- بادئ الموضوع sult@no
- تاريخ البدء
- 1,042
MAAX
عضوشرف
غير متصل
الله يحييك اخوي
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
اخـي الحبيب قـم بالدخول لـ جهازك فـي الوضع الآمـن
وطبـق التالي وانت في الوضع الآمن :::
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
(2)
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
وطبـق التالي وانت في الوضع الآمن :::
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
(2)
حمل أداة الهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد ان تشغل البرنامج اعمل الاتي :
ستظهر لك هذه النافذه .. اتبع الشرح :
ثم ستظهر لك هذه النافذه ::
انسخ التقرير كاملا وارفقه في ردك القادم لتحليله
توقيع : Al jNtEeL
تأييد
0
وهذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:34 PM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\hawaz\Desktop\Zyzoom_HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\Bore dog.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [proxyspam] C:\DOCUME~1\hawaz\APPLIC~1\BINDID~1\Dead Cake.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{26A65E28-DA17-4D64-8D5D-432E47FF2D9D}: NameServer = 10.6.9.12 10.6.9.11
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 9225 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:34 PM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\CManager.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\hawaz\Desktop\Zyzoom_HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\Bore dog.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [proxyspam] C:\DOCUME~1\hawaz\APPLIC~1\BINDID~1\Dead Cake.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{26A65E28-DA17-4D64-8D5D-432E47FF2D9D}: NameServer = 10.6.9.12 10.6.9.11
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 9225 bytes
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
بـعد اذنك مديرنا الغالي فقد وضعنا الرد فـي نفس الوقت
اسمح لـي بتحليله بارك الله فيـك
0000000000000000000000000000000000000
حدد التالي واحذفه :::
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\Bore dog.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [proxyspam] C:\DOCUME~1\hawaz\APPLIC~1\BINDID~1\Dead Cake.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
اسمح لـي بتحليله بارك الله فيـك
0000000000000000000000000000000000000
حدد التالي واحذفه :::
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\Bore dog.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [proxyspam] C:\DOCUME~1\hawaz\APPLIC~1\BINDID~1\Dead Cake.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O20 - Winlogon Notify: winbjv32 - C:\WINDOWS\SYSTEM32\winbjv32.dll
طريقة الحذف
ستظهر لك هذا النافذه : اضغط Yes
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
ثم عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
قم بتشغيلها واتبع الشرح :
ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :
تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :
بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار
هذه هو التقرير قد خرج انسخه والصقه في ردك القادم
بنتظار تقرير أداة الكومبو
توقيع : Al jNtEeL
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
عذرا
ايش هي الرسالة الي تطلع لك
وياليت لو تصورها لنا
توقيع : فارس الملاك
تأييد
0
هذا تقرير الكمبو
للمعلومية ماعندي برنامج حماية
ComboFix 08-08-10.02 - hawaz 2008-08-11 12:31:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.657 [GMT 3:00]
Running from: C:\Documents and Settings\hawaz\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winbjv32.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.
2008-08-10 23:50 . 2008-08-10 23:50 2,046 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-10 23:43 . 2008-08-10 23:43 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\CyberScrub
2008-08-10 23:40 . 2008-08-10 23:40 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\cleaner
2008-08-09 06:49 . 2008-08-09 06:49 <DIR> d-------- C:\Program Files\ColorSoft
2008-08-09 06:29 . 2008-08-09 14:31 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\Uniblue
2008-08-08 06:08 . 2008-08-08 06:08 <DIR> d-------- C:\Program Files\LtUcx
2008-08-07 13:06 . 2008-08-07 13:06 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\Ashampoo
2008-08-07 12:36 . 2008-08-08 19:57 <DIR> d-------- C:\Program Files\cFosSpeed
2008-08-06 20:19 . 2008-08-06 20:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-06 20:19 . 2008-08-06 20:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-05 19:49 . 2008-08-05 19:49 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\Media Player Classic
2008-08-05 19:08 . 2008-08-05 19:08 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-05 18:14 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-08-05 18:14 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-05 18:14 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-08-05 18:14 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-08-04 14:06 . 2004-08-04 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-04 04:39 . 2008-08-04 08:24 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-04 04:39 . 2008-08-04 14:00 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\IDM
2008-08-04 04:39 . 2008-08-11 12:33 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\DMCache
2008-08-03 04:56 . 2008-08-03 04:56 <DIR> d-------- C:\Program Files\Bind Idol Dumb
2008-08-03 01:48 . 2008-08-03 01:48 <DIR> d---s---- C:\Documents and Settings\hawaz\UserData
2008-08-03 00:52 . 2008-08-08 21:39 <DIR> d-------- C:\Documents and Settings\hawaz\Contacts
2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-08-02 23:58 . 2008-08-02 23:58 268 --ah----- C:\sqmdata09.sqm
2008-08-02 23:58 . 2008-08-02 23:58 244 --ah----- C:\sqmnoopt09.sqm
2008-08-02 23:43 . 2008-08-02 23:43 <DIR> d-------- C:\Documents and Settings\hawaz\.jpi_cache
2008-08-02 23:43 . 2008-08-03 03:51 <DIR> d-------- C:\Documents and Settings\hawaz\.java
2008-08-02 23:41 . 2008-08-02 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-08-02 23:25 . 2008-08-02 23:25 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\HP
2008-08-02 23:22 . 2008-08-02 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-02 23:22 . 2007-11-08 17:52 271,704 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-08-02 23:22 . 2007-10-20 18:25 117,760 --a------ C:\WINDOWS\system32\hpzll5mu.dll
2008-08-02 23:22 . 2007-10-30 12:25 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-02 23:22 . 2007-10-30 12:25 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-08-02 23:22 . 2007-10-30 12:25 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-02 23:21 . 2007-10-30 12:11 729,088 -ra------ C:\WINDOWS\system32\hpowiax7.dll
2008-08-02 23:21 . 2007-10-30 12:11 581,632 -ra------ C:\WINDOWS\system32\hpotscl6.dll
2008-08-02 23:21 . 2007-10-30 12:25 372,736 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-08-02 23:21 . 2007-10-30 12:25 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-08-02 23:21 . 2007-10-30 12:11 303,104 -ra------ C:\WINDOWS\system32\hpovst15.dll
2008-08-02 23:21 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-02 23:21 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-02 23:10 . 2008-08-02 23:10 268 --ah----- C:\sqmdata08.sqm
2008-08-02 23:10 . 2008-08-02 23:10 244 --ah----- C:\sqmnoopt08.sqm
2008-08-02 14:36 . 2008-08-02 14:36 268 --ah----- C:\sqmdata07.sqm
2008-08-02 14:36 . 2008-08-02 14:36 244 --ah----- C:\sqmnoopt07.sqm
2008-08-02 14:29 . 2008-08-02 14:29 <DIR> d-------- C:\Program Files\BandRich
2008-08-02 14:29 . 2008-08-02 14:29 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\Yahoo!
2008-08-02 14:29 . 2008-08-11 12:30 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\HPAppData
2008-08-02 14:29 . 2008-03-14 10:31 100,096 --a------ C:\WINDOWS\system32\drivers\br3gmdm.sys
2008-08-02 12:25 . 2008-08-02 12:25 268 --ah----- C:\sqmdata06.sqm
2008-08-02 12:25 . 2008-08-02 12:25 244 --ah----- C:\sqmnoopt06.sqm
2008-08-02 12:16 . 2008-08-02 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-02 12:16 . 2008-08-02 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-02 12:15 . 2008-08-02 12:15 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-02 12:15 . 2008-08-02 12:15 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-02 12:15 . 2008-08-02 12:15 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-02 12:12 . 2008-08-02 12:16 <DIR> d-------- C:\Program Files\HP
2008-08-02 12:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-02 12:12 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-02 12:09 . 2008-08-03 00:04 173,787 --a------ C:\WINDOWS\hpoins27.dat
2008-08-02 12:09 . 2008-01-18 18:56 932 --------- C:\WINDOWS\hpomdl27.dat
2008-07-28 02:04 . 2008-07-28 02:04 268 --ah----- C:\sqmdata05.sqm
2008-07-28 02:04 . 2008-07-28 02:04 244 --ah----- C:\sqmnoopt05.sqm
2008-07-28 01:58 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-07-28 01:57 . 2008-07-28 01:57 <DIR> d-------- C:\Program Files\Driver-Soft
2008-07-27 10:20 . 2008-07-27 10:20 268 --ah----- C:\sqmdata04.sqm
2008-07-27 10:20 . 2008-07-27 10:20 244 --ah----- C:\sqmnoopt04.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 20:45 --------- d-----w C:\Program Files\Google
2008-08-06 17:19 --------- d-----w C:\Documents and Settings\hawaz\Application Data\Apple Computer
2008-08-05 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-05 14:35 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-08-05 14:35 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-08-05 14:35 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-08-05 14:35 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-08-04 11:03 --------- d-----w C:\Program Files\JetAudio
2008-08-04 02:16 --------- d-----w C:\Program Files\Circle Developement
2008-08-04 02:02 --------- d-----w C:\Documents and Settings\hawaz\Application Data\Bind Idol Dumb
2008-08-03 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
2008-08-03 00:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-03 00:43 --------- d-----w C:\Program Files\Yahoo!
