باتريوت
زيزوومى مبدع
غير متصل
السلام عليكم
كيف حال الشباب
ذلحين الجهاز مالي نصيب فيه وقت العصر والمغرب
وتالي الليل
كل شوي وهو طافي من نفسه
و الاوقات الثانيه شغال تمام
طبعاً هو جهاز التجارب ومافيه موقع كراكات او برنامج الا وقمت بتثبيته عليه
لذلك توقعت المشكله من فايروس
واللي لاحضته اني كل ما ضغطت على ctrl + c طفى
وجميع الادوات اللي في المنتدى استخدمتها
وقمت بفحص الجهاز بواسطة افاست ولم يكتشف شئ .
(( يعني يسجل خروج ويحفظ العمل ثم يطفي ))
هذي التقارير
الهايجاك
كيف حال الشباب
ذلحين الجهاز مالي نصيب فيه وقت العصر والمغرب
وتالي الليل
كل شوي وهو طافي من نفسه
و الاوقات الثانيه شغال تمام
طبعاً هو جهاز التجارب ومافيه موقع كراكات او برنامج الا وقمت بتثبيته عليه
لذلك توقعت المشكله من فايروس
واللي لاحضته اني كل ما ضغطت على ctrl + c طفى
وجميع الادوات اللي في المنتدى استخدمتها
وقمت بفحص الجهاز بواسطة افاست ولم يكتشف شئ .
(( يعني يسجل خروج ويحفظ العمل ثم يطفي ))
هذي التقارير
الهايجاك
اداة الكمبوفكس
[/FONT]Resident AV is active[/FONT]
[FONT=Courier New (Arabic)]
[/FONT]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED[FONT=Courier New (Arabic)] !![/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]((((((((((((((((((((((((((((((((((((((( [/FONT]Other Deletions[FONT=Courier New (Arabic)] )))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
c:\windows\system32\drivers\RKHit.sys
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]((((((((((((((((((((((((((((((((((((((( [/FONT]Drivers/Services[FONT=Courier New (Arabic)] )))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]-------\[/FONT]Service_RkHit
[FONT=Courier New (Arabic)]
((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20[FONT=Courier New (Arabic)] )))))))))))))))))))))))))))))))[/FONT][/FONT]
[FONT=Courier New (Arabic)].[/FONT]
No new files created in this timespan
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)](((((((((((((((((((((((((((((((((((((((( [/FONT]Find3M Report[FONT=Courier New (Arabic)] ))))))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]2009-02-20 23:41 358,885,408 --[/FONT]sha-wc:\windows\system32\drivers\fidbox.dat
[FONT=Courier New (Arabic)]2009-02-20 23:40 --------- d-----wc:\program files\microsoft frontpage[/FONT]
[FONT=Courier New (Arabic)]2009-02-20 23:39 4,204,004 --sha-wc:\windows\system32\drivers\fidbox.idx[/FONT]
[FONT=Courier New (Arabic)]2009-02-20 17:18 --------- d-----wc:\documents and settings\All Users\Application Data\SWiSHMax2WorkFolder[/FONT]
[FONT=Courier New (Arabic)]2009-02-20 16:22 --------- d---a-wc:\documents and settings\All Users\Application Data\TEMP[/FONT]
[FONT=Courier New (Arabic)]2009-02-20 16:22 --------- d-----wc:\documents and settings\saad\Application Data\DMCache[/FONT]
[FONT=Courier New (Arabic)]2009-02-20 10:56 --------- d-----wc:\documents and settings\saad\Application Data\FTWeak[/FONT]
[FONT=Courier New (Arabic)]2009-02-19 21:08 --------- d-----wc:\program files\Alwil Software[/FONT]
[FONT=Courier New (Arabic)]2009-02-17 20:43 --------- d-----wc:\program files\Acoustica Shared Effects[/FONT]
[FONT=Courier New (Arabic)]2009-02-17 20:43 --------- d-----wc:\program files\Acoustica Mixcraft 3[/FONT]
[FONT=Courier New (Arabic)]2009-02-17 20:43 --------- d-----wc:\documents and settings\saad\Application Data\Acoustica[/FONT]
[FONT=Courier New (Arabic)]2009-02-17 20:42 --------- d-----wc:\documents and settings\All Users\Application Data\Acoustica[/FONT]
[FONT=Courier New (Arabic)]2009-02-17 08:16 --------- d-----wc:\program files\Common Files\SWiSHzone.com[/FONT]
[FONT=Courier New (Arabic)]2009-02-17 08:12 --------- d-----wc:\program files\SWiSH Max2[/FONT]
