السلام عليكم
رجعت بعد اتخاذ عدة اجرائات للتأكد من خلو الجهاز من الفيروسات والتروجان وغيره ..
علشان اذا ماكانت الحرارة من الفيروسات اتخذ الحل بإبدال المروحة ..
- بعد الفحص ببرنامج النورتن والمالوير بايت لم يظهر وجود اي فيروسات..
فإنتقلت لبرنامج سوبر انتي سباي وير فحصلت 5 اصابات = 4 منها كوكيز وحذفتها و1 عبارة عن اصابة في هذا المسار وحذفته
C:\PROGRAM FILES\REAL\REALPLAYER\REALCLEANER.EXE
وهذا تقرير من البرنامج
SUPERAntiSpyware Scan Log
Generated 04/25/2013 at 10:38 AM
Application Version : 4.48.1000
Core Rules Database Version : 8206
Trace Rules Database Version: 6018
Scan type : Complete Scan
Total Scan Time : 01:05:02
Memory items scanned : 669
Memory threats detected : 0
Registry items scanned : 11274
Registry threats detected : 0
File items scanned : 35317
File threats detected : 5
Adware.Tracking Cookie
Trojan.Agent/Gen-FraudScan[Prod]
C:\PROGRAM FILES\REAL\REALPLAYER\REALCLEANER.EXE
فحذفت الاصابات مباشرة ..
.
.
بالاضافة الى ان اتخذت الخطوة هذه للتأكد أكثر فحملت برنامج تروجان ريموف ..
وهذه صورة من جهازي بعد الفحص بالبرنامج ظهر لي اصابتين بعد الفحص الكامل ..
تروجان هورس في برنامج وتروجان في ملف خاص بنظام ويندوز ومكتوب هاكر ..
فترددت بالحذف وسويت الغاء, لعدم حذف اي من الاصابتين بسبب الخوف ان بعد الحذف
يكون هناك تأثير على النظام بعد التشغيل ..
وهذا تقرير البرنامج وللأسف طويل ..
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.5.2615. For information, email
support@simplysup.com
[Unregistered version]
Scan started at: 04:36:22 ص 26 أبريل 2013
Using Database v8041
Operating System: Windows 7 Ultimate (SP1) [Build: 6.1.7601]
File System: NTFS
User Account Control is Enabled
UserData directory: C:\Users\Administrator\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Administrator\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on C:\
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
C:\Program Files\Macrium\Reflect\reflect.exe appears to contain: Trojan.FakeAV
C:\Program Files\Macrium\Reflect\reflect.exe - file renamed to: C:\Program Files\Macrium\Reflect\reflect.exe.vir
C:\Windows\Installer\587ecf7.msp appears to contain: Trojan.Inject
C:\Windows\Installer\587ecf7.msp - READ-ONLY file attribute removed
C:\Windows\Installer\587ecf7.msp - file renamed to: C:\Windows\Installer\587ecf7.msp.vir
------------------------------
251642 files scanned
2 Malware file(s) detected
Scan completed at: 10:37:21 ص 26 أبريل 2013
Total Scan time: 06:00:58
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
*** RESTART CANCELLED BY USER ***
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.5.2615. For information, email
support@simplysup.com
[Unregistered version]
Scan started at: 04:32:43 ص 26 أبريل 2013
Using Database v8041
Operating System: Windows 7 Ultimate (SP1) [Build: 6.1.7601]
File System: NTFS
User Account Control is Enabled
UserData directory: C:\Users\Administrator\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Administrator\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
04:32:43 ص: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected
************************************************************
04:32:43 ص: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
04:32:54 ص: Scanning ----- WINDOWS REGISTRY -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2616320 bytes
Created: 27/04/11 08:53 م
Modified: 25/02/11 08:30 ص
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2616320 bytes
Created: 27/04/11 08:53 م
Modified: 25/02/11 08:30 ص
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
26624 bytes
Created: 28/02/11 04:36 م
Modified: 20/11/10 03:17 م
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: run
The Data Value for this entry appears to be blank
--------------------
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [TrojanScanner]