2008-08-03 00:42 155,995 ----a-w C:\WINDOWS\java\Packages\VRPJZHZT.ZIP
2008-05-11 15:20 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-05-11 15:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-11 15:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-08-04 04:40 2594224]
"proxyspam"="C:\DOCUME~1\hawaz\APPLIC~1\BINDID~1\Dead Cake.exe" [2008-08-03 04:56 500224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 08:29 237568]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 18:16 185896]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 17:10 405504 C:\WINDOWS\stsystra.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 15:00 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]
C:\Documents and Settings\hawaz\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 20:38:52 214360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-09-07 17:49 1236992 C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-04-20 08:57 162584 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-04-20 08:57 142104 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 11:58 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-09-29 21:58 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-02-02 01:00 36864 C:\WINDOWS\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-04-11 17:52 1409024 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-04-20 08:57 138008 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-11 18:17 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-09-18 11:08 29696 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-04-27 16:10 851968 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-11 18:16 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 16:10 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-05-06 17:10 405504 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
R2 BandLuxe_Service;BandLuxe Service;C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2008-05-12 14:14]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [2006-12-06 05:40]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-03-20 01:00]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 18:45]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\WINDOWS\system32\DRIVERS\br3gmdm.sys [2008-03-14 10:31]
S3 xAntiArp;xAntiArpSpoof Service;C:\WINDOWS\system32\DRIVERS\xAntiArp.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
s of the 'Scheduled Tasks' folder
2008-08-09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-08-09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-11 12:33:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-11 12:34:05
ComboFix-quarantined-files.txt 2008-08-11 09:34:00
Pre-Run: 30,537,179,136 bytes free
Post-Run: 30,527,287,296 bytes free
244
للمعلومية ماعندي برنامج حماية
ComboFix 08-08-10.02 - hawaz 2008-08-11 12:31:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.657 [GMT 3:00]
Running from: C:\Documents and Settings\hawaz\My Documents\Downloads\Programs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winbjv32.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.
2008-08-10 23:50 . 2008-08-10 23:50 2,046 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-10 23:43 . 2008-08-10 23:43 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\CyberScrub
2008-08-10 23:40 . 2008-08-10 23:40 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\cleaner
2008-08-09 06:49 . 2008-08-09 06:49 <DIR> d-------- C:\Program Files\ColorSoft
2008-08-09 06:29 . 2008-08-09 14:31 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\Uniblue
2008-08-08 06:08 . 2008-08-08 06:08 <DIR> d-------- C:\Program Files\LtUcx
2008-08-07 13:06 . 2008-08-07 13:06 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\Ashampoo
2008-08-07 12:36 . 2008-08-08 19:57 <DIR> d-------- C:\Program Files\cFosSpeed
2008-08-06 20:19 . 2008-08-06 20:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-06 20:19 . 2008-08-06 20:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-05 19:49 . 2008-08-05 19:49 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\Media Player Classic
2008-08-05 19:08 . 2008-08-05 19:08 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-05 18:14 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-08-05 18:14 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-05 18:14 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-08-05 18:14 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-08-04 14:06 . 2004-08-04 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-04 04:39 . 2008-08-04 08:24 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-04 04:39 . 2008-08-04 14:00 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\IDM
2008-08-04 04:39 . 2008-08-11 12:33 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\DMCache
2008-08-03 04:56 . 2008-08-03 04:56 <DIR> d-------- C:\Program Files\Bind Idol Dumb
2008-08-03 01:48 . 2008-08-03 01:48 <DIR> d---s---- C:\Documents and Settings\hawaz\UserData
2008-08-03 00:52 . 2008-08-08 21:39 <DIR> d-------- C:\Documents and Settings\hawaz\Contacts
2008-08-03 00:02 . 2008-08-03 00:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-08-02 23:58 . 2008-08-02 23:58 268 --ah----- C:\sqmdata09.sqm
2008-08-02 23:58 . 2008-08-02 23:58 244 --ah----- C:\sqmnoopt09.sqm
2008-08-02 23:43 . 2008-08-02 23:43 <DIR> d-------- C:\Documents and Settings\hawaz\.jpi_cache
2008-08-02 23:43 . 2008-08-03 03:51 <DIR> d-------- C:\Documents and Settings\hawaz\.java
2008-08-02 23:41 . 2008-08-02 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-08-02 23:25 . 2008-08-02 23:25 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\HP
2008-08-02 23:22 . 2008-08-02 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-08-02 23:22 . 2007-11-08 17:52 271,704 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-08-02 23:22 . 2007-10-20 18:25 117,760 --a------ C:\WINDOWS\system32\hpzll5mu.dll
2008-08-02 23:22 . 2007-10-30 12:25 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-08-02 23:22 . 2007-10-30 12:25 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-08-02 23:22 . 2007-10-30 12:25 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-08-02 23:21 . 2007-10-30 12:11 729,088 -ra------ C:\WINDOWS\system32\hpowiax7.dll
2008-08-02 23:21 . 2007-10-30 12:11 581,632 -ra------ C:\WINDOWS\system32\hpotscl6.dll
2008-08-02 23:21 . 2007-10-30 12:25 372,736 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-08-02 23:21 . 2007-10-30 12:25 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-08-02 23:21 . 2007-10-30 12:11 303,104 -ra------ C:\WINDOWS\system32\hpovst15.dll
2008-08-02 23:21 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-02 23:21 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-02 23:10 . 2008-08-02 23:10 268 --ah----- C:\sqmdata08.sqm
2008-08-02 23:10 . 2008-08-02 23:10 244 --ah----- C:\sqmnoopt08.sqm
2008-08-02 14:36 . 2008-08-02 14:36 268 --ah----- C:\sqmdata07.sqm
2008-08-02 14:36 . 2008-08-02 14:36 244 --ah----- C:\sqmnoopt07.sqm
2008-08-02 14:29 . 2008-08-02 14:29 <DIR> d-------- C:\Program Files\BandRich
2008-08-02 14:29 . 2008-08-02 14:29 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\Yahoo!
2008-08-02 14:29 . 2008-08-11 12:30 <DIR> d-------- C:\Documents and Settings\hawaz\Application Data\HPAppData
2008-08-02 14:29 . 2008-03-14 10:31 100,096 --a------ C:\WINDOWS\system32\drivers\br3gmdm.sys
2008-08-02 12:25 . 2008-08-02 12:25 268 --ah----- C:\sqmdata06.sqm
2008-08-02 12:25 . 2008-08-02 12:25 244 --ah----- C:\sqmnoopt06.sqm
2008-08-02 12:16 . 2008-08-02 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-02 12:16 . 2008-08-02 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-08-02 12:15 . 2008-08-02 12:15 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-02 12:15 . 2008-08-02 12:15 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-02 12:15 . 2008-08-02 12:15 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-02 12:12 . 2008-08-02 12:16 <DIR> d-------- C:\Program Files\HP
2008-08-02 12:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-02 12:12 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-02 12:09 . 2008-08-03 00:04 173,787 --a------ C:\WINDOWS\hpoins27.dat
2008-08-02 12:09 . 2008-01-18 18:56 932 --------- C:\WINDOWS\hpomdl27.dat
2008-07-28 02:04 . 2008-07-28 02:04 268 --ah----- C:\sqmdata05.sqm
2008-07-28 02:04 . 2008-07-28 02:04 244 --ah----- C:\sqmnoopt05.sqm
2008-07-28 01:58 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-07-28 01:57 . 2008-07-28 01:57 <DIR> d-------- C:\Program Files\Driver-Soft
2008-07-27 10:20 . 2008-07-27 10:20 268 --ah----- C:\sqmdata04.sqm
2008-07-27 10:20 . 2008-07-27 10:20 244 --ah----- C:\sqmnoopt04.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 20:45 --------- d-----w C:\Program Files\Google
2008-08-06 17:19 --------- d-----w C:\Documents and Settings\hawaz\Application Data\Apple Computer
2008-08-05 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-05 14:35 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-08-05 14:35 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-08-05 14:35 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-08-05 14:35 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-08-04 11:03 --------- d-----w C:\Program Files\JetAudio
2008-08-04 02:16 --------- d-----w C:\Program Files\Circle Developement
2008-08-04 02:02 --------- d-----w C:\Documents and Settings\hawaz\Application Data\Bind Idol Dumb
2008-08-03 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
2008-08-03 00:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-03 00:43 --------- d-----w C:\Program Files\Yahoo!