[FONT=Courier New (Arabic)]2009-02-17 05:43 --------- d-----wc:\program files\Common Files\Adobe[/FONT]
[FONT=Courier New (Arabic)]2009-02-17 05:42 --------- d-----wc:\program files\Common Files\Adobe Systems Shared[/FONT]
[FONT=Courier New (Arabic)]2009-02-16 16:36 --------- d-----wc:\program files\TuneUp Utilities 2009[/FONT]
[FONT=Courier New (Arabic)]2009-02-15 06:33 --------- d-----wc:\program files\Blackstar[/FONT]
[FONT=Courier New (Arabic)]2009-02-15 06:31 --------- d-----wc:\program files\Common Files\Filseclab[/FONT]
[FONT=Courier New (Arabic)]2009-02-14 12:01 --------- d-----wc:\documents and settings\saad\Application Data\Passolo Demo[/FONT]
[FONT=Courier New (Arabic)]2009-02-14 10:49 --------- d-----wc:\program files\Passolo Demo[/FONT]
[FONT=Courier New (Arabic)]2009-02-14 10:49 --------- d-----wc:\documents and settings\All Users\Application Data\Passolo Demo[/FONT]
[FONT=Courier New (Arabic)]2009-02-13 19:45 --------- d-----wc:\documents and settings\All Users\Application Data\DriverCure[/FONT]
[FONT=Courier New (Arabic)]2009-02-13 19:42 --------- d--h--wc:\program files\InstallShield Installation Information[/FONT]
[FONT=Courier New (Arabic)]2009-02-13 19:40 --------- d-----wc:\program files\Common Files\InstallShield[/FONT]
[FONT=Courier New (Arabic)]2009-02-13 19:21 --------- d-----wc:\documents and settings\saad\Application Data\DriverCure[/FONT]
[FONT=Courier New (Arabic)]2009-02-13 19:19 --------- d-----wc:\documents and settings\All Users\Application Data\Downloaded Installations[/FONT]
[FONT=Courier New (Arabic)]2009-02-13 12:21 --------- d-----wc:\documents and settings\saad\Application Data\Smart PC Solutions[/FONT]
[FONT=Courier New (Arabic)]2009-02-13 08:44 --------- d-----wc:\program files\Common Files\ACD Systems[/FONT]
[FONT=Courier New (Arabic)]2009-02-12 06:20 --------- d-----wc:\documents and settings\saad\Application Data\Hide IP NG[/FONT]
[FONT=Courier New (Arabic)]2009-02-11 10:55 147,456 ----a-wc:\windows\AVUNTOOL.EXE[/FONT]
[FONT=Courier New (Arabic)]2009-02-10 02:39 --------- d-----wc:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters[/FONT]
[FONT=Courier New (Arabic)]2009-02-10 02:09 --------- d-----wc:\documents and settings\saad\Application Data\Paltalk[/FONT]
[FONT=Courier New (Arabic)]2009-02-08 22:24 --------- d-----wc:\documents and settings\saad\Application Data\GlarySoft[/FONT]
[FONT=Courier New (Arabic)]2009-02-08 02:56 325,128 ----a-wc:\windows\system32\drivers\avgldx86.sys[/FONT]
[FONT=Courier New (Arabic)]2009-02-08 02:56 12,552 ----a-wc:\windows\system32\drivers\avgrkx86.sys[/FONT]
[FONT=Courier New (Arabic)]2009-02-08 02:56 107,272 ----a-wc:\windows\system32\drivers\avgtdix.sys[/FONT]
[FONT=Courier New (Arabic)]2009-02-08 02:54 29,208 ----a-wc:\windows\system32\drivers\avgfwdx.sys[/FONT]
[FONT=Courier New (Arabic)]2009-02-08 02:54 --------- d-----wc:\program files\AVG[/FONT]
[FONT=Courier New (Arabic)]2009-02-08 02:54 --------- d-----wc:\documents and settings\All Users\Application Data\avg8[/FONT]
[FONT=Courier New (Arabic)]2009-02-07 23:45 --------- d-----wc:\documents and settings\saad\Application Data\Ashampoo[/FONT]
[FONT=Courier New (Arabic)]2009-02-07 07:01 --------- d-----wc:\program files\Common Files\xing shared[/FONT]
[FONT=Courier New (Arabic)]2009-02-07 07:01 --------- d-----wc:\program files\Common Files\Real[/FONT]
[FONT=Courier New (Arabic)]2009-02-07 03:45 --------- d-----wc:\documents and settings\All Users\Application Data\Babylon[/FONT]
