- بادئ الموضوع dr kemo
- تاريخ البدء
- 2,058
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
اعمل الأتـي :
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
(2)
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
(2)
حمل أداة الهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
توقيع : Al jNtEeL
تأييد
0
اخي الجنتل هذا تقرير الاداة الاولى
كود:
ComboFix 08-08-09.04 - System32 2008-08-10 13:40:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1592 [GMT 3:00]
Running from: C:\Documents and Settings\System32\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-10 13:13 . 2008-08-10 13:13 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-09 19:03 . 2008-08-09 19:03 <DIR> d-------- C:\Documents and Settings\System32\Application Data\ICQ Toolbar
2008-08-09 18:01 . 2008-08-09 18:01 280 --ah----- C:\sqmdata10.sqm
2008-08-09 18:01 . 2008-08-09 18:01 244 --ah----- C:\sqmnoopt10.sqm
2008-08-09 17:57 . 2008-08-09 17:57 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\ICQ Toolbar
2008-08-09 17:54 . 2008-08-09 19:03 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\ICQ
2008-08-09 17:19 . 2008-08-09 17:19 268 --ah----- C:\sqmdata09.sqm
2008-08-09 17:19 . 2008-08-09 17:19 244 --ah----- C:\sqmnoopt09.sqm
2008-08-09 11:56 . 2008-08-09 11:56 268 --ah----- C:\sqmdata08.sqm
2008-08-09 11:56 . 2008-08-09 11:56 244 --ah----- C:\sqmnoopt08.sqm
2008-08-08 23:02 . 2008-08-09 12:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-08 21:30 . 2008-08-08 21:30 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-08-08 21:28 . 2008-01-25 23:35 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-08-08 21:28 . 2008-01-25 23:35 60,160 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-08-08 21:18 . 2008-08-08 21:18 <DIR> d-------- C:\Program Files\Intel
2008-08-08 18:32 . 2008-01-25 23:35 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-08 18:32 . 2008-01-25 23:35 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-08 18:32 . 2008-08-08 18:32 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-08 18:32 . 2008-08-08 18:32 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-08-08 18:27 . 2008-08-08 18:27 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-08 18:27 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-08 18:27 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-08 18:27 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-08 18:27 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-08 18:27 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-08 18:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-08 18:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-08 18:00 . 2008-08-08 18:00 62 -ra------ C:\WINDOWS\amunres.lsl
2008-08-08 17:54 . 2008-08-08 17:54 96 --a------ C:\WINDOWS\system32\digib.obj
2008-08-08 16:40 . 2008-08-08 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-08 16:11 . 2008-08-08 16:11 <DIR> d-------- C:\Program Files\Reallusion
2008-08-08 16:11 . 2008-08-08 16:11 <DIR> d-------- C:\Program Files\Common Files\Reallusion
2008-08-08 16:11 . 2008-08-08 16:11 76 -r-hs---- C:\WINDOWS\CT4SET.BIN
2008-08-08 00:21 . 2008-08-09 17:54 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Contacts
2008-08-07 18:02 . 2008-08-07 18:02 52 --a------ C:\WINDOWS\wininit.ini
2008-08-07 13:21 . 2008-08-07 13:21 <DIR> d-------- C:\Documents and Settings\System32\Application Data\Grisoft
2008-08-07 13:16 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-07 12:32 . 2008-08-07 12:32 <DIR> d-------- C:\Documents and Settings\System32\Application Data\CyberScrub
2008-08-07 12:31 . 2008-08-07 12:31 <DIR> d-------- C:\Documents and Settings\System32\Application Data\cleaner
2008-08-06 21:24 . 2008-08-06 21:24 268 --ah----- C:\sqmdata07.sqm
2008-08-06 21:24 . 2008-08-06 21:24 244 --ah----- C:\sqmnoopt07.sqm
2008-08-06 17:25 . 2008-08-06 17:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-06 13:23 . 2008-08-06 13:23 268 --ah----- C:\sqmdata06.sqm
2008-08-06 13:23 . 2008-08-06 13:23 244 --ah----- C:\sqmnoopt06.sqm
2008-08-06 13:00 . 2008-08-06 13:00 268 --ah----- C:\sqmdata05.sqm
2008-08-06 13:00 . 2008-08-06 13:00 244 --ah----- C:\sqmnoopt05.sqm
2008-08-06 12:46 . 2008-08-06 12:46 268 --ah----- C:\sqmdata04.sqm
2008-08-06 12:46 . 2008-08-06 12:46 244 --ah----- C:\sqmnoopt04.sqm
2008-08-06 12:18 . 2008-04-23 07:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-06 12:18 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-06 12:18 . 2007-03-08 08:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-06 12:18 . 2008-04-23 07:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-06 12:18 . 2008-04-23 07:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-06 12:18 . 2008-04-23 07:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-06 12:18 . 2008-04-23 07:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-06 12:18 . 2008-04-23 07:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-06 12:18 . 2008-04-22 10:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-06 12:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-06 12:07 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-05 21:42 . 2008-01-26 06:57 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-05 21:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-05 20:46 . 2008-08-05 20:46 <DIR> d-------- C:\Documents and Settings\jojo\Application Data\Grisoft
2008-08-05 20:40 . 2008-08-05 20:40 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\Grisoft
2008-08-05 17:12 . 2008-08-05 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-05 17:10 . 2008-08-05 17:10 <DIR> d-------- C:\Program Files\DIFX
2008-08-05 17:10 . 2008-08-05 17:13 <DIR> d-------- C:\Documents and Settings\System32\Application Data\PC Suite
2008-08-05 17:10 . 2008-08-05 17:12 <DIR> d-------- C:\Documents and Settings\System32\Application Data\Nokia
2008-08-05 17:09 . 2008-08-08 18:27 <DIR> d-------- C:\Program Files\Nokia
2008-08-05 17:09 . 2008-08-08 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-08-05 17:09 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-08-05 16:11 . 2008-08-05 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-05 16:07 . 2008-08-05 16:07 268 --ah----- C:\sqmdata03.sqm
2008-08-05 16:07 . 2008-08-05 16:07 244 --ah----- C:\sqmnoopt03.sqm
2008-08-05 15:57 . 2008-08-05 15:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-05 15:16 . 2008-08-05 15:16 268 --ah----- C:\sqmdata02.sqm
2008-08-05 15:16 . 2008-08-05 15:16 244 --ah----- C:\sqmnoopt02.sqm
2008-08-05 15:07 . 2008-08-05 15:07 <DIR> d-------- C:\Documents and Settings\System32\WINDOWS
2008-08-05 14:45 . 2008-08-05 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-05 14:43 . 2008-08-05 14:43 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-05 14:42 . 2008-08-05 15:03 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-05 14:25 . 2008-08-05 14:25 <DIR> d--hs---- C:\Documents and Settings\System32\UserData
2008-08-05 14:23 . 2008-08-05 14:30 <DIR> d-------- C:\Documents and Settings\System32\Contacts
2008-08-05 14:06 . 2008-08-07 13:22 <DIR> d-------- C:\Documents and Settings\System32\Application Data\IDM
2008-08-05 14:06 . 2008-08-10 13:44 <DIR> d-------- C:\Documents and Settings\System32\Application Data\DMCache
2008-08-05 13:46 . 2008-08-05 13:46 <DIR> d-------- C:\Program Files\Conexant
