اخوي انا جاني برنامج اسمهmy security engine يقولون فيرس مخرب عندي الانترنت اكس بلور
وهذا شوف شنهو الخرب
logfile of trend micro hijackthis v2.0.2
scan saved at 12:53:24 م, on 31/03/2010
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v8.00 (8.00.6001.18702)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\windows\system32\rundll32.exe
c:\program files\athan\athan.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\windows\system32\rundll32.exe
c:\program files\iminent\imbooster\imbooster.exe
c:\program files\iminent\searchtheweb\iminent.notifier.exe
c:\program files\common files\ahead\lib\nmbgmonitor.exe
c:\program files\messenger\msmsgs.exe
c:\progra~1\window~4\messen~1\msnmsgr.exe
c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
c:\windows\system32\ctfmon.exe
c:\program files\winzip\wzqkpick.exe
c:\program files\microsoft office\office12\onenotem.exe
c:\progra~1\yahoo!\messen~1\ymsgr_tray.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\tuneup utilities 2010\tuneuputilitiesservice32.exe
c:\program files\common files\ahead\lib\nmindexingservice.exe
c:\program files\tuneup utilities 2010\tuneuputilitiesapp32.exe
c:\program files\common files\ahead\lib\nmindexstoresvr.exe
c:\program files\opera\opera.exe
c:\documents and settings\all users\application data\c53716c\msc537.exe
c:\documents and settings\one\سطح المكتب\hijackthis.exe
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =
http://go.microsoft.com/fwlink/?linkid=69157
r1 - hklm\software\microsoft\internet explorer\main,default_search_url =
http://go.microsoft.com/fwlink/?linkid=54896
r1 - hklm\software\microsoft\internet explorer\main,search page =
http://go.microsoft.com/fwlink/?linkid=54896
r0 - hklm\software\microsoft\internet explorer\main,start page =
http://go.microsoft.com/fwlink/?linkid=69157
r1 - hkcu\software\microsoft\internet connection wizard,shellnext =
http://go.divx.com/postinstall/win/en
r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyoverride = *.local
r3 - urlsearchhook: Urlsearchhook class - {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\genericasktoolbar.dll
r3 - urlsearchhook: Imbooster4web-en toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - c:\program files\imbooster4web-en\tbimbo.dll
r3 - urlsearchhook: 4shared.com toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\tb4sha.dll
o1 - hosts: 74.125.45.100 4-open-davinci.com
o1 - hosts: 74.125.45.100 securitysoftwarepayments.com
o1 - hosts: 74.125.45.100 privatesecuredpayments.com
o1 - hosts: 74.125.45.100 secure.privatesecuredpayments.com
o1 - hosts: 74.125.45.100 getantivirusplusnow.com
o1 - hosts: 74.125.45.100 secure-plus-payments.com
o1 - hosts: 74.125.45.100
www.getantivirusplusnow.com
o1 - hosts: 74.125.45.100
www.secure-plus-payments.com
o1 - hosts: 74.125.45.100
www.getavplusnow.com
o1 - hosts: 74.125.45.100 safebrowsing-cache.google.com
o1 - hosts: 74.125.45.100 urs.microsoft.com
o1 - hosts: 74.125.45.100
www.securesoftwarebill.com
o1 - hosts: 74.125.45.100 secure.paysecuresystem.com
o1 - hosts: 74.125.45.100 paysoftbillsolution.com
o1 - hosts: 74.125.45.100 protected.maxisoftwaremart.com
o1 - hosts: 209.212.147.138
www.google.com
o1 - hosts: 209.212.147.138 google.com
o1 - hosts: 209.212.147.138 google.com.au
o1 - hosts: 209.212.147.138
www.google.com.au
o1 - hosts: 209.212.147.138 google.be
o1 - hosts: 209.212.147.138
www.google.be
o1 - hosts: 209.212.147.138 google.com.br
o1 - hosts: 209.212.147.138
www.google.com.br
o1 - hosts: 209.212.147.138 google.ca
o1 - hosts: 209.212.147.138
www.google.ca
o1 - hosts: 209.212.147.138 google.ch
o1 - hosts: 209.212.147.138
www.google.ch
o1 - hosts: 209.212.147.138 google.de
o1 - hosts: 209.212.147.138
www.google.de
o1 - hosts: 209.212.147.138 google.dk
o1 - hosts: 209.212.147.138
www.google.dk
o1 - hosts: 209.212.147.138 google.fr
o1 - hosts: 209.212.147.138
www.google.fr
o1 - hosts: 209.212.147.138 google.ie
o1 - hosts: 209.212.147.138
www.google.ie
o1 - hosts: 209.212.147.138 google.it
o1 - hosts: 209.212.147.138
www.google.it
o1 - hosts: 209.212.147.138 google.co.jp
o1 - hosts: 209.212.147.138
www.google.co.jp
o1 - hosts: 209.212.147.138 google.nl
o1 - hosts: 209.212.147.138
www.google.nl
o1 - hosts: 209.212.147.138 google.no
o1 - hosts: 209.212.147.138
www.google.no
o1 - hosts: 209.212.147.138 google.co.nz
o1 - hosts: 209.212.147.138
www.google.co.nz
o1 - hosts: 209.212.147.138 google.pl
o1 - hosts: 209.212.147.138
www.google.pl
o1 - hosts: 209.212.147.138 google.se
o1 - hosts: 209.212.147.138
www.google.se
o1 - hosts: 209.212.147.138 google.co.uk
o1 - hosts: 209.212.147.138
www.google.co.uk
o1 - hosts: 209.212.147.138 google.co.za
o1 - hosts: 209.212.147.138
www.google.co.za
o1 - hosts: 209.212.147.138
www.google-analytics.com
o1 - hosts: 209.212.147.138
www.bing.com
o1 - hosts: 209.212.147.138 search.yahoo.com
o1 - hosts: 209.212.147.138
www.search.yahoo.com
o1 - hosts: 209.212.147.138 uk.search.yahoo.com
o1 - hosts: 209.212.147.138 ca.search.yahoo.com
o1 - hosts: 209.212.147.138 de.search.yahoo.com
o1 - hosts: 209.212.147.138 fr.search.yahoo.com
o1 - hosts: 209.212.147.138 au.search.yahoo.com
o2 - bho: 4shared.com toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\tb4sha.dll