Value Data: [C:\Program Files\Trojan Remover\Trjscan.exe /boot]
C:\Program Files\Trojan Remover\Trjscan.exe
1608464 bytes
Created: 26/04/13 04:27 ص
Modified: 06/02/13 07:49 م
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [SUPERAntiSpyware]
Value Data: [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2424560 bytes
Created: 13/01/11 06:41 م
Modified: 13/01/11 06:41 م
Company: SUPERAntiSpyware.com
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
04:33:00 ص: Scanning -----SHELLEXECUTEHOOKS-----
************************************************************
04:33:00 ص: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
04:33:00 ص: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
04:33:00 ص: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\system32\cmd.exe
302592 bytes
Created: 28/02/11 04:34 م
Modified: 20/11/10 03:17 م
Company: Microsoft Corporation
----------
************************************************************
04:33:01 ص: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppHostSvc
Path: %windir%\system32\inetsrv\apphostsvc.dll
C:\Windows\system32\inetsrv\apphostsvc.dll
61440 bytes
Created: 28/02/11 04:36 م
Modified: 20/11/10 03:18 م
Company: Microsoft Corporation
--------------------
Key: SENS
Path: C:\Windows\System32\sens.dll
C:\Windows\System32\sens.dll
49664 bytes
Created: 14/07/09 02:21 ص
Modified: 14/07/09 04:16 ص
Company: Microsoft Corporation
--------------------
Key: W3SVC
Path: %windir%\system32\inetsrv\iisw3adm.dll
C:\Windows\system32\inetsrv\iisw3adm.dll
397824 bytes
Created: 28/02/11 04:36 م
Modified: 20/11/10 03:19 م
Company: Microsoft Corporation
--------------------
Key: WAS
Path: %windir%\system32\inetsrv\iisw3adm.dll
C:\Windows\system32\inetsrv\iisw3adm.dll
397824 bytes
Created: 28/02/11 04:36 م
Modified: 20/11/10 03:19 م
Company: Microsoft Corporation
--------------------
************************************************************
04:33:15 ص: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ACS
ImagePath: C:\Windows\system32\acs.exe
C:\Windows\system32\acs.exe
36864 bytes
Created: 22/08/11 06:02 ص
Modified: 31/05/05 01:12 م
Company: [no info]
----------
Key: AgereSoftModem
ImagePath: system32\DRIVERS\AGRSM.sys
C:\Windows\system32\DRIVERS\AGRSM.sys
1035776 bytes
Created: 11/06/09 12:40 ص
Modified: 14/07/09 01:13 ص
Company: LSI Corp
----------
Key: amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\Windows\system32\drivers\amdsata.sys
80256 bytes
Created: 27/04/11 08:54 م
Modified: 11/03/11 08:38 ص
Company: Advanced Micro Devices
----------
Key: atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\system32\drivers\atapi.sys
21584 bytes
Created: 14/07/09 02:11 ص
Modified: 14/07/09 04:26 ص
Company: Microsoft Corporation
----------
Key: ATIAVPCI
ImagePath: system32\DRIVERS\atinavrr.sys
C:\Windows\system32\DRIVERS\atinavrr.sys
377472 bytes
Created: 11/06/09 12:15 ص
Modified: 14/07/09 01:54 ص
Company: ATI Technologies Inc.
----------
Key: BCM43XX
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
2506232 bytes
Created: 08/07/09 12:45 ص
Modified: 08/07/09 12:45 ص
Company: Broadcom Corporation
----------
Key: Beep
ImagePath: System32\Drivers\beep.sys
C:\Windows\System32\Drivers\beep.sys
6144 bytes
Created: 14/07/09 02:45 ص
Modified: 14/07/09 02:45 ص
Company: Microsoft Corporation
----------
Key: BHDrvx86
ImagePath: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys
1000024 bytes
Created: 13/04/13 12:09 ص
Modified: 13/04/13 12:09 ص
Company: Symantec Corporation
----------
Key: btusbflt
ImagePath: system32\drivers\btusbflt.sys
C:\Windows\system32\drivers\btusbflt.sys
45736 bytes
Created: 14/04/10 01:01 ص
Modified: 14/04/10 01:01 ص
Company: Broadcom Corporation.
