windows virtual memory minimum too low

azemalzanan · 5 مارس 2009

السلام عليكم ورحوة الله وبركاتة
حاولت فتح فيلم بالمديا كلاسيك اكثر من مرة
فكانت المديا تفتح ثم تغلق مرة اخرى وتظهر هذة الرسالة
windows virtual memory minimum too low
فقمت بعمل المتبع فى هذة الصورة

ومازالت المشكلة قائمة

Demo-dash · 5 مارس 2009

اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

azemalzanan · 5 مارس 2009

وهذا تقرير الهايجك
للسادة المشرفين ولمن لدية افادة

Deckard's System Scanner v20071014.68
Run by XPPRESP3 on 2009-03-04 17:56:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Unable to create WMI object; The operation completed successfully.

Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 256 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2009-03-04 17:57:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\XPPRESP3\Desktop\AntiArp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\explorer.exe
D:\كاسبر الجديد\Run1.exe
D:\كاسبر الجديد\Run1.exe
D:\كاسبر الجديد\Dial-a-fix v0.60.0.24.exe
C:\WINDOWS\system32\msiexec.exe
D:\كاسبر الجديد\حذف الأتورن\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 0.0.0.0 registeridm.com
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\Idmiecc.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoCut] C:\Documents and Settings\XPPRESP3\Desktop\NoCut.bat
O4 - HKCU\..\Run: [AntiArp 26_06_2006 By ابراهيم عادل] C:\Documents and Settings\XPPRESP3\Desktop\AntiArp.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE5B6B1E-4890-4698-BB9D-C398F8DC01ED}: NameServer = 192.168.1.10,192.168.1.1
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE842B84-4E3E-47A5-A15A-B92A20D083FB}: NameServer = 192.168.1.10,192.168.1.1,127.0.0.1
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00

--
End of file - 9759 bytes
-- File Associations -----------------------------------------------------------
.inf - inffile - DefaultIcon - shell32.dll,-151
.ini - inifile - DefaultIcon - shell32.dll,-151
.reg - regfile - shell\open\command - regedit.exe %1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.txt - txtfile - shell\open\command - C:\WINDOWS\notepad.exe %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3 ds1 (Yamaha DS1 Audio Driver (WDM)) - c:\windows\system32\drivers\ds1wdm.sys <Not Verified; Yamaha Corp.; Yamaha DS-1>
3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - c:\windows\system32\drivers\el90xbc5.sys <Not Verified; 3Com Corporation; 3Com EtherLink PCI>
3 nm (Network Monitor Driver) - c:\windows\system32\drivers\nmnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00 (file missing)
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00 (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
2 FolderSize (Folder Size) - c:\program files\foldersize\foldersizesvc.exe
2 Stormser - c:\progra~1\ringzs~1\stormc~1\stormser.exe (file missing)
2 UxTuneUp (TuneUp Theme Extension) - c:\windows\system32\svchost.exe
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

-- Device Manager: Disabled ----------------------------------------------------
Unable to create WMI object.
-- Scheduled Tasks -------------------------------------------------------------
2009-02-27 17:17:07 396 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2009-02-04 and 2009-03-04 -----------------------------
2009-03-04 17:57:37 0 d-------- C:\WINDOWS\system32\CatRoot2
2009-03-03 21:45:39 0 dr-h----- C:\Documents and Settings\XPPRESP3\Recent
2009-03-02 19:52:43 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2009-03-02 19:52:39 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2009-03-02 19:52:33 0 d-------- C:\Program Files\ffdshow
2009-03-02 19:49:44 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\Media Player Classic
2009-03-02 19:46:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-03-02 19:46:37 0 d-------- C:\Program Files\Common Files\Real
2009-03-01 09:34:07 0 d-------- C:\WINDOWS\Sun
2009-02-28 20:47:24 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\Nero
2009-02-28 20:46:33 0 d-------- C:\Program Files\Nero
2009-02-28 14:16:40 0 d-------- C:\Program Files\Bit Lord 1.1
2009-02-28 14:16:37 0 d-------- C:\Program Files\VVSN
2009-02-27 12:18:43 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2009-02-27 10:17:24 0 d-------- C:\Downloads
2009-02-17 13:32:18 0 d-------- C:\Program Files\Alwil Software
2009-02-14 19:30:23 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2009-02-14 12:14:40 72704 --a------ C:\WINDOWS\system32\Odbctl32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2009-02-14 12:14:39 430080 --a------ C:\WINDOWS\system32\Msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2009-02-14 12:14:39 252176 --a------ C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2009-02-14 12:14:37 1056768 --a------ C:\WINDOWS\system32\Msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2009-02-14 12:14:36 123664 --a------ C:\WINDOWS\system32\Msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2009-02-14 12:14:35 24848 --a------ C:\WINDOWS\system32\Msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2009-02-11 20:45:15 0 d--hs---- C:\Documents and Settings\XPPRESP3\IECompatCache
2009-02-11 20:44:34 0 d--hs---- C:\Documents and Settings\XPPRESP3\PrivacIE
2009-02-11 20:44:09 0 d--hs---- C:\Documents and Settings\XPPRESP3\IETldCache
2009-02-09 22:10:23 0 d-------- C:\WINDOWS\ie8updates
2009-02-09 22:10:22 0 d--h----- C:\WINDOWS\$hf_mig$
2009-02-09 22:07:18 81920 --a------ C:\WINDOWS\system32\ieencode.dll
2009-02-08 19:14:54 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\VitySoft
2009-02-04 09:33:52 0 d-------- C:\Program Files\Java