[FONT=Courier New (Arabic)]2009-02-07 00:17 --------- d-----wc:\documents and settings\saad\Application Data\Lunascape[/FONT]
[FONT=Courier New (Arabic)]2009-02-04 14:34 --------- d-----wc:\documents and settings\saad\Application Data\Thinstall[/FONT]
[FONT=Courier New (Arabic)]2009-02-03 22:49 --------- d-----wc:\program files\Common Files\Wise Installation Wizard[/FONT]
[FONT=Courier New (Arabic)]2009-02-03 20:14 --------- d-----wc:\documents and settings\saad\Application Data\WIPE[/FONT]
[FONT=Courier New (Arabic)]2009-02-03 20:11 --------- d-----wc:\documents and settings\All Users\Application Data\FaceOnBody[/FONT]
[FONT=Courier New (Arabic)]2009-02-02 19:36 --------- d-----wc:\documents and settings\saad\Application Data\VitySoft[/FONT]
[FONT=Courier New (Arabic)]2009-01-30 14:53 --------- d-----wc:\documents and settings\All Users\Application Data\Quicksys[/FONT]
[FONT=Courier New (Arabic)]2009-01-29 14:14 --------- d-----wc:\documents and settings\saad\Application Data\Systweak[/FONT]
[FONT=Courier New (Arabic)]2009-01-29 14:14 --------- d-----wc:\documents and settings\All Users\Application Data\Systweak[/FONT]
[FONT=Courier New (Arabic)]2009-01-29 14:10 --------- d-----wc:\documents and settings\saad\Application Data\PE Explorer[/FONT]
[FONT=Courier New (Arabic)]2009-01-28 13:51 --------- d-----wc:\documents and settings\All Users\Application Data\Norton[/FONT]
[FONT=Courier New (Arabic)]2009-01-27 22:50 --------- d-----wc:\program files\NCH Swift Sound[/FONT]
[FONT=Courier New (Arabic)]2009-01-27 22:50 --------- d-----wc:\documents and settings\All Users\Application Data\NCH Swift Sound[/FONT]
[FONT=Courier New (Arabic)]2009-01-26 19:19 --------- d-----wc:\documents and settings\All Users\Application Data\DriverScanner[/FONT]
[FONT=Courier New (Arabic)]2009-01-26 08:26 --------- d-----wc:\documents and settings\All Users\Application Data\Rising[/FONT]
[FONT=Courier New (Arabic)]2009-01-22 18:16 --------- d-----wc:\documents and settings\All Users\Application Data\FRISK Software[/FONT]
[FONT=Courier New (Arabic)]2009-01-22 08:10 --------- d-----wc:\program files\Common Files\Cisco Systems[/FONT]
[FONT=Courier New (Arabic)]2009-01-21 17:11 --------- d-----wc:\program files\Wipe[/FONT]
[FONT=Courier New (Arabic)]2009-01-21 07:28 --------- d-----wc:\documents and settings\All Users\Application Data\Symantec[/FONT]
[FONT=Courier New (Arabic)]2009-01-21 07:25 --------- d-----wc:\documents and settings\All Users\Application Data\NortonInstaller[/FONT]
[FONT=Courier New (Arabic)]2009-01-20 13:50 --------- d-----wc:\program files\Bonjour[/FONT]
[FONT=Courier New (Arabic)]2009-01-20 13:28 --------- d-----wc:\program files\Common Files\Macrovision Shared[/FONT]
[FONT=Courier New (Arabic)]2009-01-18 08:47 --------- d-----wc:\documents and settings\saad\Application Data\Babylon[/FONT]
[FONT=Courier New (Arabic)]2009-01-17 16:53 --------- d-----wc:\program files\Microsoft Silverlight[/FONT]
[FONT=Courier New (Arabic)]2009-01-17 06:05 --------- d-----wc:\program files\Common Files\Windows Live[/FONT]
[FONT=Courier New (Arabic)]2009-01-17 05:42 --------- d-----wc:\documents and settings\All Users\Application Data\ConeXware[/FONT]
[FONT=Courier New (Arabic)]2009-01-16 23:24 --------- d--h--wc:\documents and settings\All Users\Application Data\{B1BDF027-079E-4994-B197-C7DE61E11398[FONT=Courier New (Arabic)]}[/FONT][/FONT]
[FONT=Courier New (Arabic)]2009-01-16 22:25 --------- [/FONT]d-----wc:\program files\MSECache
