- بادئ الموضوع دكتورة حب
- تاريخ البدء
- 687
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
اعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
اعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : السّاجد لله
تأييد
0
ComboFix 08-10-12.01 - hp 10/14/2008 15:10:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.614 [GMT 3:00]
Running from: C:\Documents and Settings\hp\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 12:18 483,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-14 12:18 3,752 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-14 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-14 12:14 31,948 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-14 12:14 3,816,992 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-28 20:23 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-09-28 20:23 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-09-28 20:23 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2008-09-28 20:23 551,424 ----a-w C:\WINDOWS\system32\agsaame.dll
2008-09-28 20:23 544,256 ----a-w C:\WINDOWS\system32\agsaamd.dll
2008-09-28 20:23 538,624 ----a-w C:\WINDOWS\system32\agsaamb.dll
2008-09-28 20:23 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-09-28 20:23 331,776 ----a-w C:\WINDOWS\system32\agsaama.dll
2008-09-28 20:23 2,846,720 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-09-28 20:22 90,112 ----a-w C:\WINDOWS\system32\ALOAudioFormatSettings3.dll
2008-09-28 20:22 877,568 ----a-w C:\WINDOWS\system32\ALOAudioFile2.dll
2008-09-28 20:22 780,288 ----a-w C:\WINDOWS\system32\ALOVideoCompress.dll
2008-09-28 20:22 778,240 ----a-w C:\WINDOWS\system32\ALOAudioCompress2.dll
2008-09-28 20:22 495,104 ----a-w C:\WINDOWS\system32\ALOVideoCoreM.dll
2008-09-28 20:22 403,968 ----a-w C:\WINDOWS\system32\ALOWMAFile2.dll
2008-09-28 20:22 382,464 ----a-w C:\WINDOWS\system32\ALOAVIFile.dll
2008-09-28 20:22 249,856 ----a-w C:\WINDOWS\system32\ALOQuickTimeFile.dll
2008-09-28 20:22 215,552 ----a-w C:\WINDOWS\system32\ALOWMVFile.dll
2008-09-28 20:22 2,846,720 ----a-w C:\WINDOWS\system32\ALOAudioCompress3.dll
2008-09-28 20:22 188,416 ----a-w C:\WINDOWS\system32\ALOVideoFile.dll
2008-09-28 20:22 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-09-28 19:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-21 02:30 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-21 02:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-21 00:31 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-21 00:17 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-21 00:16 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-17 07:33 45,056 -c--a-w C:\WINDOWS\NCUNINST.EXE
2008-09-11 05:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-10 18:10 --------- d-----w C:\Program Files\QuickTime
2008-09-10 18:09 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-10 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-10 03:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-10 03:13 --------- d-----w C:\Program Files\Circle Developement
2008-09-09 03:58 --------- d-----w C:\Documents and Settings\hp\Application Data\Image Zone Express
2008-09-04 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\live 64 math does
2008-09-04 02:58 --------- d-----w C:\Documents and Settings\hp\Application Data\extra chic
2008-09-04 02:12 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-04 02:12 --------- d-----w C:\Documents and Settings\hp\Application Data\SUPERAntiSpyware.com
2008-09-04 01:33 --------- d-----w C:\Documents and Settings\hp\Application Data\Go-Go Gourmet Chef of the Year
2008-09-04 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-09-04 00:26 --------- d-----w C:\Program Files\bfgclient
2008-08-20 00:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 23:43 --------- d-----w C:\Program Files\Ozone
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-05-23 02:46 0 -c--a-w C:\Program Files\temp01
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/06/2008 11:20 AM 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [09/06/2008 03:09 PM 413696]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 03:00 PM 88203 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 10:19 PM 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 12/07/2005 10:57 PM 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 07/13/2008 04:26 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP
oVoo TCP المنفذ 443
"443:UDP"= 443:UDPoVoo UDP المنفذ 443
