- بادئ الموضوع modhish2
- تاريخ البدء
- 1,113
MA222
زيزوومى مبدع
- إنضم
- 19 أغسطس 2007
- المشاركات
- 1,605
- مستوى التفاعل
- 48
- النقاط
- 680
- الإقامة
- زيزوووم للأمن والحماية
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
هلا اخوي
ممكن ترفع صورة للمشكلة
وايظاً جرب هذا شوف هذا الموضوع
ممكن ترفع صورة للمشكلة
وايظاً جرب هذا شوف هذا الموضوع
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : MA222
تأييد
0
MA222
زيزوومى مبدع
- إنضم
- 19 أغسطس 2007
- المشاركات
- 1,605
- مستوى التفاعل
- 48
- النقاط
- 680
- الإقامة
- زيزوووم للأمن والحماية
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
هلا فيك اخوي
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : MA222
تأييد
0
ابـــو عــبــد الــلــه
زيزوومى فضى
- إنضم
- 31 ديسمبر 2007
- المشاركات
- 6,175
- مستوى التفاعل
- 65
- النقاط
- 840
- الإقامة
- لا إله إلا الله محمد رسول الله
غير متصل
بعد اذن ... ma222
اخوي اعمل نسخ والصق اللى في المفكرتين في ردك القادم.
اخوي اعمل نسخ والصق اللى في المفكرتين في ردك القادم.
توقيع : ابـــو عــبــد الــلــه
تأييد
0
السّاجد لله
زيزوومى فضى
- إنضم
- 15 مايو 2008
- المشاركات
- 6,854
- مستوى التفاعل
- 108
- النقاط
- 850
- الإقامة
- بغداد انتي في دمي
- الموقع الالكتروني
- www.tvquran.com
غير متصل
اخي الهايجاك ميحتاج اي خلفية فقط اعمل التالي
حمل البرنامج من هنا
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
والكلام اعلاه واضح وننتظر تقريرك
حمل البرنامج من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
والكلام اعلاه واضح وننتظر تقريرك
توقيع : السّاجد لله
تأييد
0
ابـــو عــبــد الــلــه
زيزوومى فضى
- إنضم
- 31 ديسمبر 2007
- المشاركات
- 6,175
- مستوى التفاعل
- 65
- النقاط
- 840
- الإقامة
- لا إله إلا الله محمد رسول الله
غير متصل
شرح استخدام اداة الهايجاك
بعد التحميل الهايجاك نقوم بتشغيلها بدبل كلك
فتخرج مفكرة تحتوي على التقرير المطلوب
بعد تحديد التقرير نقوم بنسخه
ثم نقوم بعملية اللصق
توقيع : ابـــو عــبــد الــلــه
تأييد
0
MA222
زيزوومى مبدع
- إنضم
- 19 أغسطس 2007
- المشاركات
- 1,605
- مستوى التفاعل
- 48
- النقاط
- 680
- الإقامة
- زيزوووم للأمن والحماية
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
تأييد
0
ComboFix 08-10-21.03 - adel 2008-10-22 14:26:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.696 [GMT 3:00]
Running from: C:\Documents and Settings\adel\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\adel\Application Data\tazebama
C:\zPharaoh.exe
D:\Autorun.inf
D:\zPharaoh.exe
G:\Autorun.inf
G:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-22 03:00 . 2008-10-22 03:00 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-21 18:29 . 2008-10-21 18:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-18 23:03 . 2008-10-18 23:03 <DIR> d-------- C:\Program Files\Common Files\HP
2008-10-18 22:12 . 2004-01-05 10:30 38,867 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-10-18 22:12 . 2008-10-18 22:40 29,090 --------- C:\WINDOWS\hpoins03.dat.temp
2008-10-18 01:16 . 2008-10-22 01:01 32,768 --a------ C:\Documents and Settings\tazebama.dll
2008-10-18 00:49 . 2008-10-21 00:38 126 --a------ C:\1.taz
2008-10-17 21:21 . 2008-10-17 21:21 <DIR> d-------- C:\Program Files\GetData
2008-10-17 21:20 . 2008-10-17 21:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-17 18:47 . 2008-10-17 18:47 <DIR> d-------- C:\Documents and Settings\tazebama.dl_
2008-10-17 18:47 . 2008-10-17 18:47 <DIR> d-------- C:\Documents and Settings\hook.dl_
2008-10-17 00:43 . 2008-10-17 00:43 <DIR> d-------- C:\Program Files\SplitCam
2008-10-16 02:06 . 2004-01-05 10:30 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-10-16 02:06 . 2004-01-05 10:30 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-16 02:05 . 2004-01-05 10:30 21,488 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-16 02:05 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-16 02:05 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-16 01:56 . 2008-10-16 01:56 <DIR> d-------- C:\Program Files\AskSearch
2008-10-16 01:56 . 2008-10-16 01:56 <DIR> d-------- C:\Program Files\AskBarDis
2008-10-16 01:50 . 2008-10-16 01:50 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-10-16 01:50 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-10-16 01:50 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-10-16 01:50 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-10-16 01:50 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-10-16 01:46 . 2008-10-16 01:46 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-10-16 01:44 . 2008-10-18 23:04 <DIR> d-------- C:\Program Files\HP
2008-10-16 01:43 . 2004-01-05 10:30 38,867 --------- C:\WINDOWS\hpomdl03.dat
2008-10-16 01:43 . 2008-10-18 23:07 29,134 --a------ C:\WINDOWS\hpoins03.dat
2008-10-16 01:37 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-16 01:37 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-16 01:36 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-16 01:36 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-15 20:39 . 2008-10-15 20:39 <DIR> d-------- C:\Program Files\Hotspot Shield
2008-10-15 14:15 . 2008-10-15 14:15 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Convivea
2008-10-14 18:45 . 2008-10-14 18:45 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Media Player Classic
2008-10-14 18:06 . 2008-10-22 14:23 <DIR> d-------- C:\Documents and Settings\adel\Application Data\uTorrent
2008-10-14 18:01 . 2008-10-14 18:01 <DIR> d-------- C:\Documents and Settings\adel\Application Data\CyberLink
2008-10-14 17:44 . 2008-10-16 01:52 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Paltalk
2008-10-14 17:21 . 2008-10-14 17:21 <DIR> d-------- C:\Documents and Settings\adel\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 19:12 --------- d-----w C:\Program Files\Paltalk Messenger
2008-10-17 16:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-10-17 16:09 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-10-16 21:43 13,824 ----a-w C:\WINDOWS\system32\drivers\splitcam.sys
2008-10-15 11:15 --------- d-----w C:\Program Files\Bit Che
2008-10-14 16:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-14 16:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-14 16:38 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-14 16:38 --------- d-----w C:\Program Files\Common Files\Real
2008-10-14 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 15:07 --------- d-----w C:\Program Files\FairStars Audio Converter
2008-10-14 15:06 --------- d-----w C:\Program Files\uTorrent
2008-10-14 15:04 155,995 ----a-w C:\WINDOWS\java\Packages\XZH7Z335.ZIP
2008-10-14 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-14 14:59 --------- d-----w C:\Program Files\CyberLink
2008-10-14 14:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-14 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-14 14:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-14 14:52 --------- d-----w C:\Program Files\Luxor 2
2008-10-14 14:52 --------- d-----w C:\Program Files\BFG
2008-10-14 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-10-14 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-14 14:49 --------- d-----w C:\Program Files\Real
2008-10-14 14:48 --------- d-----w C:\Program Files\MSN Messenger
2008-10-14 14:44 172,032 ------w C:\WINDOWS\Setup1.exe
2008-10-14 14:44 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-10-14 14:43 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-14 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-14 14:35 --------- d-----w C:\Program Files\MSBuild
2008-10-14 14:35 --------- d-----w C:\Program Files\Microsoft Works
2008-10-14 14:21 --------- d-----w C:\Program Files\Realtek
2008-10-14 14:19 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-14 14:15 --------- d-----w C:\Program Files\Yahoo!
2008-10-14 14:15 --------- d-----w C:\Program Files\Intel
2008-10-14 13:54 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2008-10-17 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-10-17 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-14 185872]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\adel\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 08:24:54 ê 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 05:19:24 ­ 237568]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [11/09/2008 12:40:43 ­ 11713536]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [14/10/2008 05:50:44 ê 389120]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 27136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dc95c49-9bcf-11dd-beb4-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b78c945-99f8-11dd-bea4-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a173242e-9b29-11dd-beb1-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a173242f-9b29-11dd-beb1-001167558f69}]
\Shell\AutoRun\command - H:\zPharaoh.exe
\Shell\explore\command - H:\zPharaoh.exe
\Shell\open\command - H:\zPharaoh.exe
*Newly Created Service* - BITS
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-zyz1 - c:\zyz_auto_killer\run2.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.222z.net/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-22 14:31:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-22 14:32:25
ComboFix-quarantined-files.txt 2008-10-22 11:31:55
Pre-Run: 4,614,574,080 bytes free
Post-Run: 5,476,012,032 bytes free
196 --- E O F --- 2008-10-22 00:00:30
ComboFix 08-10-21.03 - adel 2008-10-22 14:26:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.696 [GMT 3:00]
Running from: C:\Documents and Settings\adel\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\adel\Application Data\tazebama
C:\zPharaoh.exe
D:\Autorun.inf
D:\zPharaoh.exe
G:\Autorun.inf
G:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-22 03:00 . 2008-10-22 03:00 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-21 18:29 . 2008-10-21 18:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-18 23:03 . 2008-10-18 23:03 <DIR> d-------- C:\Program Files\Common Files\HP
2008-10-18 22:12 . 2004-01-05 10:30 38,867 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-10-18 22:12 . 2008-10-18 22:40 29,090 --------- C:\WINDOWS\hpoins03.dat.temp
2008-10-18 01:16 . 2008-10-22 01:01 32,768 --a------ C:\Documents and Settings\tazebama.dll
2008-10-18 00:49 . 2008-10-21 00:38 126 --a------ C:\1.taz
2008-10-17 21:21 . 2008-10-17 21:21 <DIR> d-------- C:\Program Files\GetData
2008-10-17 21:20 . 2008-10-17 21:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-17 18:47 . 2008-10-17 18:47 <DIR> d-------- C:\Documents and Settings\tazebama.dl_
2008-10-17 18:47 . 2008-10-17 18:47 <DIR> d-------- C:\Documents and Settings\hook.dl_
2008-10-17 00:43 . 2008-10-17 00:43 <DIR> d-------- C:\Program Files\SplitCam
2008-10-16 02:06 . 2004-01-05 10:30 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-10-16 02:06 . 2004-01-05 10:30 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-16 02:05 . 2004-01-05 10:30 21,488 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-16 02:05 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-16 02:05 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-16 01:56 . 2008-10-16 01:56 <DIR> d-------- C:\Program Files\AskSearch
2008-10-16 01:56 . 2008-10-16 01:56 <DIR> d-------- C:\Program Files\AskBarDis
2008-10-16 01:50 . 2008-10-16 01:50 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-10-16 01:50 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-10-16 01:50 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-10-16 01:50 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-10-16 01:50 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-10-16 01:46 . 2008-10-16 01:46 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-10-16 01:44 . 2008-10-18 23:04 <DIR> d-------- C:\Program Files\HP
2008-10-16 01:43 . 2004-01-05 10:30 38,867 --------- C:\WINDOWS\hpomdl03.dat
2008-10-16 01:43 . 2008-10-18 23:07 29,134 --a------ C:\WINDOWS\hpoins03.dat
2008-10-16 01:37 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-16 01:37 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-16 01:36 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-16 01:36 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-15 20:39 . 2008-10-15 20:39 <DIR> d-------- C:\Program Files\Hotspot Shield
2008-10-15 14:15 . 2008-10-15 14:15 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Convivea
2008-10-14 18:45 . 2008-10-14 18:45 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Media Player Classic
2008-10-14 18:06 . 2008-10-22 14:23 <DIR> d-------- C:\Documents and Settings\adel\Application Data\uTorrent
