تقرير هايجاك ارجوا بيان رأيكم ؟؟

و

وديع محمود

زيزوومى مبدع
إنضم
16 نوفمبر 2008
المشاركات
1,543
مستوى التفاعل
5
النقاط
670
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:38, on 3/3/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\scvhosts.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\stopcut\StopCut.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
H:\مشارى\زيزووووم\Zyzoom_HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [microssofts] scvhosts.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StopCut.lnk = C:\Program Files\stopcut\StopCut.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AA725AF-7E8D-4457-9C03-978D26D4FFE1}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{7AA725AF-7E8D-4457-9C03-978D26D4FFE1}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{7AA725AF-7E8D-4457-9C03-978D26D4FFE1}: NameServer = 163.121.128.134,163.121.128.135
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5773 bytes


ملحوظة :
هناك تقل في برنامج الاوفيس 2003
 

توقيع : وديع محمود
ترتيب حسب التاريخ ترتيب حسب الأصوات
عذرا بتعديل العنوان لينم عن فحواه
بارك الله فيك
 
توقيع : السّاجد لله
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
ComboFix 09-03-02.03 - 3Girls 03/03/2009 20:29:53.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.1015.436 [GMT 2:00]
Running from: c:\documents and settings\3Girls\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IEToolbar
c:\windows\IE4 Error Log.txt
c:\windows\scvhosts.exe
c:\windows\system32\klogon.dll
c:\windows\system32\tmp.reg
G:\Autorun.inf
J:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 18:33 66,336 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-03 18:33 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-03 18:33 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-03 18:33 3,008 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-03 17:40 5,018 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-02 09:00 --------- d-----w c:\documents and settings\3Girls\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-02 08:29 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-26 21:07 --------- d-----w c:\documents and settings\3Girls\Application Data\vlc
2009-02-26 21:04 --------- d-----w c:\program files\VideoLAN
2009-02-17 13:50 --------- d-----w c:\program files\Driver-Soft
2009-02-14 07:53 720,896 ----a-w c:\windows\iun6002ev.exe
2009-02-14 07:53 --------- d-----w c:\program files\مسوعة القرآن الشاملة
2009-02-11 17:48 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-11 17:48 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-11 17:48 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-11 17:00 --------- d-----w c:\program files\Kaspersky Lab
2009-02-07 08:38 --------- d-----w c:\program files\Skype
2009-02-07 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-07 08:38 --------- d-----w c:\documents and settings\3Girls\Application Data\Skype
2009-02-06 17:04 --------- d-----w c:\program files\Winamp
2009-02-05 17:02 7,023,236 ----a-w c:\windows\system32\Vodafone.scr
2009-02-01 15:16 --------- d-----w c:\documents and settings\3Girls\Application Data\VSRevoGroup
2009-02-01 15:15 --------- d-----w c:\program files\WinPcap
2009-02-01 15:14 --------- d-----w c:\program files\stopcut
2009-01-26 15:21 --------- d-----w c:\program files\ScanDrv6
2009-01-26 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-01-23 12:22 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-23 12:22 --------- d-----w c:\program files\Microsoft
2009-01-23 12:20 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-22 16:14 --------- d-----w c:\documents and settings\3Girls\Application Data\Corel
2009-01-22 16:11 --------- d-----w c:\program files\Common Files\Corel
2009-01-22 16:11 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-01-22 15:57 --------- d-----w c:\program files\Kelk 2000
2009-01-22 15:57 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-22 15:54 --------- d-----w c:\program files\Common Files\Protexis
2009-01-22 15:50 --------- d-----w c:\program files\Corel
2009-01-04 11:31 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-04 10:55 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-04 10:55 --------- d-----w c:\program files\Java
2009-01-04 10:11 --------- d-----w c:\program files\Microsoft Works
2009-01-04 10:10 --------- d-----w c:\program files\Microsoft.NET
2009-01-04 10:09 --------- d-----w c:\program files\HP
2009-01-04 10:09 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-01-04 10:08 --------- d--h--w c:\program files\Avago-HP
2008-12-12 14:11 47,104 ------w c:\windows\AKDeInstall.exe
2008-12-12 13:26 44 ----a-w c:\documents and settings\3Girls\Application Data\svighost.dll
2008-10-04 19:45 728,858 ----a-w c:\program files\Common Files\unins000.exe
2008-10-04 19:45 2,534 ----a-w c:\program files\Common Files\unins000.dat
2008-03-09 05:25 236 ---ha-w c:\program files\Common Files\dx.reg
2008-07-16 15:59 56 --sh--r c:\windows\system32\9E62219EBA.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [08/30/2007 05:43 PM 4670704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [06/26/2006 03:53 PM 20005928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [11/30/2007 09:26 PM 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [04/09/2006 07:31 PM 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [07/16/2008 06:00 PM 185896]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 11:08 AM 16380416 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [11/30/2007 09:26 PM 15360]