----------
Key: btwaudio
ImagePath: system32\drivers\btwaudio.sys
C:\Windows\system32\drivers\btwaudio.sys
86056 bytes
Created: 04/01/13 06:48 م
Modified: 21/07/09 11:42 ص
Company: Broadcom Corporation.
----------
Key: btwavdt
ImagePath: system32\DRIVERS\btwavdt.sys
C:\Windows\system32\DRIVERS\btwavdt.sys
108072 bytes
Created: 04/01/13 06:48 م
Modified: 21/07/09 11:42 ص
Company: Broadcom Corporation.
----------
Key: btwdins
ImagePath: C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
582944 bytes
Created: 01/07/09 06:03 م
Modified: 01/07/09 06:03 م
Company: Broadcom Corporation.
----------
Key: btwl2cap
ImagePath: system32\DRIVERS\btwl2cap.sys
C:\Windows\system32\DRIVERS\btwl2cap.sys
29472 bytes
Created: 04/01/13 06:48 م
Modified: 21/07/09 11:42 ص
Company: Broadcom Corporation.
----------
Key: btwrchid
ImagePath: system32\DRIVERS\btwrchid.sys
C:\Windows\system32\DRIVERS\btwrchid.sys
18344 bytes
Created: 04/01/13 06:48 م
Modified: 21/07/09 11:42 ص
Company: Broadcom Corporation.
----------
Key: ccSet_NIS
ImagePath: \SystemRoot\system32\drivers\NIS\1403010.016\ccSetx86.sys
C:\Windows\system32\drivers\NIS\1403010.016\ccSetx86.sys
134304 bytes
Created: 20/04/13 11:54 م
Modified: 16/11/12 05:18 ص
Company: Symantec Corporation
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 18/03/10 01:16 م
Modified: 18/03/10 01:16 م
Company: Microsoft Corporation
----------
Key: CompositeBus
ImagePath: \SystemRoot\system32\drivers\CompositeBus.sys
C:\Windows\system32\drivers\CompositeBus.sys
31232 bytes
Created: 28/02/11 04:34 م
Modified: 20/11/10 12:50 م
Company: Microsoft Corporation
----------
Key: cpuz135
ImagePath: \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys - [file not found to scan]
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
376480 bytes
Created: 20/04/13 02:25 م
Modified: 18/08/12 12:00 م
Company: Symantec Corporation
----------
Key: EraserUtilRebootDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
106656 bytes
Created: 22/04/13 05:18 ص
Modified: 18/08/12 12:00 م
Company: Symantec Corporation
----------
Key: HidBth
ImagePath: system32\DRIVERS\hidbth.sys
C:\Windows\system32\DRIVERS\hidbth.sys
91136 bytes
Created: 14/07/09 02:51 ص
Modified: 14/07/09 02:51 ص
Company: Microsoft Corporation
----------
Key: iaStor
ImagePath: system32\DRIVERS\iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys
461080 bytes
Created: 15/06/11 09:00 ص
Modified: 15/06/11 09:00 ص
Company: Intel Corporation
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iaStorV.sys
C:\Windows\system32\drivers\iaStorV.sys
332160 bytes
Created: 27/04/11 08:54 م
Modified: 11/03/11 08:38 ص
Company: Intel Corporation
----------
Key: IDMWFP
ImagePath: system32\DRIVERS\idmwfp.sys
C:\Windows\system32\DRIVERS\idmwfp.sys
100216 bytes
Created: 21/11/12 04:02 م
Modified: 22/11/12 03:43 ص
Company: Tonec Inc.