[FONT=Courier New (Arabic)]2009-01-16 19:29 --------- d-----wc:\documents and settings\saad\Application Data\OfficeUpdate12[/FONT]
[FONT=Courier New (Arabic)]2009-01-16 19:25 --------- d-----wc:\documents and settings\All Users\Application Data\Office Genuine Advantage[/FONT]
[FONT=Courier New (Arabic)]2009-01-13 13:28 --------- dc-h--wc:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F[FONT=Courier New (Arabic)]}[/FONT][/FONT]
[FONT=Courier New (Arabic)]2009-01-12 11:41 --------- [/FONT]d-----wc:\program files\iVocalize Web Conference 4
[FONT=Courier New (Arabic)]2009-01-08 15:45 --------- d-----wc:\documents and settings\saad\Application Data\Nitro PDF[/FONT]
[FONT=Courier New (Arabic)]2009-01-06 14:34 --------- d-----wc:\documents and settings\All Users\Application Data\TechSmith[/FONT]
[FONT=Courier New (Arabic)]2009-01-01 23:52 --------- dc-h--wc:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151[FONT=Courier New (Arabic)]}[/FONT][/FONT]
[FONT=Courier New (Arabic)]2009-01-01 23:14 --------- [/FONT]d-----wc:\program files\Windows Live SkyDrive
[FONT=Courier New (Arabic)]2008-12-29 18:28 --------- d-----wc:\program files\Microsoft Visual Studio 9.0[/FONT]
[FONT=Courier New (Arabic)]2008-12-29 18:28 --------- d-----wc:\program files\Microsoft Synchronization Services[/FONT]
[FONT=Courier New (Arabic)]2008-12-29 18:28 --------- d-----wc:\program files\Microsoft SQL Server Compact Edition[/FONT]
[FONT=Courier New (Arabic)]2008-12-29 18:27 --------- d-----wc:\documents and settings\All Users\Application Data\Microsoft Help[/FONT]
[FONT=Courier New (Arabic)]2008-12-29 18:17 --------- d-----wc:\program files\Microsoft SDKs[/FONT]
[FONT=Courier New (Arabic)]2008-12-29 18:14 --------- d-----wc:\program files\MSBuild[/FONT]
[FONT=Courier New (Arabic)]2008-12-29 18:13 --------- d-----wc:\program files\Reference Assemblies[/FONT]
[FONT=Courier New (Arabic)]2008-12-28 23:04 --------- d-----wc:\documents and settings\saad\Application Data\GrabPro[/FONT]
[FONT=Courier New (Arabic)]2008-12-26 19:57 --------- d-----wc:\program files\Windows Media Connect 2[/FONT]
[FONT=Courier New (Arabic)]2008-12-25 13:07 --------- d-----wc:\documents and settings\All Users\Application Data\Innovative Solutions[/FONT]
[FONT=Courier New (Arabic)]2008-12-25 09:26 --------- d-----wc:\program files\Remoteus2008[/FONT]
[FONT=Courier New (Arabic)]2008-12-25 09:26 --------- d-----wc:\program files\Common Files\Multilizer 2007[/FONT]
[FONT=Courier New (Arabic)]2008-12-22 09:09 --------- d-----wc:\documents and settings\saad\Application Data\Grisoft[/FONT]
[FONT=Courier New (Arabic)]2008-12-22 09:08 --------- d-----wc:\documents and settings\All Users\Application Data\Grisoft[/FONT]
[FONT=Courier New (Arabic)]2008-12-04 16:54 524,288 ----a-wc:\windows\opuc.dll[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]((((((((((((((((((((((((((((((((((((( [/FONT]Reg Loading Points[FONT=Courier New (Arabic)] ))))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]*[/FONT]Note* empty entries & legit default entries are not shown
REGEDIT4
