تم حل المشكلة ممكن حد يحلل النقرير دا

شريف حمدى · 21 مايو 2011

Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Operating System: Windows 7 SP1
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"]
"AntiARPStandalone" = "C:\Program Files\ColorSoft\AntiARP\AntiARP.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{F791A188-699D-4FD4-955A-EB59E89B1907}" = "Ave's 7StartButton Changer"
-> {HKLM...CLSID} = "CAveStartButtonChangerObject Class"
\InProcServer32\(Default) = "C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" ["AveApps, Andreas Verhoeven"]

"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

<<!>> "{F791A188-699D-4FD4-955A-EB59E89B1907}" = "Ave's 7StartButton Changer"
-> {HKLM...CLSID} = "CAveStartButtonChangerObject Class"
\InProcServer32\(Default) = "C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" ["AveApps, Andreas Verhoeven"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu"
-> {HKLM...CLSID} = "SASContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Users\goker\AppData\Local\Temp\zxq1\mbamext.dll" [file not found]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = "SUPERAntiSpyware Context Menu"
-> {HKLM...CLSID} = "SASContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Users\goker\AppData\Local\Temp\zxq1\mbamext.dll" [file not found]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableTaskMgr" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Windows\Resources\Themes\DarkMatter RedShift\Wallpapers\Dark\1024x768.jpg"

Startup items in "goker" & "All Users" startup folders:
-------------------------------------------------------

C:\Users\goker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"setup_9.0.0.722_21.05.2011_18-10" -> shortcut to: "C:\Users\goker\Desktop\Virus Removal Tool1\setup_9.0.0.722_21.05.2011_18-10\startup.exe "C:\Users\goker\Desktop\Virus Removal Tool1\setup_9.0.0.722_21.05.2011_18-10\setup_9.0.0.722_21.05.2011_18-10.exe" -gui -bl" [null data]
"setup_9.0.0.722_26.05.2010_09-27" -> shortcut to: "C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\startup.exe "C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\setup_9.0.0.722_26.05.2010_09-27.exe" -gui -bl" [null data]

Non-disabled Scheduled Tasks:
-----------------------------

C:\Users\goker\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
"AitAgent" -> launches: "aitagent" [MS]
"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"
-> {HKLM...CLSID} = "KernelCeipCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]
"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"
-> {HKLM...CLSID} = "UsbCeip"
\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"
-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
"Microsoft-Windows-DiskDiagnosticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
"WinSAT" -> launches: "A9A33436-678B-4c9c-A211-7CC38785E79D"" [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]
"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"
-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"
-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"
\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"
-> {HKLM...CLSID} = "RasMobilityManager"
\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"
-> {HKLM...CLSID} = "RegistryIdleBackupHandler"
\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]
"SessionAgent" -> launches: "{45F26E9E-6199-477F-85DA-AF1EDfE067B1}"
-> {HKLM...CLSID} = "SessionAgent Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]
"SystemDataProviders" -> launches: "{7CCA6768-8373-4D28-8876-83E8B4E3A969}"
-> {HKLM...CLSID} = "SDPWmiJob Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"
-> {HKLM...CLSID} = "RunTask"
\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
"ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]
"MpIdleTask" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Avira\AntiVir Desktop\avsda.dll ["Avira GmbH"], 01 - 02, 21
%SystemRoot%\system32\mswsock.dll [MS], 03 - 20

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Avira AntiVir Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir Desktop\avguard.exe"" ["Avira GmbH"]
Avira AntiVir MailGuard, AntiVirMailService, ""C:\Program Files\Avira\AntiVir Desktop\avmailc.exe"" ["Avira GmbH"]
Avira AntiVir Scheduler, AntiVirSchedulerService, ""C:\Program Files\Avira\AntiVir Desktop\sched.exe"" ["Avira GmbH"]
Avira AntiVir WebGuard, AntiVirWebService, ""C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE"" ["Avira GmbH"]
Avira FireWall, AntiVirFirewallService, ""C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe"" ["Avira GmbH"]

---------- (launch time: 2011-05-21 20:06:16)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 83 seconds, including 3 seconds for message boxes)

شريف حمدى · 21 مايو 2011

ودا تقرير فحص البيت ديفندر اون لاين
QuickScan Beta 32-bit v0.9.9.93
-------------------------------
تاريخ المسح: Sat May 21 20:15:11 2011
عنوان الحاسب: 102A9A04

D:\autorun.inf - لا يمكن مسحهd
F:\autorun.inf - لا يمكن مسحهd

تم العثور على ملف مصاب
----------------------

D:\برامج\اسطوانه هيرن صيانه 2011\MyEgY.CoM.Hiren's BootCD 13.2.By.vibration\HBCD\WinTools\HBCDMenu.exe --> Win32.Sality.3
--> البرنامج HBCDMenu.exe (2852)

البرامج
-------
غير مسجل HBCDMenu 2852 D:\برامج\اسطوانه هيرن صيانه 2011\MyEgY.CoM.Hiren's BootCD 13.2.By.vibration\HBCD\WinTools\HBCDMenu.exe
غير مسجل zyzoom.exe 5800 C:\Zyzoom_Forum_Tools\zyzoom.exe

تم تفقده AntiVir Desktop 1736 C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
تم تفقده AntiVir Desktop 1984 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
تم تفقده AntiVir Desktop 1784 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
تم تفقده AntiVir Desktop 2180 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
تم تفقده AntiVir Desktop 3088 C:\Program Files\Avira\AntiVir Desktop\avscan.exe
تم تفقده AntiVir Desktop 1928 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
تم تفقده AntiVir Desktop 2204 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
تم تفقده AntiVir Desktop 1524 C:\Program Files\Avira\AntiVir Desktop\sched.exe
تم تفقده Firefox 2216 C:\Program Files\Mozilla Firefox\firefox.exe
تم تفقده Kaspersky Anti-Virus 1064 C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\setup_9.0.0.722_26.05.2010_09-27.exe
تم تفقده Microsoft® .NET Framework 4004 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
تم تفقده Microsoft® Windows® Operating System 4164 C:\Windows\explorer.exe
تم تفقده Microsoft® Windows® Operating System 352 C:\Windows\System32\csrss.exe
تم تفقده Microsoft® Windows® Operating System 412 C:\Windows\System32\csrss.exe
تم تفقده Microsoft® Windows® Operating System 1208 C:\Windows\System32\dwm.exe
تم تفقده Microsoft® Windows® Operating System 512 C:\Windows\System32\lsass.exe
تم تفقده Microsoft® Windows® Operating System 520 C:\Windows\System32\lsm.exe
تم تفقده Microsoft® Windows® Operating System 5276 C:\Windows\System32\notepad.exe
تم تفقده Microsoft® Windows® Operating System 488 C:\Windows\System32\services.exe
تم تفقده Microsoft® Windows® Operating System 260 C:\Windows\System32\smss.exe
تم تفقده Microsoft® Windows® Operating System 1488 C:\Windows\System32\spoolsv.exe
تم تفقده Microsoft® Windows® Operating System 3096 C:\Windows\System32\sppsvc.exe
تم تفقده Microsoft® Windows® Operating System 580 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 628 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 708 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 760 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1564 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1388 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1840 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1028 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 924 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 880 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 2864 C:\Windows\System32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 400 C:\Windows\System32\wininit.exe
تم تفقده Microsoft® Windows® Operating System 460 C:\Windows\System32\winlogon.exe
تم تفقده Windows® Search 2632 C:\Windows\System32\SearchFilterHost.exe
تم تفقده Windows® Search 2608 C:\Windows\System32\SearchIndexer.exe
تم تفقده Windows® Search 820 C:\Windows\System32\SearchProtocolHost.exe

انشطة الشبكة
------------
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 66.220.156.25
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 66.220.156.25
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 213.158.175.64
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.85.147.139
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.85.147.139
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.85.147.139
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 213.158.175.64
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 213.158.175.64
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 213.158.175.64
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 213.158.175.64
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 213.158.175.64
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 66.220.156.25
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 204.141.87.9
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 204.141.87.9
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 204.141.87.9
البرنامج firefox.exe (2216) موصول على معبر 9355 --> 213.202.231.10
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 66.220.156.25
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 95.100.21.115
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 213.158.175.19
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 66.220.151.73
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 66.220.151.73
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 204.141.87.19
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.212.144.149
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.212.144.149
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.212.144.149
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.212.144.149
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.212.144.149
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.212.144.149
البرنامج firefox.exe (2216) موصول على معبر 80 (HTTP) --> 209.212.144.149

البرنامج wininit.exe (400) يستمع لمعبر: 49152 (RPC)
البرنامج services.exe (488) يستمع لمعبر: 49156 (RPC)
البرنامج lsass.exe (512) يستمع لمعبر: 49155 (RPC)
البرنامج svchost.exe (708) يستمع لمعبر: 135 (RPC)
البرنامج svchost.exe (760) يستمع لمعبر: 49153 (RPC)
البرنامج svchost.exe (924) يستمع لمعبر: 49154 (RPC)
البرنامج avmailc.exe (2180) يستمع لمعبر: 44110
البرنامج avwebgrd.exe (2204) يستمع لمعبر: 44080
البرنامج svchost.exe (2864) يستمع لمعبر: 49157 (RPC)

الملفات المفتوحة تلقائياً و الحساسة
-----------------------------------
غير مسجل AntiARP.exe C:\Program Files\ColorSoft\AntiARP\AntiARP.exe
غير مسجل Ave7StartButtonChanger C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
غير مسجل SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

تم تفقده AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
تم تفقده Internet Download Manager (IDM) C:\Program Files\Internet Download Manager\IDMan.exe
تم تفقده Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
تم تفقده startup.exe C:\Users\goker\Desktop\Virus Removal Tool1\setup_9.0.0.722_21.05.2011_18-10\startup.exe
تم تفقده startup.exe C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\startup.exe

وصلات المتصفح
-------------
تم تفقده AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avsda.dll
تم تفقده BitDefender QuickScan C:\Users\goker\AppData\Roaming\Mozilla\Firefox\Profiles\wc69us70.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
تم تفقده Internet Download Manager Module c:\program files\internet download manager\idmiecc.dll
تم تفقده Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
تم تفقده Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
تم تفقده Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
تم تفقده Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
تم تفقده Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
تم تفقده Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
تم تفقده NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
تم تفقده Windows® Internet Explorer C:\Windows\System32\ieframe.dll