2008-10-14 18:01 . 2008-10-14 18:01 <DIR> d-------- C:\Documents and Settings\adel\Application Data\CyberLink
2008-10-14 17:44 . 2008-10-16 01:52 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Paltalk
2008-10-14 17:21 . 2008-10-14 17:21 <DIR> d-------- C:\Documents and Settings\adel\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 19:12 --------- d-----w C:\Program Files\Paltalk Messenger
2008-10-17 16:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-10-17 16:09 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-10-16 21:43 13,824 ----a-w C:\WINDOWS\system32\drivers\splitcam.sys
2008-10-15 11:15 --------- d-----w C:\Program Files\Bit Che
2008-10-14 16:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-14 16:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-14 16:38 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-14 16:38 --------- d-----w C:\Program Files\Common Files\Real
2008-10-14 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 15:07 --------- d-----w C:\Program Files\FairStars Audio Converter
2008-10-14 15:06 --------- d-----w C:\Program Files\uTorrent
2008-10-14 15:04 155,995 ----a-w C:\WINDOWS\java\Packages\XZH7Z335.ZIP
2008-10-14 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-14 14:59 --------- d-----w C:\Program Files\CyberLink
2008-10-14 14:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-14 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-14 14:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-14 14:52 --------- d-----w C:\Program Files\Luxor 2
2008-10-14 14:52 --------- d-----w C:\Program Files\BFG
2008-10-14 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-10-14 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-14 14:49 --------- d-----w C:\Program Files\Real
2008-10-14 14:48 --------- d-----w C:\Program Files\MSN Messenger
2008-10-14 14:44 172,032 ------w C:\WINDOWS\Setup1.exe
2008-10-14 14:44 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-10-14 14:43 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-14 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-14 14:35 --------- d-----w C:\Program Files\MSBuild
2008-10-14 14:35 --------- d-----w C:\Program Files\Microsoft Works
2008-10-14 14:21 --------- d-----w C:\Program Files\Realtek
2008-10-14 14:19 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-14 14:15 --------- d-----w C:\Program Files\Yahoo!
2008-10-14 14:15 --------- d-----w C:\Program Files\Intel
2008-10-14 13:54 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2008-10-17 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-10-17 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-14 185872]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\adel\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 08:24:54 ê 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 05:19:24 ­ 237568]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [11/09/2008 12:40:43 ­ 11713536]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [14/10/2008 05:50:44 ê 389120]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 27136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dc95c49-9bcf-11dd-beb4-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b78c945-99f8-11dd-bea4-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a173242e-9b29-11dd-beb1-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a173242f-9b29-11dd-beb1-001167558f69}]
\Shell\AutoRun\command - H:\zPharaoh.exe
\Shell\explore\command - H:\zPharaoh.exe
\Shell\open\command - H:\zPharaoh.exe
*Newly Created Service* - BITS
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-zyz1 - c:\zyz_auto_killer\run2.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.222z.net/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-22 14:31:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-22 14:32:25
ComboFix-quarantined-files.txt 2008-10-22 11:31:55
Pre-Run: 4,614,574,080 bytes free
Post-Run: 5,476,012,032 bytes free
196 --- E O F --- 2008-10-22 00:00:30
وشاكر لك ابو ريما وكذلك ma222
وهذا التقرير حسب تو جيهاتكم نفع الله بكم
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.696 [GMT 3:00]
Running from: C:\Documents and Settings\adel\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\adel\Application Data\tazebama
C:\zPharaoh.exe
D:\Autorun.inf
D:\zPharaoh.exe
G:\Autorun.inf
G:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-22 03:00 . 2008-10-22 03:00 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-21 18:29 . 2008-10-21 18:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-18 23:03 . 2008-10-18 23:03 <DIR> d-------- C:\Program Files\Common Files\HP
2008-10-18 22:12 . 2004-01-05 10:30 38,867 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-10-18 22:12 . 2008-10-18 22:40 29,090 --------- C:\WINDOWS\hpoins03.dat.temp
