- بادئ الموضوع صلاحs
- تاريخ البدء
- 915
فارس الملاك
زيزوومى محترف
غير متصل
حمل هذا البرنامج
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:42 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
E:\دان لود\Removable Disk (G)\صلاح\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
End of file - 6301 bytes
Scan saved at 2:29:42 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
E:\دان لود\Removable Disk (G)\صلاح\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
End of file - 6301 bytes
توقيع : صلاحs
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:42 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
E:\دان لود\Removable Disk (G)\صلاح\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
هذا التقريرEnd of file - 6301 bytes
Scan saved at 2:29:42 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
E:\دان لود\Removable Disk (G)\صلاح\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
هذا التقريرEnd of file - 6301 bytes
توقيع : صلاحs
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:42 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
E:\دان لود\Removable Disk (G)\صلاح\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
هذا التقريرEnd of file - 6301 bytes
Scan saved at 2:29:42 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
E:\دان لود\Removable Disk (G)\صلاح\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
هذا التقريرEnd of file - 6301 bytes
توقيع : صلاحs
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
المعذرة اعمل التالي لاهنت
==============
==============
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : AbOdy
تأييد
0
Mr_Tornado
زيزوومى مبدع
غير متصل
Big Note:
اخوتى اذا كان ما هو موضح فى الصوره ان مجرد الفحص بالكاسبر يزيله بل كمان ينظفه
اليس من الاولى ان يتم الفحص بالكاسبر ومن ثم نقوم بتنظيف الريجسترى والتقرير الهايجك
ومسح مخلفات الفيرس
ام بماذا تنصحون اخوتى
اخوتى اذا كان ما هو موضح فى الصوره ان مجرد الفحص بالكاسبر يزيله بل كمان ينظفه
اليس من الاولى ان يتم الفحص بالكاسبر ومن ثم نقوم بتنظيف الريجسترى والتقرير الهايجك
ومسح مخلفات الفيرس
ام بماذا تنصحون اخوتى
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : Mr_Tornado
تأييد
0
ComboFix 08-07-27.3 - sf 2008-08-27 15:12:45.7 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.964.1033.18.115 [GMT 3:00]
Running from: C:\DOCUME~1\sf\LOCALS~1\Temp\Rar$EX00.016\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.
2008-08-27 14:44 . 2008-08-27 14:44 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-27 14:43 . 2008-08-27 14:43 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-27 06:42 . 2008-08-27 06:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-08-27 06:09 . 2006-07-24 01:38 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2008-08-26 21:11 . 2008-08-26 21:11 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-08-26 21:11 . 2008-08-26 21:11 <DIR> d-------- C:\Documents and Settings\sf\Application Data\Orbit
2008-08-26 20:51 . 2008-08-26 20:51 <DIR> d-------- C:\Program Files\SWiSH Jukebox
2008-08-26 20:51 . 2004-03-29 15:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-08-26 20:48 . 2008-08-26 20:48 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2008-08-26 13:23 . 2008-08-27 06:12 0 --a------ C:\WINDOWS\system32\WinWare.sys
2008-08-26 13:11 . 2008-08-26 13:11 <DIR> d-------- C:\z0120
2008-08-25 23:18 . 2008-08-25 23:18 <DIR> d-------- C:\WINDOWS\Sun
2008-08-25 15:06 . 2008-08-25 15:06 <DIR> d-------- C:\Documents and Settings\sf\Application Data\vlc
2008-08-25 12:44 . 2008-08-25 12:44 <DIR> d-------- C:\Program Files\Avira
2008-08-25 12:44 . 2008-05-07 14:20 71,592 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-08-25 12:44 . 2008-05-07 10:51 71,464 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-08-25 12:41 . 2008-08-25 12:41 <DIR> d-------- C:\Documents and Settings\sf\Application Data\DivX
2008-08-25 12:11 . 2008-08-25 12:11 <DIR> d-------- C:\Program Files\DivX
2008-08-25 10:44 . 2008-08-25 10:44 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-25 00:09 . 2003-09-08 14:08 53,760 --a------ C:\WINDOWS\uninst62.exe
2008-08-24 20:09 . 2004-08-03 23:56 96,768 --a------ C:\WINDOWS\system32\dpcdll.dll.wga
2008-08-24 20:09 . 2004-08-03 23:56 24,064 --a------ C:\WINDOWS\system32\pidgen.dll.wga
2008-08-24 20:09 . 2006-07-22 23:49 5,376 --a------ C:\WINDOWS\system32\antiwpa.dll
2008-08-24 08:42 . 2008-08-24 08:42 <DIR> d-------- C:\Program Files\Download Direct
