- بادئ الموضوع snbl
- تاريخ البدء
- 1,537
غير متصل
عطل برنامج الحمايه عندك
بعدين حمل الأداة هذي وشغلها
تطلع لك رسالتين اضغط على ( yes )
يستحسن لو تستخدمها في الوضع الآمن
انتظر شوي لين ما تخلص من الفحص
واحتمال تسوي اعادة تشغيل لجهازك
انتهى الفحص
وجاري اعداد التقرير
هذا هو التقرير انسخه والصقه بردك الجاي
ويستحسن لو ترفعه على رابط
*****************************
بعدين
عطني تقرير لا هنت
بعد التحميل => شغل البرنامج
Do a system scan and save a log file
يطلع لك تقرير => انسخه والصقه بردك القادم
ويستحسن لو ترفعه على رابط
بعدين حمل الأداة هذي وشغلها
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تطلع لك رسالتين اضغط على ( yes )
يستحسن لو تستخدمها في الوضع الآمن
انتظر شوي لين ما تخلص من الفحص
واحتمال تسوي اعادة تشغيل لجهازك
انتهى الفحص
وجاري اعداد التقرير
هذا هو التقرير انسخه والصقه بردك الجاي
ويستحسن لو ترفعه على رابط
*****************************
بعدين
عطني تقرير لا هنت
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد التحميل => شغل البرنامج
Do a system scan and save a log file
يطلع لك تقرير => انسخه والصقه بردك القادم
ويستحسن لو ترفعه على رابط
توقيع : Juve Guard
تأييد
0
snbl
زيزوومي نشيط
غير متصل
(( هذا هو التقرير ))
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:15 ص, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.80:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8280 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:15 ص, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.93.193.80:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8280 bytes
تأييد
0
Al jNtEeL
زيزوومى فضى
- إنضم
- 1 نوفمبر 2007
- المشاركات
- 7,298
- مستوى التفاعل
- 66
- النقاط
- 840
- الإقامة
- |-Al Hilal Club-|
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
تأييد
0
snbl
زيزوومي نشيط
غير متصل
(( وهذا التقرير الاول ))
ComboFix 08-06-20.4 - aziz 06/24/2008 9:59:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.549 [GMT 3:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\artools.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 06:49 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-24 05:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-23 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-23 06:20 --------- d-----w C:\Program Files\Windows Live
2008-06-23 06:20 --------- d-----w C:\Program Files\MSN Messenger
2008-06-23 06:20 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-23 06:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-23 06:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-22 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-22 21:31 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-21 18:16 --------- d-----w C:\Documents and Settings\aziz\Application Data\Apple Computer
2008-06-21 10:53 --------- d-----w C:\Documents and Settings\aziz\Application Data\LimeWire
2008-06-21 07:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-21 07:34 --------- d-----w C:\Documents and Settings\aziz\Application Data\URSoft
2008-06-21 07:08 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-06-21 06:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 06:24 --------- d-----w C:\Program Files\Macromedia
2008-06-20 22:27 --------- d-----w C:\Program Files\VideoLAN
2008-06-20 22:27 --------- d-----w C:\Documents and Settings\aziz\Application Data\vlc
2008-06-20 18:20 --------- d-----w C:\Program Files\Real
2008-06-20 18:20 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-20 18:20 --------- d-----w C:\Program Files\Common Files\Real
2008-06-20 18:18 --------- d-----w C:\Program Files\Sun
2008-06-20 18:18 --------- d-----w C:\Program Files\Java
2008-06-20 17:01 --------- d-----w C:\Program Files\QuickTime
2008-06-20 16:58 --------- d-----w C:\Program Files\Apple Software Update
2008-06-20 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-20 16:51 --------- d-----w C:\Program Files\LimeWire
2008-06-20 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-06-20 16:22 --------- d-----w C:\Program Files\TechSmith
2008-06-20 16:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 16:09 --------- d-----w C:\Program Files\Common Files\Java
2008-06-20 16:02 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-20 16:02 --------- d-----w C:\Documents and Settings\aziz\Application Data\ACD Systems
2008-06-20 16:01 --------- d-----w C:\Program Files\ACD Systems
2008-06-20 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-06-20 15:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 15:59 --------- d-----w C:\Program Files\BitComet
2008-06-20 15:58 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-06-20 15:56 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-06-20 15:56 --------- d-----w C:\Program Files\mpegable
2008-06-20 15:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-20 15:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-20 15:52 --------- d-----w C:\Program Files\Ahead
2008-06-20 15:48 --------- d-----w C:\Program Files\CONEXANT
2008-06-20 15:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-20 15:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-20 15:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-20 15:40 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-20 15:40 --------- d-----w C:\Program Files\Symantec
2008-06-20 14:37 --------- d-----w C:\Program Files\GIGABYTE
2008-06-20 14:37 --------- d-----w C:\Program Files\BroadCom GB LAN
2008-06-20 14:36 --------- d-----w C:\Program Files\Realtek
2008-06-20 14:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 14:34 --------- d-----w C:\Program Files\Intel
2008-06-20 14:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 14:25 --------- d-----w C:\Program Files\MSXML 4.0
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2005 04:07 PM 7110656]
"nwiz"="nwiz.exe" [07/20/2005 04:07 PM 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/20/2005 04:07 PM 86016]
"RTHDCPL"="RTHDCPL.EXE" [05/04/2005 12:28 PM 14396416 C:\WINDOWS\RTHDCPL.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/03/2006 04:04 AM 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 10:22 PM 26248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM 40048]
"Device Detector"="DevDetect.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/20/2008 09:20 PM 185896]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cscript" []
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [08/03/2004 11:59 PM 44544]
"nltide_3"="advpack.dll" [08/04/2004 01:55 AM 99840 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10738:TCP"= 10738:TCP:BitComet 10738 TCP
"10738:UDP"= 10738:UDP:BitComet 10738 UDP
.