"37674:TCP"= 37674:TCPoVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDPoVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDPoVoo UDP المنفذ 37675
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0814159a-26aa-11dd-a708-0013027ef239}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08141682-26aa-11dd-a708-0013027ef239}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac2df174-46fe-11dd-a7ae-0013027ef239}]
\Shell\AutoRun\command - e.com
\Shell\explore\Command - e.com
\Shell\open\Command - e.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d494c30a-2a92-11dd-a728-0013027ef239}]
\Shell\????...\command - QQSPY.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL QQSPY.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeba8e28-4558-11dd-a7a2-0013027ef239}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeba8e2c-4558-11dd-a7a2-0013027ef239}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
s of the 'Scheduled Tasks' folder
2008-09-26 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []
2008-10-14 C:\WINDOWS\Tasks\AA1B82AF91C83BA7.job
- c:\docume~1\hp\applic~1\extrac~1\rectonestupid.exe []
2008-10-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [04/11/2008 05:57 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\s9fdqmqq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-14 15:18:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 10/14/2008 15:23:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 12:23:01
Pre-Run: 37,177,810,944 bytes free
Post-Run: 37,497,610,240 bytes free
213 --- E O F --- 2008-09-11 05:46:25
أخي هذا تقرير الأداه الأولى
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.614 [GMT 3:00]
Running from: C:\Documents and Settings\hp\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 12:18 483,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-14 12:18 3,752 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-14 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-14 12:14 31,948 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-14 12:14 3,816,992 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-28 20:23 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2008-09-28 20:23 753,664 ----a-w C:\WINDOWS\system32\agsaamg.dll
2008-09-28 20:23 626,688 ----a-w C:\WINDOWS\system32\agsaamh.dll
2008-09-28 20:23 551,424 ----a-w C:\WINDOWS\system32\agsaame.dll
2008-09-28 20:23 544,256 ----a-w C:\WINDOWS\system32\agsaamd.dll
2008-09-28 20:23 538,624 ----a-w C:\WINDOWS\system32\agsaamb.dll
2008-09-28 20:23 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2008-09-28 20:23 331,776 ----a-w C:\WINDOWS\system32\agsaama.dll
2008-09-28 20:23 2,846,720 ----a-w C:\WINDOWS\system32\agsaamj.dll
2008-09-28 20:22 90,112 ----a-w C:\WINDOWS\system32\ALOAudioFormatSettings3.dll
2008-09-28 20:22 877,568 ----a-w C:\WINDOWS\system32\ALOAudioFile2.dll
2008-09-28 20:22 780,288 ----a-w C:\WINDOWS\system32\ALOVideoCompress.dll
2008-09-28 20:22 778,240 ----a-w C:\WINDOWS\system32\ALOAudioCompress2.dll
2008-09-28 20:22 495,104 ----a-w C:\WINDOWS\system32\ALOVideoCoreM.dll
2008-09-28 20:22 403,968 ----a-w C:\WINDOWS\system32\ALOWMAFile2.dll
2008-09-28 20:22 382,464 ----a-w C:\WINDOWS\system32\ALOAVIFile.dll
2008-09-28 20:22 249,856 ----a-w C:\WINDOWS\system32\ALOQuickTimeFile.dll
2008-09-28 20:22 215,552 ----a-w C:\WINDOWS\system32\ALOWMVFile.dll
2008-09-28 20:22 2,846,720 ----a-w C:\WINDOWS\system32\ALOAudioCompress3.dll
2008-09-28 20:22 188,416 ----a-w C:\WINDOWS\system32\ALOVideoFile.dll
2008-09-28 20:22 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
2008-09-28 19:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-21 02:30 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-09-21 02:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-21 00:31 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-21 00:17 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-21 00:16 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-17 07:33 45,056 -c--a-w C:\WINDOWS\NCUNINST.EXE
2008-09-11 05:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-10 18:10 --------- d-----w C:\Program Files\QuickTime
2008-09-10 18:09 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-10 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-10 03:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-10 03:13 --------- d-----w C:\Program Files\Circle Developement
2008-09-09 03:58 --------- d-----w C:\Documents and Settings\hp\Application Data\Image Zone Express
2008-09-04 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\live 64 math does
2008-09-04 02:58 --------- d-----w C:\Documents and Settings\hp\Application Data\extra chic
2008-09-04 02:12 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-04 02:12 --------- d-----w C:\Documents and Settings\hp\Application Data\SUPERAntiSpyware.com
2008-09-04 01:33 --------- d-----w C:\Documents and Settings\hp\Application Data\Go-Go Gourmet Chef of the Year
2008-09-04 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-09-04 00:26 --------- d-----w C:\Program Files\bfgclient
2008-08-20 00:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 23:43 --------- d-----w C:\Program Files\Ozone
2008-07-29 17:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-05-23 02:46 0 -c--a-w C:\Program Files\temp01
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/06/2008 11:20 AM 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [09/06/2008 03:09 PM 413696]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 03:00 PM 88203 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 10:19 PM 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 12/07/2005 10:57 PM 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 07/13/2008 04:26 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP
oVoo TCP المنفذ 443"443:UDP"= 443:UDP
oVoo UDP المنفذ 443"37674:TCP"= 37674:TCP
oVoo TCP المنفذ 37674"37674:UDP"= 37674:UDP
oVoo UDP المنفذ 37674"37675:UDP"= 37675:UDP
oVoo UDP المنفذ 37675R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0814159a-26aa-11dd-a708-0013027ef239}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08141682-26aa-11dd-a708-0013027ef239}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac2df174-46fe-11dd-a7ae-0013027ef239}]
\Shell\AutoRun\command - e.com
\Shell\explore\Command - e.com
\Shell\open\Command - e.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d494c30a-2a92-11dd-a728-0013027ef239}]
\Shell\????...\command - QQSPY.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL QQSPY.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeba8e28-4558-11dd-a7a2-0013027ef239}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeba8e2c-4558-11dd-a7a2-0013027ef239}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
s of the 'Scheduled Tasks' folder
2008-09-26 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []
2008-10-14 C:\WINDOWS\Tasks\AA1B82AF91C83BA7.job
- c:\docume~1\hp\applic~1\extrac~1\rectonestupid.exe []
2008-10-08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [04/11/2008 05:57 PM]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\s9fdqmqq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US
fficialFF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-14 15:18:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 10/14/2008 15:23:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 12:23:01
Pre-Run: 37,177,810,944 bytes free
Post-Run: 37,497,610,240 bytes free
213 --- E O F --- 2008-09-11 05:46:25
أخي هذا تقرير الأداه الأولى
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:26:43 م, on 14/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\hp\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6624 bytes
وهذا تقرير الهايجاك
Scan saved at 03:26:43 م, on 14/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\hp\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6624 bytes
وهذا تقرير الهايجاك
تأييد
0
التقارير سليمة الحين فقط نظف الجهاز
ثم من تشغيل اكتب cleanmgr ستظهر لك نافذة فيهاا القرص c
اضغط موافق ستظهر لك نافذة حط صح في كل المربعات واضغط موافق
انتظر لين تخلص العملية تستغرق ربع ساعة او اكثر حسب الملفات
بعدهاا نزل هالبرنامج
بعد تثبيت البرنامج اختر full scan بعد ما يخلص اختر fix
اعد التشغيل
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
ثم من تشغيل اكتب cleanmgr ستظهر لك نافذة فيهاا القرص c
اضغط موافق ستظهر لك نافذة حط صح في كل المربعات واضغط موافق
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
انتظر لين تخلص العملية تستغرق ربع ساعة او اكثر حسب الملفات
بعدهاا نزل هالبرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد تثبيت البرنامج اختر full scan بعد ما يخلص اختر fix
اعد التشغيل
تأييد
0
الديبلوماسي
زيزوومى فضى
غير متصل
السلام عليكم ..
يادكتورة : أغلب الظن انك تطفين الجهاز يدوي ..
عشان كذا هو يفحص الدي او السي ..
على العموم خله يفحص ويغلق الفحص ويصير المره الجايه
يكون الدخول على طول ..
وجهة نظر .. لا غير .
يادكتورة : أغلب الظن انك تطفين الجهاز يدوي ..
عشان كذا هو يفحص الدي او السي ..
على العموم خله يفحص ويغلق الفحص ويصير المره الجايه
يكون الدخول على طول ..
وجهة نظر .. لا غير .
توقيع : الديبلوماسي
تأييد
0