قادم
زيزوومي جديد
غير متصل
السلام عليكم ورحمة الله وبركاته
تظهر لي صفحة كأنها برنامج إنتي فايرس وأعتقد انه فايروس
فلا يمكنني تصفح الإنترنت بوجوده ودائماً تظهر لي صفحة تحذير عند محاولة الدخول إلى أي موقع
هذا تقرير بالأداة
وهذ تقرير أداة Zyzoom_HijackThis
تحياتي
تظهر لي صفحة كأنها برنامج إنتي فايرس وأعتقد انه فايروس
فلا يمكنني تصفح الإنترنت بوجوده ودائماً تظهر لي صفحة تحذير عند محاولة الدخول إلى أي موقع
هذا تقرير بالأداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
كود:
ComboFix 08-07-25.7 - XPPRESP3 2008-07-26 4:46:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.950 [GMT 3:00]
Running from: K:\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pctdf.exe
C:\WINDOWS\system32\help32.dll
C:\WINDOWS\system32\rmd.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-26 04:50 . 2008-07-26 04:50 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-07-26 04:50 . 2008-07-26 04:50 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-07-24 11:03 . 2008-07-26 04:22 3,253 --a------ C:\WINDOWS\warning.html
2008-07-24 02:12 . 2008-07-24 02:14 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\U3
2008-07-22 12:07 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-21 11:15 . 2008-07-21 11:15 <DIR> d-------- C:\Program Files\backupdrivers
2008-07-21 11:15 . 2008-07-21 11:15 21,888 --a------ C:\WINDOWS\system32\drivers\eps2kt1.sys
2008-07-21 11:15 . 2008-07-21 11:15 12,800 --a------ C:\WINDOWS\system32\drivers\smccard.sys
2008-07-21 11:15 . 2008-07-21 11:15 4,608 --a------ C:\WINDOWS\system32\R5CoInst.dll
2008-07-21 07:19 . 2008-07-21 07:19 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-21 07:19 . 2008-07-21 07:19 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-21 07:14 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-21 07:14 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-20 04:04 . 2008-07-20 04:04 <DIR> d--hs---- C:\found.000
2008-07-17 11:16 . 2008-07-20 11:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-17 11:16 . 2008-07-17 11:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-15 11:38 . 2008-07-15 11:38 541 --a------ C:\WINDOWS\WININIT.INI
2008-07-10 08:13 . 2008-07-10 08:18 102,259 --------- C:\WINDOWS\hpoins05.dat.temp
2008-07-10 08:13 . 2005-12-17 08:56 17,505 --------- C:\WINDOWS\hpomdl07.dat.temp
2008-07-08 09:10 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-08 09:07 . 2008-07-17 11:12 102,167 --a------ C:\WINDOWS\hpoins05.dat
2008-07-08 09:07 . 2005-12-17 08:56 17,505 --------- C:\WINDOWS\hpomdl07.dat
2008-07-08 08:30 . 2008-07-08 08:30 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-08 08:27 . 2008-07-08 08:27 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\HP
2008-07-08 08:27 . 2005-12-17 01:17 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-07-08 08:27 . 2005-12-17 01:17 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-07-08 08:27 . 2005-12-17 01:17 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-07-08 08:26 . 2005-12-17 08:56 606,208 --a------ C:\WINDOWS\system32\hpotscl.dll
2008-07-08 08:26 . 2005-12-17 08:56 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll
2008-07-08 08:26 . 2005-12-17 08:56 258,122 --a------ C:\WINDOWS\system32\hpovst08.dll
2008-07-08 08:26 . 2005-12-17 01:18 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-07-08 08:25 . 2005-12-17 08:55 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
2008-07-08 08:25 . 2005-12-17 08:55 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
2008-07-08 08:25 . 2005-12-17 08:55 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2008-07-08 08:22 . 2008-07-17 11:11 <DIR> d-------- C:\Temp\HP_WebRelease
2008-07-08 08:22 . 2008-07-08 08:22 <DIR> d-------- C:\Temp
2008-07-08 06:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-06 05:57 . 2008-06-30 11:33 1,169 -r-h----- C:\tsv.vbn
2008-07-05 06:09 . 2008-07-05 06:09 <DIR> d-------- C:\Documents and Settings\XPPRESP3\Application Data\Nokia Multimedia Player
2008-06-30 11:42 . 2007-07-19 13:01 42,496 --a------ C:\WINDOWS\RGCFD1B.EXE
2008-06-30 11:42 . 2007-07-08 22:02 30,720 --a------ C:\WINDOWS\bcgflr.exe
2008-06-30 11:42 . 2007-07-08 21:43 13,312 --a------ C:\WINDOWS\zpitsp.exe
2008-06-30 11:42 . 2007-07-08 21:50 8,192 --a------ C:\WINDOWS\lrrpfgcp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 01:49 210,020 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-26 01:49 15,352,096 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-26 01:49 112,556 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-26 01:49 1,150,752 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-26 01:45 --------- d-----w C:\Program Files\StockAcc2
2008-07-26 01:14 --------- d-----w C:\Program Files\Employ20
2008-07-26 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-26 01:10 --------- d-----w C:\Program Files\Google