2008-08-05 13:46 . 2002-07-23 19:20 535,616 -ra------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2008-08-05 13:46 . 2002-07-24 14:25 151,552 -ra------ C:\WINDOWS\system32\CnxHwIo.dll
2008-08-05 13:46 . 2001-10-03 15:12 118,784 -ra------ C:\WINDOWS\system32\CnxMfdCo.dll
2008-08-05 13:46 . 2001-10-03 15:08 118,784 -ra------ C:\WINDOWS\system32\CnxClsCo.dll
2008-08-05 13:46 . 2002-07-24 14:21 108,260 -ra------ C:\WINDOWS\system32\drivers\CnxTgN.sys
2008-08-05 13:46 . 2002-07-23 19:20 57,984 -ra------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2008-08-05 13:45 . 2008-08-05 13:45 <DIR> dr------- C:\temp\dynamode c
2008-08-05 13:45 . 2008-08-05 13:45 <DIR> dra------ C:\temp\Driver
2008-08-05 13:04 . 2003-01-30 06:04 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2008-08-05 13:04 . 2002-01-05 03:40 487,424 --a------ C:\WINDOWS\system32\Msvcp70.dll
2008-08-05 13:04 . 2004-08-18 12:34 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-08-05 13:04 . 2002-01-05 06:37 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2008-08-05 13:04 . 2004-08-06 13:49 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2008-08-05 13:04 . 2004-01-06 10:43 188,416 --a------ C:\WINDOWS\system32\eax.dll
2008-08-05 13:04 . 2004-10-18 14:04 161,280 --a------ C:\WINDOWS\system32\fmod.dll
2008-08-05 13:04 . 2002-02-04 02:43 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-08-05 13:04 . 2002-01-05 03:38 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2008-08-05 13:04 . 2002-02-01 07:00 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2008-08-05 12:40 . 2008-08-05 14:25 <DIR> d-------- C:\Documents and Settings\System32\Application Data\HP
2008-08-05 12:39 . 2008-08-05 12:39 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-05 12:39 . 2008-08-05 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-05 12:37 . 2008-08-05 12:38 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-05 12:37 . 2008-08-05 12:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-05 12:36 . 2005-10-12 05:20 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-08-05 12:36 . 2005-10-21 06:58 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-05 12:36 . 2006-07-03 11:54 38,400 --a------ C:\WINDOWS\system32\hpz3l4sa.dll
2008-08-05 12:36 . 2005-10-21 06:58 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-05 12:27 . 2008-08-05 12:39 <DIR> d-------- C:\Program Files\HP
2008-08-05 10:55 . 2008-08-08 21:33 <DIR> d-------- C:\Documents and Settings\System32
2008-08-05 00:00 . 2008-08-05 00:00 <DIR> d-------- C:\Documents and Settings\jojo\Application Data\ATI
2008-08-05 00:00 . 2008-08-06 01:01 <DIR> d-------- C:\Documents and Settings\jojo
2008-08-04 23:56 . 2008-08-04 23:56 <DIR> dr------- C:\temp\dynamode c50
2008-08-04 23:56 . 2008-08-05 13:45 <DIR> d-------- C:\temp
2008-08-04 23:35 . 2008-08-04 23:35 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\ATI
2008-08-04 23:34 . 2008-08-09 20:31 <DIR> d-------- C:\Documents and Settings\ME$OoOoO
2008-08-04 23:32 . 2008-08-09 23:31 <DIR> d-------- C:\Documents and Settings\ں¥ê§ ي¥êي§ï2
2008-08-04 23:28 . 2008-06-13 14:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-04 23:28 . 2008-06-13 14:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 10:44 483,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-10 10:44 3,780 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-10 10:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-10 10:42 24,804 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-10 10:42 2,634,272 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-07 14:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-06 18:29 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-04 13:08 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-04 11:56 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-04 11:56 --------- d-----w C:\Program Files\Ahead
2008-08-04 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-04 11:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-26 06:57 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-08-05 14:07 2610608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [2006-10-05 20:56 280779]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-26 06:57 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-23 02:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^System32^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\System32\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 12:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
-ra------ 2002-07-24 14:29 397312 C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-08-05 14:07 2610608 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 13:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-ra------ 2006-05-04 11:26 2808832 C:\WINDOWS\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-11-14 12:21 16270848 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-07-21 11:14 86016 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2002-07-23 19:20]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2002-07-23 19:20]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-07-24 14:21]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-FortKnoxPersonalFirewall - C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnoxGUI.exe
MSConfigStartUp-USB Antivirus - C:\Program Files\USB Disk Security\USBGuard.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\System32\Application Data\Mozilla\Firefox\Profiles\jo9sz44t.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.panet.co.il/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 13:44:26
Windows 5.1.2600 Service Pack 3, v.3300 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-08-10 13:46:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 10:46:31
Pre-Run: 61,771,526,144 bytes free
Post-Run: 62,219,956,224 bytes free
254 --- E O F --- 2008-08-04 21:09:49وهذا تقرير الهايجاك
كود:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:13 PM, on 8/10/2008
Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Documents and Settings\System32\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.panet.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217940975968
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBE3869C-98EF-4B37-8CAF-F2FBFDE2433F}: NameServer = 80.179.52.100 80.179.55.100
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5295 bytesتوقيع : dr kemo
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
حدد التالي واحذفه :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
طريقة الحذف
ستظهر لك هذا النافذه : اضغط Yes
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
طريقة الحذف
ستظهر لك هذا النافذه : اضغط Yes
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من الفيروسات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط الاداة
شرح الاستخدام ,,,,,,
ولحفظ التقرير اعمل التالي ,,
بعدهاا ارفع التقرير على هذا الموقع ,, وارفق الرابط بردك القادم
2
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
بنتظار تقرير أداة المكافـي
واتبع الشرح التالي ,, لتنظيف جهازك من الفيروسات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
ولحفظ التقرير اعمل التالي ,,
بعدهاا ارفع التقرير على هذا الموقع ,, وارفق الرابط بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
2
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
بنتظار تقرير أداة المكافـي
توقيع : Al jNtEeL
تأييد
0
هذا تقرير الاداة يا غالي
كود:
08/08/29 02:15:25 م Engine version =5200.2160
08/08/29 02:15:25 م AntiVirus DAT version =5242.0000
