- بادئ الموضوع ابومصعب
- تاريخ البدء
- 1,438
MAAX
عضوشرف
غير متصل
اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0
MAAX
عضوشرف
غير متصل
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
تأييد
0
اسف اخى
هذاهواتقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:58 م, on 02/04/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
E:\برامج\برامج صيانة\U\STacSV.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Anti Netcut\Anti NetCut.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\stopcut\StopCut.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\DSL Speed\DSL Speed V4.6\Dslx2.exe
E:\برامج\برامج حماية\لإزالة فيروس اوتورن\Autorun_Virus_Remover_2.3\Autorun_Virus_Remover_2.3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Anti Netcut\Anti NetCut.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
E:\برامج\برامج حماية\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [antinetcut2] C:\Program Files\Anti Netcut\Anti NetCut.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Vistadrv] E:\برامج\برامج منوعة\برنامج صغير لتحويل شكل الدرايف ( القرص ) للفيستا\Vista Drive Status\vsdrv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Startup: StopCut.lnk = C:\Program Files\stopcut\StopCut.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D93AE0B7-9016-427C-853C-8817906C1874}: NameServer = 66.11.234.90,66.11.234.91
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE33E2FE-CD37-471F-A64B-D233909A7CC1}: NameServer = 66.11.234.90,66.11.234.91
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - E:\برامج\برامج صيانة\U\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8379 bytes
هذاهواتقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:58 م, on 02/04/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
E:\برامج\برامج صيانة\U\STacSV.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Anti Netcut\Anti NetCut.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\stopcut\StopCut.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\DSL Speed\DSL Speed V4.6\Dslx2.exe
E:\برامج\برامج حماية\لإزالة فيروس اوتورن\Autorun_Virus_Remover_2.3\Autorun_Virus_Remover_2.3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Anti Netcut\Anti NetCut.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
E:\برامج\برامج حماية\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [antinetcut2] C:\Program Files\Anti Netcut\Anti NetCut.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Vistadrv] E:\برامج\برامج منوعة\برنامج صغير لتحويل شكل الدرايف ( القرص ) للفيستا\Vista Drive Status\vsdrv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Startup: StopCut.lnk = C:\Program Files\stopcut\StopCut.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{D93AE0B7-9016-427C-853C-8817906C1874}: NameServer = 66.11.234.90,66.11.234.91
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE33E2FE-CD37-471F-A64B-D233909A7CC1}: NameServer = 66.11.234.90,66.11.234.91
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - E:\برامج\برامج صيانة\U\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8379 bytes
تأييد
0
زمان الصمت
زيزوومى متألق
- إنضم
- 25 فبراير 2009
- المشاركات
- 474
- مستوى التفاعل
- 1
- النقاط
- 470
غير متصل
ليس فايروس واحد وانما قيروسات
او من هنا
او من هنا
وارفع تقرير الاداة على اي موقع
اقتباس
ذا نزلت الاداة وطلب منك تحديث لها ستظهر لك رسالة على اليمين تحت باللون الاصفر
واظغط عليها وسوف يتم نقلك لموقع الشركة لتنزيل الاصدار الاحدث هذا مجرد ان طلب منك تحديث للاداة
موفق
عطل نقطة استعادة النظام حسب الشرح التالي
حمل اداة الكاسبر من الرابط التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
او من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم قوم بضغط التقرير ورفعه هنا>>>>
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وارفع تقرير الاداة على اي موقع
ذا نزلت الاداة وطلب منك تحديث لها ستظهر لك رسالة على اليمين تحت باللون الاصفر
واظغط عليها وسوف يتم نقلك لموقع الشركة لتنزيل الاصدار الاحدث هذا مجرد ان طلب منك تحديث للاداة
موفق
التعديل الأخير بواسطة المشرف:
توقيع : زمان الصمت
تأييد
0
k:هذا تقرير الهايجاك الجديد
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:53:39 م, on 03/04/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
E:\برامج\برامج صيانة\U\STacSV.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Anti Netcut\Anti NetCut.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\stopcut\StopCut.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DSL Speed\DSL Speed V4.6\Dslx2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\برامج\برامج حماية\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [antinetcut2] C:\Program Files\Anti Netcut\Anti NetCut.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Vistadrv] E:\برامج\برامج منوعة\برنامج صغير لتحويل شكل الدرايف ( القرص ) للفيستا\Vista Drive Status\vsdrv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Startup: StopCut.lnk = C:\Program Files\stopcut\StopCut.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D93AE0B7-9016-427C-853C-8817906C1874}: NameServer = 66.11.234.90,66.11.234.91