2008-07-25 06:49 --------- d-----w C:\Program Files\FlashGet
2008-07-23 22:28 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-23 22:28 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-22 08:14 --------- d-----w C:\Program Files\Nokia
2008-07-22 08:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-07-22 08:13 --------- d-----w C:\Program Files\Common Files\Nokia
2008-07-21 09:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-21 08:15 23,312 ----a-w C:\WINDOWS\system32\_shfoldr.dll
2008-07-19 02:48 --------- d-----w C:\Program Files\Fonefunshop Client
2008-07-17 04:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-15 04:51 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Simply Super Software
2008-07-15 04:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 05:05 --------- d-----w C:\Program Files\Data Doctor Bulk SMS (Evaluation)
2008-07-08 06:08 --------- d-----w C:\Program Files\HP
2008-07-01 03:22 --------- d-----w C:\Program Files\Real
2008-06-24 18:03 --------- d-----w C:\Program Files\برنامج شؤون الموظفين 2.0
2008-06-24 15:56 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-24 15:56 425,984 ------w C:\WINDOWS\Setup1.exe
2008-06-22 14:26 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-06-22 13:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-22 05:25 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\zweitgeist
2008-06-21 18:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-21 07:54 --------- d-----w C:\Program Files\Nimbuzz
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 17:02 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-06-19 07:49 --------- d-----w C:\Program Files\nLite
2008-06-14 14:45 --------- d-----w C:\Program Files\Fone Fun Shop
2008-06-14 06:43 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Gena01
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 08:06 33,920 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-06-10 14:51 --------- d-----w C:\Program Files\MSXML 6.0
2008-06-10 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-06-10 06:06 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\InstallShield
2008-06-08 06:18 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\DMCache
2008-06-08 05:44 3,082 ----a-w C:\WINDOWS\system32\affv11300p2now.sys
2008-06-03 16:28 --------- d-----w C:\Program Files\Samsung
2008-06-02 20:10 --------- d-----w C:\Program Files\Windows Live
2008-06-02 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-31 15:59 --------- d-----w C:\Program Files\Software Installation Information
2008-05-31 15:54 --------- d-----w C:\Program Files\ODEON
2008-05-30 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-29 14:37 94,208 ----a-w C:\WINDOWS\system32\ScrUnZip.dll
2008-05-29 14:35 --------- d-----w C:\Program Files\Athan
2008-05-29 14:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-29 14:32 352,256 ----a-w C:\WINDOWS\system32\IJL15.dll
2008-05-28 18:45 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-28 18:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-28 18:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-26 13:42 --------- d-----w C:\Program Files\BryhtFlashTools
2008-05-19 12:58 540,672 ----a-w C:\Program Files\employee.mdb
2008-05-17 18:23 51,200 ----a-w C:\Program Files\Photo.mdb
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 09:27 392 ----a-w C:\TimeSets.dat
2008-01-29 07:41 56,652 ----a-w C:\Program Files\emprep2e.rp
2008-01-29 07:39 57,029 ----a-w C:\Program Files\emprep2.rp
2007-07-15 17:28 58,795 ----a-w C:\Program Files\emprep.rp
2005-03-11 15:28 20,640 -c--a-w C:\WINDOWS\inf\pxhelp20.sys
2005-02-23 15:01 23,477 ----a-w C:\Program Files\salrep.rp
2005-02-20 16:40 18,152 ----a-w C:\Program Files\SalRep3.rp
2005-02-20 16:11 10,069 ----a-w C:\Program Files\SubRep1.rp
2005-02-20 15:18 10,854 ----a-w C:\Program Files\subrep.rp
2005-02-20 14:59 11,722 ----a-w C:\Program Files\docrep.rp
2005-02-20 14:50 13,789 ----a-w C:\Program Files\vacrep1.rp
2005-02-20 14:25 13,808 ----a-w C:\Program Files\tktrep1.rp
2005-02-20 14:24 14,864 ----a-w C:\Program Files\tktrep.rp
2005-02-20 14:22 2,999 ----a-w C:\Program Files\Statis.rp
2005-02-20 14:21 7,116 ----a-w C:\Program Files\Saltot.rp
2005-02-20 14:21 27,386 ----a-w C:\Program Files\Settle1.rp
2005-02-20 14:20 10,618 ----a-w C:\Program Files\SalSub.rp
2005-02-20 14:19 17,814 ----a-w C:\Program Files\salrep5.rp
2005-02-20 14:11 10,900 ----a-w C:\Program Files\SalLoan.rp
2005-02-20 14:10 10,452 ----a-w C:\Program Files\SalGift.rp
2005-02-20 10:37 21,739 ----a-w C:\Program Files\salemp.rp
2005-02-20 10:36 11,832 ----a-w C:\Program Files\salbank.rp
2005-02-20 10:34 12,546 ----a-w C:\Program Files\SalAlow.rp
2005-02-20 10:32 13,640 ----a-w C:\Program Files\PolicyM.rp
