خوله
زيزوومى مبدع
غير متصل
- بادئ الموضوع خوله
- تاريخ البدء
- 1,004
حمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
يجب ان تكون جميع النوافذ مغلقة تماما
لا تلمس الماوس نهائيا عند الاستخدام
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
يجب ان تكون جميع النوافذ مغلقة تماما
لا تلمس الماوس نهائيا عند الاستخدام
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
قفليها وسوي اعادة تشغيل وعيدي تشغيل الاداة من جديد
توقيع : فارس الملاك
تأييد
0
خوله
زيزوومى مبدع
غير متصل
هذا الي طلع لي بعد تحديث الادااه للعلم ان اختيار( يس) ماطلع الا مره وحده !!! واعدت التقرير وماطلعت ابدأ:er:
ComboFix 08-10-10.09 - شخصي 10/11/2008 12:06:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.558 [GMT 3:00]
Running from: C:\Documents and Settings\شخصي\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Storm3.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 09:10 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Free Download Manager
2008-10-11 09:10 --------- d-----w C:\Documents and Settings\شخصي\Application Data\DMCache
2008-10-11 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-10-11 09:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-10 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\channels
2008-10-10 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\10015
2008-10-03 17:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-01 23:01 --------- d-----w C:\Program Files\JetAudio
2008-09-29 11:28 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Ahead
2008-09-29 11:16 --------- d-----w C:\Program Files\Google
2008-09-28 03:21 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-26 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-23 09:51 --------- d-----w C:\Program Files\FunPhotor
2008-09-21 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-18 01:09 --------- d-----w C:\Documents and Settings\شخصي\Application Data\IDM
2008-09-17 03:46 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Babylon
2008-09-16 00:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-13 05:07 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Media Player Classic
2008-09-12 21:53 --------- d-----w C:\Program Files\LtUcx
2008-09-12 20:29 --------- d-----w C:\Documents and Settings\شخصي\Application Data\COWON
2008-09-11 20:58 --------- d-----w C:\Program Files\Flash Slideshow Maker Professional
2008-09-11 20:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-10 16:50 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Pointstone
2008-09-10 16:16 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-10 16:16 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-09-10 16:16 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-09-10 16:16 --------- d-----w C:\Program Files\Intel
2008-09-10 16:16 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-09-10 16:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-09-10 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-09-10 16:16 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Intel
2008-09-10 15:04 --------- d-----w C:\Program Files\Broadcom
2008-09-10 14:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-10 14:46 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-10 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-10 14:44 --------- d-----w C:\Program Files\Nero
2008-09-10 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 14:33 --------- d-----w C:\Program Files\WIDCOMM
2008-09-10 14:30 --------- d-----w C:\Program Files\Dell
2008-09-10 14:28 --------- d-----w C:\Program Files\SigmaTel
2008-09-10 14:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-10 14:07 --------- d-----w C:\Program Files\Alwil Software
2008-09-10 14:06 --------- d-----w C:\Program Files\GlobFX Technologies
2008-09-10 14:06 --------- d-----w C:\Program Files\أحكام التجويد
2008-09-10 14:05 155,995 ----a-w C:\WINDOWS\java\Packages\HR3PRNTJ.ZIP
2008-09-10 14:05 --------- d-----w C:\Program Files\Java
2008-09-10 14:01 --------- d-----w C:\Program Files\Windows Live
2008-09-10 14:01 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-10 13:58 --------- d-----w C:\Program Files\Babylon
2008-09-10 13:56 --------- d-----w C:\Program Files\Free Download Manager
2008-09-10 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-10 13:54 --------- d-----w C:\Program Files\Pointstone
2008-09-10 13:54 --------- d-----w C:\Program Files\Common Files\Pointstone
2008-09-10 13:53 835,584 ----a-w C:\WINDOWS\system32\maae.dll
2008-09-10 13:53 729,088 ----a-w C:\WINDOWS\system32\maad.dll
2008-09-10 13:53 450,560 ----a-w C:\WINDOWS\system32\maai.dll
2008-09-10 13:53 335,872 ----a-w C:\WINDOWS\system32\maac.dll
2008-09-10 13:53 315,392 ----a-w C:\WINDOWS\system32\maab.dll
2008-09-10 13:53 311,296 ----a-w C:\WINDOWS\system32\maaf.dll
2008-09-10 13:53 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
2008-09-10 13:53 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-09-10 13:53 1,843,200 ----a-w C:\WINDOWS\system32\maaa.dll
2008-09-10 13:53 1,040,384 ----a-w C:\WINDOWS\system32\maah.dll
2008-09-10 13:53 --------- d-----w C:\Program Files\ArabicSounde
2008-09-10 13:51 --------- d-----w C:\Program Files\Common Files\COWON
2008-09-10 13:51 --------- d-----w C:\Documents and Settings\شخصي\Application Data\InstallShield
2008-09-10 13:42 --------- d-----w C:\Program Files\Microsoft Works
2008-09-10 13:41 --------- d-----w C:\Program Files\MSBuild
2008-09-10 13:41 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-10 13:39 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-09-10 13:25 --------- d-----w C:\Program Files\Foxit Reader
2008-09-10 13:24 --------- d-----w C:\Program Files\Ringz Studio
2008-09-10 13:24 --------- d-----w C:\Program Files\Common Files\Real
2008-09-10 13:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-10 13:21 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-10 12:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.
