- بادئ الموضوع الحاير202
- تاريخ البدء
- 748
وهذاااا تقرير ComboFix
ComboFix 08-11-22.02 - sa2008 11/23/2008 19:08:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.66 [GMT 3:00]
Running from: c:\documents and settings\sa2008\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 16:00 12,468,768 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-23 15:56 290,080 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-23 15:18 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-11-23 14:13 27,644 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-23 14:13 167,036 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-16 08:22 --------- d-----w c:\program files\JetAudio
2008-11-16 02:38 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-16 02:37 --------- d-----w c:\program files\Nokia
2008-11-16 02:36 --------- d-----w c:\program files\Common Files\Nokia
2008-11-16 02:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Installations
2008-11-14 01:39 --------- d-----w c:\program files\Google
2008-11-11 17:39 --------- d-----w c:\documents and settings\sa2008\Application Data\Any Video Converter Professional
2008-11-11 13:19 --------- d-----w c:\program files\LtUcx
2008-11-11 04:25 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-11-11 04:19 --------- d-----w c:\program files\Any Video Converter Professional
2008-11-08 03:23 --------- d-----w c:\documents and settings\sa2008\Application Data\PC Suite
2008-11-01 23:15 --------- d-----w c:\documents and settings\sa2008\Application Data\Nokia
2008-10-31 23:34 --------- d-----w c:\program files\Yahoo!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 11:20 --------- d-----w c:\program files\Common Files\LogoManager
2008-10-19 08:48 --------- d-----w c:\program files\Cell Phone Manager
2008-10-09 22:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Bait nurb roam real
2008-10-08 21:01 --------- d-----w c:\program files\Naevius YouTube Converter
2008-10-08 14:59 --------- d-----w c:\program files\Your Uninstaller 2008
2008-10-08 14:50 --------- d-----w c:\documents and settings\sa2008\Application Data\URSoft
2008-10-08 02:21 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-10-07 23:49 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-07 23:49 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-07 23:20 --------- d-----w c:\program files\Kaspersky Lab
2008-10-07 22:41 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2008-10-04 14:32 --------- d-----w c:\program files\مجلد جديد
2008-10-03 14:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-02 22:24 --------- d-----w c:\documents and settings\sa2008\Application Data\TuneUp Software
2008-10-02 22:05 720,896 ----a-w c:\windows\iun6002.exe
2008-10-02 10:12 --------- d-----w c:\program files\Kelk 2000
2008-09-23 00:04 --------- d-----w c:\program files\Circle Developement
2008-09-11 19:37 155,995 ----a-w c:\windows\java\Packages\V9331ZH7.ZIP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [04/14/2008 06:59 PM 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [10/02/2008 07:00 AM 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [06/17/2008 04:00 PM 1249280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [07/23/2008 11:31 AM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\All Users.WINDOWS\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-10 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
.
s of the 'Scheduled Tasks' folder
2008-11-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
O16 -: Microsoft XML Parser for Java -
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\swicdad.dll - O16 -: {20AD521D-3A3E-11D4-BC32-0050040D952B}
c:\windows\Downloaded Program Files\swicdad.inf
c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\Authenticatedll.dll
c:\windows\Downloaded Program Files\imcv1.dll
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413}
hxxp://74.53.69.87/cp/files/talk4.cab
c:\windows\Downloaded Program Files\talk.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-11-23 19:17:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\WgaLogon.dll
- - - - - - - > 'lsass.exe'(1024)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
Completion time: 11/23/2008 19:22:36
ComboFix-quarantined-files.txt 2008-11-23 16:22:05
ComboFix2.txt 2008-11-23 16:00:43
ComboFix3.txt 2008-09-02 21:05:22
ComboFix4.txt 2008-09-02 20:40:54
ComboFix5.txt 2008-11-23 16:07:14
Pre-Run: 5,420,773,376 bytes free
Post-Run: 5,410,848,768 bytes free
133 --- E O F --- 2008-11-15 15:06:23
ComboFix 08-11-22.02 - sa2008 11/23/2008 19:08:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.66 [GMT 3:00]
Running from: c:\documents and settings\sa2008\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 16:00 12,468,768 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-23 15:56 290,080 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-23 15:18 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-11-23 14:13 27,644 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-23 14:13 167,036 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-16 08:22 --------- d-----w c:\program files\JetAudio