-- Find3M Report ---------------------------------------------------------------
2009-03-03 20:35:49 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\DMCache
2009-03-03 20:27:48 10 --a------ C:\WINDOWS\popcinfo.dat
2009-03-02 21:01:14 0 d-------- C:\Program Files\TuneUp Utilities 2007
2009-03-02 20:42:16 0 d-------- C:\Program Files\Common Files
2009-03-02 19:46:34 0 d-------- C:\Program Files\Ringz Studio
2009-03-02 19:39:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-02 14:46:36 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\AIMP
2009-03-01 19:37:22 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2009-02-17 13:51:20 0 d-------- C:\Program Files\Internet Download Manager
2009-01-30 22:39:59 0 d-------- C:\Program Files\Microsoft Silverlight
2009-01-30 19:22:10 0 d--h----- C:\Program Files\Bifrost
2009-01-29 15:28:26 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\ImageBadger
2009-01-26 12:47:02 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\IDM
2009-01-11 20:43:22 0 d-------- C:\Program Files\USB Disk Security
2009-01-10 12:16:02 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\TuneUp Software
2009-01-03 12:09:07 2955 --a------ C:\WINDOWS\mozver.dat
2008-12-23 17:33:18 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2008-12-19 14:39:34 704 --a------ C:\Dionakra.DAT
2008-12-16 21:48:04 2142 --a------ C:\WINDOWS\system32\%LocalXml%
2008-12-06 18:30:57 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-12-04 14:49:59 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [02/05/2009 11:08 PM]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [11/26/2006 08:30 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 PM]
"NoCut"="C:\Documents and Settings\XPPRESP3\Desktop\NoCut.bat" [09/15/2007 01:16 AM]
"AntiArp 26_06_2006 By ابراهيم عادل"="C:\Documents and Settings\XPPRESP3\Desktop\AntiArp.exe" [04/07/2007 03:09 PM]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [04/27/2007 06:50 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger=C:\WINDOWS\procexp.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - MSISERVER
*Newly Created Service* - WUAUSERV

-- Hosts -----------------------------------------------------------------------
0.0.0.0 registeridm.com

-- End of Deckard's System Scanner: finished at 2009-03-04 18:01:31 ------------

السّاجد لله · 5 مارس 2009

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

azemalzanan · 6 مارس 2009

جارى التحميل والتجربة ورفع التقرير أن شاء الله وشكرا لك أخى الكريم

azemalzanan · 6 مارس 2009

التقرير بالاداة المحملة من الرد للسادة المشرفين

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:51 AM, on 3/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\XPPRESP3\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE5B6B1E-4890-4698-BB9D-C398F8DC01ED}: NameServer = 192.168.1.10,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE842B84-4E3E-47A5-A15A-B92A20D083FB}: NameServer = 192.168.1.10,192.168.1.1,127.0.0.1
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 5208 bytes

