:er:البشع النورتون ما مشي حالو باية شكل من الاشكال اخي
بس الانترنت مانيجير تممام شكرا الك
هيدا التقرير
ممكن برنامج بديل عن النورتون ؟
*********** تقرير الهايجاك ***********
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:25 ص, on 30/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\home\My Documents\Downloads\Zyzoom_Report_Tool.exe
C:\DOCUME~1\home\LOCALS~1\Temp\Ht.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A05A2978-6710-4456-8BEB-48F6D0B2F754}: NameServer = 192.168.17.1
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
--
End of file - 3727 bytes
*********** تقرير مسجل النظام ***********
"Silent Runners.vbs", revision 60,
Operating System: Windows XP SP3
Search enabled of all directories on local fixed drives for DESKTOP.INI
DLL launch points
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Yahoo! Pager" = ""C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet" ["Yahoo! Inc."]
"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"HitmanPro35" = ""C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot" ["SurfRight B.V."]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDMIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll" ["RealPlayer"]
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "WOT Helper"
\InProcServer32\(Default) = "C:\Program Files\WOT\WOT.dll" ["WOT Services Oy"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]
snxPluginsShell\(Default) = "{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
-> {HKLM...CLSID} = "snxPluginsShell Class"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\snxPlugins.dll" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"
-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]
"{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" = "snxPluginShell extension"
-> {HKLM...CLSID} = "snxPluginsShell Class"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\snxPlugins.dll" [file not found]
"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Notification Packages" = ""|"scecli"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS]
<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]
<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL" [MS]
<<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}"
-> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]
<<!>> wot\CLSID = "{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952}"
-> {HKLM...CLSID} = "WOT Protocol"
\InProcServer32\(Default) = "C:\Program Files\WOT\WOT.dll" ["WOT Services Oy"]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
PDVD9PlayCDAudioOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" "%L"" ["CyberLink Corp."]
PDVD9PlayDVDMovieOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
PDVD9PlayVCDMovieOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]
RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]
RPDVDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]
RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]
RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]
RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]
Enabled Scheduled Tasks:
------------------------
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"RealUpgradeLogonTaskS-1-5-18" -> launches: "C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeLogonTaskS-1-5-21-1993962763-1417001333-725345543-1003" -> launches: "C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeLogonTaskS-1-5-21-4148128800-2983233487-1952013625-1003" -> launches: "C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-18" -> launches: "C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-21-1993962763-1417001333-725345543-1003" -> launches: "C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"RealUpgradeScheduledTaskS-1-5-21-4148128800-2983233487-1952013625-1003" -> launches: "C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck" ["RealNetworks, Inc."]
"User_Feed_Synchronization-{18AA2277-ED55-4B06-9ED3-DD7711BD8B5D}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]
"User_Feed_Synchronization-{4F1D730A-A684-479F-A134-E5B2DABE506F}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Avira\AntiVir Desktop\avsda.dll ["Avira GmbH"], 01 - 02, 21
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 08 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}"
-> {HKLM...CLSID} = "WOT"
\InProcServer32\(Default) = "C:\Program Files\WOT\WOT.dll" ["WOT Services Oy"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" = "WOT"
-> {HKLM...CLSID} = "WOT"
\InProcServer32\(Default) = "C:\Program Files\WOT\WOT.dll" ["WOT Services Oy"]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{0E921E80-267A-42AA-AEE4-60B9A1222A44}\
"ButtonText" = "Click here to support the xp-AntiSpy project."
"MenuText" = "Support for xp-AntiSpy"
"Exec" = "C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html" [null data]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
---------- (launch time: 2010-11-30 09:27:28)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 29 seconds.