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE33E2FE-CD37-471F-A64B-D233909A7CC1}: NameServer = 66.11.234.90,66.11.234.91
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - E:\برامج\برامج صيانة\U\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8481 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:53:39 م, on 03/04/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
E:\برامج\برامج صيانة\U\STacSV.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Anti Netcut\Anti NetCut.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\stopcut\StopCut.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DSL Speed\DSL Speed V4.6\Dslx2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\برامج\برامج حماية\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [antinetcut2] C:\Program Files\Anti Netcut\Anti NetCut.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Vistadrv] E:\برامج\برامج منوعة\برنامج صغير لتحويل شكل الدرايف ( القرص ) للفيستا\Vista Drive Status\vsdrv.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Startup: StopCut.lnk = C:\Program Files\stopcut\StopCut.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{D93AE0B7-9016-427C-853C-8817906C1874}: NameServer = 66.11.234.90,66.11.234.91
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE33E2FE-CD37-471F-A64B-D233909A7CC1}: NameServer = 66.11.234.90,66.11.234.91
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - E:\برامج\برامج صيانة\U\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8481 bytes
تأييد
0
MAAX
عضوشرف
غير متصل
لا هنت ما هو مسار الملف المكتشف
واعمل التالي
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
واعمل التالي
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
تأييد
0
Corporation
زيزوومى فضى
غير متصل
أبو مصعب قبل لا تشغل الاداة اللي عطاك اياها الاستاذ ماكس ,,
عطل الأفيرا عن العمل لبعض الوقت لأنه يعيق عمل الاداة ,,
هذا سبب وقوفها عن العمل ..
عطل الأفيرا عن العمل لبعض الوقت لأنه يعيق عمل الاداة ,,
هذا سبب وقوفها عن العمل ..
توقيع : Corporation
تأييد
0
اخىMAAX
هذا تقرير ادة
ComboFix 09-04-01.01 - احمد_وجدى 04/03/2009 23:08:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.2550.2131 [GMT 2:00]
Running from: c:\documents and settings\احمد_وجدى\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\\setup.exe
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 21:07 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\DMCache
2009-04-03 19:07 --------- d-----w c:\program files\Avira
2009-04-03 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-03 17:37 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\VersionTracker Pro
2009-04-03 17:28 --------- d-----w c:\program files\TechTracker
2009-04-03 15:47 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\IDM
2009-04-03 07:51 --------- d-----w c:\program files\Winamp
2009-04-03 06:09 --------- d-----w c:\program files\EsetOnlineScanner
2009-04-02 23:17 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\QuickScan
2009-04-02 20:33 --------- d-----w c:\program files\Windows Media Components
2009-04-02 20:33 --------- d-----w c:\program files\Ashampoo
2009-04-02 20:32 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Thinstall
2009-04-02 18:23 --------- d-----w c:\program files\Axialis
2009-04-02 13:19 --------- d-----w c:\program files\nLite
2009-04-02 06:13 --------- d-----w c:\program files\Internet Download Manager
2009-04-01 23:48 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Uniblue
2009-04-01 23:47 --------- d-----w c:\program files\Uniblue
2009-04-01 21:17 --------- d-----w c:\program files\UltraISO
2009-04-01 21:16 --------- d-----w c:\program files\Common Files\EZB Systems
2009-04-01 21:10 --------- d-----w c:\program files\Vista Rainbar
2009-04-01 04:02 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Windows Search
2009-04-01 03:55 --------- d-----w c:\program files\Windows Desktop Search
2009-04-01 03:55 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Windows Desktop Search
2009-04-01 03:36 --------- d-----w c:\program files\Microsoft Silverlight
2009-04-01 01:14 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-31 22:09 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-31 16:22 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Boost Windows
2009-03-31 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo
2009-03-31 16:15 --------- d-----w c:\program files\netcut
2009-03-31 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-31 09:05 --------- d-----w c:\program files\Yahoo!