08/08/29 02:15:25 م Number of detection signatures in EXTRA.DAT =None
08/08/29 02:15:25 م Names of detection signatures in EXTRA.DAT =None
08/08/29 02:15:18 م Scan Started ARAB-19B65E2939\System32 On-Demand Scan
08/08/29 02:16:31 م Deleted System32 c:\documents and settings\me$ooooo\s\me$ooooo@atdmt[1].txt\00000000.ie -Atdmt(Potentially Unwanted Program)
08/08/29 02:16:35 م Deleted System32 c:\documents and settings\me$ooooo\s\me$ooooo@doubleclick[1].txt\00000000.ie -Doubleclick(Potentially Unwanted Program)
08/08/29 02:16:55 م Deleted System32 c:\documents and settings\احمد وحمودي2\s\احمد_وحمودي2@specificclick[2].txt\00000000.ie -SpecClick(Potentially Unwanted Program)
08/08/29 02:16:55 م Deleted System32 c:\documents and settings\احمد وحمودي2\s\احمد_وحمودي2@specificclick[2].txt\00000000.ie -SpecClick(Potentially Unwanted Program)
08/08/29 02:16:55 م Deleted System32 c:\documents and settings\احمد وحمودي2\s\احمد_وحمودي2@specificclick[2].txt\00000000.ie -SpecClick(Potentially Unwanted Program)
08/08/29 02:16:55 م Deleted System32 c:\documents and settings\احمد وحمودي2\s\احمد_وحمودي2@specificclick[2].txt\00000000.ie -SpecClick(Potentially Unwanted Program)
08/08/29 02:16:55 م Deleted System32 c:\documents and settings\احمد وحمودي2\s\احمد_وحمودي2@specificclick[2].txt\00000000.ie -SpecClick(Potentially Unwanted Program)
08/08/29 02:16:55 م Deleted System32 c:\documents and settings\احمد وحمودي2\s\احمد_وحمودي2@specificclick[2].txt\00000000.ie -SpecClick(Potentially Unwanted Program)
08/08/29 02:22:45 م Not scanned (The file is encrypted) System32 c:\Documents and Settings\System32\Application Data\IDM\DwnlData\System32\490.3D.Icons.Pack.sh_5\490.3D.Icons.Pack.sh.rar\OPENOFFICE DRAW 3D.ICO
08/08/29 02:22:48 م Not scanned (The file is encrypted) System32 c:\Documents and Settings\System32\Application Data\IDM\DwnlData\System32\asphalt_109\asphalt.rar\ASPHALT3.N-GAGE
08/08/29 02:22:48 م Not scanned (The file is encrypted) System32 c:\Documents and Settings\System32\Application Data\IDM\DwnlData\System32\AVG.Anti-Virus.Pro.Edition.v7_46\AVG.Anti-Virus.Pro.Edition.v7\AVG75F_503A1205.EXE
08/08/29 02:22:49 م Not scanned (The file is encrypted) System32 c:\Documents and Settings\System32\Application Data\IDM\DwnlData\System32\AVG_Antispyware_7_52\AVG_Antispyware_7.5___Crack___\AVG ANTISPYWARE 7.5.0.47.EXE
08/08/29 02:25:03 م Deleted System32 C:\DOCUMENTS AND SETTINGS\SYSTEM32\DESKTOP\TEMP + PRO\ABO YAZANA.RAR Generic PWS.b(Trojan)
08/08/29 02:27:03 م Deleted (Clean failed) System32 c:\Documents and Settings\System32\Desktop\TEMP + PRO\ABO YAZANA.rar\SETUP.EXE Generic PWS.b(Trojan)
08/08/29 02:27:07 م Not scanned (The file is encrypted) System32 c:\Documents and Settings\System32\Desktop\TEMP + PRO\zyzoom_libraryfiles.rar\ZYZOOM_LIBRARYFILES.EXE\CLICK1.OGG
08/08/29 02:37:17 م Deleted (Clean failed) System32 c:\System Volume Information\_restore{6713729F-C531-426A-BEB9-7BB936F5D862}\RP33\A0003564.exe Demo-LeakTest(Potentially Unwanted Program)
08/08/29 02:37:17 م Deleted System32 C:\SYSTEM VOLUME INFORMATION\_RESTORE{6713729F-C531-426A-BEB9-7BB936F5D862}\RP33\A0003565.EXE Demo-LeakTest(Potentially Unwanted Program)
08/08/29 02:37:17 م Deleted System32 c:\System Volume Information\_restore{6713729F-C531-426A-BEB9-7BB936F5D862}\RP33\A0003565.exe Demo-LeakTest(Potentially Unwanted Program)
08/08/29 02:37:19 م Deleted (Clean failed because the detection isn't cleanable) System32 c:\System Volume Information\_restore{6713729F-C531-426A-BEB9-7BB936F5D862}\RP33\A0003568.exe Outbound(Potentially Unwanted Program)
08/08/29 02:39:02 م Not scanned (The file is encrypted) System32 c:\System Volume Information\_restore{6713729F-C531-426A-BEB9-7BB936F5D862}\RP50\A0011358.exe\BADCLSID
08/08/29 02:39:09 م Deleted System32 C:\SYSTEM VOLUME INFORMATION\_RESTORE{6713729F-C531-426A-BEB9-7BB936F5D862}\RP51\A0012374.EXE RemAdm-ProcLaunch!171(Remote Admin Tool)
08/08/29 02:40:22 م Deleted (Clean failed) System32 c:\System Volume Information\_restore{6713729F-C531-426A-BEB9-7BB936F5D862}\RP51\A0012374.exe\PSEXEC.CFEXE RemAdm-ProcLaunch!171(Remote Admin Tool)
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Scan Summary
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Processes scanned : 27
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Processes detected : 0
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Processes cleaned : 0
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Boot sectors scanned : 2
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Boot sectors detected: 0
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Boot sectors cleaned : 0
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Files scanned : 52379
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Files with detections: 5
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 File detections : 8
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Files cleaned : 0
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Files deleted : 5
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Files not scanned : 38
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Scan Summary (Registry Scanning)
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Keys scanned : 28290
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Keys detected : 0
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Keys cleaned : 0
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Keys deleted : 0
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Scan Summary ( Scanning)
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 s scanned : 1300
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 s detected : 8
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 s cleaned : 0
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 s deleted : 8
08/08/29 02:49:27 م Scan Summary ARAB-19B65E2939\System32 Run time : 0:34:09
08/08/29 02:49:27 م Scan Complete ARAB-19B65E2939\System32 On-Demand Scanتوقيع : dr kemo
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
بارك الله فيـك أخـي الحبيب تم حذف فايروسات كثيـرة
بالنسبة لأداة التنظيـف استخدم هذه
بعديـن عطني تقرير هايجاك جديد بعد تطبيق كل الخطوات
بالنسبة لأداة التنظيـف استخدم هذه
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعديـن عطني تقرير هايجاك جديد بعد تطبيق كل الخطوات
توقيع : Al jNtEeL
تأييد
0
تم تطبيق جميع الخطوات
وهذا تقرير الهايجاك
وهذا تقرير الهايجاك
كود:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:46 PM, on 8/10/2008
Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\System32\Desktop\IE7-WindowsXP-x86-enu.exe
d:\e9360a87e9a1e52814a9\update\iesetup.exe
C:\Program Files\Internet Download Manager\IDMan.exe
d:\e9360a87e9a1e52814a9\update\nlsdl.exe
d:\2c8399bb88f9bd093d83a16cdf\update\update.exe
C:\Documents and Settings\System32\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\System32\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\System32\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217940975968
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBE3869C-98EF-4B37-8CAF-F2FBFDE2433F}: NameServer = 80.179.52.100 80.179.55.100
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5568 bytesتوقيع : dr kemo
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
لا تعـب ولا شيء هذا حـق وواجب
وتسلم حبيب قلبي كلك ذووق والله
تقريرك فل على فل مشاء الله ... بـشر التوروجان موجود ولا لا ؟
وياليـت تركب الكاسبر آخر من هنا
والشرح
بنتظار ردك ..