((((((((((((((((((((((((((((( snapshot@Sat 10-11-2008_11.32.57.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-11 08:15:25 72,590 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2008-10-11 09:05:26 72,590 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-10-11 08:15:25 72,486 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-11 09:05:26 72,486 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-11 08:15:25 379,018 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2008-10-11 09:05:26 379,018 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-10-11 08:15:25 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-11 09:05:26 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-11 09:01:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 11:29 PM 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [02/25/2008 10:17 PM 2465839]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/28/2008 06:26 AM 895672]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [08/16/2007 04:19 PM 5728112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [11/26/2006 09:30 PM 97357]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [09/10/2008 04:59 PM 3032800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 05:38 PM 78008]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/16/2007 04:50 PM 137752]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/16/2007 04:50 PM 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/16/2007 04:50 PM 137752]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/06/2007 05:10 PM 405504]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [09/07/2007 05:49 PM 1236992]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM 153136]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [05/10/2007 01:01 AM 36864]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [03/04/2008 02:46 PM 999424]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [03/04/2008 02:41 PM 1101824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 11:29 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
C:\Documents and Settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-10 113664]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=
R0 ulsata2;ulsata2;C:\WINDOWS\system32\drivers\ulsata2.sys [05/07/2008 07:09 AM 124928]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [07/19/2008 05:35 PM 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [07/19/2008 05:37 PM 20560]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [06/08/2007 01:00 AM 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [10/11/2007 01:03 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [03/05/2007 06:45 PM 7424]
S2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [10/10/2008 04:29 PM 983040]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [06/16/2008 11:31 AM 7808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91615e07-7f45-11dd-b29b-a7ad26be8757}]
\Shell\AutoRun\command - r.bat
\Shell\explore\Command - r.bat
\Shell\open\Command - r.bat
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Sound Pilot - C:\Program Files\Sound Pilot\SndPilot.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O8 -: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: Free Download Manager تحميل الفيديو بواسطة -
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 -: تحميل المحددة بفري داونلود مانيجر -
O8 -: تنزيل الكل بفري داونلود مانيجر -
O8 -: تنزيل بفري داونلود مانيجر -
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://67.198.203.34:1999/talk.cab
C:\WINDOWS\Downloaded Program Files\talk.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\imcv1.dll
C:\Program Files\LtUcx\1003\imcv1.dll
O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.34:1999/ReadUid.CAB
C:\WINDOWS\Downloaded Program Files\ReadUid.INF
C:\WINDOWS\Downloaded Program Files\ReadUid.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-11 12:10:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/11/2008 12:11:54
ComboFix-quarantined-files.txt 2008-10-11 09:11:45
ComboFix2.txt 2008-10-11 08:42:48
ComboFix3.txt 2008-10-11 08:33:31
Pre-Run: 39,264,808,960 bytes free
Post-Run: 39,258,521,600 bytes free
223 --- E O F --- 2008-10-11 05:18:52
وهذا الهايجااك:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:08 م, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\شخصي\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Secunia PSI (RC3).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة -
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر -
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر -
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر -
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
--
End of file - 9201 bytes
ComboFix 08-10-10.09 - شخصي 10/11/2008 12:06:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.558 [GMT 3:00]
Running from: C:\Documents and Settings\شخصي\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Storm3.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 09:10 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Free Download Manager