---------- (total run time: 45 seconds)
*********** جميع عمليات الذاكرة ***********
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\home\My Documents\Downloads\Zyzoom_Report_Tool.exe
*********** عمليات الذاكره الغير موقعه رقميا _ بدون عمليات النظام _ ***********
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\home\My Documents\Downloads\Zyzoom_Report_Tool.exe
*********** المجلدات والملفات التي تم انشاؤها في آخر شهر ***********
2010-11-30 04:49:18 ----D---- C:\Program Files\NortonInstaller
2010-11-29 00:04:16 ----D---- C:\Documents and Settings\home\Application Data\IDM
2010-11-29 00:04:12 ----D---- C:\Program Files\Internet Download Manager
2010-11-28 13:57:00 ----D---- C:\WINDOWS\TEMP
2010-11-28 00:22:02 ----D---- C:\Documents and Settings\home\Application Data\Avira
2010-11-27 22:02:36 ----D---- C:\Program Files\COMODO
2010-11-27 00:54:56 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-11-25 19:45:42 ----D---- C:\Documents and Settings\home\Application Data\GetRightToGo
2010-11-20 19:55:23 ----D---- C:\Program Files\xp-AntiSpy
2010-11-18 00:11:06 ----D---- C:\Documents and Settings\home\Application Data\MessengerDiscovery 2
2010-11-18 00:10:58 ----D---- C:\Documents and Settings\All Users\Application Data\MessengerDiscovery 2
2010-11-18 00:10:57 ----D---- C:\Program Files\MessengerDiscovery 2
2010-11-17 20:20:49 ----N---- C:\WINDOWS\unvise32.exe
2010-11-17 15:28:03 ----D---- C:\Program Files\WOT
2010-11-17 03:51:32 ----A---- C:\WINDOWS\system32\bootdelete.exe
2010-11-16 20:02:13 ----D---- C:\Documents and Settings\home\Application Data\Godlike
2010-11-16 20:01:52 ----D---- C:\Program Files\WinTools Software
2010-11-16 06:40:47 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2010-11-16 05:08:28 ----D---- C:\OnlineArmor
2010-11-16 03:46:19 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-11-13 19:59:07 ----A---- C:\zzlog.txt
2010-11-13 19:59:07 ----A---- C:\WINDOWS\system32\Gif89.dll
2010-11-13 06:54:40 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2010-11-13 06:54:25 ----D---- C:\Program Files\Messenger Plus! Live
2010-11-13 05:40:50 ----D---- C:\Program Files\Microsoft
2010-11-13 05:40:23 ----D---- C:\Program Files\Windows Live SkyDrive
2010-11-13 04:17:01 ----D---- C:\Program Files\Common Files\Windows Live
2010-11-13 04:12:59 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-11-13 03:22:58 ----D---- C:\Program Files\Wikikou
2010-11-13 02:13:34 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-11-09 17:01:19 ----D---- C:\Program Files\Conduit
2010-11-09 10:45:41 ----D---- C:\Program Files\Common Files\DESIGNER
2010-11-09 10:45:19 ----D---- C:\Program Files\Microsoft Visual Studio
2010-11-09 00:46:19 ----D---- C:\Program Files\ThreatFire
2010-11-06 19:11:59 ----D---- C:\Documents and Settings\home\Application Data\skypePM
2010-11-06 19:02:26 ----D---- C:\Documents and Settings\home\Application Data\Skype
2010-11-06 19:02:22 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-11-04 14:16:54 ----D---- C:\Program Files\CCleaner
2010-11-04 14:14:50 ----D---- C:\Program Files\Google
2010-11-04 03:38:47 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-11-04 03:19:26 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-11-04 03:19:25 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-11-04 03:19:24 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-11-04 03:19:21 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-11-04 03:19:21 ----A---- C:\WINDOWS\system32\T.COM
2010-11-04 03:19:21 ----A---- C:\WINDOWS\REGEDIT.COM
2010-11-04 03:19:21 ----A---- C:\WINDOWS\R.COM
2010-11-04 03:19:19 ----D---- C:\Program Files\Common Files\MicroWorld
2010-11-04 03:19:15 ----D---- C:\Documents and Settings\All Users\Application Data\MicroWorld
2010-11-03 01:18:05 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-11-03 01:17:43 ----A---- C:\YServer.txt
2010-11-03 01:16:23 ----D---- C:\Program Files\Yahoo!
---------------------------------------------------------------------
This Report Created By Zyzoom.org Tools & Silent Runners & HijackThis