s of the 'Scheduled Tasks' folder
"2008-06-20 16:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-20 17:00:05 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - aziz.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-06-24 10:02:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
.
**************************************************************************
.
Completion time: 06/24/2008 10:04:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-24 07:04:16
Pre-Run: 28,927,717,376 bytes free
Post-Run: 29,876,600,832 bytes free
159
ComboFix 08-06-20.4 - aziz 06/24/2008 9:59:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.549 [GMT 3:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\artools.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 06:49 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-24 05:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-23 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-23 06:20 --------- d-----w C:\Program Files\Windows Live
2008-06-23 06:20 --------- d-----w C:\Program Files\MSN Messenger
2008-06-23 06:20 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-23 06:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-23 06:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-22 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-22 21:31 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-21 18:16 --------- d-----w C:\Documents and Settings\aziz\Application Data\Apple Computer
2008-06-21 10:53 --------- d-----w C:\Documents and Settings\aziz\Application Data\LimeWire
2008-06-21 07:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-21 07:34 --------- d-----w C:\Documents and Settings\aziz\Application Data\URSoft
2008-06-21 07:08 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-06-21 06:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 06:24 --------- d-----w C:\Program Files\Macromedia
2008-06-20 22:27 --------- d-----w C:\Program Files\VideoLAN
2008-06-20 22:27 --------- d-----w C:\Documents and Settings\aziz\Application Data\vlc
2008-06-20 18:20 --------- d-----w C:\Program Files\Real
2008-06-20 18:20 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-20 18:20 --------- d-----w C:\Program Files\Common Files\Real
2008-06-20 18:18 --------- d-----w C:\Program Files\Sun
2008-06-20 18:18 --------- d-----w C:\Program Files\Java
2008-06-20 17:01 --------- d-----w C:\Program Files\QuickTime
2008-06-20 16:58 --------- d-----w C:\Program Files\Apple Software Update
2008-06-20 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-20 16:51 --------- d-----w C:\Program Files\LimeWire
2008-06-20 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-06-20 16:22 --------- d-----w C:\Program Files\TechSmith
2008-06-20 16:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 16:09 --------- d-----w C:\Program Files\Common Files\Java
2008-06-20 16:02 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-20 16:02 --------- d-----w C:\Documents and Settings\aziz\Application Data\ACD Systems
2008-06-20 16:01 --------- d-----w C:\Program Files\ACD Systems
2008-06-20 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-06-20 15:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 15:59 --------- d-----w C:\Program Files\BitComet
2008-06-20 15:58 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-06-20 15:56 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-06-20 15:56 --------- d-----w C:\Program Files\mpegable
2008-06-20 15:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-20 15:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-20 15:52 --------- d-----w C:\Program Files\Ahead
2008-06-20 15:48 --------- d-----w C:\Program Files\CONEXANT
2008-06-20 15:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-20 15:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-20 15:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-20 15:40 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-20 15:40 --------- d-----w C:\Program Files\Symantec
2008-06-20 14:37 --------- d-----w C:\Program Files\GIGABYTE
2008-06-20 14:37 --------- d-----w C:\Program Files\BroadCom GB LAN
2008-06-20 14:36 --------- d-----w C:\Program Files\Realtek
2008-06-20 14:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 14:34 --------- d-----w C:\Program Files\Intel
2008-06-20 14:26 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 14:25 --------- d-----w C:\Program Files\MSXML 4.0
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [01/19/2007 12:55 PM 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/20/2005 04:07 PM 7110656]
"nwiz"="nwiz.exe" [07/20/2005 04:07 PM 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/20/2005 04:07 PM 86016]
"RTHDCPL"="RTHDCPL.EXE" [05/04/2005 12:28 PM 14396416 C:\WINDOWS\RTHDCPL.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/03/2006 04:04 AM 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 10:22 PM 26248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM 40048]
"Device Detector"="DevDetect.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/20/2008 09:20 PM 185896]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cscript" []
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [08/03/2004 11:59 PM 44544]
"nltide_3"="advpack.dll" [08/04/2004 01:55 AM 99840 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10738:TCP"= 10738:TCP:BitComet 10738 TCP
"10738:UDP"= 10738:UDP:BitComet 10738 UDP
.
s of the 'Scheduled Tasks' folder
"2008-06-20 16:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-20 17:00:05 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - aziz.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-06-24 10:02:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
.
**************************************************************************
.
Completion time: 06/24/2008 10:04:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-24 07:04:16
Pre-Run: 28,927,717,376 bytes free
Post-Run: 29,876,600,832 bytes free
159
تأييد
0
غير متصل
احذف القيم هذي
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')
طريقة الحذف
( 1 )
حدد على القيم المطلوبه ثم اضغط
Fix checked
( 2 )
كيف جهازك الحين ؟
سليم ولا تعاني من المشكلة الى الآن ؟
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')
طريقة الحذف
( 1 )
حدد على القيم المطلوبه ثم اضغط
Fix checked
( 2 )
كيف جهازك الحين ؟
سليم ولا تعاني من المشكلة الى الآن ؟
توقيع : Juve Guard
تأييد
0
غير متصل
طيب شوف اخوي
اعذرني على قلة الدبره لأني مستعجل ووراي دوام ومشوار طويل
اذا بغيت تفك نفسك من هذا كله
احذف المكافح الي عندك وثبت الأفيرا وحدثه لآخر التحديثات
وافحص جهازك
ولا تنسى الاعدادات
يالله فمان الله اشوفكم الاسبوع الجاي ان شاء الله
اعذرني على قلة الدبره لأني مستعجل ووراي دوام ومشوار طويل
اذا بغيت تفك نفسك من هذا كله
احذف المكافح الي عندك وثبت الأفيرا وحدثه لآخر التحديثات
وافحص جهازك
ولا تنسى الاعدادات
يالله فمان الله اشوفكم الاسبوع الجاي ان شاء الله
توقيع : Juve Guard
تأييد
0
snbl
زيزوومي نشيط
غير متصل
نسيت اقولك المشكله اللي كنت بسوي فرمات للجهاز عنها انحلت وهي اني لما اسوي اغلاق للكمبيوتر يعلق ومايرضى يغلق الجهاز الا بالضغط على التا وكنترول وديليت يعني راح الفايروس المسبب بفضل من الله ثم تعاونك معاي لكن الاسم لازال موجود مو مهم اهم شي انحلت المشكله وشكرا لك ياغالي
تأييد
0
شتيوي2006
زيزوومي جديد
- إنضم
- 18 يناير 2008
- المشاركات
- 62
- مستوى التفاعل
- 2
- النقاط
- 80
- الإقامة
- القصيم
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
تأييد
0
LINEZERO
زيزوومى محترف
غير متصل
بالاضافه الى كلام الاحبه اعمل ماتم ذكره بالموضوع التالي
لفحص الجهاز الشامل من بيئة اقلاع نظيفه
بالتوفيق
::
::
:
لفحص الجهاز الشامل من بيئة اقلاع نظيفه
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بالتوفيق
::
::
:
توقيع : LINEZERO
تأييد
0
شتيوي2006
زيزوومي جديد
- إنضم
- 18 يناير 2008
- المشاركات
- 62
- مستوى التفاعل
- 2
- النقاط
- 80
- الإقامة
- القصيم
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
ابشر
اول شئ اغلق برنامج الحمايه عندك وبعدين شغل الاداة وراح تفحص وتعيد الجهاز اكثر من مره من حالها وبعد ما تخلص صلح سكان ببرنامج الحمايه اللي عندك
بالتوفيق....
اول شئ اغلق برنامج الحمايه عندك وبعدين شغل الاداة وراح تفحص وتعيد الجهاز اكثر من مره من حالها وبعد ما تخلص صلح سكان ببرنامج الحمايه اللي عندك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بالتوفيق....
توقيع : شتيوي2006
تأييد
0
شتيوي2006
زيزوومي جديد
- إنضم
- 18 يناير 2008
- المشاركات
- 62
- مستوى التفاعل
- 2
- النقاط
- 80
- الإقامة
- القصيم
- الموقع الالكتروني
- www.zyzoom.org
غير متصل
تأييد
0