وتسلم حبيب قلبي كلك ذووق والله
تقريرك فل على فل مشاء الله ... بـشر التوروجان موجود ولا لا ؟
وياليـت تركب الكاسبر آخر من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
والشرح
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بنتظار ردك ..
توقيع : Al jNtEeL
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
عطل نقطة استعادة النظام
وبعد اذنك اعمل التاي مرة اخرى :
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
(2)
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
وبعد اذنك اعمل التاي مرة اخرى :
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
(2)
حمل أداة الهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
توقيع : Al jNtEeL
تأييد
0
يا غالي التروجان لا زال موجودا!!!
الكاسبير لا يكتشفه فقط الavg
ومشكلة الmsconfig لا زالت شغالة!!! للاسف
وهناك ملفات dll محذوفة
:er:
الكاسبير لا يكتشفه فقط الavg
ومشكلة الmsconfig لا زالت شغالة!!! للاسف
وهناك ملفات dll محذوفة
:er:
تقرير الاداة
كود:
ComboFix 08-08-09.06 - System32 2008-08-10 15:51:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1583 [GMT 3:00]
Running from: C:\Documents and Settings\System32\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-10 14:16 . 2008-08-10 14:39 <DIR> d-------- C:\QUARANTINE
2008-08-10 14:15 . 2008-08-10 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-10 13:46 . 2008-08-10 13:46 <DIR> d-------- C:\Documents and Settings\احمد وحمودي2
2008-08-10 13:46 . <DIR> C:\Documents and Settings\??ع? µ?عµ?و2\Local Settings
2008-08-10 13:46 . <DIR> C:\Documents and Settings\??ع? µ?عµ?و2\Local Settings
2008-08-10 13:13 . 2008-08-10 13:13 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-09 19:03 . 2008-08-09 19:03 <DIR> d-------- C:\Documents and Settings\System32\Application Data\ICQ Toolbar
2008-08-09 18:01 . 2008-08-09 18:01 280 --ah----- C:\sqmdata10.sqm
2008-08-09 18:01 . 2008-08-09 18:01 244 --ah----- C:\sqmnoopt10.sqm
2008-08-09 17:57 . 2008-08-09 17:57 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\ICQ Toolbar
2008-08-09 17:54 . 2008-08-09 19:03 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\ICQ
2008-08-09 17:19 . 2008-08-09 17:19 268 --ah----- C:\sqmdata09.sqm
2008-08-09 17:19 . 2008-08-09 17:19 244 --ah----- C:\sqmnoopt09.sqm
2008-08-09 11:56 . 2008-08-09 11:56 268 --ah----- C:\sqmdata08.sqm
2008-08-09 11:56 . 2008-08-09 11:56 244 --ah----- C:\sqmnoopt08.sqm
2008-08-08 23:02 . 2008-08-09 12:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-08 21:30 . 2008-08-08 21:30 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-08-08 21:28 . 2008-01-25 23:35 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-08-08 21:28 . 2008-01-25 23:35 60,160 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-08-08 21:18 . 2008-08-08 21:18 <DIR> d-------- C:\Program Files\Intel
2008-08-08 18:32 . 2008-01-25 23:35 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-08 18:32 . 2008-01-25 23:35 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-08 18:32 . 2008-08-08 18:32 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-08 18:32 . 2008-08-08 18:32 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-08-08 18:27 . 2008-08-08 18:27 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-08 18:27 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-08 18:27 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-08 18:27 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-08 18:27 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-08 18:27 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-08 18:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-08 18:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-08 18:00 . 2008-08-08 18:00 62 -ra------ C:\WINDOWS\amunres.lsl
2008-08-08 17:54 . 2008-08-08 17:54 96 --a------ C:\WINDOWS\system32\digib.obj
2008-08-08 16:40 . 2008-08-08 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-08 16:11 . 2008-08-08 16:11 <DIR> d-------- C:\Program Files\Reallusion
2008-08-08 16:11 . 2008-08-08 16:11 <DIR> d-------- C:\Program Files\Common Files\Reallusion
2008-08-08 16:11 . 2008-08-08 16:11 76 -r-hs---- C:\WINDOWS\CT4SET.BIN
2008-08-08 00:21 . 2008-08-09 17:54 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Contacts
2008-08-07 18:02 . 2008-08-07 18:02 52 --a------ C:\WINDOWS\wininit.ini
2008-08-07 13:21 . 2008-08-07 13:21 <DIR> d-------- C:\Documents and Settings\System32\Application Data\Grisoft
2008-08-07 13:16 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-07 12:32 . 2008-08-07 12:32 <DIR> d-------- C:\Documents and Settings\System32\Application Data\CyberScrub
2008-08-07 12:31 . 2008-08-10 14:58 <DIR> d-------- C:\Documents and Settings\System32\Application Data\cleaner
2008-08-06 21:24 . 2008-08-06 21:24 268 --ah----- C:\sqmdata07.sqm
2008-08-06 21:24 . 2008-08-06 21:24 244 --ah----- C:\sqmnoopt07.sqm
2008-08-06 17:25 . 2008-08-06 17:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-06 13:23 . 2008-08-06 13:23 268 --ah----- C:\sqmdata06.sqm
2008-08-06 13:23 . 2008-08-06 13:23 244 --ah----- C:\sqmnoopt06.sqm
2008-08-06 13:00 . 2008-08-06 13:00 268 --ah----- C:\sqmdata05.sqm
2008-08-06 13:00 . 2008-08-06 13:00 244 --ah----- C:\sqmnoopt05.sqm
2008-08-06 12:46 . 2008-08-06 12:46 268 --ah----- C:\sqmdata04.sqm
2008-08-06 12:46 . 2008-08-06 12:46 244 --ah----- C:\sqmnoopt04.sqm
2008-08-06 12:18 . 2008-04-23 07:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-06 12:18 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-06 12:18 . 2007-03-08 08:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-06 12:18 . 2008-04-23 07:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-06 12:18 . 2008-04-23 07:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-06 12:18 . 2008-04-23 07:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-06 12:18 . 2008-04-23 07:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-06 12:18 . 2008-04-23 07:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-06 12:18 . 2008-04-22 10:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-06 12:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-06 12:07 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-05 21:42 . 2008-01-26 06:57 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-05 21:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-05 20:46 . 2008-08-05 20:46 <DIR> d-------- C:\Documents and Settings\jojo\Application Data\Grisoft
2008-08-05 20:40 . 2008-08-05 20:40 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\Grisoft
2008-08-05 17:12 . 2008-08-05 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-05 17:10 . 2008-08-05 17:10 <DIR> d-------- C:\Program Files\DIFX
2008-08-05 17:10 . 2008-08-05 17:13 <DIR> d-------- C:\Documents and Settings\System32\Application Data\PC Suite