مسح
---
غير مسجل MD5: 6d3a2ed46ce84b21b37c1dc844418112 C:\Program Files\Avira\AntiVir Desktop\aecore.dll
غير مسجل MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
غير مسجل MD5: 99fc44836c9faa66d3dd7f6264c2996b C:\Program Files\Avira\AntiVir Desktop\aegen.dll
غير مسجل MD5: 3cd3f5187353323222ca64f55ce4a43d C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
غير مسجل MD5: bc516b85ac214b826bdd27aca0186eb4 C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
غير مسجل MD5: 9359d52cab490a63e2336d4e51a09e04 C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
غير مسجل MD5: 139634e65ef79ef7323837a93cf536ef C:\Program Files\Avira\AntiVir Desktop\aepack.dll
غير مسجل MD5: a0d0d6e981ccbd7f80f31531af0f26c0 C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
غير مسجل MD5: bd8e5b4b16db2a53709ea74df7b22282 C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
غير مسجل MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files\Avira\AntiVir Desktop\aescn.dll
غير مسجل MD5: c9764272640293e3b133c94b2f9f120d C:\Program Files\Avira\AntiVir Desktop\aescript.dll
غير مسجل MD5: 100caaf3542fb51feca9c09db1cb940d C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
غير مسجل MD5: 4fa836705b72651cbba3e588962f4053 C:\Program Files\Avira\AntiVir Desktop\antispam.dll
غير مسجل MD5: 8c1279ed50164bedf53f2f0ae6622e74 C:\Program Files\Avira\AntiVir Desktop\asata.dll
غير مسجل MD5: 9d56d808efff44645801c4fa9699cc9e C:\Program Files\Avira\AntiVir Desktop\avarkt.dll
غير مسجل MD5: 7c399e28351b9f2aa33dd38e5ebf8768 C:\Program Files\Avira\AntiVir Desktop\avbb.dll
غير مسجل MD5: c55ee924474044ca64b473b356e9d080 C:\Program Files\Avira\AntiVir Desktop\avesvc.dll
غير مسجل MD5: b0ab608bd39c43f9eb5a2fd033413f4e C:\Program Files\Avira\AntiVir Desktop\avesvcr.dll
غير مسجل MD5: ddf0d660e994d0bb912f37dca7afe8f7 C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll
غير مسجل MD5: dc4075c135ef78f6bc8674bb4c87e0b5 C:\Program Files\Avira\AntiVir Desktop\avgio.dll
غير مسجل MD5: 92ea86876dfde3b9f6b4b6443c8b11fb C:\Program Files\Avira\AntiVir Desktop\avpref.dll
غير مسجل MD5: c33cae84f54bba013761f158f5afd344 C:\Program Files\Avira\AntiVir Desktop\avreg.dll
غير مسجل MD5: 600d111c470f6c37924112c15576fde8 C:\Program Files\Avira\AntiVir Desktop\avrep.dll
غير مسجل MD5: f7f449441427403b5103349de1eccf94 C:\Program Files\Avira\AntiVir Desktop\avscan.dll
غير مسجل MD5: df12a2a7b992bc52133021cf8aa0b28b C:\Program Files\Avira\AntiVir Desktop\avscplr.dll
غير مسجل MD5: 05d568d158b2aaa4ff1549b157d0e994 C:\Program Files\Avira\AntiVir Desktop\avwinll.dll
غير مسجل MD5: 6de5efc0515b9c57701e040bb2d6f5dc C:\Program Files\Avira\AntiVir Desktop\cares.dll
غير مسجل MD5: 63511764a4466d22f8abf522b7f297d3 C:\Program Files\Avira\AntiVir Desktop\ccavscanex.dll
غير مسجل MD5: 24839c20b147e454203c64dd18801e23 C:\Program Files\Avira\AntiVir Desktop\ccavscanexrc.dll
غير مسجل MD5: 4be21cde3d375385f9a3efffb7ba0834 C:\Program Files\Avira\AntiVir Desktop\ccfwgnt.dll
غير مسجل MD5: f1a688f5857b6b46830807dabcd51be6 C:\Program Files\Avira\AntiVir Desktop\ccfwitf.dll
غير مسجل MD5: d730229da3e2a29a78aed2e55865efa4 C:\Program Files\Avira\AntiVir Desktop\ccfwrc.dll
غير مسجل MD5: bf1e084c7907b6ed52c26f847e3b725b C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
غير مسجل MD5: f05a5753c308425749b37acd39a5f760 C:\Program Files\Avira\AntiVir Desktop\ccgenrc.dll
غير مسجل MD5: e65e277c50bd5967b5e92c7744dba7bc C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
غير مسجل MD5: 4a389e3ca63076904f92a5bc2e26ba8b C:\Program Files\Avira\AntiVir Desktop\cchips.dll
غير مسجل MD5: 56c81a9e8aaa5b94a8ef843aba91e1d6 C:\Program Files\Avira\AntiVir Desktop\cchipsrc.dll
غير مسجل MD5: 54ceee9d7aa46f3311d247bf57bbee36 C:\Program Files\Avira\AntiVir Desktop\cclic.dll
غير مسجل MD5: 9a494e32aa9698276b96c7e317984fa5 C:\Program Files\Avira\AntiVir Desktop\ccmgrdrc.dll
