Jump to content
Sign in to follow this  
kondos

Unable to download files- HijackThis Log

Recommended Posts

i can't download anything all things corrupted why ?


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:11 PM, on 7/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\netcut\services\AIPS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?t=eg&babsrc=HP_ss&mntrId=cc9f4c8e00000000000000192191d2d4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: حمل بواسطة البرنامج - file://C:\Program Files\MiPony\Browser\IEContext.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341450885359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341450868546
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Arp Intelligent Protection Service (AIPS) - Arcai.com - C:\Program Files\netcut\services\AIPS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 5335 bytes

Share this post


Link to post
Share on other sites

Hello kondos and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

What exactly is the problem? What you can't download?

Please follow the instructions here and post the log files from DDS in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Share this post


Link to post
Share on other sites

Hi Maniac

I cant download anything when I download anything it's corrupted

in rar files it teels me CRC failed

in .exe or self extract over than 3MB it's corrupted

Log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mn3m at 5:02:20 on 2012-07-07
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.2039.1483 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\netcut\services\AIPS.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alnaddy.com/?t=eg&babsrc=HP_ss&mntrId=cc9f4c8e00000000000000192191d2d4
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\internet download manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\internet download manager\IEExt.htm
IE: حمل بواسطة البرنامج - file://c:\program files\mipony\browser\IEContext.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341450885359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341450868546
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C16BE4B1-859D-4C23-AAC4-C31F03E05F79} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2012-3-17 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2012-3-17 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2012-3-17 13616]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-6-7 108448]
R2 AIPS;Arp Intelligent Protection Service;c:\program files\netcut\services\aips.exe [2012-7-6 262144]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-6-28 24328]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-9 257696]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-06 20:28:57 388096 ----a-r- c:\documents and settings\mn3m\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-06 20:28:56 -------- d-----w- c:\program files\Trend Micro
2012-07-06 10:50:43 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240D2.TMP
2012-07-06 10:01:40 2 ----a-w- C:\~AUcache1.tmp
2012-07-06 09:59:44 -------- d-----w- c:\program files\AutoUnpack
2012-07-06 02:52:54 -------- d-----w- c:\program files\WinPcap
2012-07-06 02:52:42 389120 ----a-w- c:\windows\system32\actskn43.ocx
2012-07-06 02:52:41 -------- d-----w- c:\program files\netcut
2012-07-05 17:36:39 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2012-07-05 17:36:39 8192 ----a-w- c:\windows\system32\kbdkor.dll
2012-07-05 17:36:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2012-07-05 17:36:39 6144 ----a-w- c:\windows\system32\kbd101c.dll
2012-07-05 17:36:39 6144 ----a-w- c:\windows\system32\kbd101b.dll
2012-07-05 17:36:39 5632 ----a-w- c:\windows\system32\kbd103.dll
2012-07-05 17:27:58 593920 ------w- c:\windows\system32\ati2sgag.exe
2012-07-05 02:32:13 -------- d-----w- c:\documents and settings\mn3m\local settings\application data\WMTools Downloaded Files
2012-07-05 02:15:50 -------- d-----w- c:\windows\system32\drivers\etc\New Folder
2012-07-05 01:16:01 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-07-04 15:00:57 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-04 15:00:57 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-04 14:47:27 -------- d-----w- C:\Drivers
2012-07-04 02:32:00 -------- d-----w- c:\documents and settings\mn3m\local settings\application data\PCHealth
2012-07-04 02:25:31 -------- d-----w- c:\documents and settings\mn3m\IECompatCache
2012-07-04 01:56:00 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-04 01:48:36 -------- d-----w- c:\documents and settings\mn3m\application data\IDM
2012-07-04 01:48:36 -------- d-----w- c:\documents and settings\mn3m\application data\DMCache
2012-07-04 01:48:29 -------- d-----w- c:\program files\Internet Download Manager
2012-07-03 23:46:09 -------- d-----w- c:\windows\pss
2012-06-28 15:04:14 2560 ----a-w- c:\documents and settings\all users\application data\microsoft\usmt\iconlib.dll
2012-06-27 22:18:03 24328 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-06-27 22:18:03 -------- d-----w- c:\program files\CPUID
2012-06-27 17:06:21 -------- d-----w- c:\windows\system32\LogFiles
2012-06-26 23:14:32 -------- d-----w- c:\documents and settings\mn3m\application data\Mipony
2012-06-26 23:14:00 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-06-26 23:13:59 -------- d-----w- c:\documents and settings\mn3m\application data\Babylon
2012-06-26 04:12:38 -------- d-----w- c:\program files\Yahoo!
2012-06-26 03:20:00 -------- d-----w- c:\program files\VideoLAN
2012-06-25 17:51:59 -------- d-----w- c:\documents and settings\mn3m\application data\edxLabs
2012-06-25 01:08:51 -------- d-----w- c:\documents and settings\mn3m\local settings\application data\Opera
2012-06-24 22:27:38 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-06-24 22:27:36 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-06-24 17:01:20 -------- d-----w- c:\windows\system32\XPSViewer
2012-06-24 17:00:54 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-06-24 17:00:49 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2012-06-24 17:00:46 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-06-24 17:00:46 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-06-24 17:00:46 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-06-24 17:00:46 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-06-24 17:00:46 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-06-24 17:00:46 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-06-24 17:00:46 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-06-24 17:00:46 117760 ------w- c:\windows\system32\prntvpt.dll
2012-06-07 06:18:01 108448 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
==================== Find3M ====================
.
2012-06-26 03:11:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 03:11:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 15:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-09 13:35:23 3186 ----a-w- c:\windows\system32\presetup.cmd
2012-05-09 13:35:23 28672 ----a-w- c:\windows\system32\setupold.exe
2012-05-09 12:58:15 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2012-05-09 12:47:27 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 12:47:27 218624 ----a-w- c:\windows\system32\uxtheme.dll
2012-05-09 12:47:27 140288 ----a-w- c:\windows\system32\sfc_os.dll
2012-05-09 12:47:21 990208 ----a-w- c:\windows\system32\syssetup.dll
2012-05-09 12:47:17 919552 ----a-w- c:\windows\system32\wininet.dll
2012-05-09 12:45:55 339336 ----a-w- c:\windows\system32\msdrm.dll
2012-05-09 12:44:59 206848 ----a-w- c:\windows\system32\unimdm.tsp
2012-05-09 12:43:57 69120 ----a-w- c:\windows\system32\notepad.exe
2012-05-09 12:42:59 81920 ----a-w- c:\windows\system32\isign32.dll
2012-05-09 12:39:39 344064 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-09 12:38:49 26112 ----a-w- c:\windows\system32\idndl.dll
2012-05-09 12:38:49 10240 ----a-w- c:\windows\system32\advpack.dll.mui
2012-05-09 12:38:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-05-09 12:38:41 48128 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-09 12:38:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-09 12:38:41 156160 ----a-w- c:\windows\system32\msls31.dll
2012-05-09 12:38:23 45568 ----a-w- c:\windows\system32\mshta.exe
2012-05-09 12:38:16 34816 ----a-w- c:\windows\system32\imgutil.dll
2012-05-09 12:38:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-09 12:38:07 18944 ----a-w- c:\windows\system32\corpol.dll
2012-05-09 12:38:06 72704 ----a-w- c:\windows\system32\admparse.dll
2012-05-09 12:36:50 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
============= FINISH: 5:02:50.26 ===============