2005-02-20 10:30 13,638 ----a-w C:\Program Files\policy.rp
2005-02-20 10:25 13,343 ----a-w C:\Program Files\emprep1.rp
2005-02-20 10:21 11,776 ----a-w C:\Program Files\docrepe.rp
2005-02-20 10:20 7,959 ----a-w C:\Program Files\docend.rp
2005-02-20 10:20 7,952 ----a-w C:\Program Files\docende.rp
2005-01-30 17:55 14,752 ----a-w C:\Program Files\vacrepe.rp
2005-01-30 17:55 13,788 ----a-w C:\Program Files\vacrep1e.rp
2005-01-30 17:54 14,816 ----a-w C:\Program Files\tktrepe.rp
2005-01-30 17:54 14,749 ----a-w C:\Program Files\vacrep.rp
2005-01-30 17:53 13,568 ----a-w C:\Program Files\tktrep1e.rp
2005-01-30 17:46 9,141 ----a-w C:\Program Files\SubRep1e.rp
2005-01-30 17:44 27,253 ----a-w C:\Program Files\Settle1e.rp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:56 15360]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2005-07-27 22:00 61952]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 09:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 09:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 09:40 118784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 20:29 61440]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 19:40 188416]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 14:02 49152]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"lrrpfgcp"="C:\WINDOWS\lrrpfgcp.exe" [2007-07-08 21:50 8192]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-03-24 15:52 94770]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 21:29 1003520]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 12:36 229376]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-08 11:19 185896]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 11:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:56 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:56 15360]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
gce.exe [2007-07-08 22:02:08 30720]
C:\Documents and Settings\XPPRESP3\Start Menu\Programs\Startup\
gce.exe [2007-07-08 22:02:08 30720]
ZOOM-RED.AVI [2008-04-09 18:26:30 39818240]
ê¨è©ں¢ ïيêï،.txt [2008-06-26 16:05:47 83]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
gce.exe [2007-07-08 22:02:08 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-23 00:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP31"= vp31vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Documents and Settings\\XPPRESP3\\Local Settings\\Temp\\Rar$EX01.688\\©ïêي¢ ںéêي§ïé ںé£ںëï\\winlirc\\winlirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 09:10]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-06-12 11:06]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 R5BaseSmc;USB Token Holder Service;C:\WINDOWS\system32\DRIVERS\smccard.sys [2008-07-21 11:15]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-14 04:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f113de5-590b-11dd-8e27-0011b107a397}]
\Shell\AutoRun\command - K:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9353402-3c21-11dd-8de7-0011b107a397}]
\Shell\AutoRun\command - kinza.exe
\Shell\explore\Command - kinza.exe
\Shell\open\Command - kinza.exe
*Newly Created Service* - HELPSVC
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-pctdf.exe - C:\WINDOWS\pctdf.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O9 -: {DE60714F-AC17-427e-861A-FD60CBDF119A} - [URL]http://click2.ad4all.net/url2/urlmanage/url.asp?id=1[/URL]
O17 -: HKLM\CCS\Interface\{F7168F50-1B1D-4175-92CF-8E096C48F424}: NameServer = 158.43.240.4,212.127.151.29
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL]http://www.gmer.net[/URL]
Rootkit scan 2008-07-26 04:51:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\WINDOWS\zpitsp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-07-26 4:54:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 01:54:46
Pre-Run: 17,166,774,272 bytes free
Post-Run: 17,121,697,792 bytes free
294 --- E O F --- 2008-07-21 09:52:41وهذ تقرير أداة Zyzoom_HijackThis
كود:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:29 AM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Athan\Athan.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\zpitsp.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gce.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
K:\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch_1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [lrrpfgcp] C:\WINDOWS\lrrpfgcp.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: gce.exe
O4 - Startup: ZOOM-RED.AVI
O4 - Startup: مذكرات يومية.txt
O4 - Global Startup: gce.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL]
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7168F50-1B1D-4175-92CF-8E096C48F424}: NameServer = 158.43.240.4,212.127.151.29
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 9296 bytesتحياتي