2009-03-31 09:05 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Yahoo!
2009-03-31 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-31 07:44 --------- d-----w c:\program files\hkSFV
2009-03-31 03:26 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-31 02:44 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-31 02:44 --------- d-----w c:\program files\Common Files\xing shared
2009-03-31 02:44 --------- d-----w c:\program files\Common Files\Real
2009-03-31 02:39 --------- d-----w c:\program files\Real
2009-03-31 01:56 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Media Player Classic
2009-03-31 00:51 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\TuneUp Software
2009-03-31 00:48 --------- d-----w c:\program files\Styler
2009-03-31 00:48 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Styler
2009-03-31 00:46 --------- d-----w c:\program files\PowerMenu
2009-03-31 00:45 --------- d-----w c:\program files\Intel
2009-03-31 00:43 --------- d-----w c:\program files\Sigmatel
2009-03-31 00:42 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-31 00:39 --------- d-----w c:\program files\XP TCPIP Repair
2009-03-31 00:38 --------- d-----w c:\program files\DSL Speed
2009-03-31 00:38 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-31 00:38 --------- d-----w c:\program files\Anti Netcut
2009-03-31 00:38 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-31 00:37 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-03-31 00:37 286,720 ------w c:\windows\Setup1.exe
2009-03-31 00:37 --------- d-----w c:\program files\WinPcap
2009-03-31 00:37 --------- d-----w c:\program files\stopcut
2009-03-31 00:36 --------- d-----w c:\program files\Common Files\Intel
2009-03-31 00:22 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-03-31 00:22 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-03-31 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-31 00:20 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-31 00:09 --------- d-----w c:\program files\microsoft frontpage
2009-03-26 15:35 210,352 ----a-w c:\windows\system32\idmmbc.dll
2009-03-16 12:18 69,448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 517,448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 235,352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 22,360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 453,456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 4,178,264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 1,846,632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-08 02:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-02-13 09:31 55,640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-07 16:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 16:20 265,720 -c--a-w c:\windows\system32\msdbg2.dll
2009-01-07 16:20 26,112 -c--a-w c:\windows\system32\idndl.dll
2009-01-07 16:20 24,576 -c--a-w c:\windows\system32\nlsdl.dll
2009-01-07 16:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2006-09-16 14:20 3,808 -c--a-w c:\program files\SETUP.LST
2006-09-16 14:20 1,880,140 -c--a-w c:\program files\Anti NetCut.CAB
.