[FONT=Courier New (Arabic)][[/FONT]HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/15/2008 12:29 AM 15360[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]ccleaner"="d:\program files\CCleaner\CCleaner.exe" [10/23/2008 09:34 PM 1336560[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [04/14/2008 01:13 AM 208952[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [04/14/2008 01:13 AM 59392[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 01:13 AM 455168[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 01:13 AM 455168[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [02/08/2009 05:55 AM 1601304[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [02/07/2009 10:01 AM 185872[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM 577536 c:\windows\soundman.exe[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/15/2008 12:29 AM 15360[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]nltide_2"="shell32" [X[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]NoRecentDocsNetHood"= 1 (0x1[FONT=Courier New (Arabic)])[/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]02/08/2009 05:56 [/FONT]AM 10520 c:\windows\system32\avgrsstx.dll
[FONT=Courier New (Arabic)]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager[FONT=Courier New (Arabic)]][/FONT][/FONT]
BootExecuteREG_MULTI_SZ autocheck autochk *\0sasnative32
[FONT=Courier New (Arabic)][[/FONT]HKLM\~\startupfolder\C:^Documents and Settings^All Users[FONT=Courier New (Arabic)]^قائمة ابدأ^البرامج^بدء التشغيل^[/FONT]HP Digital Imaging Monitor.lnk[FONT=Courier New (Arabic)]][/FONT]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[FONT=Courier New (Arabic)][[/FONT]HKLM\~\startupfolder\C:^Documents and Settings^All Users[FONT=Courier New (Arabic)]^قائمة ابدأ^البرامج^بدء التشغيل^[/FONT]PalTalk.lnk[FONT=Courier New (Arabic)]][/FONT]
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[FONT=Courier New (Arabic)][[/FONT]HKLM\~\startupfolder\C:^Documents and Settings^saad[FONT=Courier New (Arabic)]^قائمة ابدأ^البرامج^بدء التشغيل^[/FONT]Adobe Gamma.lnk[FONT=Courier New (Arabic)]][/FONT]
path=c:\documents and settings\saad[FONT=Courier New (Arabic)]\قائمة ابدأ\البرامج\بدء التشغيل\[/FONT]Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[FONT=Courier New (Arabic)][[/FONT]HKLM\~\startupfolder\C:^Documents and Settings^saad[FONT=Courier New (Arabic)]^قائمة ابدأ^البرامج^بدء التشغيل^[/FONT]is-R9IEC.lnk[FONT=Courier New (Arabic)]][/FONT]
backup=c:\windows\pss\is-R9IEC.lnkStartup
[FONT=Courier New (Arabic)][[/FONT]HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast[FONT=Courier New (Arabic)]!][/FONT]
[FONT=Courier New (Arabic)]--[/FONT]a------ 02/06/2009 12:08 AM 81000 c:\program files\Alwil Software\Avast4\ashDisp.exe
[FONT=Courier New (Arabic)]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon[FONT=Courier New (Arabic)]][/FONT][/FONT]
[FONT=Courier New (Arabic)]--[/FONT]a------ 08/22/2007 04:31 PM 80896 d:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[FONT=Courier New (Arabic)]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe[FONT=Courier New (Arabic)]][/FONT][/FONT]
[FONT=Courier New (Arabic)]--[/FONT]a------ 02/07/2009 10:01 AM 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe
[FONT=Courier New (Arabic)]
[HKEY_LOCAL_MACHINE\software\microsoft\security center[FONT=Courier New (Arabic)]][/FONT][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]AntiVirusDisableNotify"=dword:00000001
[FONT=Courier New (Arabic)]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile[FONT=Courier New (Arabic)]][/FONT][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]EnableFirewall"= 0 (0x0[FONT=Courier New (Arabic)])[/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"[/FONT]c:\\Program Files\\Bonjour\\mDNSResponder.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)]"[/FONT]c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)]"[/FONT]c:\\Program Files\\Windows Live\\Messenger\\livecall.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)]"[/FONT]c:\\Program Files\\LeapFTP 3.0\\LeapFTP.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)]"[/FONT]c:\\Program Files\\Messenger\\msmsgs.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)]"%[/FONT]windir%\\Network Diagnostic\\xpnetdiag.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)]"%[/FONT]windir%\\system32\\sessmgr.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)]"[/FONT]c:\\Program Files\\AVG\\AVG8\\avgam.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)]"[/FONT]c:\\Program Files\\AVG\\AVG8\\avgupd.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)]"[/FONT]c:\\Program Files\\AVG\\AVG8\\avgnsx.exe[FONT=Courier New (Arabic)]"=[/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)]"30078:[/FONT]TCP"= 30078:TCP:*isabled:SolidNetworkManager
[FONT=Courier New (Arabic)]"30078:UDP"= 30078:UDP:*[/FONT]
[FONT=Courier New (Arabic)]"52789:TCP"= 52789:TCP:*[/FONT]
[FONT=Courier New (Arabic)]"52789:UDP"= 52789:UDP:*[/FONT]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-08 12552[FONT=Courier New (Arabic)]][/FONT]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2008-05-07 124928[FONT=Courier New (Arabic)]][/FONT]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-20 114768[FONT=Courier New (Arabic)]][/FONT]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-08 325128[FONT=Courier New (Arabic)]][/FONT]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-08 107272[FONT=Courier New (Arabic)]][/FONT]
R1 is-R9IECdrv;is-R9IECdrv;c:\windows\system32\drivers\40962673.sys [2008-12-07 148496[FONT=Courier New (Arabic)]][/FONT]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-20 20560[FONT=Courier New (Arabic)]][/FONT]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-08 298264[FONT=Courier New (Arabic)]][/FONT]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-02-08 1339600[FONT=Courier New (Arabic)]][/FONT]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-11-25 603904[FONT=Courier New (Arabic)]][/FONT]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-02-08 29208[FONT=Courier New (Arabic)]][/FONT]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-02-08 29208[FONT=Courier New (Arabic)]][/FONT]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys[FONT=Courier New (Arabic)] [?][/FONT]
S3 uti4ndaz;AVZ Kernel Driver;c:\windows\system32\drivers\uti4ndaz.sys [2008-12-13 7168[FONT=Courier New (Arabic)]][/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost[FONT=Courier New (Arabic)]][/FONT]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
[FONT=Courier New (Arabic)][[/FONT]HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea71a65f-ede7-11dd-85bd-000e2eef543f[FONT=Courier New (Arabic)]}][/FONT]
[FONT=Courier New (Arabic)]\[/FONT]Shell\AutoRun\command - eb.bat
[FONT=Courier New (Arabic)]\Shell\explore\Command - eb.bat[/FONT]
[FONT=Courier New (Arabic)]\Shell\open\Command - eb.bat[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
*******s of the 'Scheduled Tasks' folder
[FONT=Courier New (Arabic)]2009-02-20 [/FONT]c:\windows\Tasks\1-Click Maintenance.job
[FONT=Courier New (Arabic)]- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [11/20/2008 04:28 PM[FONT=Courier New (Arabic)]][/FONT][/FONT]
[FONT=Courier New (Arabic)]2009-02-20 [/FONT]c:\windows\Tasks\OGADaily.job
[FONT=Courier New (Arabic)]- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM[FONT=Courier New (Arabic)]][/FONT][/FONT]
[FONT=Courier New (Arabic)]2009-02-20 [/FONT]c:\windows\Tasks\OGALogon.job