----------
Key: IDSVix86
ImagePath: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130425.001\IDSvix86.sys
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130425.001\IDSvix86.sys
386720 bytes
Created: 26/04/13 02:43 ص
Modified: 19/04/13 03:31 م
Company: Symantec Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
9036800 bytes
Created: 11/02/11 07:12 م
Modified: 11/02/11 07:12 م
Company: Intel Corporation
----------
Key: MQAC
ImagePath: system32\drivers\mqac.sys
C:\Windows\system32\drivers\mqac.sys
141824 bytes
Created: 28/02/11 04:35 م
Modified: 20/11/10 01:40 م
Company: Microsoft Corporation
----------
Key: msahci
ImagePath: system32\drivers\msahci.sys
C:\Windows\system32\drivers\msahci.sys
28032 bytes
Created: 28/02/11 04:37 م
Modified: 20/11/10 03:30 م
Company: Microsoft Corporation
----------
Key: MSMQ
ImagePath: %systemroot%\system32\mqsvc.exe
C:\Windows\system32\mqsvc.exe
8704 bytes
Created: 14/07/09 03:10 ص
Modified: 14/07/09 04:14 ص
Company: Microsoft Corporation
----------
Key: mssmbios
ImagePath: \SystemRoot\system32\drivers\mssmbios.sys
C:\Windows\system32\drivers\mssmbios.sys
28240 bytes
Created: 14/07/09 02:19 ص
Modified: 14/07/09 04:20 ص
Company: Microsoft Corporation
----------
Key: NAVENG
ImagePath: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130425.009\NAVENG.SYS
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130425.009\NAVENG.SYS
93296 bytes
Created: 26/04/13 02:42 ص
Modified: 25/04/13 03:03 ص
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130425.009\NAVEX15.SYS
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130425.009\NAVEX15.SYS
1603824 bytes
Created: 26/04/13 02:42 ص
Modified: 25/04/13 03:03 ص
Company: Symantec Corporation
----------
Key: netw5v32
ImagePath: system32\DRIVERS\netw5v32.sys
C:\Windows\system32\DRIVERS\netw5v32.sys
4231168 bytes
Created: 11/06/09 12:18 ص
Modified: 14/07/09 01:02 ص
Company: Intel Corporation
----------
Key: NIS
ImagePath: "C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\20.3.1.22\diMaster.dll" /prefetch:1
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
-R- 144520 bytes
Created: 20/04/13 11:54 م
Modified: 24/12/12 06:33 ص
Company: Symantec Corporation
----------
Key: Ph3xIB32
ImagePath: system32\DRIVERS\Ph3xIB32.sys
C:\Windows\system32\DRIVERS\Ph3xIB32.sys
1311232 bytes
Created: 11/06/09 12:16 ص
Modified: 14/07/09 01:54 ص
Company: NXP Semiconductors
----------
Key: pssnap
ImagePath: system32\DRIVERS\pssnap.sys
C:\Windows\system32\DRIVERS\pssnap.sys
15328 bytes
Created: 20/05/08 08:32 ص
Modified: 20/05/08 08:32 ص
Company: Macrium Software
----------
Key: RdpVideoMiniport
ImagePath: System32\drivers\rdpvideominiport.sys
C:\Windows\System32\drivers\rdpvideominiport.sys
15872 bytes
Created: 28/02/11 04:36 م
Modified: 20/11/10 01:21 م
Company: Microsoft Corporation
----------
Key: RealNetworks Downloader Resolver Service
ImagePath: "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe"
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
38608 bytes
Created: 29/11/12 08:31 م
Modified: 29/11/12 08:31 م
Company: [no info]
----------
Key: Realtek87B
ImagePath: C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtlService.exe
C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtlService.exe
40960 bytes
Created: 22/08/11 05:55 ص
Modified: 07/12/09 01:49 م
Company: Realtek
----------
Key: ReflectService