2008-11-16 02:38 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-16 02:37 --------- d-----w c:\program files\Nokia
2008-11-16 02:36 --------- d-----w c:\program files\Common Files\Nokia
2008-11-16 02:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Installations
2008-11-14 01:39 --------- d-----w c:\program files\Google
2008-11-11 17:39 --------- d-----w c:\documents and settings\sa2008\Application Data\Any Video Converter Professional
2008-11-11 13:19 --------- d-----w c:\program files\LtUcx
2008-11-11 04:25 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-11-11 04:19 --------- d-----w c:\program files\Any Video Converter Professional
2008-11-08 03:23 --------- d-----w c:\documents and settings\sa2008\Application Data\PC Suite
2008-11-01 23:15 --------- d-----w c:\documents and settings\sa2008\Application Data\Nokia
2008-10-31 23:34 --------- d-----w c:\program files\Yahoo!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 11:20 --------- d-----w c:\program files\Common Files\LogoManager
2008-10-19 08:48 --------- d-----w c:\program files\Cell Phone Manager
2008-10-09 22:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Bait nurb roam real
2008-10-08 21:01 --------- d-----w c:\program files\Naevius YouTube Converter
2008-10-08 14:59 --------- d-----w c:\program files\Your Uninstaller 2008
2008-10-08 14:50 --------- d-----w c:\documents and settings\sa2008\Application Data\URSoft
2008-10-08 02:21 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-10-07 23:49 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-07 23:49 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-10-07 23:20 --------- d-----w c:\program files\Kaspersky Lab
2008-10-07 22:41 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2008-10-04 14:32 --------- d-----w c:\program files\مجلد جديد
2008-10-03 14:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-02 22:24 --------- d-----w c:\documents and settings\sa2008\Application Data\TuneUp Software
2008-10-02 22:05 720,896 ----a-w c:\windows\iun6002.exe
2008-10-02 10:12 --------- d-----w c:\program files\Kelk 2000
2008-09-23 00:04 --------- d-----w c:\program files\Circle Developement
2008-09-11 19:37 155,995 ----a-w c:\windows\java\Packages\V9331ZH7.ZIP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [04/14/2008 06:59 PM 1695232]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [10/02/2008 07:00 AM 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [06/17/2008 04:00 PM 1249280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [07/23/2008 11:31 AM 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
c:\documents and settings\All Users.WINDOWS\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-10 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
.
s of the 'Scheduled Tasks' folder
2008-11-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
O16 -: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\swicdad.dll - O16 -: {20AD521D-3A3E-11D4-BC32-0050040D952B}
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
c:\windows\Downloaded Program Files\swicdad.inf
c:\windows\system32\msvcrt.dll - c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\Authenticatedll.dll
c:\windows\Downloaded Program Files\imcv1.dll
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413}
hxxp://74.53.69.87/cp/files/talk4.cab
c:\windows\Downloaded Program Files\talk.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-11-23 19:17:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\WgaLogon.dll
- - - - - - - > 'lsass.exe'(1024)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
Completion time: 11/23/2008 19:22:36
ComboFix-quarantined-files.txt 2008-11-23 16:22:05
ComboFix2.txt 2008-11-23 16:00:43
ComboFix3.txt 2008-09-02 21:05:22
ComboFix4.txt 2008-09-02 20:40:54
ComboFix5.txt 2008-11-23 16:07:14
Pre-Run: 5,420,773,376 bytes free
Post-Run: 5,410,848,768 bytes free
133 --- E O F --- 2008-11-15 15:06:23
تأييد
0
وهذااا تقرير الهايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:15, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\sa2008\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4799 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:15, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\sa2008\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4799 bytes
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
يا مساء الخير ..
هلا فيك
حدد القيم واحذفها
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) -
هلا فيك
حدد القيم واحذفها
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
طريقة الحذف
بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وشوف لنا الوضع .
ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
وشوف لنا الوضع .
توقيع : AbOdy
تأييد
0
AbOdy
عضو شرف
- إنضم
- 17 سبتمبر 2007
- المشاركات
- 6,865
- مستوى التفاعل
- 91
- النقاط
- 840
غير متصل
طيب اخوي شوف هالروابط لازم يكون واحد منهم مثل اللوز
وشوف لنا الوضع
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وشوف لنا الوضع
توقيع : AbOdy
تأييد
0