الحالة
موضوع مغلق

Mr Tamer

عضو جديد
التسجيل
3/3/06
المشاركات
1
الإعجابات
0
#1


عندى يا جامعه مشكله مجنناني

الجهاز كل ما افتح صفحة نت عليه يجي يحمل ملف من موقع غير ده اخرة good\x.exe

طبعا مش بحمله عشان مش عارف ايه الملف ده

وكمان انا مشغل برنامج الحمايه انتى فير بيجي كل صفحة نت يقولى ان MicroSofts.vbs
انه فيرس

والنت عندى تقيل جداااااااااااااااااااااا
مع انى على خط 1 ميجا لوحدي ولو مش فاتح اى حاجه متصله بالنت ببنج البنج بيوصل لـ 3000

ياريت يا جماعه لو فى حل للموضوع ده

عندى مشكله كمان ان الجهاز تقيل ويفتح تمام ويوصل لحد الولكم ويعديها ويجيب سطح المكتب فاضي ويقعد فتره حوالى ربع ساعه ممكن تظهر الايكونات او اعمل رنج من التيكست منيجر وافتح الاكسبلور وممكن يفتح او لاء
والاغلب انه بيروح عامل رسترت بتاع اربع مرات لوحده وبعدين يحن عليه ويفتح

مع انى غيرت الراما وغيرت الفانا والباور سبلاى


اه وكل شوية يقولى ان الايبي بتاع الجهاز مجود على الشبكة وانا لوحد مش عارف فى ايه

افرمط الجهاز كله ولا اعمل ايه ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟



ده اول تقرير

ComboFix 08-09-20.05 - TiGeR 2008-09-22 2:14:04.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.148 [GMT 3:00]
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Messenger\msgmr.dll
C:\WINDOWS\AppPatch\AcSpecf.dll
C:\WINDOWS\AppPatch\AcSpecf.sdb
C:\WINDOWS\AppPatch\AcXtrnel.sdb
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
C:\WINDOWS\Fonts\Framdee.ttf
C:\WINDOWS\sysocmgr.dll
C:\WINDOWS\system32\aotoppt.dll
C:\WINDOWS\system32\catower.dll
C:\WINDOWS\system32\comboaus.dll
C:\WINDOWS\system32\drivers\eth8023.sys
C:\WINDOWS\system32\drivers\HBKernel32.sys
C:\WINDOWS\system32\eskisl.dll
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\HB1000Y.dll
C:\WINDOWS\system32\HBCT.dll
C:\WINDOWS\system32\HBFY.dll
C:\WINDOWS\system32\HBQQFFO.dll
C:\WINDOWS\system32\HBQQSG.dll
C:\WINDOWS\system32\HBXY2.dll
C:\WINDOWS\system32\johandy.dll
C:\WINDOWS\system32\jolndyo.dll
C:\WINDOWS\system32\kildh3l.cfg
C:\WINDOWS\system32\kildh3l.dll
C:\WINDOWS\system32\lensch.dll
C:\WINDOWS\system32\mduaey.dll
C:\WINDOWS\system32\mduaeyk.exe
C:\WINDOWS\system32\micsus.dll
C:\WINDOWS\system32\mshta.dll
C:\WINDOWS\system32\pewire.dll
C:\WINDOWS\system32\system.exe
C:\WINDOWS\system32\wllame.dll
C:\WINDOWS\system32\wrm32.dll
C:\WINDOWS\temp\wmsetup.dll
C:\WINDOWS\Update.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ETH8023
-------\Legacy_HBKERNEL32
-------\Service_eth8023
-------\Service_HBKernel32