2008-08-05 17:10 . 2008-08-05 17:12 <DIR> d-------- C:\Documents and Settings\System32\Application Data\Nokia
2008-08-05 17:09 . 2008-08-08 18:27 <DIR> d-------- C:\Program Files\Nokia
2008-08-05 17:09 . 2008-08-08 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-08-05 17:09 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-08-05 16:11 . 2008-08-05 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-05 16:07 . 2008-08-05 16:07 268 --ah----- C:\sqmdata03.sqm
2008-08-05 16:07 . 2008-08-05 16:07 244 --ah----- C:\sqmnoopt03.sqm
2008-08-05 15:57 . 2008-08-05 15:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-05 15:16 . 2008-08-05 15:16 268 --ah----- C:\sqmdata02.sqm
2008-08-05 15:16 . 2008-08-05 15:16 244 --ah----- C:\sqmnoopt02.sqm
2008-08-05 15:07 . 2008-08-05 15:07 <DIR> d-------- C:\Documents and Settings\System32\WINDOWS
2008-08-05 14:45 . 2008-08-05 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-05 14:43 . 2008-08-05 14:43 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-05 14:42 . 2008-08-05 15:03 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-05 14:25 . 2008-08-05 14:25 <DIR> d--hs---- C:\Documents and Settings\System32\UserData
2008-08-05 14:23 . 2008-08-05 14:30 <DIR> d-------- C:\Documents and Settings\System32\Contacts
2008-08-05 14:06 . 2008-08-07 13:22 <DIR> d-------- C:\Documents and Settings\System32\Application Data\IDM
2008-08-05 14:06 . 2008-08-10 15:56 <DIR> d-------- C:\Documents and Settings\System32\Application Data\DMCache
2008-08-05 13:46 . 2008-08-05 13:46 <DIR> d-------- C:\Program Files\Conexant
2008-08-05 13:46 . 2002-07-23 19:20 535,616 -ra------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2008-08-05 13:46 . 2002-07-24 14:25 151,552 -ra------ C:\WINDOWS\system32\CnxHwIo.dll
2008-08-05 13:46 . 2001-10-03 15:12 118,784 -ra------ C:\WINDOWS\system32\CnxMfdCo.dll
2008-08-05 13:46 . 2001-10-03 15:08 118,784 -ra------ C:\WINDOWS\system32\CnxClsCo.dll
2008-08-05 13:46 . 2002-07-24 14:21 108,260 -ra------ C:\WINDOWS\system32\drivers\CnxTgN.sys
2008-08-05 13:46 . 2002-07-23 19:20 57,984 -ra------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2008-08-05 13:45 . 2008-08-05 13:45 <DIR> dr------- C:\temp\dynamode c
2008-08-05 13:45 . 2008-08-05 13:45 <DIR> dra------ C:\temp\Driver
2008-08-05 13:04 . 2003-01-30 06:04 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2008-08-05 13:04 . 2002-01-05 03:40 487,424 --a------ C:\WINDOWS\system32\Msvcp70.dll
2008-08-05 13:04 . 2004-08-18 12:34 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-08-05 13:04 . 2002-01-05 06:37 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2008-08-05 13:04 . 2004-08-06 13:49 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2008-08-05 13:04 . 2004-01-06 10:43 188,416 --a------ C:\WINDOWS\system32\eax.dll
2008-08-05 13:04 . 2004-10-18 14:04 161,280 --a------ C:\WINDOWS\system32\fmod.dll
2008-08-05 13:04 . 2002-02-04 02:43 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-08-05 13:04 . 2002-01-05 03:38 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2008-08-05 13:04 . 2002-02-01 07:00 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2008-08-05 12:40 . 2008-08-05 14:25 <DIR> d-------- C:\Documents and Settings\System32\Application Data\HP
2008-08-05 12:39 . 2008-08-05 12:39 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-05 12:39 . 2008-08-05 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-05 12:37 . 2008-08-05 12:38 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-05 12:37 . 2008-08-05 12:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-05 12:36 . 2005-10-12 05:20 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-08-05 12:36 . 2005-10-21 06:58 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-05 12:36 . 2006-07-03 11:54 38,400 --a------ C:\WINDOWS\system32\hpz3l4sa.dll
2008-08-05 12:36 . 2005-10-21 06:58 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-05 12:27 . 2008-08-05 12:39 <DIR> d-------- C:\Program Files\HP
2008-08-05 10:55 . 2008-08-10 15:43 <DIR> d-------- C:\Documents and Settings\System32
2008-08-05 00:00 . 2008-08-05 00:00 <DIR> d-------- C:\Documents and Settings\jojo\Application Data\ATI
2008-08-05 00:00 . 2008-08-06 01:01 <DIR> d-------- C:\Documents and Settings\jojo
2008-08-04 23:56 . 2008-08-04 23:56 <DIR> dr------- C:\temp\dynamode c50
2008-08-04 23:56 . 2008-08-05 13:45 <DIR> d-------- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-10 12:53 483,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-10 12:53 3,780 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-10 12:53 24,832 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-10 12:53 2,637,856 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-10 12:50 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-07 14:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-04 13:08 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-04 11:56 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-04 11:56 --------- d-----w C:\Program Files\Ahead
2008-08-04 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-04 11:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((( snapshot@2008-08-10_13.46.17.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-03-31 05:00:00 61,440 ----a-w C:\WINDOWS\system32\ADLOC.dll
+ 2004-03-31 05:00:00 45,056 ----a-w C:\WINDOWS\system32\APLOC.dll
+ 2002-07-17 06:54:22 36,864 ----a-w C:\WINDOWS\system32\ascbalo3N.dll
+ 2003-09-23 05:00:00 36,864 ----a-w C:\WINDOWS\system32\ascbalon.dll
+ 2003-10-23 05:00:00 27,824 ----a-w C:\WINDOWS\system32\ascIP95.DLL
+ 2003-10-23 05:00:00 27,408 ----a-w C:\WINDOWS\system32\ascIPNT.DLL
+ 2003-10-23 05:00:00 352,256 ----a-w C:\WINDOWS\system32\ASLOC.dll
+ 2002-12-05 17:55:43 569,616 ----a-w C:\WINDOWS\system32\COMCTL3N.DLL
- 2008-08-10 10:02:54 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
+ 2008-08-10 12:20:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
- 2008-08-10 10:02:54 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-10 12:20:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-10 12:20:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-04-22 07:40:18 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-04-16 11:23:44 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-07-21 15:34:36 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
- 2008-08-04 13:08:46 187,920 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-07-18 14:39:18 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2008-03-25 17:07:10 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-04-30 15:06:48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