o2 - bho: Acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: Imbooster4web-en toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - c:\program files\imbooster4web-en\tbimbo.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: Chelperbho - {84ff7bd6-b47f-46f8-9130-01b2696b36cb} - c:\program files\iminent\searchtheweb\iminent.bho.navigatione rror.dll
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Iminent webbooster - {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\imbooster4web\iminent.webbooster.dll
o2 - bho: Iminent.linktocontent - {a6e9baaf-53cd-4575-967b-2af710a7d21f} - c:\program files\iminent\imbooster\iminent.linktocontent.dll
o2 - bho: Google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: Google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\s wg.dll
o2 - bho: Ask toolbar bho - {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\genericasktoolbar.dll
o2 - bho: Java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: Jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o3 - toolbar: Google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: Imbooster4web-en toolbar - {346de098-61f9-4b42-89da-6dfba7091bb6} - c:\program files\imbooster4web-en\tbimbo.dll
o3 - toolbar: Ask toolbar - {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\genericasktoolbar.dll
o3 - toolbar: 4shared.com toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\tb4sha.dll
o4 - hklm\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hklm\..\run: [athan] c:\program files\athan\athan.exe
o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\java\jre6\bin\jusched.exe"
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [groovemonitor] "c:\program files\microsoft office\office12\groovemonitor.exe"
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [4shared update] "c:\documents and settings\one\سطح المكتب\4shared desktop\checkupdate.exe"
o4 - hklm\..\run: [imbooster] c:\program files\iminent\imbooster\imbooster.exe /warmup
o4 - hklm\..\run: [iminent.notifier] c:\program files\iminent\searchtheweb\iminent.notifier.exe
o4 - hkcu\..\run: [flashget 3] "c:\program files\flashget network\flashget 3\flashget3.exe" -minimize
o4 - hkcu\..\run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "c:\program files\common files\ahead\lib\nmbgmonitor.exe"
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkcu\..\run: [msnmsgr] "c:\progra~1\window~4\messen~1\msnmsgr.exe" /background
o4 - hkcu\..\run: [yahoo! Pager] "c:\progra~1\yahoo!\messen~1\yahoom~1.exe" -quiet
o4 - hkcu\..\run: [swg] "c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe"
o4 - hkcu\..\run: [bitcomet] "c:\program files\bitcomet\bitcomet.exe" /tray
o4 - hkcu\..\run: [4shared desktop] "c:\documents and settings\one\سطح المكتب\4shared desktop\desktop.exe" "startup"
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [my security engine] "c:\documents and settings\all users\application data\c53716c\msc537.exe" /s /d
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [_nltide_3] rundll32 advpack.dll,launchinfsectionex nlite.inf,c,,4,n (user 'default user')
o4 - startup: Onenote 2007 screen clipper and launcher.lnk = c:\program files\microsoft office\office12\onenotem.exe
o4 - global startup: Winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe
o8 - extra context menu item: &download all using 4shared desktop - c:\documents and settings\one\سطح المكتب\4shared desktop\down_all.htm
o8 - extra context menu item: &download using 4shared desktop - c:\documents and settings\one\سطح المكتب\4shared desktop\down_link.htm
o8 - extra context menu item: Google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_60d6 097707281e79.dll/cmsidewiki.html
o8 - extra context menu item: Save flash with flash catcher - res://c:\program files\common files\justdo\iecatcher.dll/flashcatcher.htm
o8 - extra context menu item: ت&صدير إلى microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: Paltalk - {4eafef58-eefa-4116-983d-03b49bcbfffe} - c:\program files\paltalk messenger\paltalk.exe
o9 - extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
o9 - extra button: Flash catcher - {90bae0ef-f4bf-4fac-b2ec-2c725c34af12} - c:\program files\common files\justdo\iecatcher.dll
o9 - extra 'tools' menuitem: Flash catcher - {90bae0ef-f4bf-4fac-b2ec-2c725c34af12} - c:\program files\common files\justdo\iecatcher.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o23 - service: ##id_string1.6844f930_1628_4223_b5cc_5bb94b879762# # (bonjour service) - apple computer, inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: Flexnet licensing service - macrovision europe ltd. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: Google update service (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: Google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: Java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: Nbservice - nero ag - c:\program files\nero\nero 7\nero backitup\nbservice.exe
o23 - service: Nmindexingservice - nero ag - c:\program files\common files\ahead\lib\nmindexingservice.exe
o23 - service: Nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
o23 - service: Tuneup drive defrag service (tuneup.defrag) - tuneup software - c:\program files\tuneup utilities 2010\tuneupdefragservice.exe
o23 - service: Tuneup utilities service (tuneup.utilitiessvc) - tuneup software - c:\program files\tuneup utilities 2010\tuneuputilitiesservice32.exe
--
end of file - 14724 bytes