2008-10-18 01:16 . 2008-10-22 01:01 32,768 --a------ C:\Documents and Settings\tazebama.dll
2008-10-18 00:49 . 2008-10-21 00:38 126 --a------ C:\1.taz
2008-10-17 21:21 . 2008-10-17 21:21 <DIR> d-------- C:\Program Files\GetData
2008-10-17 21:20 . 2008-10-17 21:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-17 18:47 . 2008-10-17 18:47 <DIR> d-------- C:\Documents and Settings\tazebama.dl_
2008-10-17 18:47 . 2008-10-17 18:47 <DIR> d-------- C:\Documents and Settings\hook.dl_
2008-10-17 00:43 . 2008-10-17 00:43 <DIR> d-------- C:\Program Files\SplitCam
2008-10-16 02:06 . 2004-01-05 10:30 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-10-16 02:06 . 2004-01-05 10:30 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-16 02:05 . 2004-01-05 10:30 21,488 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-16 02:05 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-16 02:05 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-16 01:56 . 2008-10-16 01:56 <DIR> d-------- C:\Program Files\AskSearch
2008-10-16 01:56 . 2008-10-16 01:56 <DIR> d-------- C:\Program Files\AskBarDis
2008-10-16 01:50 . 2008-10-16 01:50 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-10-16 01:50 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-10-16 01:50 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-10-16 01:50 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-10-16 01:50 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-10-16 01:46 . 2008-10-16 01:46 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-10-16 01:44 . 2008-10-18 23:04 <DIR> d-------- C:\Program Files\HP
2008-10-16 01:43 . 2004-01-05 10:30 38,867 --------- C:\WINDOWS\hpomdl03.dat
2008-10-16 01:43 . 2008-10-18 23:07 29,134 --a------ C:\WINDOWS\hpoins03.dat
2008-10-16 01:37 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-16 01:37 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-16 01:36 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-16 01:36 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-15 20:39 . 2008-10-15 20:39 <DIR> d-------- C:\Program Files\Hotspot Shield
2008-10-15 14:15 . 2008-10-15 14:15 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Convivea
2008-10-14 18:45 . 2008-10-14 18:45 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Media Player Classic
2008-10-14 18:06 . 2008-10-22 14:23 <DIR> d-------- C:\Documents and Settings\adel\Application Data\uTorrent
2008-10-14 18:01 . 2008-10-14 18:01 <DIR> d-------- C:\Documents and Settings\adel\Application Data\CyberLink
2008-10-14 17:44 . 2008-10-16 01:52 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Paltalk
2008-10-14 17:21 . 2008-10-14 17:21 <DIR> d-------- C:\Documents and Settings\adel\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 19:12 --------- d-----w C:\Program Files\Paltalk Messenger
2008-10-17 16:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-10-17 16:09 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-10-16 21:43 13,824 ----a-w C:\WINDOWS\system32\drivers\splitcam.sys
2008-10-15 11:15 --------- d-----w C:\Program Files\Bit Che
2008-10-14 16:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-14 16:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-14 16:38 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-14 16:38 --------- d-----w C:\Program Files\Common Files\Real
2008-10-14 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 15:07 --------- d-----w C:\Program Files\FairStars Audio Converter
2008-10-14 15:06 --------- d-----w C:\Program Files\uTorrent
2008-10-14 15:04 155,995 ----a-w C:\WINDOWS\java\Packages\XZH7Z335.ZIP
2008-10-14 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-14 14:59 --------- d-----w C:\Program Files\CyberLink
2008-10-14 14:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-14 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-14 14:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-14 14:52 --------- d-----w C:\Program Files\Luxor 2
2008-10-14 14:52 --------- d-----w C:\Program Files\BFG
2008-10-14 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-10-14 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-14 14:49 --------- d-----w C:\Program Files\Real
2008-10-14 14:48 --------- d-----w C:\Program Files\MSN Messenger
2008-10-14 14:44 172,032 ------w C:\WINDOWS\Setup1.exe
2008-10-14 14:44 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-10-14 14:43 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-14 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-14 14:35 --------- d-----w C:\Program Files\MSBuild
2008-10-14 14:35 --------- d-----w C:\Program Files\Microsoft Works
2008-10-14 14:21 --------- d-----w C:\Program Files\Realtek
2008-10-14 14:19 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-14 14:15 --------- d-----w C:\Program Files\Yahoo!
2008-10-14 14:15 --------- d-----w C:\Program Files\Intel
2008-10-14 13:54 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2008-10-17 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-10-17 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-14 185872]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\adel\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 08:24:54 ê 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 05:19:24 ­ 237568]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [11/09/2008 12:40:43 ­ 11713536]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [14/10/2008 05:50:44 ê 389120]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 27136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dc95c49-9bcf-11dd-beb4-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b78c945-99f8-11dd-bea4-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a173242e-9b29-11dd-beb1-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a173242f-9b29-11dd-beb1-001167558f69}]
\Shell\AutoRun\command - H:\zPharaoh.exe
\Shell\explore\command - H:\zPharaoh.exe
\Shell\open\command - H:\zPharaoh.exe
*Newly Created Service* - BITS
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-zyz1 - c:\zyz_auto_killer\run2.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.222z.net/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-22 14:31:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-22 14:32:25
ComboFix-quarantined-files.txt 2008-10-22 11:31:55
Pre-Run: 4,614,574,080 bytes free
Post-Run: 5,476,012,032 bytes free
196 --- E O F --- 2008-10-22 00:00:30
ComboFix 08-10-21.03 - adel 2008-10-22 14:26:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.696 [GMT 3:00]
Running from: C:\Documents and Settings\adel\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\adel\Application Data\tazebama
C:\zPharaoh.exe
D:\Autorun.inf
D:\zPharaoh.exe
G:\Autorun.inf
G:\zPharaoh.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
2008-10-22 03:00 . 2008-10-22 03:00 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-21 18:29 . 2008-10-21 18:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-18 23:03 . 2008-10-18 23:03 <DIR> d-------- C:\Program Files\Common Files\HP
2008-10-18 22:12 . 2004-01-05 10:30 38,867 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-10-18 22:12 . 2008-10-18 22:40 29,090 --------- C:\WINDOWS\hpoins03.dat.temp
2008-10-18 01:16 . 2008-10-22 01:01 32,768 --a------ C:\Documents and Settings\tazebama.dll
2008-10-18 00:49 . 2008-10-21 00:38 126 --a------ C:\1.taz
2008-10-17 21:21 . 2008-10-17 21:21 <DIR> d-------- C:\Program Files\GetData
2008-10-17 21:20 . 2008-10-17 21:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-17 18:47 . 2008-10-17 18:47 <DIR> d-------- C:\Documents and Settings\tazebama.dl_
2008-10-17 18:47 . 2008-10-17 18:47 <DIR> d-------- C:\Documents and Settings\hook.dl_
2008-10-17 00:43 . 2008-10-17 00:43 <DIR> d-------- C:\Program Files\SplitCam
2008-10-16 02:06 . 2004-01-05 10:30 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-10-16 02:06 . 2004-01-05 10:30 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-16 02:05 . 2004-01-05 10:30 21,488 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-16 02:05 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-16 02:05 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-16 01:56 . 2008-10-16 01:56 <DIR> d-------- C:\Program Files\AskSearch
2008-10-16 01:56 . 2008-10-16 01:56 <DIR> d-------- C:\Program Files\AskBarDis
2008-10-16 01:50 . 2008-10-16 01:50 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-10-16 01:50 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-10-16 01:50 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-10-16 01:50 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-10-16 01:50 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-10-16 01:46 . 2008-10-16 01:46 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-10-16 01:44 . 2008-10-18 23:04 <DIR> d-------- C:\Program Files\HP
2008-10-16 01:43 . 2004-01-05 10:30 38,867 --------- C:\WINDOWS\hpomdl03.dat
2008-10-16 01:43 . 2008-10-18 23:07 29,134 --a------ C:\WINDOWS\hpoins03.dat
2008-10-16 01:37 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-16 01:37 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-16 01:36 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-16 01:36 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-10-15 20:39 . 2008-10-15 20:39 <DIR> d-------- C:\Program Files\Hotspot Shield