- 2008-04-25 15:21:06 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-07-29 17:20:00 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
- 2008-04-25 15:22:24 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
+ 2008-07-29 17:21:42 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
+ 2002-12-05 17:57:30 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMN.DLL
- 2000-05-23 19:45:58 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2003-09-23 05:00:00 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
- 1998-08-09 08:07:34 94,208 ----a-w C:\WINDOWS\system32\MSSTKPRP.DLL
+ 2003-09-23 05:00:00 94,208 ----a-w C:\WINDOWS\system32\Msstkprp.dll
+ 2002-12-05 17:58:05 1,388,544 ----a-w C:\WINDOWS\system32\MSVBVM6N.DLL
+ 2003-09-23 05:00:00 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
+ 2002-12-05 17:58:17 614,672 ----a-w C:\WINDOWS\system32\OLEAUT3N.DLL
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-26 06:57 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-08-05 14:07 2610608]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="C:\Documents and Settings\System32\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 14:19 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [2007-11-03 04:50 6731312]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-26 06:57 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-23 02:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^System32^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\System32\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 12:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
-ra------ 2002-07-24 14:29 397312 C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-08-05 14:07 2610608 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 13:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-ra------ 2006-05-04 11:26 2808832 C:\WINDOWS\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-11-14 12:21 16270848 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-07-21 11:14 86016 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2002-07-23 19:20]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2002-07-23 19:20]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-07-24 14:21]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\System32\Application Data\Mozilla\Firefox\Profiles\jo9sz44t.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.panet.co.il/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 15:55:41
Windows 5.1.2600 Service Pack 3, v.3300 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-08-10 15:58:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 12:57:59
ComboFix2.txt 2008-08-10 10:46:34
Pre-Run: 63,966,863,360 bytes free
Post-Run: 63,957,950,464 bytes free
291 --- E O F --- 2008-08-04 21:09:49تقرير الهايجاك
كود:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:17 PM, on 8/10/2008
Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\System32\Desktop\HiJackThis.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\System32\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\System32\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217940975968
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBE3869C-98EF-4B37-8CAF-F2FBFDE2433F}: NameServer = 80.179.52.100 80.179.55.100
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5310 bytesتوقيع : dr kemo
تأييد
0
يا غالي التروجان لا زال موجودا!!!
الكاسبير لا يكتشفه فقط الavg
ومشكلة الmsconfig لا زالت شغالة!!! للاسف
وهناك ملفات dll محذوفة
:er:
الكاسبير لا يكتشفه فقط الavg
ومشكلة الmsconfig لا زالت شغالة!!! للاسف
وهناك ملفات dll محذوفة
:er:
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
كود:
ComboFix 08-08-09.06 - System32 2008-08-10 15:51:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1583 [GMT 3:00]
Running from: C:\Documents and Settings\System32\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-10 14:16 . 2008-08-10 14:39 <DIR> d-------- C:\QUARANTINE
2008-08-10 14:15 . 2008-08-10 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-10 13:46 . 2008-08-10 13:46 <DIR> d-------- C:\Documents and Settings\احمد وحمودي2
2008-08-10 13:46 . <DIR> C:\Documents and Settings\??ع? µ?عµ?و2\Local Settings
2008-08-10 13:46 . <DIR> C:\Documents and Settings\??ع? µ?عµ?و2\Local Settings
2008-08-10 13:13 . 2008-08-10 13:13 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-09 19:03 . 2008-08-09 19:03 <DIR> d-------- C:\Documents and Settings\System32\Application Data\ICQ Toolbar
2008-08-09 18:01 . 2008-08-09 18:01 280 --ah----- C:\sqmdata10.sqm
2008-08-09 18:01 . 2008-08-09 18:01 244 --ah----- C:\sqmnoopt10.sqm
2008-08-09 17:57 . 2008-08-09 17:57 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\ICQ Toolbar
2008-08-09 17:54 . 2008-08-09 19:03 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\ICQ
2008-08-09 17:19 . 2008-08-09 17:19 268 --ah----- C:\sqmdata09.sqm
2008-08-09 17:19 . 2008-08-09 17:19 244 --ah----- C:\sqmnoopt09.sqm
2008-08-09 11:56 . 2008-08-09 11:56 268 --ah----- C:\sqmdata08.sqm
2008-08-09 11:56 . 2008-08-09 11:56 244 --ah----- C:\sqmnoopt08.sqm
2008-08-08 23:02 . 2008-08-09 12:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-08 21:30 . 2008-08-08 21:30 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-08-08 21:28 . 2008-01-25 23:35 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-08-08 21:28 . 2008-01-25 23:35 60,160 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-08-08 21:18 . 2008-08-08 21:18 <DIR> d-------- C:\Program Files\Intel
2008-08-08 18:32 . 2008-01-25 23:35 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-08 18:32 . 2008-01-25 23:35 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-08-08 18:32 . 2008-08-08 18:32 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-08 18:32 . 2008-08-08 18:32 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-08-08 18:27 . 2008-08-08 18:27 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-08 18:27 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-08 18:27 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-08 18:27 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-08 18:27 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-08 18:27 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-08 18:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-08 18:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-08 18:00 . 2008-08-08 18:00 62 -ra------ C:\WINDOWS\amunres.lsl
2008-08-08 17:54 . 2008-08-08 17:54 96 --a------ C:\WINDOWS\system32\digib.obj
2008-08-08 16:40 . 2008-08-08 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-08 16:11 . 2008-08-08 16:11 <DIR> d-------- C:\Program Files\Reallusion