c:\documents and settings\3Girls\Start Menu\Programs\Startup\
StopCut.lnk - c:\program files\stopcut\StopCut.exe [11/6/2007 5:56:08 PM 57372]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.MJPG"= m3jpeg32.dll
"msacm.DivXa32"= DivXa32.acm
"vidc.div4"= DIVXc32f.dll
"vidc.xvid"= xvid.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.jpeg"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 11/30/2007 09:26 PM 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 11/28/2005 08:52 AM 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 11/28/2005 08:55 AM 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 07/16/2008 06:00 PM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 06/21/2006 07:14 PM 35328 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 05/03/2005 01:43 PM 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 06/15/2007 11:45 AM 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"j:\\driver\\usb\\usb_driver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 3:11:16 PM 5632]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 7:31:34 PM 42000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a82de3b0-0010-11de-b6e1-001a4d690903}]
\Shell\AutoRun\command - adgiygu.exe
\Shell\explore\Command - adgiygu.exe
\Shell\open\Command - adgiygu.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-microssofts - scvhosts.exe


.
------- Supplementary Scan -------
.
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {7AA725AF-7E8D-4457-9C03-978D26D4FFE1} = 163.121.128.134,163.121.128.135
FF - ProfilePath - c:\documents and settings\3Girls\Application Data\Mozilla\Firefox\Profiles\1x8t9k3h.default\
FF - component: c:\documents and settings\3Girls\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-03 20:35:21
Windows 5.1.2600 Service Pack 3, v.3264 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{307bd505-3b5f-4a48-9f97-f476bd854d55}]
@Denied: (Full) (Everyone)
"Model"=dword:00000027
"Therad"=dword:00000002
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,f7,30,73,46,63,24,e1,66,a5,a2,09,ba,6f,af,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9d,21,a6,af,fb,e0,49,1f,4a,55,5e,a8,46,2e,43,01,a2,b6,be,0e,58,
82,b9,b8,dc,c7,40,ae,0f,97,c7,40,2e,80,af,26,2b,37,c6,90,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1892)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE
c:\windows\SYSTEM32\CRYPSERV.EXE
c:\program files\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\COMMON FILES\PROTEXIS\LICENSE SERVICE\PSISERVICE.EXE
c:\program files\A4TECH\KEYBOARD\IKEYMAIN.EXE
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 03/03/2009 20:39:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-03 18:39:32

Pre-Run: 8,395,538,432 bytes free
Post-Run: 8,478,261,248 bytes free

200

متابع
 
توقيع : وديع محمود
تأييد 0
الان ارفع تقرير هايجاك جديد
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:37, on 3/3/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
H:\مشارى\زيزووووم\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StopCut.lnk = C:\Program Files\stopcut\StopCut.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AA725AF-7E8D-4457-9C03-978D26D4FFE1}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{7AA725AF-7E8D-4457-9C03-978D26D4FFE1}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{7AA725AF-7E8D-4457-9C03-978D26D4FFE1}: NameServer = 163.121.128.134,163.121.128.135
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5529 bytes
 
توقيع : وديع محمود
تأييد 0
تقرير سليم الان
هل تواجه اي مشاكل ؟
 
تأييد 0
لا والله
مافى اى مشاكل الحين
بارك الله فيك اخوى
 
توقيع : وديع محمود
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى