مساعدة من الخبراء في تحليل تقريري ComboFix و HijackThis

  • بادئ الموضوع بادئ الموضوع faiz's
  • تاريخ البدء تاريخ البدء
  • المشاهدات 733
F

faiz's

زيزوومي جديد
إنضم
19 مارس 2008
المشاركات
21
مستوى التفاعل
1
النقاط
20
الإقامة
riyadh
غير متصل
السلام عليكم

ارجوا من الخبراء تحليل التقريرين التاليين :


التقرير الاول لجهازي باستخدام
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
:


" ComboFix 08-10-07.06 - Faiz 10/08/2008 14:33:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.593 [GMT 3:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\faiz\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINXP\regedit.com
C:\WINXP\system32\taskmgr.com
----- BITS: Possible infected sites -----
hxxp://78.157.143.198
.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 11:31 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\Orbit
2008-10-08 11:16 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Babylon
2008-10-08 09:30 --------- d---a-w C:\Documents and Settings\All Users.WINXP\Application Data\TEMP
2008-10-07 07:35 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-05 07:15 --------- d-----w C:\Program Files\Spyware Doctor
2008-10-05 06:43 81,288 ----a-w C:\WINXP\system32\drivers\iksyssec.sys
2008-10-05 06:43 66,952 ----a-w C:\WINXP\system32\drivers\iksysflt.sys
2008-10-05 06:43 40,840 ----a-w C:\WINXP\system32\drivers\ikfilesec.sys
2008-10-05 05:49 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\PC Tools
2008-10-05 05:22 354,560 ----a-w C:\WINXP\system32\TuneUpDefragService.exe
2008-10-05 05:22 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-02 20:43 --------- d-----w C:\Program Files\Avant Browser
2008-10-02 16:45 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\MicroWorld
2008-10-02 13:06 --------- d-----w C:\Program Files\Lavasoft
2008-10-02 13:06 --------- d-----w C:\Program Files\AVG
2008-10-02 13:06 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Lavasoft
2008-10-02 12:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-02 12:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-02 10:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-02 10:16 --------- d-----w C:\Program Files\SweetIM
2008-10-02 05:55 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\WinZip
2008-09-27 19:37 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\PC Suite
2008-09-26 16:11 --------- d-----w C:\Program Files\XP Repair Pro 2007
2008-09-25 04:13 --------- d-----w C:\Program Files\Imagineer Systems Ltd
2008-09-24 14:26 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\Alien Skin
2008-09-24 02:05 --------- d-----w C:\Program Files\ClocX
2008-09-23 19:50 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
2008-09-22 12:48 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Messenger Plus!
2008-09-22 12:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-22 12:45 --------- d-----w C:\Program Files\Circle Developement
2008-09-22 12:42 --------- d-----w C:\Program Files\Alwil Software
2008-09-22 03:13 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\Nokia
2008-09-22 02:48 --------- d-----w C:\Program Files\Mobiola Web Camera for S60 3Ed
2008-09-22 02:31 0 ---ha-w C:\WINXP\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-22 02:31 0 ---ha-w C:\WINXP\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-22 02:14 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\SweetIM
2008-09-22 01:32 --------- d-----w C:\Program Files\GordianKnot
2008-09-22 01:32 --------- d-----w C:\Program Files\Gabest
2008-09-22 01:31 414,272 ----a-w C:\WINXP\system32\DivXc32f.dll
2008-09-22 01:31 414,272 ----a-w C:\WINXP\system32\DivXc32.dll
2008-09-22 01:31 33,280 ----a-w C:\WINXP\system32\HUFFYUV.DLL
2008-09-22 01:31 196,608 ----a-w C:\WINXP\system32\avisynth.dll
2008-09-22 01:31 --------- d-----w C:\Program Files\DivXCodec
2008-09-21 02:28 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-20 23:01 27,262,976 ----a-w C:\VIRTPART.DAT
2008-09-20 21:50 --------- d-----w C:\Program Files\Stardock
2008-09-20 21:50 --------- d-----w C:\Program Files\Common Files\Stardock
2008-09-20 19:41 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\Babylon
2008-09-20 18:24 --------- d-----w C:\Program Files\Netcom3 Cleaner
2008-09-20 18:22 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\PC Suite
2008-09-20 18:11 --------- d-----w C:\Program Files\Nokia
2008-09-20 18:11 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-20 18:11 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-20 18:10 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-20 17:25 --------- d-----w C:\Program Files\TaskSwitchXP
2008-09-20 17:25 --------- d-----w C:\Program Files\MSN Messenger
2008-09-20 16:25 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\Avira
2008-09-20 14:02 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\avg8
2008-09-20 13:59 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\AVGTOOLBAR
2008-09-20 13:08 --------- d-----w C:\Program Files\Avira
2008-09-20 13:08 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Avira
2008-09-20 12:55 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-20 12:43 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\Malwarebytes
2008-09-20 12:43 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
2008-09-20 07:43 --------- d-----w C:\Program Files\Realtek
2008-09-20 07:43 --------- d-----w C:\Program Files\Norton Internet Security
2008-09-20 07:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-20 07:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-20 07:42 --------- d-----w C:\Program Files\ltmoh
2008-09-20 07:40 --------- d-----w C:\Program Files\Common Files\Java
2008-09-20 07:40 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-20 07:39 --------- d-----w C:\Program Files\Apoint2K
2008-09-20 07:31 --------- d-----w C:\Documents and Settings\faiz\Application Data\toshiba
2008-09-20 07:31 --------- d-----w C:\Documents and Settings\faiz\Application Data\Sonic
2008-09-20 07:31 --------- d-----w C:\Documents and Settings\faiz\Application Data\ATI
2008-09-20 04:14 --------- d-----w C:\Program Files\Orbitdownloader
2008-09-20 04:03 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\Media Player Classic
2008-09-20 03:44 --------- d-----w C:\Program Files\MAGIX
2008-09-20 03:24 --------- d-----w C:\Program Files\WashAndGo
2008-09-20 02:49 --------- d-----w C:\Program Files\DIFX
2008-09-20 02:48 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\Installations
2008-09-20 02:47 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-20 02:46 --------- d-----w C:\Program Files\DivX
2008-09-20 01:27 --------- d-----w C:\Program Files\Symantec
2008-09-20 01:27 --------- d-----w C:\Documents and Settings\faiz\Application Data\Symantec
2008-09-20 01:15 --------- d-----w C:\Program Files\Intel
2008-09-20 01:15 --------- d-----w C:\Documents and Settings\faiz\Application Data\Intel
2008-09-20 01:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-20 01:05 --------- d-----w C:\Program Files\Windows Live
2008-09-20 00:56 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\WLInstaller
2008-09-20 00:44 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\Avant Profiles
2008-09-19 23:32 --------- d-----w C:\Documents and Settings\Faiz.XP-FF81AE7184\Application Data\MAGIX
2008-09-19 23:31 --------- d-----w C:\Documents and Settings\All Users.WINXP\Application Data\MAGIX
2008-09-19 23:30 499,712 ----a-w C:\WINXP\system32\msvcp71.dll
2008-09-19 23:30 348,160 ----a-w C:\WINXP\system32\msvcr71.dll
2008-09-19 23:30 --------- d-----w C:\Program Files\Real
2008-09-19 23:30 --------- d-----w C:\Program Files\Java
2008-09-19 23:30 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-19 23:30 --------- d-----w C:\Program Files\Common Files\Real
2008-09-19 23:28 --------- d-----w C:\Program Files\Windows Media Connect 2
.
------- Sigcheck -------
09/14/2008 03:24 AM 2025472 732887e7fdc05bed5a79a5ec49fd7e8d C:\WINXP\Fedora Transformation Pack\Backup\ntkrnlpa.exe
09/14/2008 03:24 AM 2181632 cb604d8f6ee974a4897725e39b31951c C:\WINXP\system32\ntkrnlpa.exe
09/12/2008 11:43 AM 2146816 1d8896827aaf26d44f6fea9498f296cf C:\WINXP\Fedora Transformation Pack\Backup\ntoskrnl.exe
09/12/2008 11:43 AM 2302976 d31889fa2a29e3e292376228e9c51091 C:\WINXP\system32\ntoskrnl.exe
09/12/2008 11:43 AM 1384960 ac1c726085dbebb7d563e4b4ded12764 C:\WINXP\explorer.exe
09/12/2008 11:43 AM 1525760 aaa0aead7f86a1599d76c83b6b51cdd0 C:\WINXP\Fedora Transformation Pack\Backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [03/27/2008 12:42 PM 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{EEE6C35C-6118-11DC-9C72-001320C79847}]
03/27/2008 12:42 PM 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 12:42 PM 1164600]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [03/27/2008 12:42 PM 1164600]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [04/15/2008 03:00 PM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [08/16/2007 02:49 PM 5728112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [02/14/2008 06:32 PM 3165920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [06/12/2008 12:58 PM 266497]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [10/05/2008 09:48 AM 1168264]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/15/2008 03:00 PM 110592 C:\WINXP\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINXP\system32\CTFMON.EXE" [04/15/2008 03:00 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 08/14/2002 03:21 PM 94208 C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 09/20/2008 02:30 AM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
--a------ 02/07/2008 10:30 AM 90112 C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\Trayserver.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PHIME2002ASync"=C:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"IMJPMIG8.1"="C:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [08/14/2002 03:11 PM 5632]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [07/11/2008 10:53 AM 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [06/12/2008 01:29 PM 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [05/09/2008 11:52 AM 41217]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINXP\System32\svchost.exe [04/15/2008 03:00 PM 14336]
R3 BTCAMDRV;Mobiola Web Camera driver;C:\WINXP\system32\DRIVERS\BTCamDrv.sys [11/01/2006 05:15 PM 219264]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [11/17/2005 12:48 PM 1527900]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINXP\System32\TuneUpDefragService.exe [10/05/2008 08:22 AM 354560]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-09-19 C:\WINXP\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [04/16/2008 09:59 AM]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.leeman-automatisering.nl/startpagina
O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 -: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 -: ت&صدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-08 14:37:31
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/08/2008 14:38:57
ComboFix-quarantined-files.txt 2008-10-08 11:38:51
Pre-Run: 82,746,691,584 bytes free
Post-Run: 83,061,043,200 bytes free
239 --- E O F --- 2008-09-26 23:46:52
"

و هذا التقرير الثاني باستخدام برنامج HijackThis :

" Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:45:12 م, on 08/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\csrss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINXP\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Stardock\Dock\Dock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Avant Browser\avant.exe
C:\WINXP\System32\alg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINXP\system32\notepad.exe
C:\WINXP\explorer.exe
C:\Documents and Settings\Faiz.XP-FF81AE7184\Local Settings\Temporary Internet Files\.IE5\5FVJH61K\Zyzoom_HijackThis[1].exe
C:\WINXP\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock Dock.lnk = C:\Program Files\Stardock\Dock\Dock.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINXP\System32\TuneUpDefragService.exe
--
End of file - 9138 bytes


و الشكر مقدما لكم
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
برنامج الحماية الموجود في جهازك غير فعال....قم بعمل تحديث له او قم بحذفه واستخدام الكاسبر 2009....


بعد ذلك ارفع تقرير الهايجاك
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
الف شكر اخوي


انا استخدم الافيرا كما مدحه الاخوان في المنتدى

سأحذفه و اجرب الكاسبر 2009

اكرر شكري لك
 
تأييد 0
faiz's قال:
الف شكر اخوي


انا استخدم الافيرا كما مدحه الاخوان في المنتدى

سأحذفه و اجرب الكاسبر 2009

اكرر شكري لك
أنقر للتوسيع...


الأفيرا نوعا ما كويس بس انه في التقرير معطل..

انا شخصيا استخدام الكاسبر سيكيورتي 2009...مع اعدادات زيزووم...:king:​
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
لاهنت على متابعتك يالغالي
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى