بس صوت اسمعه انا مدري المنتدى هذا محد يفهم لي ولا محد يقدر يحل مشكلتي
توقيع : Maheeb
تأييد
0