[FONT=Courier New (Arabic)]- c:\windows\system32\OGAVerify.exe [12/31/2008 05:04 PM[FONT=Courier New (Arabic)]][/FONT][/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]- - - - [/FONT]ORPHANS REMOVED[FONT=Courier New (Arabic)] - - - -[/FONT]
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file[FONT=Courier New (Arabic)])[/FONT]
HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file[FONT=Courier New (Arabic)])[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]------- [/FONT]Supplementary Scan[FONT=Courier New (Arabic)] -------[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;<local>;*.local
uInternet Settings,ProxyServer = socks[FONT=Courier New (Arabic)]=[/FONT]
FF - ProfilePath - c:\documents and settings\saad\Application Data\Mozilla\Firefox\Profiles\67rdpgs2.default[FONT=Courier New (Arabic)]\[/FONT]
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.20926.0.dll
FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]**************************************************************************[/FONT]
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-02-21 02:41:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes[FONT=Courier New (Arabic)] ... [/FONT]
scanning hidden autostart entries[FONT=Courier New (Arabic)] ... [/FONT]
scanning hidden files[FONT=Courier New (Arabic)] ... [/FONT]
scan completed successfully
hidden files: 0
[FONT=Courier New (Arabic)]**************************************************************************[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]--------------------- [/FONT]LOCKED REGISTRY KEYS[FONT=Courier New (Arabic)] ---------------------[/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC[FONT=Courier New (Arabic)]}][/FONT]
[FONT=Courier New (Arabic)]@[/FONT]Denied: (Full) (Everyone[FONT=Courier New (Arabic)])[/FONT]
[FONT=Courier New (Arabic)]"[/FONT]scansk"=hex(0):0f,34,64,76,7a,a3,f8,50,d5,81,49,b7,0a,7d,8d,f8,2e,9b,15,e0,eb[FONT=Courier New (Arabic)],[/FONT]
[FONT=Courier New (Arabic)]83,[/FONT]eb,82,d9,f9,9d,ad,84,d1,8b,b0,37,27,bc,34,19,b6,e6,51,00,00,00,00,00,00[FONT=Courier New (Arabic)],\[/FONT]
[FONT=Courier New (Arabic)][[/FONT]HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8f4b73e8-cfcf-49f0-92f1-265d18d567a6[FONT=Courier New (Arabic)]}][/FONT]
[FONT=Courier New (Arabic)]@[/FONT]Denied: (Full) (Everyone[FONT=Courier New (Arabic)])[/FONT]
[FONT=Courier New (Arabic)]"[/FONT]Model"=dword:00000024
[FONT=Courier New (Arabic)]"Therad"=dword:0000000f[/FONT]
[FONT=Courier New (Arabic)]"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,dd,d1,b1,6a,1d[FONT=Courier New (Arabic)],[/FONT]
cd,d7,6a,05,98,32,02,34,2b,da,61,dc,6d,06,f2,88,45,45,e0,87,82,8e,8d,1e,06[FONT=Courier New (Arabic)],\[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]------------------------ [/FONT]Other Running Processes[FONT=Courier New (Arabic)] ------------------------[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\atievxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
[FONT=Courier New (Arabic)].[/FONT]
[FONT=Courier New (Arabic)]**************************************************************************[/FONT]
[FONT=Courier New (Arabic)].[/FONT]
Completion time: 02/21/2009 2:46:23 - machine was rebooted [saad[FONT=Courier New (Arabic)]][/FONT]
********-quarantined-files.txt 2009-02-20 23:46:17
Pre-Run: 10,748,932,096 bytes free
Post-Run: 10,735,394,816 bytes free
[FONT=Courier New (Arabic)]270 --- [/FONT]E O F ---[FONT=Courier New (Arabic)] 2009-02-20 01:30:20[/FONT]