2008-08-24 07:06 . 2008-08-24 07:06 <DIR> d-------- C:\Documents and Settings\sf\Application Data\CyberScrub
2008-08-23 22:19 . 2008-08-23 22:19 24 --a------ C:\WINDOWS\ShellIcon32.dll
2008-08-23 21:33 . 2008-08-23 21:33 <DIR> d-------- C:\Documents and Settings\sf\Application Data\cleaner
2008-08-23 12:20 . 2008-08-23 12:20 <DIR> d-------- C:\QUARANTINE
2008-08-23 12:19 . 2008-08-23 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-23 11:15 . 2008-08-23 11:15 <DIR> d-------- C:\Program Files\Windows Doctor
2008-08-23 10:58 . 2008-08-21 23:59 <DIR> d-------- C:\WINDOWS\system32\SmitfraudFix
2008-08-23 10:16 . 2008-08-23 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-23 10:15 . 2008-08-23 10:15 <DIR> d-------- C:\Program Files\GRETECH
2008-08-23 10:15 . 2008-08-23 10:15 <DIR> d-------- C:\Program Files\Google
2008-08-23 10:15 . 2008-08-23 10:15 <DIR> d-------- C:\Documents and Settings\sf\Application Data\GRETECH
2008-08-22 21:29 . 2008-08-22 21:32 41 --a------ C:\Documents and Settings\sf\Application Data\svighost.dll
2008-08-22 21:24 . 2008-08-22 21:24 <DIR> d-------- C:\Program Files\USBScan
2008-08-22 17:15 . 2008-08-22 17:15 <DIR> d-------- C:\Documents and Settings\sf\Application Data\Media Player Classic
2008-08-22 16:35 . 2008-08-22 16:35 <DIR> d-------- C:\Program Files\bioVirtual
2008-08-22 12:16 . 2008-08-22 12:16 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com
2008-08-22 06:46 . 2008-08-22 06:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-22 06:44 . 2008-08-22 06:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-22 06:44 . 2008-08-22 06:44 <DIR> d-------- C:\Documents and Settings\sf\Application Data\SUPERAntiSpyware.com
2008-08-21 23:34 . 2008-08-21 23:34 <DIR> d-------- C:\Documents and Settings\sf\Application Data\ESET
2008-08-21 23:33 . 2008-08-21 23:33 <DIR> d-------- C:\Program Files\ESET
2008-08-21 23:33 . 2008-08-21 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-21 23:05 . 2008-08-21 23:05 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-08-21 22:55 . 2008-08-21 22:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-21 22:55 . 2008-08-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-21 22:54 . 2008-08-21 22:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-21 21:25 . 2008-08-21 21:25 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-21 20:56 . 2008-08-21 20:56 <DIR> d-------- C:\Documents and Settings\All Users.WIN2
2008-08-21 20:41 . 2008-08-21 20:41 <DIR> d-------- C:\Program Files\Internet Cyclone
2008-08-21 13:57 . 2008-08-21 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-21 13:56 . 2008-08-21 13:56 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-21 13:56 . 2008-06-13 17:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-21 13:56 . 2008-06-13 17:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\LimeWire Store Purchased
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\LimeWire Shared
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\LimeWire Saved
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\Incomplete
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\Application Data\LimeWire
2008-08-21 10:48 . 2008-08-21 10:48 <DIR> d-------- C:\Program Files\Java
2008-08-21 10:48 . 2008-08-21 10:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-21 10:48 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-21 10:12 . 2008-08-21 10:12 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-08-21 10:12 . 2008-08-21 10:12 <DIR> d-------- C:\Program Files\LimeWire
2008-08-21 06:06 . 2008-08-21 06:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-21 00:17 . 2008-08-21 00:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-21 00:16 . 2008-08-21 00:16 <DIR> d-------- C:\Program Files\thriXXX
2008-08-20 14:08 . 2008-08-20 14:08 <DIR> d-------- C:\Documents and Settings\sf\Application Data\IDM
2008-08-20 14:08 . 2008-08-20 14:08 <DIR> d-------- C:\Documents and Settings\sf\Application Data\DMCache
2008-08-20 14:07 . 2008-08-20 14:07 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-20 11:24 . 2008-08-20 11:24 <DIR> d--hs---- C:\FOUND.000
2008-08-20 11:11 . 2008-08-20 11:38 16,384 --ahs---- C:\SHADOW.IDX
2008-08-20 08:05 . 2008-08-20 08:05 <DIR> d-------- C:\Program Files\USB Disk Security
2008-08-20 07:22 . 2008-08-20 07:22 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-19 21:17 . 2008-08-19 21:17 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-19 21:11 . 2008-08-19 21:11 <DIR> d-------- C:\Program Files\Real
2008-08-19 21:08 . 2008-08-19 21:08 <DIR> d-------- C:\Program Files\RealPlayer v 11 0 0 372 Plus
2008-08-19 13:57 . 2008-08-19 13:57 <DIR> d---s---- C:\Documents and Settings\sf\UserData
2008-08-18 22:01 . 2008-08-18 22:01 <DIR> d-------- C:\Program Files\Bug Doctor
2008-08-18 21:08 . 2008-08-27 14:43 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-18 20:37 . 2008-08-18 20:37 <DIR> d-------- C:\Documents and Settings\sf\Application Data\FMZilla
2008-08-18 20:35 . 2008-08-18 20:35 <DIR> d-------- C:\Program Files\Free Music Zilla
2008-08-18 20:00 . 2008-08-18 20:00 <DIR> d-------- C:\Documents and Settings\sf\Contacts
2008-08-18 19:59 . 2008-08-18 19:59 <DIR> d-------- C:\Program Files\MSN Messenger
2008-08-18 19:44 . 2008-08-18 19:44 <DIR> d-------- C:\Program Files\IDA
2008-08-18 19:16 . 2008-08-18 19:16 <DIR> d-------- C:\Program Files\Unlocker
2008-08-18 18:08 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-18 17:40 . 2008-08-18 17:40 <DIR> d-------- C:\Documents and Settings\sf\Application Data\Vso
2008-08-18 17:18 . 2008-08-18 17:19 <DIR> d-------- C:\Program Files\Anyplace Control 4
2008-08-18 17:18 . 2008-08-18 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Anyplace Control 4
2008-08-18 17:08 . 2008-08-18 17:08 268 --ah----- C:\sqmdata00.sqm
2008-08-18 17:08 . 2008-08-18 17:08 244 --ah----- C:\sqmnoopt00.sqm
2008-08-18 16:33 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-18 16:22 . 2008-08-18 16:22 <DIR> d-------- C:\Program Files\Windows Live
2008-08-18 16:19 . 2008-08-18 16:19 <DIR> d-------- C:\Program Files\DAP
2008-08-18 16:14 . 2008-08-18 16:14 <DIR> d-------- C:\Downloads
2008-08-18 16:14 . 2008-08-18 16:14 <DIR> d-------- C:\Documents and Settings\sf\Application Data\Internet Download Accelerator
2008-08-18 15:33 . 2008-08-18 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-18 15:13 . 2008-08-18 15:13 <DIR> d-------- C:\WINDOWS\naevius_yt_1
2008-08-18 15:13 . 2008-08-18 15:13 <DIR> d-------- C:\Program Files\Naevius YouTube Converter
2008-08-18 15:13 . 2008-08-18 15:13 <DIR> d-------- C:\naevius_temp_folder
2008-08-18 15:04 . 2008-08-18 15:04 <DIR> d-------- C:\Program Files\QuickWiz
2008-08-18 15:04 . 2008-08-18 15:04 <DIR> d-------- C:\Program Files\Common Files\GuruNet Shared
2008-08-18 15:04 . 2008-08-18 15:04 <DIR> d-------- C:\Program Files\Common Files\Accent Shared
2008-08-18 15:00 . 2008-08-18 15:00 <DIR> d-------- C:\Documents and Settings\sf\WINDOWS
2008-08-18 15:00 . 2000-07-25 23:38 298,496 --a------ C:\WINDOWS\uninst.exe
2008-08-18 15:00 . 2008-08-20 16:47 2,309 --a------ C:\WINDOWS\EasyLingo.MIF
2008-08-18 07:19 . 2008-08-18 07:19 <DIR> d-------- C:\Program Files\Opera
2008-08-18 02:41 . 2001-08-23 08:00 195,618 --a------ C:\WINDOWS\system32\dllcache\c_10002.nls
2008-08-18 02:41 . 2001-08-23 08:00 189,986 --a------ C:\WINDOWS\system32\dllcache\c_1361.nls
2008-08-18 02:41 . 2001-08-23 08:00 177,698 --a------ C:\WINDOWS\system32\dllcache\c_10003.nls
2008-08-18 02:41 . 2001-08-23 08:00 173,602 --a------ C:\WINDOWS\system32\dllcache\c_10008.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,594 --a------ C:\WINDOWS\system32\dllcache\c_857.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_28599.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_28597.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_28595.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10081.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10017.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10007.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10006.nls
2008-08-18 00:30 . 2008-08-18 00:30 <DIR> d--hs---- C:\Recycled
2008-08-17 23:18 . 2008-08-17 23:18 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 19:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 21:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 21:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 17:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 17:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 10:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 18:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 18:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 18:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 10:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 09:24 104,960 ----a-w C:\WINDOWS\svcadmin.exe
.
((((((((((((((((((((((((((((( snapshot_2008-08-27_ 6.51.49.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-17 12:24:00 2,526,800 ----a-w C:\WINDOWS\Install_B4Playing.exe
+ 2007-10-17 11:24:00 2,526,800 ----a-w C:\WINDOWS\Install_B4Playing.exe
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-08-27 10:47:04 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-08-27 03:51:20 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-27 10:26:38 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-27 03:51:20 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-27 10:26:38 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-27 11:43:52 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-08-27 11:43:52 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-08-27 11:43:52 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-08-27 11:43:58 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [2007-10-24 17:09 2191872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [N/A]
"Yahoo! Pager"="C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" [2005-12-09 21:21 3268608]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 14:28 266497]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-27 14:43 185896]
"SystemInit"="" [N/A]
"Karen"="" [N/A]
"raVe"="" [N/A]
"Win32BaseServiceMOD"="" [N/A]
"startIE"="" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"raVe"="" [N/A]
"Driver32"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-08-26 21:11:26 1674432]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-22 23:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK RTL8187 Wireless LAN Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\REALTEK RTL8187 Wireless LAN Driver and Utility\REALTEK RTL8187 Wireless LAN Utility.lnk
backup=C:\WINDOWS\pss\REALTEK RTL8187 Wireless LAN Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^sf^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sf\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2007-01-02 15:46 40960 C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-18 22:29 166424 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 13:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-18 22:29 141848 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 21:32 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-18 22:29 137752 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 21:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 21:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-05-07 09:47 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-01-12 14:36 827392 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 21:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-05-07 14:20]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-05-16 10:19]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-11 12:23]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-06-12 14:59]
R2 Anyplace Control Security;Anyplace Control Security;C:\WINDOWS\svcadmin.exe [2008-06-15 12:24]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 13:22]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-05-07 10:51]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-11 14:20]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 -: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 -: Download with IDA - C:\Program Files\IDA\idaie.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-27 15:12:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\system32\userinit.exe,????)?|Y,?|??@???A?????????????7)?|?,?|??@?,????????????????????,?|?*????A????????????|??@???A????????|????A????Q???????!?w??@?k????????????Q??????5C?w????????????????????$W@???????@?0???????0g@???????????@?Y?????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-27 15:13:23
ComboFix-quarantined-files.txt 2008-08-27 12:13:22
ComboFix3.txt 2008-08-23 19:17:20
ComboFix2.txt 2008-08-27 03:52:08
Pre-Run: 20,855,160,832 bytes free
Post-Run: 20,849,377,280 bytes free
327 --- E O F --- 2008-08-23 02:18:03
هذا تقرير الاداه
Microsoft Windows XP Professional 5.1.2600.2.1256.964.1033.18.115 [GMT 3:00]
Running from: C:\DOCUME~1\sf\LOCALS~1\Temp\Rar$EX00.016\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.
2008-08-27 14:44 . 2008-08-27 14:44 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-27 14:43 . 2008-08-27 14:43 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-27 06:42 . 2008-08-27 06:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-08-27 06:09 . 2006-07-24 01:38 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2008-08-26 21:11 . 2008-08-26 21:11 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-08-26 21:11 . 2008-08-26 21:11 <DIR> d-------- C:\Documents and Settings\sf\Application Data\Orbit
2008-08-26 20:51 . 2008-08-26 20:51 <DIR> d-------- C:\Program Files\SWiSH Jukebox
2008-08-26 20:51 . 2004-03-29 15:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-08-26 20:48 . 2008-08-26 20:48 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2008-08-26 13:23 . 2008-08-27 06:12 0 --a------ C:\WINDOWS\system32\WinWare.sys
2008-08-26 13:11 . 2008-08-26 13:11 <DIR> d-------- C:\z0120
2008-08-25 23:18 . 2008-08-25 23:18 <DIR> d-------- C:\WINDOWS\Sun
2008-08-25 15:06 . 2008-08-25 15:06 <DIR> d-------- C:\Documents and Settings\sf\Application Data\vlc
2008-08-25 12:44 . 2008-08-25 12:44 <DIR> d-------- C:\Program Files\Avira
2008-08-25 12:44 . 2008-05-07 14:20 71,592 --a------ C:\WINDOWS\system32\drivers\avfwot.sys
2008-08-25 12:44 . 2008-05-07 10:51 71,464 --a------ C:\WINDOWS\system32\drivers\avfwim.sys
2008-08-25 12:41 . 2008-08-25 12:41 <DIR> d-------- C:\Documents and Settings\sf\Application Data\DivX
2008-08-25 12:11 . 2008-08-25 12:11 <DIR> d-------- C:\Program Files\DivX
2008-08-25 10:44 . 2008-08-25 10:44 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-25 00:09 . 2003-09-08 14:08 53,760 --a------ C:\WINDOWS\uninst62.exe
2008-08-24 20:09 . 2004-08-03 23:56 96,768 --a------ C:\WINDOWS\system32\dpcdll.dll.wga
2008-08-24 20:09 . 2004-08-03 23:56 24,064 --a------ C:\WINDOWS\system32\pidgen.dll.wga
2008-08-24 20:09 . 2006-07-22 23:49 5,376 --a------ C:\WINDOWS\system32\antiwpa.dll
2008-08-24 08:42 . 2008-08-24 08:42 <DIR> d-------- C:\Program Files\Download Direct
2008-08-24 07:06 . 2008-08-24 07:06 <DIR> d-------- C:\Documents and Settings\sf\Application Data\CyberScrub
2008-08-23 22:19 . 2008-08-23 22:19 24 --a------ C:\WINDOWS\ShellIcon32.dll
2008-08-23 21:33 . 2008-08-23 21:33 <DIR> d-------- C:\Documents and Settings\sf\Application Data\cleaner
2008-08-23 12:20 . 2008-08-23 12:20 <DIR> d-------- C:\QUARANTINE
2008-08-23 12:19 . 2008-08-23 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-23 11:15 . 2008-08-23 11:15 <DIR> d-------- C:\Program Files\Windows Doctor
2008-08-23 10:58 . 2008-08-21 23:59 <DIR> d-------- C:\WINDOWS\system32\SmitfraudFix
2008-08-23 10:16 . 2008-08-23 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-08-23 10:15 . 2008-08-23 10:15 <DIR> d-------- C:\Program Files\GRETECH
2008-08-23 10:15 . 2008-08-23 10:15 <DIR> d-------- C:\Program Files\Google
2008-08-23 10:15 . 2008-08-23 10:15 <DIR> d-------- C:\Documents and Settings\sf\Application Data\GRETECH
2008-08-22 21:29 . 2008-08-22 21:32 41 --a------ C:\Documents and Settings\sf\Application Data\svighost.dll
2008-08-22 21:24 . 2008-08-22 21:24 <DIR> d-------- C:\Program Files\USBScan
2008-08-22 17:15 . 2008-08-22 17:15 <DIR> d-------- C:\Documents and Settings\sf\Application Data\Media Player Classic
2008-08-22 16:35 . 2008-08-22 16:35 <DIR> d-------- C:\Program Files\bioVirtual
2008-08-22 12:16 . 2008-08-22 12:16 <DIR> d-------- C:\Program Files\Free Offers from Freeze.com
2008-08-22 06:46 . 2008-08-22 06:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-22 06:44 . 2008-08-22 06:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-22 06:44 . 2008-08-22 06:44 <DIR> d-------- C:\Documents and Settings\sf\Application Data\SUPERAntiSpyware.com