ImagePath: "C:\Program Files\Macrium\Reflect\ReflectService.exe"
C:\Program Files\Macrium\Reflect\ReflectService.exe
216032 bytes
Created: 06/08/08 11:34 ص
Modified: 06/08/08 11:34 ص
Company:
----------
Key: RTL8187B
ImagePath: system32\DRIVERS\RTL8187B.sys
C:\Windows\system32\DRIVERS\RTL8187B.sys
379904 bytes
Created: 31/03/10 03:13 ص
Modified: 31/03/10 03:13 ص
Company: Realtek Semiconductor Corporation
----------
Key: Serenum
ImagePath: \SystemRoot\system32\DRIVERS\serenum.sys
C:\Windows\system32\DRIVERS\serenum.sys
17920 bytes
Created: 14/07/09 02:45 ص
Modified: 14/07/09 02:45 ص
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\DRIVERS\serial.sys
C:\Windows\system32\DRIVERS\serial.sys
83456 bytes
Created: 14/07/09 02:45 ص
Modified: 14/07/09 02:45 ص
Company: Microsoft Corporation
----------
Key: SNMP
ImagePath: %SystemRoot%\System32\snmp.exe
C:\Windows\System32\snmp.exe
47616 bytes
Created: 28/02/11 04:36 م
Modified: 20/11/10 03:17 م
Company: Microsoft Corporation
----------
Key: SRTSP
ImagePath: \SystemRoot\System32\Drivers\NIS\1403010.016\SRTSP.SYS
C:\Windows\System32\Drivers\NIS\1403010.016\SRTSP.SYS
602712 bytes
Created: 20/04/13 11:54 م
Modified: 29/01/13 04:45 ص
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: \SystemRoot\system32\drivers\NIS\1403010.016\SRTSPX.SYS
C:\Windows\system32\drivers\NIS\1403010.016\SRTSPX.SYS
32344 bytes
Created: 20/04/13 11:54 م
Modified: 29/01/13 04:45 ص
Company: Symantec Corporation
----------
Key: STHDA
ImagePath: system32\DRIVERS\stwrt.sys
C:\Windows\system32\DRIVERS\stwrt.sys - [file not found to scan]
----------
Key: swenum
ImagePath: \SystemRoot\system32\drivers\swenum.sys
C:\Windows\system32\drivers\swenum.sys
12240 bytes
Created: 14/07/09 02:45 ص
Modified: 14/07/09 04:19 ص
Company: Microsoft Corporation
----------
Key: SymDS
ImagePath: system32\drivers\NIS\1403010.016\SYMDS.SYS
C:\Windows\system32\drivers\NIS\1403010.016\SYMDS.SYS
367704 bytes
Created: 20/04/13 11:54 م
Modified: 22/01/13 05:15 ص
Company: Symantec Corporation
----------
Key: SymEFA
ImagePath: system32\drivers\NIS\1403010.016\SYMEFA.SYS
C:\Windows\system32\drivers\NIS\1403010.016\SYMEFA.SYS
934488 bytes
Created: 20/04/13 11:54 م
Modified: 31/01/13 06:18 ص
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
C:\Windows\system32\Drivers\SYMEVENT.SYS
142496 bytes
Created: 20/04/13 10:21 ص
Modified: 20/04/13 10:21 ص
Company: Symantec Corporation
----------
Key: SymIM
ImagePath: system32\DRIVERS\SymIMv.sys
C:\Windows\system32\DRIVERS\SymIMv.sys
-R- 36512 bytes
Created: 23/04/13 08:51 ص
Modified: 16/11/12 05:45 ص
Company: Symantec Corporation
----------
Key: SymIRON
ImagePath: \SystemRoot\system32\drivers\NIS\1403010.016\Ironx86.SYS
C:\Windows\system32\drivers\NIS\1403010.016\Ironx86.SYS
175264 bytes
Created: 20/04/13 11:54 م
Modified: 16/11/12 05:22 ص
Company: Symantec Corporation
----------
Key: SymNetS
ImagePath: \SystemRoot\System32\Drivers\NIS\1403010.016\SYMNETS.SYS
C:\Windows\System32\Drivers\NIS\1403010.016\SYMNETS.SYS
338592 bytes
Created: 20/04/13 11:54 م
Modified: 31/01/13 06:18 ص
Company: Symantec Corporation
----------
Key: TermDD
ImagePath: \SystemRoot\system32\drivers\termdd.sys
C:\Windows\system32\drivers\termdd.sys
53120 bytes
Created: 28/02/11 04:34 م
Modified: 20/11/10 03:30 م
Company: Microsoft Corporation
----------
Key: TsUsbFlt
ImagePath: System32\drivers\tsusbflt.sys
C:\Windows\System32\drivers\tsusbflt.sys
52224 bytes
Created: 28/02/11 04:36 م
Modified: 20/11/10 01:24 م
Company: Microsoft Corporation
----------
Key: usbser
ImagePath: system32\drivers\usbser.sys
C:\Windows\system32\drivers\usbser.sys
27648 bytes
Created: 28/02/11 04:34 م
Modified: 20/11/10 12:59 م
Company: Microsoft Corporation
----------
Key: usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\Windows\System32\Drivers\usbvideo.sys
146432 bytes
Created: 28/02/11 04:37 م
Modified: 20/11/10 01:00 م
Company: Microsoft Corporation
----------
Key: vmbus
ImagePath: system32\drivers\vmbus.sys
C:\Windows\system32\drivers\vmbus.sys
175360 bytes
Created: 28/02/11 04:37 م
Modified: 20/11/10 03:30 م
Company: Microsoft Corporation
----------
Key: vwifibus
ImagePath: system32\DRIVERS\vwifibus.sys
C:\Windows\system32\DRIVERS\vwifibus.sys
19968 bytes
Created: 14/07/09 02:52 ص
Modified: 14/07/09 02:52 ص
Company: Microsoft Corporation
----------
Key: vwififlt
ImagePath: system32\DRIVERS\vwififlt.sys
C:\Windows\system32\DRIVERS\vwififlt.sys
48128 bytes
Created: 14/07/09 02:52 ص
Modified: 14/07/09 02:52 ص
Company: Microsoft Corporation
----------
Key: vwifimp
ImagePath: system32\DRIVERS\vwifimp.sys
C:\Windows\system32\DRIVERS\vwifimp.sys
14336 bytes
Created: 14/07/09 02:52 ص
Modified: 14/07/09 02:52 ص
Company: Microsoft Corporation
----------
Key: WatAdminSvc
ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.exe
C:\Windows\system32\Wat\WatAdminSvc.exe
1343400 bytes
Created: 28/12/10 01:26 م
Modified: 28/12/10 01:22 م
Company: Microsoft Corporation
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUsb.sys
C:\Windows\system32\DRIVERS\WinUsb.sys
35968 bytes
Created: 28/02/11 04:37 م
Modified: 20/11/10 12:59 م
Company: Microsoft Corporation
----------
Key: wlidsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1713536 bytes
Created: 28/03/11 08:31 م
Modified: 28/03/11 08:31 م
Company: Microsoft Corp.
----------
Key: yukonw7
ImagePath: system32\DRIVERS\yk62x86.sys
C:\Windows\system32\DRIVERS\yk62x86.sys
315392 bytes
Created: 28/09/09 09:22 ص
Modified: 28/09/09 09:22 ص
Company:
----------
************************************************************
04:33:56 ص: Scanning -----VXD ENTRIES-----
************************************************************
04:33:56 ص: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
04:33:56 ص: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Symantec.Norton.Antivirus.IEContextMenu
CLSID: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Path: "C:\Program Files\Norton Internet Security\Engine\20.3.1.22\NavShExt.dll"
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\NavShExt.dll
-R- 176976 bytes
Created: 20/04/13 11:54 م
Modified: 03/04/13 06:23 ص
Company: Symantec Corporation
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/07 10:39 م
Modified: 27/02/07 10:39 م
Company: SUPERAntiSpyware.com
----------
************************************************************
04:33:56 ص: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
04:33:57 ص: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {0055C089-8582-441B-A0BF-17B458C2A3A8}
BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll
C:\Program Files\Internet Download Manager\IDMIECC.dll
359304 bytes
Created: 21/11/12 04:02 م
Modified: 21/11/12 03:37 م
Company: Internet Download Manager, Tonec Inc.