2008-08-08 16:11 . 2008-08-08 16:11 <DIR> d-------- C:\Program Files\Common Files\Reallusion
2008-08-08 16:11 . 2008-08-08 16:11 76 -r-hs---- C:\WINDOWS\CT4SET.BIN
2008-08-08 00:21 . 2008-08-09 17:54 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Contacts
2008-08-07 18:02 . 2008-08-07 18:02 52 --a------ C:\WINDOWS\wininit.ini
2008-08-07 13:21 . 2008-08-07 13:21 <DIR> d-------- C:\Documents and Settings\System32\Application Data\Grisoft
2008-08-07 13:16 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-07 12:32 . 2008-08-07 12:32 <DIR> d-------- C:\Documents and Settings\System32\Application Data\CyberScrub
2008-08-07 12:31 . 2008-08-10 14:58 <DIR> d-------- C:\Documents and Settings\System32\Application Data\cleaner
2008-08-06 21:24 . 2008-08-06 21:24 268 --ah----- C:\sqmdata07.sqm
2008-08-06 21:24 . 2008-08-06 21:24 244 --ah----- C:\sqmnoopt07.sqm
2008-08-06 17:25 . 2008-08-06 17:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-08-06 13:23 . 2008-08-06 13:23 268 --ah----- C:\sqmdata06.sqm
2008-08-06 13:23 . 2008-08-06 13:23 244 --ah----- C:\sqmnoopt06.sqm
2008-08-06 13:00 . 2008-08-06 13:00 268 --ah----- C:\sqmdata05.sqm
2008-08-06 13:00 . 2008-08-06 13:00 244 --ah----- C:\sqmnoopt05.sqm
2008-08-06 12:46 . 2008-08-06 12:46 268 --ah----- C:\sqmdata04.sqm
2008-08-06 12:46 . 2008-08-06 12:46 244 --ah----- C:\sqmnoopt04.sqm
2008-08-06 12:18 . 2008-04-23 07:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-06 12:18 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-06 12:18 . 2007-03-08 08:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-06 12:18 . 2008-04-23 07:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-06 12:18 . 2008-04-23 07:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-06 12:18 . 2008-04-23 07:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-06 12:18 . 2008-04-23 07:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-06 12:18 . 2008-04-23 07:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-06 12:18 . 2008-04-22 10:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-06 12:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-06 12:07 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-05 21:42 . 2008-01-26 06:57 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-05 21:42 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-05 20:46 . 2008-08-05 20:46 <DIR> d-------- C:\Documents and Settings\jojo\Application Data\Grisoft
2008-08-05 20:40 . 2008-08-05 20:40 <DIR> d-------- C:\Documents and Settings\ME$OoOoO\Application Data\Grisoft
2008-08-05 17:12 . 2008-08-05 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-05 17:10 . 2008-08-05 17:10 <DIR> d-------- C:\Program Files\DIFX
2008-08-05 17:10 . 2008-08-05 17:13 <DIR> d-------- C:\Documents and Settings\System32\Application Data\PC Suite
2008-08-05 17:10 . 2008-08-05 17:12 <DIR> d-------- C:\Documents and Settings\System32\Application Data\Nokia
2008-08-05 17:09 . 2008-08-08 18:27 <DIR> d-------- C:\Program Files\Nokia
2008-08-05 17:09 . 2008-08-08 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-08-05 17:09 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-08-05 16:11 . 2008-08-05 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-05 16:07 . 2008-08-05 16:07 268 --ah----- C:\sqmdata03.sqm
2008-08-05 16:07 . 2008-08-05 16:07 244 --ah----- C:\sqmnoopt03.sqm
2008-08-05 15:57 . 2008-08-05 15:57 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-05 15:16 . 2008-08-05 15:16 268 --ah----- C:\sqmdata02.sqm
2008-08-05 15:16 . 2008-08-05 15:16 244 --ah----- C:\sqmnoopt02.sqm
2008-08-05 15:07 . 2008-08-05 15:07 <DIR> d-------- C:\Documents and Settings\System32\WINDOWS
2008-08-05 14:45 . 2008-08-05 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-05 14:43 . 2008-08-05 14:43 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-08-05 14:42 . 2008-08-05 15:03 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-05 14:25 . 2008-08-05 14:25 <DIR> d--hs---- C:\Documents and Settings\System32\UserData
2008-08-05 14:23 . 2008-08-05 14:30 <DIR> d-------- C:\Documents and Settings\System32\Contacts
2008-08-05 14:06 . 2008-08-07 13:22 <DIR> d-------- C:\Documents and Settings\System32\Application Data\IDM
2008-08-05 14:06 . 2008-08-10 15:56 <DIR> d-------- C:\Documents and Settings\System32\Application Data\DMCache
2008-08-05 13:46 . 2008-08-05 13:46 <DIR> d-------- C:\Program Files\Conexant
2008-08-05 13:46 . 2002-07-23 19:20 535,616 -ra------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2008-08-05 13:46 . 2002-07-24 14:25 151,552 -ra------ C:\WINDOWS\system32\CnxHwIo.dll
2008-08-05 13:46 . 2001-10-03 15:12 118,784 -ra------ C:\WINDOWS\system32\CnxMfdCo.dll
2008-08-05 13:46 . 2001-10-03 15:08 118,784 -ra------ C:\WINDOWS\system32\CnxClsCo.dll
2008-08-05 13:46 . 2002-07-24 14:21 108,260 -ra------ C:\WINDOWS\system32\drivers\CnxTgN.sys
2008-08-05 13:46 . 2002-07-23 19:20 57,984 -ra------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2008-08-05 13:45 . 2008-08-05 13:45 <DIR> dr------- C:\temp\dynamode c
2008-08-05 13:45 . 2008-08-05 13:45 <DIR> dra------ C:\temp\Driver
2008-08-05 13:04 . 2003-01-30 06:04 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2008-08-05 13:04 . 2002-01-05 03:40 487,424 --a------ C:\WINDOWS\system32\Msvcp70.dll
2008-08-05 13:04 . 2004-08-18 12:34 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-08-05 13:04 . 2002-01-05 06:37 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2008-08-05 13:04 . 2004-08-06 13:49 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2008-08-05 13:04 . 2004-01-06 10:43 188,416 --a------ C:\WINDOWS\system32\eax.dll
2008-08-05 13:04 . 2004-10-18 14:04 161,280 --a------ C:\WINDOWS\system32\fmod.dll
2008-08-05 13:04 . 2002-02-04 02:43 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-08-05 13:04 . 2002-01-05 03:38 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2008-08-05 13:04 . 2002-02-01 07:00 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2008-08-05 12:40 . 2008-08-05 14:25 <DIR> d-------- C:\Documents and Settings\System32\Application Data\HP
2008-08-05 12:39 . 2008-08-05 12:39 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-05 12:39 . 2008-08-05 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-05 12:37 . 2008-08-05 12:38 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-05 12:37 . 2008-08-05 12:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-05 12:36 . 2005-10-12 05:20 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-08-05 12:36 . 2005-10-21 06:58 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-05 12:36 . 2006-07-03 11:54 38,400 --a------ C:\WINDOWS\system32\hpz3l4sa.dll