غير مسجل MD5: 628e0789a288fd25043fcafa4975095d C:\Program Files\Avira\AntiVir Desktop\ccmguard.dll
غير مسجل MD5: 400ab97179f05ba68b755d8971f262f2 C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
غير مسجل MD5: 7d541c5e5cdfb46d68ac60012c5d7acd C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
غير مسجل MD5: a93a23d1d8922fe1e625d9884c275ff5 C:\Program Files\Avira\AntiVir Desktop\ccupdrc.dll
غير مسجل MD5: fbaeb95721e7b68f99ba57fa347403bd C:\Program Files\Avira\AntiVir Desktop\ccwgrd.dll
غير مسجل MD5: 3a8bff8da4ef5270a862a8185bc08474 C:\Program Files\Avira\AntiVir Desktop\ccwgrdrc.dll
غير مسجل MD5: d41a02871f992a2c47b84a95c2a78b40 C:\Program Files\Avira\AntiVir Desktop\ccwgrdw.dll
غير مسجل MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
غير مسجل MD5: 690d275ff0a963902086d3af38d0f5dd C:\Program Files\Avira\AntiVir Desktop\extdlgfw.dll
غير مسجل MD5: aefed038005ebc6f177e5d4121856838 C:\Program Files\Avira\AntiVir Desktop\fwrc.dll
غير مسجل MD5: 92d9eb35797530fedc07b1d75533f68e C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll
غير مسجل MD5: 1c12aac659fd71fb52f4cc97cd94ed73 C:\Program Files\Avira\AntiVir Desktop\libiconv2.dll
غير مسجل MD5: 3ec72cdfd34094d9e80b48e1289920a6 C:\Program Files\Avira\AntiVir Desktop\libxml2.dll
غير مسجل MD5: 06da96b54ef94dee0bfa8912e0da7427 C:\Program Files\Avira\AntiVir Desktop\luke.dll
غير مسجل MD5: aad3127fc972e58dfc16d77551f725c2 C:\Program Files\Avira\AntiVir Desktop\mgrs.dll
غير مسجل MD5: 2d9e95cceecd474bf14ff45f8bc5a3a7 C:\Program Files\Avira\AntiVir Desktop\msgclient.dll
غير مسجل MD5: b54557b71a82e1f9bc914991328cef16 C:\Program Files\Avira\AntiVir Desktop\onlcfg.dll
غير مسجل MD5: a2ed58e4c83b2d1d8698668d35d9066a C:\Program Files\Avira\AntiVir Desktop\pcre.dll
غير مسجل MD5: dde28290f8a359e4e64d7c23a0db917b C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
غير مسجل MD5: 06da16b2949efe33cdc5113aaa72f96a C:\Program Files\Avira\AntiVir Desktop\rctext.dll
غير مسجل MD5: 13a86ff71b5e57da8c9a6e2316ce1eaa C:\Program Files\Avira\AntiVir Desktop\schedr.dll
غير مسجل MD5: 902c61f27c86b4a0c0bff31f154ddbeb C:\Program Files\Avira\AntiVir Desktop\shlext.dll
غير مسجل MD5: 2e5c8f1b1dd462ed1fcc2fb1470efe1f C:\Program Files\Avira\AntiVir Desktop\webcat.dll
غير مسجل MD5: d2b2971522b45a97afd324b0085f87d4 C:\Program Files\Avira\AntiVir Desktop\webprot.dll
غير مسجل MD5: 62cdc89a580d0f321ce8868c9db6ef8a C:\Program Files\ColorSoft\AntiARP\AntiARP.exe
غير مسجل MD5: accc486a35a6b403f64786c47478baca C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
غير مسجل MD5: 660cc982ffa6d05ee1eaf7265a46870f C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
غير مسجل MD5: f11fe030158f8ef14a56a3ea9e9bd47d C:\Program Files\WinRAR\RarExt.dll
غير مسجل MD5: dcf5dfcf3d831d05ee4dd32f8192d574 C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\bases\kavsys.kdl
غير مسجل MD5: 85770ec875267f494821236659ebeba4 C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\bases\kjim.kdl
غير مسجل MD5: 823d5a226e0b8059227ad24bc14a9826 C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\bases\klavemu.kdl
غير مسجل MD5: b86dafdcdb10db030e9bb05cc55db43a C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\bases\mark.kdl
غير مسجل MD5: 1b63ff35bc741991281c69a49b58c39f C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\bases\qscan.kdl
غير مسجل MD5: 002d59a92d55ccbddcca8fba8ea8340d C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\bases\vlns.kdl
غير مسجل MD5: 306a0bb38e23d16ef51eaf43e26073a0 C:\Windows\Installer\MSI370F.tmp
غير مسجل MD5: 5ba500977641728b26ebefa1873be730 C:\Windows\system32\drivers\ANTIARPNDISPROT.sys
غير مسجل MD5: d6969d52430aff7c1891780ba0068f19 C:\Zyzoom_Forum_Tools\zyzoom.exe
غير مسجل MD5: eeaf7cd41b87d93c58247217d354be6e D:\برامج\اسطوانه هيرن صيانه 2011\MyEgY.CoM.Hiren's BootCD 13.2.By.vibration\HBCD\WinTools\HBCDMenu.exe