----------
Key: {3049C3E9-B461-4BC5-8870-4C09146192CA}
BHO: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
539888 bytes
Created: 29/11/12 08:33 م
Modified: 29/11/12 08:33 م
Company: RealDownloader
----------
Key: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
BHO: C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll
-R- 509776 bytes
Created: 20/04/13 11:54 م
Modified: 02/04/13 03:35 ص
Company: Symantec Corporation
----------
Key: {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
BHO: C:\Program Files\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL
C:\Program Files\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL
-R- 387040 bytes
Created: 20/04/13 11:54 م
Modified: 16/11/12 05:20 ص
Company: Symantec Corporation
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre7\bin\ssv.dll
C:\Program Files\Java\jre7\bin\ssv.dll
461216 bytes
Created: 16/02/13 05:59 م
Modified: 05/04/13 12:49 ص
Company: Oracle Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre7\bin\jp2ssv.dll
C:\Program Files\Java\jre7\bin\jp2ssv.dll
170912 bytes
Created: 16/02/13 05:59 م
Modified: 05/04/13 12:49 ص
Company: Oracle Corporation
----------
************************************************************
04:33:58 ص: Scanning ----- SHELLSERVICEOBJECTS -----
No ShellServiceObjects found to scan
************************************************************
04:33:59 ص: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan
************************************************************
04:33:59 ص: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
04:33:59 ص: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
04:34:03 ص: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
04:34:03 ص: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14/07/09 07:41 ص
Modified: 31/07/11 07:04 ص
Company: [no info]
--------------------
************************************************************
04:34:03 ص: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Administrator
[C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 11/02/11 09:35 ص
Modified: 06/10/12 06:19 ص
Company: [no info]
----------
--------------------
************************************************************
04:34:04 ص: Scanning ----- SCHEDULED TASKS -----
ERROR: EOleException calling Scheduler.Active in procedure ScanForm.ProcessTasks: لم يتم إجراء تعيين بين أسماء الحسابات ومعرّفات الأمان
************************************************************
04:34:05 ص: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: IDM Shell Extension
CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D}
File: C:\Program Files\Internet Download Manager\IDMShellExt.dll
C:\Program Files\Internet Download Manager\IDMShellExt.dll
21904 bytes
Created: 21/11/12 04:02 م
Modified: 16/11/12 02:07 ص
Company: Tonec Inc.
----------
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\system32\ntshrui.dll
442880 bytes
Created: 15/02/12 11:13 ص
Modified: 04/01/12 11:58 ص
Company: Microsoft Corporation
----------
************************************************************
04:34:06 ص: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.divxa32
File: msaud32_divx.acm
msaud32_divx.acm - [file not found to scan]
----------
Value: VIDC.FFDS
File: ff_vfw.dll
ff_vfw.dll - [file not found to scan]
----------
Value: vidc.tscc
File: C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll
C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll - [file not found to scan]
----------
Value: vidc.iscc
File: iscc.dll
C:\Windows\system32\iscc.dll
315392 bytes
Created: 17/04/12 05:37 ص
Modified: 10/05/11 03:57 م
Company: innoheim
----------
Value: msacm.ac3filter
File: ac3filter.acm
C:\Windows\system32\ac3filter.acm
965120 bytes
Created: 10/01/13 07:30 م
Modified: 17/06/12 10:10 م
Company:
----------
************************************************************
04:34:07 ص: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
5421871 bytes
Created: 11/02/11 09:35 ص
Modified: 09/04/13 02:02 ص
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
DNS Server information:
Interface: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
NameServers: 156.154.70.22,156.154.71.22
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Additional checks completed
************************************************************
04:34:10 ص: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
69632 bytes
Created: 11/04/13 02:33 ص
Modified: 19/03/13 05:49 ص
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
6144 bytes
Created: 14/07/09 02:11 ص
Modified: 14/07/09 04:14 ص
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wininit.exe
96256 bytes
Created: 14/07/09 02:36 ص
Modified: 14/07/09 04:14 ص
Company: Microsoft Corporation
--------------------
C:\Windows\system32\services.exe
259072 bytes
Created: 14/07/09 02:11 ص
Modified: 14/07/09 04:14 ص
Company: Microsoft Corporation
--------------------
C:\Windows\system32\winlogon.exe
286720 bytes
Created: 28/02/11 04:37 م
Modified: 20/11/10 03:17 م
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsass.exe
22528 bytes
Created: 21/01/12 08:00 ص
Modified: 17/11/11 08:29 ص
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
267776 bytes
Created: 28/02/11 04:36 م
Modified: 20/11/10 03:17 م
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
20992 bytes
Created: 14/07/09 02:19 ص
Modified: 14/07/09 04:14 ص
Company: Microsoft Corporation
--------------------
C:\Windows\system32\CISVC.EXE
20480 bytes
Created: 14/07/09 03:11 ص
Modified: 14/07/09 04:14 ص
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/06 01:40 م
Modified: 26/10/06 01:40 م
Company: Microsoft Corporation
--------------------
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
128848 bytes
Created: 28/02/11 04:34 م
Modified: 05/11/10 04:52 ص
Company: Microsoft Corporation
--------------------
C:\Windows\System32\tcpsvcs.exe
9216 bytes
Created: 14/07/09 02:55 ص
Modified: 14/07/09 04:14 ص
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
193920 bytes
Created: 28/03/11 08:31 م
Modified: 28/03/11 08:31 م
Company: Microsoft Corp.