2008-10-11 09:10 --------- d-----w C:\Documents and Settings\شخصي\Application Data\DMCache
2008-10-11 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-10-11 09:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-10 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\channels
2008-10-10 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\10015
2008-10-03 17:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-01 23:01 --------- d-----w C:\Program Files\JetAudio
2008-09-29 11:28 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Ahead
2008-09-29 11:16 --------- d-----w C:\Program Files\Google
2008-09-28 03:21 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-26 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-23 09:51 --------- d-----w C:\Program Files\FunPhotor
2008-09-21 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-18 01:09 --------- d-----w C:\Documents and Settings\شخصي\Application Data\IDM
2008-09-17 03:46 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Babylon
2008-09-16 00:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-13 05:07 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Media Player Classic
2008-09-12 21:53 --------- d-----w C:\Program Files\LtUcx
2008-09-12 20:29 --------- d-----w C:\Documents and Settings\شخصي\Application Data\COWON
2008-09-11 20:58 --------- d-----w C:\Program Files\Flash Slideshow Maker Professional
2008-09-11 20:53 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-10 16:50 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Pointstone
2008-09-10 16:16 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-09-10 16:16 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-09-10 16:16 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-09-10 16:16 --------- d-----w C:\Program Files\Intel
2008-09-10 16:16 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-09-10 16:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-09-10 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-09-10 16:16 --------- d-----w C:\Documents and Settings\شخصي\Application Data\Intel
2008-09-10 15:04 --------- d-----w C:\Program Files\Broadcom
2008-09-10 14:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-10 14:46 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-10 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-10 14:44 --------- d-----w C:\Program Files\Nero
2008-09-10 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 14:33 --------- d-----w C:\Program Files\WIDCOMM
2008-09-10 14:30 --------- d-----w C:\Program Files\Dell
2008-09-10 14:28 --------- d-----w C:\Program Files\SigmaTel
2008-09-10 14:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-10 14:07 --------- d-----w C:\Program Files\Alwil Software
2008-09-10 14:06 --------- d-----w C:\Program Files\GlobFX Technologies
2008-09-10 14:06 --------- d-----w C:\Program Files\أحكام التجويد
2008-09-10 14:05 155,995 ----a-w C:\WINDOWS\java\Packages\HR3PRNTJ.ZIP
2008-09-10 14:05 --------- d-----w C:\Program Files\Java
2008-09-10 14:01 --------- d-----w C:\Program Files\Windows Live
2008-09-10 14:01 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-10 13:58 --------- d-----w C:\Program Files\Babylon
2008-09-10 13:56 --------- d-----w C:\Program Files\Free Download Manager
2008-09-10 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-10 13:54 --------- d-----w C:\Program Files\Pointstone
2008-09-10 13:54 --------- d-----w C:\Program Files\Common Files\Pointstone
2008-09-10 13:53 835,584 ----a-w C:\WINDOWS\system32\maae.dll
2008-09-10 13:53 729,088 ----a-w C:\WINDOWS\system32\maad.dll
2008-09-10 13:53 450,560 ----a-w C:\WINDOWS\system32\maai.dll
2008-09-10 13:53 335,872 ----a-w C:\WINDOWS\system32\maac.dll
2008-09-10 13:53 315,392 ----a-w C:\WINDOWS\system32\maab.dll
2008-09-10 13:53 311,296 ----a-w C:\WINDOWS\system32\maaf.dll
2008-09-10 13:53 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
2008-09-10 13:53 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-09-10 13:53 1,843,200 ----a-w C:\WINDOWS\system32\maaa.dll
2008-09-10 13:53 1,040,384 ----a-w C:\WINDOWS\system32\maah.dll
2008-09-10 13:53 --------- d-----w C:\Program Files\ArabicSounde
2008-09-10 13:51 --------- d-----w C:\Program Files\Common Files\COWON
2008-09-10 13:51 --------- d-----w C:\Documents and Settings\شخصي\Application Data\InstallShield
2008-09-10 13:42 --------- d-----w C:\Program Files\Microsoft Works
2008-09-10 13:41 --------- d-----w C:\Program Files\MSBuild
2008-09-10 13:41 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-10 13:39 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-09-10 13:25 --------- d-----w C:\Program Files\Foxit Reader
2008-09-10 13:24 --------- d-----w C:\Program Files\Ringz Studio
2008-09-10 13:24 --------- d-----w C:\Program Files\Common Files\Real
2008-09-10 13:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-10 13:21 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-10 12:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.