السّاجد لله · 6 مارس 2009

اعمل التالي بالترتيب اخوي

اولا

نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

اثناء الفحص ممكن يعاد تشغيل الجهاز

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثانيا

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني

azemalzanan · 6 مارس 2009

تقرير الأداة الأولى Cmbofix.exe

ComboFix 09-03-04.01 - XPPRESP3 2009-03-06 21:57:32.1 - NTFSx86
Running from: c:\documents and settings\XPPRESP3\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\XPPRESP3\Application Data\addon.dat
c:\documents and settings\XPPRESP3\Application Data\addons.dat
c:\program files\Bifrost
c:\program files\bifrost\klog.dat
c:\program files\Bifrost\logg.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\resycled
E:\resycled
F:\resycled
G:\resycled
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.
2009-03-04 21:34 . 2009-03-04 21:34 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-04 18:52 . 2009-03-05 06:39 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-04 18:52 . 2009-03-05 06:39 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-04 18:50 . 2009-03-04 18:50 <DIR> d-------- c:\program files\Kaspersky Lab
2009-03-04 18:50 . 2009-03-06 22:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-04 17:57 . 2009-03-06 21:27 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-02 19:52 . 2009-03-02 19:52 <DIR> d-------- c:\program files\ffdshow
2009-03-02 19:52 . 2008-02-15 19:13 7,680 --a------ c:\windows\system32\ff_vfw.dll
2009-03-02 19:52 . 2008-02-15 19:13 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-03-02 19:49 . 2009-03-02 19:49 <DIR> d-------- c:\documents and settings\XPPRESP3\Application Data\Media Player Classic
2009-03-02 19:46 . 2009-03-02 19:46 <DIR> d-------- c:\program files\Common Files\Real
2009-03-02 19:46 . 2009-03-02 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-01 19:35 . 2009-03-01 19:35 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-01 19:35 . 2009-03-01 19:35 1,409 --a------ c:\windows\QTFont.for
2009-03-01 09:34 . 2009-03-01 09:34 <DIR> d-------- c:\windows\Sun
2009-02-28 20:47 . 2009-02-28 20:47 <DIR> d-------- c:\documents and settings\XPPRESP3\Application Data\Nero
2009-02-28 20:46 . 2009-02-28 20:46 <DIR> d-------- c:\program files\Nero
2009-02-28 14:16 . 2009-03-02 14:04 <DIR> d-------- c:\program files\VVSN
2009-02-28 14:16 . 2009-02-28 14:18 <DIR> d-------- c:\program files\Bit Lord 1.1
2009-02-27 12:18 . 2002-02-18 10:22 139,536 --a------ c:\windows\system32\javaee.dll
2009-02-27 10:17 . 2009-03-02 20:31 <DIR> d-------- C:\Downloads
2009-02-14 19:30 . 2009-02-14 19:30 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-02-14 12:32 . 2009-02-14 19:29 1,442 --a------ c:\windows\EXTRADNS.INI
2009-02-12 20:02 . 2009-03-04 18:02 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-02-12 20:02 . 2009-03-04 18:02 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-02-11 20:45 . 2009-02-11 20:45 <DIR> d--hs---- c:\documents and settings\XPPRESP3\IECompatCache
2009-02-11 20:44 . 2009-02-11 20:44 <DIR> d--hs---- c:\documents and settings\XPPRESP3\PrivacIE
2009-02-11 20:44 . 2009-02-11 20:44 <DIR> d--hs---- c:\documents and settings\XPPRESP3\IETldCache
2009-02-11 20:44 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-11 20:44 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-09 22:10 . 2009-03-02 16:40 <DIR> d-------- c:\windows\ie8updates
2009-02-09 22:10 . 2009-02-09 22:10 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-09 22:08 . 2008-10-13 13:55 26,144 --a------ c:\windows\system32\spupdsvc.exe
2009-02-09 22:07 . 2004-08-04 18:00 81,920 --a------ c:\windows\system32\ieencode.dll
2009-02-09 22:07 . 2004-08-04 18:00 72,704 --a------ c:\windows\system32\plugin.ocx
2009-02-09 22:01 . 2009-01-11 07:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-02-08 19:14 . 2009-02-08 19:14 <DIR> d-------- c:\documents and settings\XPPRESP3\Application Data\VitySoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 20:09 3,429,920 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-06 20:06 49,028 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-06 20:06 114,208 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-06 20:06 11,780 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-06 19:59 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\DMCache
2009-03-05 05:02 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-03-02 17:46 --------- d-----w c:\program files\Ringz Studio
2009-03-02 12:46 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\AIMP
2009-02-17 11:51 --------- d-----w c:\program files\Internet Download Manager
2009-02-04 07:36 --------- d-----w c:\program files\Java
2009-01-30 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-30 20:39 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-29 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 13:28 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\ImageBadger
2009-01-26 10:47 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\IDM
2009-01-11 18:43 --------- d-----w c:\program files\USB Disk Security
2009-01-10 10:16 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\TuneUp Software
2009-01-10 10:15 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-19 12:39 704 ----a-w C:\Dionakra.DAT
2008-12-08 11:41 499,712 -c--a-w c:\windows\system32\msvcp71.dll
2006-06-01 17:16 60,526 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-06-01 17:16 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-06-01 17:16 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
2006-06-17 22:43 673792 296f36ff783ea520ff1c1acfacfb07f2 c:\windows\system32\wininet.dll
2006-06-17 22:43 663552 d94cffdb53e7ac867438e2dfd50e7cbc c:\windows\XPize\Backup\wininet.dll
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys
2005-07-13 03:07 360448 0601f83f6784c220ee302f03f702316e c:\windows\system32\drivers\tcpip.sys
2005-10-15 13:07 949760 17e3c975c6fe3e94cf760f10d91c2af3 c:\windows\explorer.exe
2007-06-13 12:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\SP2GDR\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\SP2QFE\explorer.exe
2005-10-15 13:07 1032192 45757077a47c68a603a79b03a1a836ab c:\windows\XPize\Backup\explorer.exe
2004-08-04 18:00 30208 de8fa9cf18f95341079c7e6a215c226a c:\windows\system32\ctfmon.exe
2004-08-04 18:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 30208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiArp 26_06_2006 By ابراهيم عادل]
--a------ 2007-04-07 15:09 32768 c:\documents and settings\XPPRESP3\Desktop\AntiArp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 18:00 30208 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoCut]
--a------ 2007-09-15 01:16 95 c:\documents and settings\XPPRESP3\Desktop\NoCut.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 2006-11-26 20:30 97357 c:\program files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
R2 Stormser;Stormser; [x]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - HELPSVC
*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - FolderSize
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - kl1
*Deregistered* - KLIF
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RDPWD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TDTCP
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
.
*******s of the 'Scheduled Tasks' folder
2009-02-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-TuneUp MemOptimizer - c:\program files\TuneUp Utilities 2007\MemOptimizer.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\docume~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\docume~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\docume~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetVL.htm
TCP: {AE5B6B1E-4890-4698-BB9D-C398F8DC01ED} = 192.168.1.10,192.168.1.1
TCP: {AE842B84-4E3E-47A5-A15A-B92A20D083FB} = 192.168.1.10,192.168.1.1,127.0.0.1
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\k6mvk2yr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.eg/
FF - component: c:\documents and settings\XPPRESP3\Application Data\IDM\idmmzcc\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.******.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/*******/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/*******/searchconfig.properties");
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-06 22:08:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{70e9c9b1-f15a-43d6-945e-7ce313a4713b}]
@Denied: (Full) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b0,c9,24,8b,39,41,10,94,b4,56,1b,c8,25,00,b8,f3,a9,28,92,11,1d,
d3,7b,5d,05,cb,ca,6c,0d,be,2f,c9,b2,66,b1,ec,0d,35,14,18,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\klogon.dll
c:\windows\system32\cscui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
.
**************************************************************************
.
Completion time: 2009-03-06 22:13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-06 20:13:40
Pre-Run: 1,517,719,552 bytes free
Post-Run: 2,496,729,088 bytes free
343