2008-08-03 00:42 155,995 ----a-w C:\WINDOWS\java\Packages\VRPJZHZT.ZIP
2008-05-11 15:20 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-05-11 15:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-11 15:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-08-04 04:40 2594224]
"proxyspam"="C:\DOCUME~1\hawaz\APPLIC~1\BINDID~1\Dead Cake.exe" [2008-08-03 04:56 500224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 08:29 237568]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 18:16 185896]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 17:10 405504 C:\WINDOWS\stsystra.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 15:00 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]
C:\Documents and Settings\hawaz\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 20:38:52 214360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2007-09-07 17:49 1236992 C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-04-20 08:57 162584 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-04-20 08:57 142104 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 11:58 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-09-29 21:58 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
--a------ 2007-02-02 01:00 36864 C:\WINDOWS\OEM02Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-04-11 17:52 1409024 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-04-20 08:57 138008 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-11 18:17 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-09-18 11:08 29696 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-04-27 16:10 851968 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-11 18:16 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 16:10 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-05-06 17:10 405504 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
R2 BandLuxe_Service;BandLuxe Service;C:\Program Files\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2008-05-12 14:14]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\WINDOWS\system32\drivers\IntcHdmi.sys [2006-12-06 05:40]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-03-20 01:00]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 18:45]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\WINDOWS\system32\DRIVERS\br3gmdm.sys [2008-03-14 10:31]
S3 xAntiArp;xAntiArpSpoof Service;C:\WINDOWS\system32\DRIVERS\xAntiArp.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
s of the 'Scheduled Tasks' folder
2008-08-09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-08-09 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-08-11 12:33:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-11 12:34:05
ComboFix-quarantined-files.txt 2008-08-11 09:34:00
Pre-Run: 30,537,179,136 bytes free
Post-Run: 30,527,287,296 bytes free
244
تأييد
0
تم حل المشكلة والشكر موصول
لـ Al jNtEeL و MAAX و فارس الملاك
والمشكلة انحلت كالآتي
قمت بتركيب برنامج الكاسبر وعملت سكان
وكتشف 14 فيروس و 112 تروجان
وقمت بحذفها
وانحلت المشكلة والآن الجهاز سليم ميه بالميه
والفضل يعود لله ثم للكاسبر
قبل كان عندي برنامج حماية اسمه افاست
لكن اتضح لي ان الكاسبر هو البرنامج الاول في الحماية
شكرا لكم
لـ Al jNtEeL و MAAX و فارس الملاك
والمشكلة انحلت كالآتي
قمت بتركيب برنامج الكاسبر وعملت سكان
وكتشف 14 فيروس و 112 تروجان
وقمت بحذفها
وانحلت المشكلة والآن الجهاز سليم ميه بالميه
والفضل يعود لله ثم للكاسبر
قبل كان عندي برنامج حماية اسمه افاست
لكن اتضح لي ان الكاسبر هو البرنامج الاول في الحماية
شكرا لكم
تأييد
0