2008-10-15 14:15 . 2008-10-15 14:15 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Convivea
2008-10-14 18:45 . 2008-10-14 18:45 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Media Player Classic
2008-10-14 18:06 . 2008-10-22 14:23 <DIR> d-------- C:\Documents and Settings\adel\Application Data\uTorrent
2008-10-14 18:01 . 2008-10-14 18:01 <DIR> d-------- C:\Documents and Settings\adel\Application Data\CyberLink
2008-10-14 17:44 . 2008-10-16 01:52 <DIR> d-------- C:\Documents and Settings\adel\Application Data\Paltalk
2008-10-14 17:21 . 2008-10-14 17:21 <DIR> d-------- C:\Documents and Settings\adel\Application Data\InstallShield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 19:12 --------- d-----w C:\Program Files\Paltalk Messenger
2008-10-17 16:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-10-17 16:09 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-10-16 21:43 13,824 ----a-w C:\WINDOWS\system32\drivers\splitcam.sys
2008-10-15 11:15 --------- d-----w C:\Program Files\Bit Che
2008-10-14 16:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-10-14 16:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-14 16:38 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-14 16:38 --------- d-----w C:\Program Files\Common Files\Real
2008-10-14 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 15:07 --------- d-----w C:\Program Files\FairStars Audio Converter
2008-10-14 15:06 --------- d-----w C:\Program Files\uTorrent
2008-10-14 15:04 155,995 ----a-w C:\WINDOWS\java\Packages\XZH7Z335.ZIP
2008-10-14 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-14 14:59 --------- d-----w C:\Program Files\CyberLink
2008-10-14 14:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-14 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-14 14:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-14 14:52 --------- d-----w C:\Program Files\Luxor 2
2008-10-14 14:52 --------- d-----w C:\Program Files\BFG
2008-10-14 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-10-14 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-14 14:49 --------- d-----w C:\Program Files\Real
2008-10-14 14:48 --------- d-----w C:\Program Files\MSN Messenger
2008-10-14 14:44 172,032 ------w C:\WINDOWS\Setup1.exe
2008-10-14 14:44 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-10-14 14:43 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-10-14 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-14 14:35 --------- d-----w C:\Program Files\MSBuild
2008-10-14 14:35 --------- d-----w C:\Program Files\Microsoft Works
2008-10-14 14:21 --------- d-----w C:\Program Files\Realtek
2008-10-14 14:19 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-14 14:15 --------- d-----w C:\Program Files\Yahoo!
2008-10-14 14:15 --------- d-----w C:\Program Files\Intel
2008-10-14 13:54 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2008-10-17 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2008-10-17 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-14 185872]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\adel\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 08:24:54 ê 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [16/09/2003 05:19:24 ­ 237568]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [11/09/2008 12:40:43 ­ 11713536]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [14/10/2008 05:50:44 ê 389120]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 27136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dc95c49-9bcf-11dd-beb4-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b78c945-99f8-11dd-bea4-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a173242e-9b29-11dd-beb1-001167558f69}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a173242f-9b29-11dd-beb1-001167558f69}]
\Shell\AutoRun\command - H:\zPharaoh.exe
\Shell\explore\command - H:\zPharaoh.exe
\Shell\open\command - H:\zPharaoh.exe
*Newly Created Service* - BITS
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-zyz1 - c:\zyz_auto_killer\run2.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.222z.net/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-22 14:31:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-22 14:32:25