((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-22 02:29 . 2008-09-16 01:03 <DIR> d-------- C:\32788R22FWJFW
2008-09-22 02:22 . 2008-09-22 02:22 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-09-22 02:22 . 2008-09-22 02:22 <DIR> d-------- C:\WINDOWS\srchasst
2008-09-22 02:22 . 2008-09-22 02:22 <DIR> d-------- C:\WINDOWS\help
2008-09-22 02:22 . 2008-09-22 02:22 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-09-22 02:01 . 2008-09-22 02:01 2,555,680 --a------ C:\WINDOWS\system32\kxgycdbp.dll
2008-09-22 02:01 . 2008-09-22 02:01 2,112,940 --a------ C:\WINDOWS\system32\tcivbdod.dll
2008-09-22 02:01 . 2008-09-22 02:01 428 --a------ C:\WINDOWS\system32\tcivbdod.nls
2008-09-22 02:01 . 2008-09-22 02:01 428 --a------ C:\WINDOWS\system32\cknrkmma.nls
2008-09-22 02:01 . 2008-09-22 02:01 288 --a------ C:\WINDOWS\system32\kxgycdbp.nls
2008-09-22 02:00 . 2008-09-22 02:00 <DIR> d-------- C:\Documents and Settings\TiGeR\dwhelper
2008-09-22 02:00 . 2008-09-22 02:00 2,551,212 --a------ C:\WINDOWS\system32\pgfbznxe.dll
2008-09-22 02:00 . 2008-09-22 02:00 2,510,764 --a------ C:\WINDOWS\system32\cknrkmma.dll
2008-09-22 02:00 . 2008-09-22 02:00 428 --a------ C:\WINDOWS\system32\pgfbznxe.nls
2008-09-22 01:59 . 2008-09-22 01:59 2,573,740 --a------ C:\WINDOWS\system32\ldwhrxba.dll
2008-09-22 01:59 . 2008-09-22 01:59 2,509,228 --a------ C:\WINDOWS\system32\ydpkfawz.dll
2008-09-22 01:59 . 2008-09-22 01:59 428 --a------ C:\WINDOWS\system32\ydpkfawz.nls
2008-09-22 01:59 . 2008-09-22 01:59 428 --a------ C:\WINDOWS\system32\ldwhrxba.nls
2008-09-22 01:59 . 2008-09-22 01:59 428 --a------ C:\WINDOWS\system32\ebabwjce.nls
2008-09-22 01:58 . 2008-09-22 01:59 2,629,548 --a------ C:\WINDOWS\system32\ebabwjce.dll
2008-09-22 01:58 . 2008-09-22 01:58 2,302,752 --a------ C:\WINDOWS\system32\xvsjrqxf.dll
2008-09-22 01:58 . 2008-09-22 01:58 2,201,888 --a------ C:\WINDOWS\system32\rthyiogf.dll
2008-09-22 01:58 . 2008-09-22 01:58 288 --a------ C:\WINDOWS\system32\xvsjrqxf.nls
2008-09-22 01:58 . 2008-09-22 01:58 288 --a------ C:\WINDOWS\system32\rthyiogf.nls
2008-09-22 01:57 . 2008-09-22 01:57 2,543,020 --a------ C:\WINDOWS\system32\dxltianx.dll
2008-09-22 01:57 . 2008-09-22 01:57 2,401,940 --a------ C:\WINDOWS\system32\zffhuclx.dll
2008-09-22 01:57 . 2008-09-22 01:57 2,373,920 --a------ C:\WINDOWS\system32\jssxwfui.dll
2008-09-22 01:57 . 2008-09-22 01:57 428 --a------ C:\WINDOWS\system32\dxltianx.nls
2008-09-22 01:57 . 2008-09-22 01:57 288 --a------ C:\WINDOWS\system32\jssxwfui.nls
2008-09-22 01:57 . 2008-09-22 01:57 148 --a------ C:\WINDOWS\system32\zffhuclx.nls
2008-09-22 01:51 . 2008-09-22 01:51 428 --a------ C:\WINDOWS\system32\taawpoql.nls
2008-09-22 01:51 . 2008-09-22 01:51 288 --a------ C:\WINDOWS\system32\nfmmmmfp.nls
2008-09-22 01:48 . 2008-09-22 01:48 <DIR> d--hs---- C:\FOUND.000
2008-09-22 01:37 . 2008-09-22 01:37 2,523,564 --a------ C:\WINDOWS\system32\hpuqtuoj.dll
2008-09-22 01:37 . 2008-09-22 01:37 2,403,104 --a------ C:\WINDOWS\system32\nunvbqix.dll
2008-09-22 01:37 . 2008-09-22 01:37 2,251,692 --a------ C:\WINDOWS\system32\nyqieuor.dll
2008-09-22 01:37 . 2008-09-22 01:37 2,239,916 --a------ C:\WINDOWS\system32\qbhguxpu.dll
2008-09-22 01:37 . 2008-09-22 01:37 428 --a------ C:\WINDOWS\system32\qbhguxpu.nls
2008-09-22 01:37 . 2008-09-22 01:37 428 --a------ C:\WINDOWS\system32\nyqieuor.nls
2008-09-22 01:37 . 2008-09-22 01:37 428 --a------ C:\WINDOWS\system32\hpuqtuoj.nls
2008-09-22 01:37 . 2008-09-22 01:37 428 --a------ C:\WINDOWS\system32\ajuynbjk.nls
2008-09-22 01:37 . 2008-09-22 01:37 288 --a------ C:\WINDOWS\system32\nunvbqix.nls
2008-09-22 01:26 . 2008-09-22 01:26 428 --a------ C:\WINDOWS\system32\gnfekqfg.nls
2008-09-22 01:25 . 2008-09-22 01:25 428 --a------ C:\WINDOWS\system32\youdsgfe.nls
2008-09-22 01:25 . 2008-09-22 01:25 428 --a------ C:\WINDOWS\system32\pghtzbtg.nls