2008-08-05 12:36 . 2005-10-21 06:58 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-05 12:27 . 2008-08-05 12:39 <DIR> d-------- C:\Program Files\HP
2008-08-05 10:55 . 2008-08-10 15:43 <DIR> d-------- C:\Documents and Settings\System32
2008-08-05 00:00 . 2008-08-05 00:00 <DIR> d-------- C:\Documents and Settings\jojo\Application Data\ATI
2008-08-05 00:00 . 2008-08-06 01:01 <DIR> d-------- C:\Documents and Settings\jojo
2008-08-04 23:56 . 2008-08-04 23:56 <DIR> dr------- C:\temp\dynamode c50
2008-08-04 23:56 . 2008-08-05 13:45 <DIR> d-------- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-10 12:53 483,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-10 12:53 3,780 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-10 12:53 24,832 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-10 12:53 2,637,856 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-10 12:50 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-07 14:56 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-04 13:08 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-04 11:56 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-04 11:56 --------- d-----w C:\Program Files\Ahead
2008-08-04 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-04 11:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((( snapshot@2008-08-10_13.46.17.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-03-31 05:00:00 61,440 ----a-w C:\WINDOWS\system32\ADLOC.dll
+ 2004-03-31 05:00:00 45,056 ----a-w C:\WINDOWS\system32\APLOC.dll
+ 2002-07-17 06:54:22 36,864 ----a-w C:\WINDOWS\system32\ascbalo3N.dll
+ 2003-09-23 05:00:00 36,864 ----a-w C:\WINDOWS\system32\ascbalon.dll
+ 2003-10-23 05:00:00 27,824 ----a-w C:\WINDOWS\system32\ascIP95.DLL
+ 2003-10-23 05:00:00 27,408 ----a-w C:\WINDOWS\system32\ascIPNT.DLL
+ 2003-10-23 05:00:00 352,256 ----a-w C:\WINDOWS\system32\ASLOC.dll
+ 2002-12-05 17:55:43 569,616 ----a-w C:\WINDOWS\system32\COMCTL3N.DLL
- 2008-08-10 10:02:54 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
+ 2008-08-10 12:20:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\s\index.dat
- 2008-08-10 10:02:54 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-10 12:20:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-10 12:20:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\.IE5\index.dat
+ 2008-04-22 07:40:18 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-04-16 11:23:44 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-07-21 15:34:36 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
- 2008-08-04 13:08:46 187,920 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-07-18 14:39:18 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2008-03-25 17:07:10 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-04-30 15:06:48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
- 2008-04-25 15:21:06 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-07-29 17:20:00 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
- 2008-04-25 15:22:24 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
+ 2008-07-29 17:21:42 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
+ 2002-12-05 17:57:30 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMN.DLL
- 2000-05-23 19:45:58 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2003-09-23 05:00:00 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
- 1998-08-09 08:07:34 94,208 ----a-w C:\WINDOWS\system32\MSSTKPRP.DLL
+ 2003-09-23 05:00:00 94,208 ----a-w C:\WINDOWS\system32\Msstkprp.dll
+ 2002-12-05 17:58:05 1,388,544 ----a-w C:\WINDOWS\system32\MSVBVM6N.DLL
+ 2003-09-23 05:00:00 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
+ 2002-12-05 17:58:17 614,672 ----a-w C:\WINDOWS\system32\OLEAUT3N.DLL
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-26 06:57 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-08-05 14:07 2610608]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Privacy Suite"="C:\Documents and Settings\System32\Application Data\cleaner\CSPSeraser.exe" [2007-11-20 14:19 872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [2007-11-03 04:50 6731312]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-26 06:57 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-23 02:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^System32^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\System32\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 12:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
-ra------ 2002-07-24 14:29 397312 C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-08-05 14:07 2610608 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 13:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-ra------ 2006-05-04 11:26 2808832 C:\WINDOWS\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-11-14 12:21 16270848 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 13:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-07-21 11:14 86016 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2002-07-23 19:20]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2002-07-23 19:20]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2002-07-24 14:21]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\System32\Application Data\Mozilla\Firefox\Profiles\jo9sz44t.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.panet.co.il/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 15:55:41
Windows 5.1.2600 Service Pack 3, v.3300 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-08-10 15:58:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 12:57:59
ComboFix2.txt 2008-08-10 10:46:34
Pre-Run: 63,966,863,360 bytes free
Post-Run: 63,957,950,464 bytes free
291 --- E O F --- 2008-08-04 21:09:49تقرير الهايجاك
كود:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:17 PM, on 8/10/2008
Platform: Windows XP SP3, v.3300 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\System32\Desktop\HiJackThis.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\System32\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\System32\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217940975968
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBE3869C-98EF-4B37-8CAF-F2FBFDE2433F}: NameServer = 80.179.52.100 80.179.55.100
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5310 bytes
توقيع : dr kemo
تأييد
0
بومحمد2001
زيزوومي جديد
- إنضم
- 21 يناير 2008
- المشاركات
- 57
- مستوى التفاعل
- 0
- النقاط
- 50
غير متصل
ظهرت لي هالرسالة اليوم وعملت لك clean
هذا يظهر في نسخة ويندوز زيزوم وللأسف عطيته اوك وحذف الانترنت اكسبلورر هل اقدر استرجعه الان اكتب عن طريق الفايروكس
هذا يظهر في نسخة ويندوز زيزوم وللأسف عطيته اوك وحذف الانترنت اكسبلورر هل اقدر استرجعه الان اكتب عن طريق الفايروكس
تأييد
0