azemalzanan · 6 مارس 2009

تقرير الأداة الثانية
وجزاك الله خيرا عنى

ComboFix 09-03-04.01 - XPPRESP3 2009-03-06 21:57:32.1 - NTFSx86
Running from: c:\documents and settings\XPPRESP3\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\XPPRESP3\Application Data\addon.dat
c:\documents and settings\XPPRESP3\Application Data\addons.dat
c:\program files\Bifrost
c:\program files\bifrost\klog.dat
c:\program files\Bifrost\logg.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\resycled
E:\resycled
F:\resycled
G:\resycled
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.
2009-03-04 21:34 . 2009-03-04 21:34 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-04 18:52 . 2009-03-05 06:39 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-04 18:52 . 2009-03-05 06:39 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-04 18:50 . 2009-03-04 18:50 <DIR> d-------- c:\program files\Kaspersky Lab
2009-03-04 18:50 . 2009-03-06 22:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-04 17:57 . 2009-03-06 21:27 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-02 19:52 . 2009-03-02 19:52 <DIR> d-------- c:\program files\ffdshow
2009-03-02 19:52 . 2008-02-15 19:13 7,680 --a------ c:\windows\system32\ff_vfw.dll
2009-03-02 19:52 . 2008-02-15 19:13 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-03-02 19:49 . 2009-03-02 19:49 <DIR> d-------- c:\documents and settings\XPPRESP3\Application Data\Media Player Classic
2009-03-02 19:46 . 2009-03-02 19:46 <DIR> d-------- c:\program files\Common Files\Real
2009-03-02 19:46 . 2009-03-02 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-01 19:35 . 2009-03-01 19:35 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-01 19:35 . 2009-03-01 19:35 1,409 --a------ c:\windows\QTFont.for
2009-03-01 09:34 . 2009-03-01 09:34 <DIR> d-------- c:\windows\Sun
2009-02-28 20:47 . 2009-02-28 20:47 <DIR> d-------- c:\documents and settings\XPPRESP3\Application Data\Nero
2009-02-28 20:46 . 2009-02-28 20:46 <DIR> d-------- c:\program files\Nero
2009-02-28 14:16 . 2009-03-02 14:04 <DIR> d-------- c:\program files\VVSN
2009-02-28 14:16 . 2009-02-28 14:18 <DIR> d-------- c:\program files\Bit Lord 1.1
2009-02-27 12:18 . 2002-02-18 10:22 139,536 --a------ c:\windows\system32\javaee.dll
2009-02-27 10:17 . 2009-03-02 20:31 <DIR> d-------- C:\Downloads
2009-02-14 19:30 . 2009-02-14 19:30 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-02-14 12:32 . 2009-02-14 19:29 1,442 --a------ c:\windows\EXTRADNS.INI
2009-02-12 20:02 . 2009-03-04 18:02 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-02-12 20:02 . 2009-03-04 18:02 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-02-11 20:45 . 2009-02-11 20:45 <DIR> d--hs---- c:\documents and settings\XPPRESP3\IECompatCache
2009-02-11 20:44 . 2009-02-11 20:44 <DIR> d--hs---- c:\documents and settings\XPPRESP3\PrivacIE
2009-02-11 20:44 . 2009-02-11 20:44 <DIR> d--hs---- c:\documents and settings\XPPRESP3\IETldCache
2009-02-11 20:44 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-11 20:44 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-09 22:10 . 2009-03-02 16:40 <DIR> d-------- c:\windows\ie8updates
2009-02-09 22:10 . 2009-02-09 22:10 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-09 22:08 . 2008-10-13 13:55 26,144 --a------ c:\windows\system32\spupdsvc.exe
2009-02-09 22:07 . 2004-08-04 18:00 81,920 --a------ c:\windows\system32\ieencode.dll
2009-02-09 22:07 . 2004-08-04 18:00 72,704 --a------ c:\windows\system32\plugin.ocx
2009-02-09 22:01 . 2009-01-11 07:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-02-08 19:14 . 2009-02-08 19:14 <DIR> d-------- c:\documents and settings\XPPRESP3\Application Data\VitySoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 20:09 3,429,920 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-06 20:06 49,028 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-06 20:06 114,208 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-06 20:06 11,780 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-06 19:59 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\DMCache
2009-03-05 05:02 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-03-02 17:46 --------- d-----w c:\program files\Ringz Studio
2009-03-02 12:46 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\AIMP
2009-02-17 11:51 --------- d-----w c:\program files\Internet Download Manager
2009-02-04 07:36 --------- d-----w c:\program files\Java
2009-01-30 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-30 20:39 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-29 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 13:28 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\ImageBadger
2009-01-26 10:47 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\IDM
2009-01-11 18:43 --------- d-----w c:\program files\USB Disk Security
2009-01-10 10:16 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\TuneUp Software
2009-01-10 10:15 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-19 12:39 704 ----a-w C:\Dionakra.DAT
2008-12-08 11:41 499,712 -c--a-w c:\windows\system32\msvcp71.dll
2006-06-01 17:16 60,526 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-06-01 17:16 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-06-01 17:16 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
2006-06-17 22:43 673792 296f36ff783ea520ff1c1acfacfb07f2 c:\windows\system32\wininet.dll
2006-06-17 22:43 663552 d94cffdb53e7ac867438e2dfd50e7cbc c:\windows\XPize\Backup\wininet.dll
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys
2005-07-13 03:07 360448 0601f83f6784c220ee302f03f702316e c:\windows\system32\drivers\tcpip.sys
2005-10-15 13:07 949760 17e3c975c6fe3e94cf760f10d91c2af3 c:\windows\explorer.exe
2007-06-13 12:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\SP2GDR\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\SP2QFE\explorer.exe
2005-10-15 13:07 1032192 45757077a47c68a603a79b03a1a836ab c:\windows\XPize\Backup\explorer.exe
2004-08-04 18:00 30208 de8fa9cf18f95341079c7e6a215c226a c:\windows\system32\ctfmon.exe
2004-08-04 18:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 30208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiArp 26_06_2006 By ابراهيم عادل]
--a------ 2007-04-07 15:09 32768 c:\documents and settings\XPPRESP3\Desktop\AntiArp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 18:00 30208 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoCut]
--a------ 2007-09-15 01:16 95 c:\documents and settings\XPPRESP3\Desktop\NoCut.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
--a------ 2006-11-26 20:30 97357 c:\program files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
R2 Stormser;Stormser; [x]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - HELPSVC
*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - FolderSize
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - kl1
*Deregistered* - KLIF
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RDPWD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TDTCP
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
.
*******s of the 'Scheduled Tasks' folder
2009-02-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-TuneUp MemOptimizer - c:\program files\TuneUp Utilities 2007\MemOptimizer.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\docume~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\docume~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\docume~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetVL.htm
TCP: {AE5B6B1E-4890-4698-BB9D-C398F8DC01ED} = 192.168.1.10,192.168.1.1
TCP: {AE842B84-4E3E-47A5-A15A-B92A20D083FB} = 192.168.1.10,192.168.1.1,127.0.0.1
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\k6mvk2yr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.eg/
FF - component: c:\documents and settings\XPPRESP3\Application Data\IDM\idmmzcc\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.******.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/*******/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/*******/searchconfig.properties");
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-06 22:08:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{70e9c9b1-f15a-43d6-945e-7ce313a4713b}]
@Denied: (Full) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b0,c9,24,8b,39,41,10,94,b4,56,1b,c8,25,00,b8,f3,a9,28,92,11,1d,
d3,7b,5d,05,cb,ca,6c,0d,be,2f,c9,b2,66,b1,ec,0d,35,14,18,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\klogon.dll
c:\windows\system32\cscui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
.
**************************************************************************
.
Completion time: 2009-03-06 22:13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-06 20:13:40
Pre-Run: 1,517,719,552 bytes free
Post-Run: 2,496,729,088 bytes free
343

azemalzanan · 7 مارس 2009

بعد هذة العمليات اصبح لدى هذة المشكلة البارتشن f لا نظهر محتوياتة بسهولة
وعملت له ديفراج ولكن المشكلة الأن فى أنه يفتح بصعوبة ويثقل الجهاز هذا البارتشن فقط

azemalzanan · 7 مارس 2009

تقرير اخر بالهايجاك

Deckard's System Scanner v20071014.68
Run by XPPRESP3 on 2009-03-07 13:01:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 256 MiB (512 MiB recommended).