((((((((((((((((((((((((((((( snapshot@Sat 10-11-2008_11.32.57.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-11 08:15:25 72,590 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2008-10-11 09:05:26 72,590 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-10-11 08:15:25 72,486 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-11 09:05:26 72,486 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-11 08:15:25 379,018 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2008-10-11 09:05:26 379,018 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-10-11 08:15:25 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-11 09:05:26 444,862 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-11 09:01:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 11:29 PM 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [02/25/2008 10:17 PM 2465839]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/28/2008 06:26 AM 895672]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [08/16/2007 04:19 PM 5728112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [11/26/2006 09:30 PM 97357]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [09/10/2008 04:59 PM 3032800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 05:38 PM 78008]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/16/2007 04:50 PM 137752]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/16/2007 04:50 PM 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/16/2007 04:50 PM 137752]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/06/2007 05:10 PM 405504]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [09/07/2007 05:49 PM 1236992]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM 153136]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [05/10/2007 01:01 AM 36864]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [03/04/2008 02:46 PM 999424]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [03/04/2008 02:41 PM 1101824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 11:29 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
C:\Documents and Settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-10 113664]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=
R0 ulsata2;ulsata2;C:\WINDOWS\system32\drivers\ulsata2.sys [05/07/2008 07:09 AM 124928]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [07/19/2008 05:35 PM 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [07/19/2008 05:37 PM 20560]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [06/08/2007 01:00 AM 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [10/11/2007 01:03 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [03/05/2007 06:45 PM 7424]
S2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [10/10/2008 04:29 PM 983040]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [06/16/2008 11:31 AM 7808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91615e07-7f45-11dd-b29b-a7ad26be8757}]
\Shell\AutoRun\command - r.bat
\Shell\explore\Command - r.bat
\Shell\open\Command - r.bat
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Sound Pilot - C:\Program Files\Sound Pilot\SndPilot.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O8 -: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: Free Download Manager تحميل الفيديو بواسطة -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlfvideo.htmO8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 -: تحميل المحددة بفري داونلود مانيجر -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htmO8 -: تنزيل الكل بفري داونلود مانيجر -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htmO8 -: تنزيل بفري داونلود مانيجر -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htmO16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://67.198.203.34:1999/talk.cab
C:\WINDOWS\Downloaded Program Files\talk.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\imcv1.dll
C:\Program Files\LtUcx\1003\imcv1.dll
O16 -: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.34:1999/ReadUid.CAB
C:\WINDOWS\Downloaded Program Files\ReadUid.INF
C:\WINDOWS\Downloaded Program Files\ReadUid.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-11 12:10:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/11/2008 12:11:54
ComboFix-quarantined-files.txt 2008-10-11 09:11:45
ComboFix2.txt 2008-10-11 08:42:48
ComboFix3.txt 2008-10-11 08:33:31
Pre-Run: 39,264,808,960 bytes free
Post-Run: 39,258,521,600 bytes free
223 --- E O F --- 2008-10-11 05:18:52
وهذا الهايجااك:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:08 م, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\شخصي\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIEsBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Secunia PSI (RC3).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htmO8 - Extra context menu item: تنزيل بفري داونلود مانيجر -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htmO9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
--
End of file - 9201 bytes
توقيع : خوله
تأييد
0
احذف هالقيم
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
طريقة الحذف
ثم من اضافة وازالة البرامج احذف التالي
Toolbar: Babylon
Toolbar: &Google
ثم نظف الجهاز
ثم من تشغيل اكتب cleanmgr ستظهر لك نافذة فيهاا القرص c
اضغط موافق ستظهر لك نافذة حط صح في كل المربعات واضغط موافق
انتظر لين تخلص العملية تستغرق ربع ساعة او اكثر حسب الملفات
واعد التشغيل
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
طريقة الحذف
ثم من اضافة وازالة البرامج احذف التالي
Toolbar: Babylon
Toolbar: &Google
ثم نظف الجهاز
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم من تشغيل اكتب cleanmgr ستظهر لك نافذة فيهاا القرص c
اضغط موافق ستظهر لك نافذة حط صح في كل المربعات واضغط موافق
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
انتظر لين تخلص العملية تستغرق ربع ساعة او اكثر حسب الملفات
واعد التشغيل
تأييد
0
انا شاكه من يوم شفت الشخااميط ..المنتصر بإذن الله
زيزوومى مبدع
غير متصل
ممكن أخي منزل برنامج زمش مكمل تحميل
توقيع : المنتصر بإذن الله
تأييد
0