attach.rar

Share this post


Link to post
Share on other sites

Step 1

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Step 2

  • Download Malwarebytes Anti-Malware from here and save the file to your desktop
  • Double-click on mbam-setup.exe and follow the onscreen prompts to install Malwarebytes Anti-Malware
  • Once complete, open Malwarebytes Anti-Malware and click on the Update tab and check for updates
  • Once that is done, click on the Scanner tab and perform a Quick Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

In your next reply, post the following log files:

  • exeHelper log
  • Malwarebytes' Anti-Malware log

Share this post


Link to post
Share on other sites

i've installed new windows but the problem didn't solved


exeHelper by Raktor
Build 20100414
Run at 17:04:03 on 07/07/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.07.05
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
kondos :: MANNON [administrator]
Protection: Enabled
07/07/2012 04:58:50 م
mbam-log-2012-07-07 (16-58-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180401
Time elapsed: 6 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Share this post


Link to post
Share on other sites

Complete reinstallation? If yes, you should contact your ISP and explain that even after reinstallation of Windows, you have a problem with the download.

Share this post


Link to post
Share on other sites

yea complete re-installation but my isp told me the problem in my pc because when i move the hard to another pc it's working perfetly

Share this post


Link to post
Share on other sites

hmmm the problem is not in router bec when i move the hard drive to another pc it's working perfect!!!

i reseted it and the problem still not solved

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

ComboFix 12-07-11.03 - kondos 07/11/2012 15:28:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.2039.1632 [GMT 2:00]
Running from: c:\documents and settings\kondos\My Documents\Downloads\Programs\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\kondos\Local Settings\Application Data\hide.exe
c:\windows\iun6002.exe
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-09 01:25 . 2012-07-09 01:26 -------- d-----w- C:\dat
2012-07-08 01:22 . 2012-07-08 01:26 -------- d-----w- C:\xampp
2012-07-07 15:28 . 2012-07-07 15:28 -------- d-----w- C:\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2004-08-04 00:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-04-23 11:26 . 2012-06-07 06:18 108448 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\PES6\\PES6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6/7/2012 8:18 AM 108448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/7/2012 4:59 PM 257696]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\kondos\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\kondos\LOCALS~1\Temp\ALSysIO.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/10/2012 2:07 PM 40776]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 12:05]
.
.
------- Supplementary Scan -------
.
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-DkZ Studio0.9.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 15:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1229272821-2147200963-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3CFCEFE4-3AEC-05F6-ABB2-65A096F7126E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iamihapbjkefblbhcn"=hex:6a,61,64,6b,6d,69,64,6f,6a,70,61,69,6d,61,6f,62,65,6b,
70,6a,00,fb
"hagljchojkaildmi"=hex:6a,61,64,6b,6d,69,64,6f,6a,70,61,69,6d,61,6f,62,65,6b,
70,6a,00,fb
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-07-11 15:34:41
ComboFix-quarantined-files.txt 2012-07-11 13:34
.
Pre-Run: 6,038,077,440 bytes free
Post-Run: 6,163,173,376 bytes free
.
- - End Of File - - E27036B0C6975508FCFF884FF7F6229D

Share this post


Link to post
Share on other sites

That's strange. After re-install, but seems the system is infected. Using WinRaR, please compress the following folder: C:\Qoobox\Quarantine and upload it somewhere. For example in www.rapidshare.com . Please send me a download link via PM.

http://www.win-rar.com/faq.html#c1456

Thanks!

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.