2008-08-21 23:34 . 2008-08-21 23:34 <DIR> d-------- C:\Documents and Settings\sf\Application Data\ESET
2008-08-21 23:33 . 2008-08-21 23:33 <DIR> d-------- C:\Program Files\ESET
2008-08-21 23:33 . 2008-08-21 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-21 23:05 . 2008-08-21 23:05 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-08-21 22:55 . 2008-08-21 22:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-21 22:55 . 2008-08-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-21 22:54 . 2008-08-21 22:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-21 21:25 . 2008-08-21 21:25 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-21 20:56 . 2008-08-21 20:56 <DIR> d-------- C:\Documents and Settings\All Users.WIN2
2008-08-21 20:41 . 2008-08-21 20:41 <DIR> d-------- C:\Program Files\Internet Cyclone
2008-08-21 13:57 . 2008-08-21 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-21 13:56 . 2008-08-21 13:56 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-21 13:56 . 2008-06-13 17:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-21 13:56 . 2008-06-13 17:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\LimeWire Store Purchased
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\LimeWire Shared
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\LimeWire Saved
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\Incomplete
2008-08-21 10:49 . 2008-08-21 10:49 <DIR> d-------- C:\Documents and Settings\sf\Application Data\LimeWire
2008-08-21 10:48 . 2008-08-21 10:48 <DIR> d-------- C:\Program Files\Java
2008-08-21 10:48 . 2008-08-21 10:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-21 10:48 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-21 10:12 . 2008-08-21 10:12 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-08-21 10:12 . 2008-08-21 10:12 <DIR> d-------- C:\Program Files\LimeWire
2008-08-21 06:06 . 2008-08-21 06:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-21 00:17 . 2008-08-21 00:17 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-21 00:16 . 2008-08-21 00:16 <DIR> d-------- C:\Program Files\thriXXX
2008-08-20 14:08 . 2008-08-20 14:08 <DIR> d-------- C:\Documents and Settings\sf\Application Data\IDM
2008-08-20 14:08 . 2008-08-20 14:08 <DIR> d-------- C:\Documents and Settings\sf\Application Data\DMCache
2008-08-20 14:07 . 2008-08-20 14:07 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-20 11:24 . 2008-08-20 11:24 <DIR> d--hs---- C:\FOUND.000
2008-08-20 11:11 . 2008-08-20 11:38 16,384 --ahs---- C:\SHADOW.IDX
2008-08-20 08:05 . 2008-08-20 08:05 <DIR> d-------- C:\Program Files\USB Disk Security
2008-08-20 07:22 . 2008-08-20 07:22 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-08-19 21:17 . 2008-08-19 21:17 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-19 21:11 . 2008-08-19 21:11 <DIR> d-------- C:\Program Files\Real
2008-08-19 21:08 . 2008-08-19 21:08 <DIR> d-------- C:\Program Files\RealPlayer v 11 0 0 372 Plus
2008-08-19 13:57 . 2008-08-19 13:57 <DIR> d---s---- C:\Documents and Settings\sf\UserData
2008-08-18 22:01 . 2008-08-18 22:01 <DIR> d-------- C:\Program Files\Bug Doctor
2008-08-18 21:08 . 2008-08-27 14:43 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-18 20:37 . 2008-08-18 20:37 <DIR> d-------- C:\Documents and Settings\sf\Application Data\FMZilla
2008-08-18 20:35 . 2008-08-18 20:35 <DIR> d-------- C:\Program Files\Free Music Zilla
2008-08-18 20:00 . 2008-08-18 20:00 <DIR> d-------- C:\Documents and Settings\sf\Contacts
2008-08-18 19:59 . 2008-08-18 19:59 <DIR> d-------- C:\Program Files\MSN Messenger
2008-08-18 19:44 . 2008-08-18 19:44 <DIR> d-------- C:\Program Files\IDA
2008-08-18 19:16 . 2008-08-18 19:16 <DIR> d-------- C:\Program Files\Unlocker
2008-08-18 18:08 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-18 17:40 . 2008-08-18 17:40 <DIR> d-------- C:\Documents and Settings\sf\Application Data\Vso
2008-08-18 17:18 . 2008-08-18 17:19 <DIR> d-------- C:\Program Files\Anyplace Control 4
2008-08-18 17:18 . 2008-08-18 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Anyplace Control 4
2008-08-18 17:08 . 2008-08-18 17:08 268 --ah----- C:\sqmdata00.sqm
2008-08-18 17:08 . 2008-08-18 17:08 244 --ah----- C:\sqmnoopt00.sqm
2008-08-18 16:33 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-18 16:22 . 2008-08-18 16:22 <DIR> d-------- C:\Program Files\Windows Live
2008-08-18 16:19 . 2008-08-18 16:19 <DIR> d-------- C:\Program Files\DAP
2008-08-18 16:14 . 2008-08-18 16:14 <DIR> d-------- C:\Downloads
2008-08-18 16:14 . 2008-08-18 16:14 <DIR> d-------- C:\Documents and Settings\sf\Application Data\Internet Download Accelerator
2008-08-18 15:33 . 2008-08-18 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-18 15:13 . 2008-08-18 15:13 <DIR> d-------- C:\WINDOWS\naevius_yt_1
2008-08-18 15:13 . 2008-08-18 15:13 <DIR> d-------- C:\Program Files\Naevius YouTube Converter
2008-08-18 15:13 . 2008-08-18 15:13 <DIR> d-------- C:\naevius_temp_folder
2008-08-18 15:04 . 2008-08-18 15:04 <DIR> d-------- C:\Program Files\QuickWiz
2008-08-18 15:04 . 2008-08-18 15:04 <DIR> d-------- C:\Program Files\Common Files\GuruNet Shared
2008-08-18 15:04 . 2008-08-18 15:04 <DIR> d-------- C:\Program Files\Common Files\Accent Shared
2008-08-18 15:00 . 2008-08-18 15:00 <DIR> d-------- C:\Documents and Settings\sf\WINDOWS
2008-08-18 15:00 . 2000-07-25 23:38 298,496 --a------ C:\WINDOWS\uninst.exe
2008-08-18 15:00 . 2008-08-20 16:47 2,309 --a------ C:\WINDOWS\EasyLingo.MIF
2008-08-18 07:19 . 2008-08-18 07:19 <DIR> d-------- C:\Program Files\Opera
2008-08-18 02:41 . 2001-08-23 08:00 195,618 --a------ C:\WINDOWS\system32\dllcache\c_10002.nls
2008-08-18 02:41 . 2001-08-23 08:00 189,986 --a------ C:\WINDOWS\system32\dllcache\c_1361.nls
2008-08-18 02:41 . 2001-08-23 08:00 177,698 --a------ C:\WINDOWS\system32\dllcache\c_10003.nls
2008-08-18 02:41 . 2001-08-23 08:00 173,602 --a------ C:\WINDOWS\system32\dllcache\c_10008.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,594 --a------ C:\WINDOWS\system32\dllcache\c_857.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_28599.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_28597.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_28595.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10081.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10017.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10007.nls
2008-08-18 02:37 . 2001-08-23 08:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10006.nls
2008-08-18 00:30 . 2008-08-18 00:30 <DIR> d--hs---- C:\Recycled
2008-08-17 23:18 . 2008-08-17 23:18 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 19:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 21:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 21:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 17:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 17:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 10:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 18:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 18:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 18:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 10:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 09:24 104,960 ----a-w C:\WINDOWS\svcadmin.exe
.
كود:
<pre>
----a-w 181,040 2008-08-21 18:19:12 C:\Program Files\Enigma Software Group\SpyHunter\crack .exe
</pre>((((((((((((((((((((((((((((( snapshot_2008-08-27_ 6.51.49.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-17 12:24:00 2,526,800 ----a-w C:\WINDOWS\Install_B4Playing.exe
+ 2007-10-17 11:24:00 2,526,800 ----a-w C:\WINDOWS\Install_B4Playing.exe
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-08-27 10:47:04 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-08-27 03:51:20 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-27 10:26:38 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-27 03:51:20 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-27 10:26:38 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-27 11:43:52 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-08-27 11:43:52 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-08-27 11:43:52 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-08-27 11:43:58 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [2007-10-24 17:09 2191872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [N/A]
"Yahoo! Pager"="C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" [2005-12-09 21:21 3268608]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 14:28 266497]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-27 14:43 185896]
"SystemInit"="" [N/A]
"Karen"="" [N/A]
"raVe"="" [N/A]
"Win32BaseServiceMOD"="" [N/A]
"startIE"="" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"raVe"="" [N/A]
"Driver32"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-08-26 21:11:26 1674432]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"NoFolderOptions"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
2006-07-22 23:49 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK RTL8187 Wireless LAN Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\REALTEK RTL8187 Wireless LAN Driver and Utility\REALTEK RTL8187 Wireless LAN Utility.lnk
backup=C:\WINDOWS\pss\REALTEK RTL8187 Wireless LAN Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^sf^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sf\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2007-01-02 15:46 40960 C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-18 22:29 166424 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 13:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-18 22:29 141848 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 21:32 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-18 22:29 137752 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 21:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 21:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-05-07 09:47 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-01-12 14:36 827392 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 21:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-05-07 14:20]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-05-16 10:19]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-11 12:23]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-06-12 14:59]
R2 Anyplace Control Security;Anyplace Control Security;C:\WINDOWS\svcadmin.exe [2008-06-15 12:24]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 13:22]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-05-07 10:51]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-11 14:20]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 -: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 -: Download with IDA - C:\Program Files\IDA\idaie.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-08-27 15:12:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\system32\userinit.exe,????)?|Y,?|??@???A?????????????7)?|?,?|??@?,????????????????????,?|?*????A????????????|??@???A????????|????A????Q???????!?w??@?k????????????Q??????5C?w????????????????????$W@???????@?0???????0g@???????????@?Y?????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-27 15:13:23
ComboFix-quarantined-files.txt 2008-08-27 12:13:22
ComboFix3.txt 2008-08-23 19:17:20
ComboFix2.txt 2008-08-27 03:52:08
Pre-Run: 20,855,160,832 bytes free
Post-Run: 20,849,377,280 bytes free
327 --- E O F --- 2008-08-23 02:18:03
هذا تقرير الاداه
توقيع : صلاحs
تأييد
0
هذا تقرير الهايجكLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:46 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
E:\دان لود\Removable Disk (G)\صلاح\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
End of file - 6713 bytes
Scan saved at 3:15:46 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Opera\Opera.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
E:\دان لود\Removable Disk (G)\صلاح\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
End of file - 6713 bytes
توقيع : صلاحs
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
اعمل التالي لاهنت
عطل استعادة النظام ثم شغلها مرة اخرى
بعدين ادخل على الوضع الأمن (( سيف مود )) واستخدم هذه الأداة
شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ثم قم بعمل التالي
عطل استعادة النظام ثم شغلها مرة اخرى
بعدين ادخل على الوضع الأمن (( سيف مود )) واستخدم هذه الأداة
شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ثم قم بعمل التالي
حمل اداة الكاسبر من الرابط التالي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم قم بضغط التقرير ورفعه هنا>>>>
ملاحظة :: جميع الخطوات مهمه .. اعملها بالترتيب
بالأنتظار للمطلوب ؟؟
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ملاحظة :: جميع الخطوات مهمه .. اعملها بالترتيب
بالأنتظار للمطلوب ؟؟
توقيع : AbOdy
تأييد
0