2008-09-22 01:24 . 2008-09-22 01:58 28,672 --a------ C:\WINDOWS\system32\stepps.dll
2008-09-22 01:24 . 2008-09-22 01:24 428 --a------ C:\WINDOWS\system32\riukvnif.nls
2008-09-22 01:24 . 2008-09-22 01:24 288 --a------ C:\WINDOWS\system32\vldjlqia.nls
2008-09-22 01:24 . 2008-09-22 01:24 288 --a------ C:\WINDOWS\system32\hthgcvag.nls
2008-09-22 01:23 . 2008-09-22 01:23 <DIR> d-------- C:\Documents and Settings\TiGeR\Application Data\Thinstall
2008-09-22 01:23 . 2008-09-22 01:23 428 --a------ C:\WINDOWS\system32\hhhmkcpt.nls
2008-09-22 01:23 . 2008-09-22 01:23 428 --a------ C:\WINDOWS\system32\hdvziyjq.nls
2008-09-22 01:23 . 2008-09-22 01:23 288 --a------ C:\WINDOWS\system32\qtucmfyw.nls
2008-09-22 01:23 . 2008-09-22 01:23 148 --a------ C:\WINDOWS\system32\qxuwdgbj.nls
2008-09-22 01:16 . 2008-09-22 01:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 01:16 . 2008-09-22 01:16 <DIR> d-------- C:\Documents and Settings\TiGeR\Application Data\Malwarebytes
2008-09-22 01:16 . 2008-09-22 01:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 01:16 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 01:16 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 01:15 . 2008-09-22 01:16 0 --a------ C:\WINDOWS\vpc32.INI
2008-09-22 01:03 . 2008-09-22 01:03 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-09-22 01:03 . 2008-09-22 01:03 <DIR> d-------- C:\Program Files\Symantec
2008-09-22 01:03 . 2008-09-22 01:03 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-22 01:03 . 2008-09-22 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-22 01:03 . 2005-09-17 00:20 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-22 01:03 . 2005-09-17 00:20 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-22 01:02 . 2008-09-22 01:02 <DIR> d-------- C:\Program Files\sisagp
2008-09-22 01:02 . 2008-09-22 01:02 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.68
2008-09-22 01:02 . 2008-09-22 01:02 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-22 01:02 . 2008-09-22 01:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-22 01:01 . 2008-09-22 01:01 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-09-22 01:01 . 2008-09-22 01:01 <DIR> d-------- C:\Documents and Settings\TiGeR\Application Data\IDM
2008-09-22 01:01 . 2008-09-22 01:01 <DIR> d-------- C:\Documents and Settings\TiGeR\Application Data\DMCache
2008-09-22 01:00 . 2008-09-22 01:00 <DIR> d-------- C:\Documents and Settings\TiGeR
2008-09-21 05:25 . 2005-07-13 03:46 1,570,489 --a------ C:\WINDOWS\system32\sisgl.dll
2008-09-21 05:25 . 2005-07-13 03:15 904,192 --a------ C:\WINDOWS\system32\sisgrv.dll
2008-09-21 05:25 . 2005-07-13 03:07 257,024 --a------ C:\WINDOWS\system32\drivers\sisgrp.sys
2008-09-21 05:25 . 2003-11-26 16:10 65,536 --a------ C:\WINDOWS\system32\sis760.bin
2008-09-21 05:25 . 2003-11-26 16:10 65,536 --a------ C:\WINDOWS\system32\sis741.bin
2008-09-21 05:25 . 2005-07-13 03:05 49,152 --a------ C:\WINDOWS\system32\sis660.bin
2008-09-21 05:25 . 2005-07-13 02:55 28,672 --a------ C:\WINDOWS\system32\SiSPInst.dll
2008-09-21 05:25 . 2005-07-13 03:48 11,904 --a------ C:\WINDOWS\system32\drivers\srvkp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-21 23:01 24,576 ----a-w C:\WINDOWS\system32\HB1000Y.dll
2008-09-21 22:37 2,612,652 ----a-w C:\WINDOWS\system32\ajuynbjk.dll
2008-09-21 22:36 2,506,016 ----a-w C:\WINDOWS\system32\zfuwviyx.dll
2008-09-21 22:36 2,466,220 ----a-w C:\WINDOWS\system32\dmlxlekn.dll
2008-09-21 22:36 2,380,716 ----a-w C:\WINDOWS\system32\wkdxffpc.dll
2008-09-21 22:36 2,253,460 ----a-w C:\WINDOWS\system32\soyksnco.dll
2008-09-21 22:36 2,203,052 ----a-w C:\WINDOWS\system32\zbuddonk.dll
2008-09-21 22:36 2,128,672 ----a-w C:\WINDOWS\system32\jvhowekv.dll
2008-09-21 22:36 2,126,112 ----a-w C:\WINDOWS\system32\wkojiqlj.dll
.