يجب تحميل الملفات التالية ليتم فحصها:
D:\برامج\اسطوانه هيرن صيانه 2011\MyEgY.CoM.Hiren's BootCD 13.2.By.vibration\HBCD\WinTools\HBCDMenu.exe

بدء التحميل - الملف 1
HBCDMenu.exe (99840)
سرعة التحميل - 6 KB/s
انتهاء التحميل - تم تحميل: 1 و فشل تحميل: 0

انتهاء المسح - تم الاتصال خلال 29 ثواني
الحجم الاجمالي - تم ارسال 0.20 ميجابايت و تم استقبال 2.12
تم مسح 1641 ملف و برنامج - 205 ثواني

==============================================================================

شريف حمدى · 21 مايو 2011

ودا تقرير الهاى جاك
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:28:19 م, on 21/05/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\setup_9.0.0.722_26.05.2010_09-27.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AntiARPStandalone] C:\Program Files\ColorSoft\AntiARP\AntiARP.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: setup_9.0.0.722_21.05.2011_18-10.lnk = C:\Users\goker\Desktop\Virus Removal Tool1\setup_9.0.0.722_21.05.2011_18-10\startup.exe
O4 - Startup: setup_9.0.0.722_26.05.2010_09-27.lnk = C:\Users\goker\Desktop\Virus Removal Tool\setup_9.0.0.722_26.05.2010_09-27\startup.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
O23 - Service: AntiARP Client Loader (AntiARPClientLoader) - Unknown owner - C:\Program Files\ColorSoft\AntiARP\AntiARPClientLoader.exe
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSI370F.tmp

--
End of file - 4039 bytes

MAAX · 22 مايو 2011

اهلا بك
اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شريف حمدى · 22 مايو 2011

تم حل الموضوع الافيرا شال الفيروسات
كلها الحمد لله
يرجى الاغلاق

alemalbyelaram · 22 مايو 2011

الحمد لله على انتهاء المشكله

يغلق

تم حل المشكلة ممكن حد يحلل النقرير دا

شريف حمدى

زيزوومي نشيط

توقيع : شريف حمدى

شريف حمدى

زيزوومي نشيط

توقيع : شريف حمدى

شريف حمدى

زيزوومي نشيط

توقيع : شريف حمدى

MAAX

عضوشرف

شريف حمدى

زيزوومي نشيط

توقيع : شريف حمدى

alemalbyelaram

عضو شرف

توقيع : alemalbyelaram