-- HijackThis (run as XPPRESP3.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:01:38 PM, on 3/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bit Lord 1.1\BitLord.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\XPPRESP3\Desktop\AntiArp.exe
C:\Program Files\internet explorer\iexplore.exe
D:\كاسبر الجديد\حذف الأتورن\dss.exe
C:\DOCUME~1\XPPRESP3\Desktop\XPPRESP3.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE5B6B1E-4890-4698-BB9D-C398F8DC01ED}: NameServer = 192.168.1.10,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE842B84-4E3E-47A5-A15A-B92A20D083FB}: NameServer = 192.168.1.10,192.168.1.1,127.0.0.1
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Stormser - Unknown owner - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe (file missing)
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 4823 bytes
-- Files created between 2009-02-07 and 2009-03-07 -----------------------------
2009-03-07 12:44:03 0 d-------- C:\Program Files\WinPcap
2009-03-07 12:43:15 0 dr-h----- C:\Documents and Settings\XPPRESP3\Recent
2009-03-06 23:29:35 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\Real
2009-03-06 21:54:25 68096 --a------ C:\WINDOWS\zip.exe
2009-03-06 21:54:25 49152 --a------ C:\WINDOWS\VFIND.exe
2009-03-06 21:54:25 212480 --a------ C:\WINDOWS\SWXCACLS.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2009-03-06 21:54:25 136704 --a------ C:\WINDOWS\SWSC.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2009-03-06 21:54:25 161792 --a------ C:\WINDOWS\SWREG.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2009-03-06 21:54:25 98816 --a------ C:\WINDOWS\sed.exe
2009-03-06 21:54:25 80412 --a------ C:\WINDOWS\grep.exe
2009-03-06 21:54:25 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2009-03-04 21:34:33 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2009-03-04 18:52:52 101287 --a------ C:\WINDOWS\system32\drivers\klin.dat
2009-03-04 18:52:52 89601 --a------ C:\WINDOWS\system32\drivers\klick.dat
2009-03-04 18:50:59 0 d-------- C:\Program Files\Kaspersky Lab
2009-03-04 18:50:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-03-04 17:57:37 0 d-------- C:\WINDOWS\system32\CatRoot2
2009-03-02 19:52:43 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2009-03-02 19:52:33 0 d-------- C:\Program Files\ffdshow
2009-03-02 19:49:44 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\Media Player Classic
2009-03-02 19:46:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-03-02 19:46:37 0 d-------- C:\Program Files\Common Files\Real
2009-03-01 09:34:07 0 d-------- C:\WINDOWS\Sun
2009-02-28 20:47:24 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\Nero
2009-02-28 20:46:33 0 d-------- C:\Program Files\Nero
2009-02-28 14:16:40 0 d-------- C:\Program Files\Bit Lord 1.1
2009-02-28 14:16:37 0 d-------- C:\Program Files\VVSN
2009-02-27 12:18:43 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2009-02-27 10:17:24 0 d-------- C:\Downloads
2009-02-14 19:30:23 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2009-02-14 12:14:40 72704 --a------ C:\WINDOWS\system32\Odbctl32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2009-02-14 12:14:39 430080 --a------ C:\WINDOWS\system32\Msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2009-02-14 12:14:39 252176 --a------ C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2009-02-14 12:14:37 1056768 --a------ C:\WINDOWS\system32\Msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2009-02-14 12:14:36 123664 --a------ C:\WINDOWS\system32\Msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2009-02-14 12:14:35 24848 --a------ C:\WINDOWS\system32\Msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2009-02-11 20:45:15 0 d--hs---- C:\Documents and Settings\XPPRESP3\IECompatCache
2009-02-11 20:44:34 0 d--hs---- C:\Documents and Settings\XPPRESP3\PrivacIE
2009-02-11 20:44:09 0 d--hs---- C:\Documents and Settings\XPPRESP3\IETldCache
2009-02-09 22:10:23 0 d-------- C:\WINDOWS\ie8updates
2009-02-09 22:10:22 0 d--h----- C:\WINDOWS\$hf_mig$
2009-02-08 19:14:54 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\VitySoft

-- Find3M Report ---------------------------------------------------------------
2009-03-06 23:35:52 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\DMCache
2009-03-06 22:02:15 0 d-------- C:\Program Files\Common Files
2009-03-03 20:27:48 10 --a----c- C:\WINDOWS\popcinfo.dat
2009-03-02 19:46:34 0 d-------- C:\Program Files\Ringz Studio
2009-03-02 14:46:36 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\AIMP
2009-03-01 19:37:22 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2009-02-17 13:51:20 0 d-------- C:\Program Files\Internet Download Manager
2009-02-04 09:36:22 0 d-------- C:\Program Files\Java
2009-01-30 22:39:59 0 d-------- C:\Program Files\Microsoft Silverlight
2009-01-29 15:28:26 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\ImageBadger
2009-01-26 12:47:02 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\IDM
2009-01-11 20:43:22 0 d-------- C:\Program Files\USB Disk Security
2009-01-10 12:16:02 0 d-------- C:\Documents and Settings\XPPRESP3\Application Data\TuneUp Software
2009-01-03 12:09:07 2955 --a----c- C:\WINDOWS\mozver.dat
2008-12-23 17:33:18 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2008-12-19 14:39:34 704 --a------ C:\Dionakra.DAT
2008-12-16 21:48:04 2142 --a----c- C:\WINDOWS\system32\%LocalXml%

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiArp 26_06_2006 By ابراهيم عادل]
C:\Documents and Settings\XPPRESP3\Desktop\AntiArp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoCut]
C:\Documents and Settings\XPPRESP3\Desktop\NoCut.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
*Newly Created Service* - NPF

-- End of Deckard's System Scanner: finished at 2009-03-07 13:03:55 ------------

azemalzanan · 7 مارس 2009

تقرير للكومبو فيكس
بتاريخ اليوم 7\3ComboFix 09-03-04.01 - XPPRESP3 2009-03-07 17:32:29.2 - NTFSx86
Running from: c:\documents and settings\XPPRESP3\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.
2009-03-07 13:01 . 2009-03-07 13:01 <DIR> d-------- C:\Deckard
2009-03-07 12:44 . 2009-03-07 12:44 <DIR> d-------- c:\program files\WinPcap
2009-03-04 21:34 . 2009-03-04 21:34 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-04 18:52 . 2009-03-05 06:39 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-04 18:52 . 2009-03-05 06:39 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-04 18:50 . 2009-03-04 18:50 <DIR> d-------- c:\program files\Kaspersky Lab
2009-03-04 18:50 . 2009-03-07 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-04 17:57 . 2009-03-07 17:32 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-02 19:52 . 2009-03-02 19:52 <DIR> d-------- c:\program files\ffdshow
2009-03-02 19:52 . 2008-02-15 19:13 7,680 --a------ c:\windows\system32\ff_vfw.dll
2009-03-02 19:52 . 2008-02-15 19:13 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-03-01 19:35 . 2009-03-01 19:35 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-01 19:35 . 2009-03-01 19:35 1,409 --a------ c:\windows\QTFont.for
2009-03-01 09:34 . 2009-03-01 09:34 <DIR> d-------- c:\windows\Sun
2009-02-28 20:47 . 2009-02-28 20:47 <DIR> d-------- c:\documents and settings\XPPRESP3\Application Data\Nero
2009-02-28 20:46 . 2009-02-28 20:46 <DIR> d-------- c:\program files\Nero
2009-02-28 14:16 . 2009-03-02 14:04 <DIR> d-------- c:\program files\VVSN
2009-02-28 14:16 . 2009-02-28 14:18 <DIR> d-------- c:\program files\Bit Lord 1.1
2009-02-27 12:18 . 2002-02-18 10:22 139,536 --a------ c:\windows\system32\javaee.dll
2009-02-27 10:17 . 2009-03-02 20:31 <DIR> d-------- C:\Downloads
2009-02-14 19:30 . 2009-02-14 19:30 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-02-14 12:32 . 2009-02-14 19:29 1,442 --a------ c:\windows\EXTRADNS.INI
2009-02-12 20:02 . 2009-03-04 18:02 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-02-12 20:02 . 2009-03-04 18:02 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-02-11 20:45 . 2009-02-11 20:45 <DIR> d--hs---- c:\documents and settings\XPPRESP3\IECompatCache
2009-02-11 20:44 . 2009-02-11 20:44 <DIR> d--hs---- c:\documents and settings\XPPRESP3\PrivacIE
2009-02-11 20:44 . 2009-02-11 20:44 <DIR> d--hs---- c:\documents and settings\XPPRESP3\IETldCache
2009-02-11 20:44 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-11 20:44 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-09 22:10 . 2009-03-02 16:40 <DIR> d-------- c:\windows\ie8updates
2009-02-09 22:10 . 2009-02-09 22:10 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-09 22:08 . 2008-10-13 13:55 26,144 --a------ c:\windows\system32\spupdsvc.exe
2009-02-09 22:07 . 2004-08-04 18:00 81,920 --a------ c:\windows\system32\ieencode.dll
2009-02-09 22:07 . 2004-08-04 18:00 72,704 --a------ c:\windows\system32\plugin.ocx
2009-02-09 22:01 . 2009-01-11 07:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-02-08 19:14 . 2009-02-08 19:14 <DIR> d-------- c:\documents and settings\XPPRESP3\Application Data\VitySoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 15:38 3,752,480 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-07 15:37 130,080 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-07 15:33 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\DMCache
2009-03-07 15:18 --------- d-----w c:\program files\Ringz Studio
2009-03-07 10:38 50,276 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-07 10:38 12,308 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-05 05:02 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-03-02 12:46 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\AIMP
2009-02-17 11:51 --------- d-----w c:\program files\Internet Download Manager
2009-02-04 07:36 --------- d-----w c:\program files\Java
2009-01-30 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-30 20:39 --------- d-----w c:\program files\Microsoft Silverlight
2009-01-29 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-01-29 13:28 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\ImageBadger
2009-01-26 10:47 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\IDM
2009-01-11 18:43 --------- d-----w c:\program files\USB Disk Security
2009-01-10 10:16 --------- d-----w c:\documents and settings\XPPRESP3\Application Data\TuneUp Software
2009-01-10 10:15 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-23 15:35 281,104 ----a-w c:\windows\system32\wpcap.dll
2008-12-23 15:35 100,880 ----a-w c:\windows\system32\Packet.dll
2008-12-23 15:33 53,299 ----a-w c:\windows\system32\pthreadVC.dll
2008-12-19 12:39 704 ----a-w C:\Dionakra.DAT
2008-12-08 11:41 499,712 -c--a-w c:\windows\system32\msvcp71.dll
2006-06-01 17:16 60,526 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-06-01 17:16 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-06-01 17:16 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
2006-06-17 22:43 673792 296f36ff783ea520ff1c1acfacfb07f2 c:\windows\system32\wininet.dll
2006-06-17 22:43 663552 d94cffdb53e7ac867438e2dfd50e7cbc c:\windows\XPize\Backup\wininet.dll
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2GDR\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\SP3QFE\tcpip.sys
2005-07-13 03:07 360448 0601f83f6784c220ee302f03f702316e c:\windows\system32\drivers\tcpip.sys
2005-10-15 13:07 949760 17e3c975c6fe3e94cf760f10d91c2af3 c:\windows\explorer.exe
2007-06-13 12:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\SP2GDR\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\SP2QFE\explorer.exe
2005-10-15 13:07 1032192 45757077a47c68a603a79b03a1a836ab c:\windows\XPize\Backup\explorer.exe
2004-08-04 18:00 30208 de8fa9cf18f95341079c7e6a215c226a c:\windows\system32\ctfmon.exe
2004-08-04 18:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-06_22.10.53.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-23 15:35:02 50,704 ----a-w c:\windows\system32\drivers\npf.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 30208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiArp 26_06_2006 By ابراهيم عادل]
--a------ 2007-04-07 15:09 32768 c:\documents and settings\XPPRESP3\Desktop\AntiArp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 18:00 30208 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoCut]
--a------ 2007-09-15 01:16 95 c:\documents and settings\XPPRESP3\Desktop\NoCut.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
R2 Stormser;Stormser; [x]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - NPF
*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - FolderSize
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - kl1
*Deregistered* - KLIF
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - nm
*Deregistered* - NPF
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RDPWD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TDTCP
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
.
*******s of the 'Scheduled Tasks' folder
2009-02-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-StormCodec_Helper - c:\program files\Ringz Studio\Storm Codec\StormSet.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\docume~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\docume~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\docume~1\XPPRESP3\LOCALS~1\Temp\RarSFX0\IEGetVL.htm
TCP: {AE5B6B1E-4890-4698-BB9D-C398F8DC01ED} = 192.168.1.10,192.168.1.1
TCP: {AE842B84-4E3E-47A5-A15A-B92A20D083FB} = 192.168.1.10,192.168.1.1,127.0.0.1
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\k6mvk2yr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.eg/
FF - component: c:\documents and settings\XPPRESP3\Application Data\IDM\idmmzcc\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.******.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/*******/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/*******/searchconfig.properties");
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-07 17:38:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{70e9c9b1-f15a-43d6-945e-7ce313a4713b}]
@Denied: (Full) (Everyone)
"Model"=dword:00000040
"Therad"=dword:00000001
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,4e,a9,ce,ea,da,41,36,fe,28,fb,8e,13,b2,3f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b0,c9,24,8b,39,41,10,94,b4,56,1b,c8,25,00,b8,f3,a9,28,92,11,1d,
d3,7b,5d,05,cb,ca,6c,0d,be,2f,c9,b2,66,b1,ec,0d,35,14,18,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\klogon.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(2236)
c:\windows\System32\cscui.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-03-07 17:43:02
ComboFix-quarantined-files.txt 2009-03-07 15:42:41
ComboFix2.txt 2009-03-06 20:13:55
Pre-Run: 1,810,489,344 bytes free
Post-Run: 1,802,850,304 bytes free
336

السّاجد لله · 7 مارس 2009

كيف الوضع عندك الان اخوي

azemalzanan · 7 مارس 2009

المشكلة مازلت عندى رغم كا المحاولات السابقة
هل اسطب نسخة اخرى
منتظر الرد

السّاجد لله · 7 مارس 2009

طيب اذا كانت المشكلة قريبة اعمل استعادة نظام لوقت كان فيه جهازك بحالة جيدة

azemalzanan · 7 مارس 2009

ياريت توصلنى برابط المضوع فى المنتدى والخاص باستعادة النظام
حتى لا يكون هناك أخطاء منى
وشكرا لك

السّاجد لله · 7 مارس 2009

تفضل بس لازم تتذكر وقت كان فيه الجهاز تمام وترجع اله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

زيزوومى مميز

توقيع : azemalzanan

داعم للمنتدى،(خبراء زيزووم )

توقيع : Demo-dashDemo-dash is verified member.

زيزوومى مميز

توقيع : azemalzanan

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى مميز

توقيع : azemalzanan

زيزوومى مميز

توقيع : azemalzanan

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى مميز

توقيع : azemalzanan

زيزوومى مميز

توقيع : azemalzanan

زيزوومى مميز

توقيع : azemalzanan

زيزوومى مميز

توقيع : azemalzanan

زيزوومى مميز

توقيع : azemalzanan

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى مميز

توقيع : azemalzanan

زيزوومى فضى

توقيع : السّاجد لله

زيزوومى مميز

توقيع : azemalzanan

زيزوومى فضى

توقيع : السّاجد لله

توقيع : Demo-dash