------- Sigcheck -------

2006-09-09 01:02 2198144 ba08992ecfb4b23b9204add12ab385ea C:\WINDOWS\system32\ntkrnlpa.exe

2006-09-08 23:01 2321024 ef63859e4fd9cb3ec31a111481f4b1b6 C:\WINDOWS\system32\ntoskrnl.exe

2006-09-09 00:48 1616896 7f9583eff8102bce8bd6716744018f83 C:\WINDOWS\explorer.exe

2006-09-09 09:45 125720 b04b182a92c119511dd3cdbe18602db1 C:\WINDOWS\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-12-11 2561456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"SiSPower"="SiSPower.dll" [2005-07-13 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.e xe" [2004-08-04 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-09-22 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{D1CC9DC6-F0BC-40fc-9552-E497B05E05B8}"= "C:\WINDOWS\system32\xvsjrqxf.dll" [2008-09-22 2302752]
"{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}"= "C:\WINDOWS\system32\kxgycdbp.dll" [2008-09-22 2555680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceDelayLoad]
"hthgcvag.dll"= {D1CC9DC6-F0BC-40fc-9552-E497B05E05B8} - C:\WINDOWS\system32\xvsjrqxf.dll [2008-09-22 2302752]
"nfmmmmfp.dll"= {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\kxgycdbp.dll [2008-09-22 2555680]
"xvsjrqxf.dll"= {D1CC9DC6-F0BC-40fc-9552-E497B05E05B8} - C:\WINDOWS\system32\xvsjrqxf.dll [2008-09-22 2302752]
"kxgycdbp.dll"= {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\kxgycdbp.dll [2008-09-22 2555680]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\dr ivers\mbamswissarmy.sys [2008-09-10 38528]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 -: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 02:30:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\n vmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\xvsjrqxf.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\system32\verclsid.exe
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
E:\Tamer\cd\Firefox\FirefoxPortable\FirefoxPortabl e_1.exe
E:\Tamer\cd\Firefox\FirefoxPortable\App\firefox\fi refox.exe
.
************************************************** ************************
.
Completion time: 2008-09-22 2:31:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 23:31:02

Pre-Run: 7,530,414,080 bytes free
Post-Run: 7,601,946,624 bytes free

238

وده التقرير التانى

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:52:51 م, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\ping.exe
d:\z\z\temp\hpzsetup.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\New Folder\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzrcv01.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 4384 bytes
 

الوميض الازرق

الوميض الازرق

مهندس التصميم و الجرافيكس
التسجيل
3/6/04
المشاركات
7,494
الإعجابات
6,999
العمر
64
#2
الحالة
موضوع مغلق

أعلى