ComboFix-quarantined-files.txt 2008-10-22 11:31:55
Pre-Run: 4,614,574,080 bytes free
Post-Run: 5,476,012,032 bytes free
196 --- E O F --- 2008-10-22 00:00:30
وشاكر لك ابو ريما وكذلك ma222
وهذا التقرير حسب تو جيهاتكم نفع الله بكم
تأييد
0
MA222
زيزوومى مبدع
- إنضم
- 19 أغسطس 2007
- المشاركات
- 1,605
- مستوى التفاعل
- 48
- النقاط
- 680
- الإقامة
- زيزوووم للأمن والحماية
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:22 AM, on 10/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\adel\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5405 bytes
هذا التقرير الي حصلت عليه من التدقيق من ابو ريما التقرير الاول للبرنامج الاول وهذا التقرير للبرنامج الثاني Zyzoom_HijackThis
Scan saved at 2:49:22 AM, on 10/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\adel\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5405 bytes
هذا التقرير الي حصلت عليه من التدقيق من ابو ريما التقرير الاول للبرنامج الاول وهذا التقرير للبرنامج الثاني Zyzoom_HijackThis
تأييد
0
MA222
زيزوومى مبدع
- إنضم
- 19 أغسطس 2007
- المشاركات
- 1,605
- مستوى التفاعل
- 48
- النقاط
- 680
- الإقامة
- زيزوووم للأمن والحماية
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
احذف القيم التالية:-
C:\Documents and Settings\adel\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
طريقة الحذف
.png)
.png)
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar ) تماما لأنهآ تسبب لجهآزك مشآكل أنت في غنى عنهآ
ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
C:\Documents and Settings\adel\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar ) تماما لأنهآ تسبب لجهآزك مشآكل أنت في غنى عنهآ
ثم حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,
رابط تحميل آخر تحديث للاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور
نزل هالاداة لتنظيف الجهاز
وارفع تقرير مرة اخرى
توقيع : MA222
تأييد
0
MA222
زيزوومى مبدع
- إنضم
- 19 أغسطس 2007
- المشاركات
- 1,605
- مستوى التفاعل
- 48
- النقاط
- 680
- الإقامة
- زيزوووم للأمن والحماية
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
اخبرنا ان انحلت المشكلة
فأذا لم تنحل احذف win zip
وقم بتنصيب وين رار win rar
وقم بتجربة هذه الاداة لاصلاح مشاكل النظام
اداة dial-a-fix
فأذا لم تنحل احذف win zip
وقم بتنصيب وين رار win rar
وقم بتجربة هذه الاداة لاصلاح مشاكل النظام
اداة dial-a-fix
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شرح الاستخدام
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وايظـــــــاً
اداة استعادة افتراضيات الريجستري ( xp )
اداة استعادة افتراضيات الريجستري ( xp )
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
لاصلاح الريجستري بعد تعطله (xp )
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : MA222
تأييد
0
SmitFraudFix v2.366
Scan done at 13:27:36.62, Thu 10/23/2008
Run from C:\Documents and Settings\adel\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\autorun.inf
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{700EE2D8-DBBA-4500-8ADA-C000AE4B9EE0}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{700EE2D8-DBBA-4500-8ADA-C000AE4B9EE0}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{700EE2D8-DBBA-4500-8ADA-C000AE4B9EE0}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
هذا التقرير الاخير ma222 بعد السلام عليكم عملت جميع الخطوات لاكن دون جدوى وبالنسبة للبرامج الاخيره حقت اصلاح الريجستي وخلافه تطلعلي نفس الرسالة بان الون رار والون زب واجه مشكلة ومازالت المشكلة قائمة وكذلك لااستطيع حذف البرنامجين من اضافة وازالة البرامج اتعبناك معانا ايش الحل
Scan done at 13:27:36.62, Thu 10/23/2008
Run from C:\Documents and Settings\adel\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\autorun.inf
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{700EE2D8-DBBA-4500-8ADA-C000AE4B9EE0}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{700EE2D8-DBBA-4500-8ADA-C000AE4B9EE0}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{700EE2D8-DBBA-4500-8ADA-C000AE4B9EE0}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
هذا التقرير الاخير ma222 بعد السلام عليكم عملت جميع الخطوات لاكن دون جدوى وبالنسبة للبرامج الاخيره حقت اصلاح الريجستي وخلافه تطلعلي نفس الرسالة بان الون رار والون زب واجه مشكلة ومازالت المشكلة قائمة وكذلك لااستطيع حذف البرنامجين من اضافة وازالة البرامج اتعبناك معانا ايش الحل
تأييد
0
MA222
زيزوومى مبدع
- إنضم
- 19 أغسطس 2007
- المشاركات
- 1,605
- مستوى التفاعل
- 48
- النقاط
- 680
- الإقامة
- زيزوووم للأمن والحماية
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
توقيع : MA222
تأييد
0