--------------------
C:\Windows\system32\SearchIndexer.exe
427520 bytes
Created: 29/06/11 08:57 ص
Modified: 04/05/11 07:28 ص
Company: Microsoft Corporation
--------------------
C:\Windows\System32\WUDFHost.exe
196608 bytes
Created: 15/11/12 04:41 م
Modified: 26/07/12 06:21 ص
Company: Microsoft Corporation
--------------------
C:\Windows\system32\taskhost.exe
49152 bytes
Created: 18/01/13 04:09 ص
Modified: 23/11/12 05:48 ص
Company: Microsoft Corporation
--------------------
C:\Windows\system32\Dwm.exe
92672 bytes
Created: 14/07/09 02:24 ص
Modified: 14/07/09 04:14 ص
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wbem\wmiprvse.exe
257536 bytes
Created: 28/02/11 04:37 م
Modified: 20/11/10 03:17 م
Company: Microsoft Corporation
--------------------
C:\Users\Administrator\Downloads\Speccy.exe
3503416 bytes
Created: 25/04/13 05:26 ص
Modified: 22/11/11 03:45 م
Company: Piriform Ltd
--------------------
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
1312720 bytes
Created: 24/01/12 02:57 ص
Modified: 09/04/13 11:57 ص
Company: Google Inc.
--------------------
C:\Windows\system32\SnippingTool.exe
396288 bytes
Created: 14/07/09 02:48 ص
Modified: 14/07/09 04:14 ص
Company: Microsoft Corporation
--------------------
C:\Windows\SYSTEM32\WISPTIS.EXE
334336 bytes
Created: 28/02/11 04:36 م
Modified: 20/11/10 03:17 م
Company: Microsoft Corporation
--------------------
C:\Program Files\WinRAR\WinRAR.exe
1159168 bytes
Created: 25/03/13 08:17 ص
Modified: 09/06/12 07:19 م
Company: Alexander Roshal
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 4775160
[This is a Trojan Remover component]
--------------------
--------------------
C:\Users\Administrator\Downloads\Tro_rem_cr\Trojan.Remover_crack.exe
8165427 bytes
Created: 26/04/13 04:30 ص
Modified: 24/06/12 08:04 م
Company:
--------------------
C:\Users\ADMINI~1\AppData\Local\Temp\ir_ext_temp_1\autorun.exe
6426112 bytes
Created: 26/04/13 04:32 ص
Modified: 24/06/12 08:04 م
Company:
C:\Users\ADMINI~1\AppData\Local\Temp\ir_ext_temp_1\autorun.exe appears to contain: SUSPICIOUS.ENTRY
C:\Users\ADMINI~1\AppData\Local\Temp\ir_ext_temp_1\autorun.exe - running process located and terminated
--------------------
************************************************************
04:35:43 ص: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
04:35:43 ص: Scanning ------ %TEMP% DIRECTORY ------
************************************************************
04:35:45 ص: Scanning ------ C:\Windows\Temp DIRECTORY ------
No files found to scan
************************************************************
04:35:45 ص: Scanning ------ ROOT DIRECTORY ------
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 04:35:46 ص 26 أبريل 2013
Total Scan time: 00:03:02
************************************************************
وبارك الله فيك أخي الفاضل m_uons2002