------- Sigcheck -------
10/31/2007 12:32 AM 14336 9ae650ad5d3df02fbd28ce26746cca5b c:\windows\ServicePackFiles\i386\svchost.exe
04/14/2008 02:00 PM 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\system32\svchost.exe
04/14/2008 02:00 PM 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\system32\dllcache\svchost.exe
10/31/2007 12:32 AM 578560 d988e5d722cee54ace40d000a191e5cc c:\windows\ServicePackFiles\i386\user32.dll
04/14/2008 02:00 PM 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\user32.dll
04/14/2008 02:00 PM 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\dllcache\user32.dll
10/31/2007 12:32 AM 82432 6627e8084166e142b8f4e970a6c23489 c:\windows\ServicePackFiles\i386\ws2_32.dll
04/14/2008 02:00 PM 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\system32\ws2_32.dll
04/14/2008 02:00 PM 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\system32\dllcache\ws2_32.dll
10/31/2007 12:33 AM 507904 56adf995fff58eb7d0dd0819343fb0eb c:\windows\ServicePackFiles\i386\winlogon.exe
04/14/2008 02:00 PM 507904 ed0ef0a136dec83df69f04118870003e c:\windows\system32\winlogon.exe
04/14/2008 02:00 PM 507904 ed0ef0a136dec83df69f04118870003e c:\windows\system32\dllcache\winlogon.exe
10/30/2007 07:33 PM 182656 f2bc1026931be54ef3134f7586b7ef8c c:\windows\ServicePackFiles\i386\ndis.sys
04/14/2008 02:00 PM 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
04/14/2008 02:00 PM 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
10/30/2007 06:41 PM 36608 01101d3c7934ac2318a3880e33ae60a0 c:\windows\ServicePackFiles\i386\ip6fw.sys
04/14/2008 02:00 PM 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\dllcache\ip6fw.sys
04/14/2008 02:00 PM 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
04/14/2008 02:00 PM 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\explorer.exe
10/31/2007 12:32 AM 1033728 54b20714bcf2c49a4c3a182ee24e7736 c:\windows\ServicePackFiles\i386\explorer.exe
04/14/2008 02:00 PM 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\system32\dllcache\explorer.exe
10/31/2007 12:32 AM 108544 18fb4870d9b53aedab08fb404133a1c5 c:\windows\ServicePackFiles\i386\services.exe
04/14/2008 02:00 PM 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\system32\services.exe
04/14/2008 02:00 PM 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\system32\dllcache\services.exe
10/31/2007 12:32 AM 13312 99592b6ce7fc25a4f69692f7092ee455 c:\windows\ServicePackFiles\i386\lsass.exe
04/14/2008 02:00 PM 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\system32\lsass.exe
04/14/2008 02:00 PM 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\system32\dllcache\lsass.exe
10/31/2007 12:32 AM 15360 44a23969244da9d90ac46b6879dfe6e2 c:\windows\ServicePackFiles\i386\ctfmon.exe
04/14/2008 02:00 PM 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\system32\ctfmon.exe
04/14/2008 02:00 PM 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\system32\dllcache\ctfmon.exe
10/31/2007 12:32 AM 57856 1c97a84d6940a56eae099ec61bb15e43 c:\windows\ServicePackFiles\i386\spoolsv.exe
04/14/2008 02:00 PM 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\system32\spoolsv.exe
04/14/2008 02:00 PM 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\system32\dllcache\spoolsv.exe
10/31/2007 12:33 AM 26112 371f47017847266ee67b5dbf4450c61f c:\windows\ServicePackFiles\i386\userinit.exe
04/14/2008 02:00 PM 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
04/14/2008 02:00 PM 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\dllcache\userinit.exe
10/31/2007 12:32 AM 295424 1de047476b49991ad30abf0f63a68977 c:\windows\ServicePackFiles\i386\termsrv.dll
04/14/2008 02:00 PM 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\termsrv.dll
04/14/2008 02:00 PM 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\dllcache\termsrv.dll
10/31/2007 12:31 AM 986624 903395d528efa871cc5c9fe789399760 c:\windows\ServicePackFiles\i386\kernel32.dll
04/14/2008 02:00 PM 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\system32\kernel32.dll
04/14/2008 02:00 PM 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\system32\dllcache\kernel32.dll
10/31/2007 12:32 AM 17408 bd5208439f06c939cffe3e2ecec19311 c:\windows\ServicePackFiles\i386\powrprof.dll
04/14/2008 02:00 PM 17408 50a166237a0fa771261275a405646cc0 c:\windows\system32\powrprof.dll
04/14/2008 02:00 PM 17408 50a166237a0fa771261275a405646cc0 c:\windows\system32\dllcache\powrprof.dll
10/31/2007 12:31 AM 110080 dfd5b67f8d700c33506944a168f3963b c:\windows\ServicePackFiles\i386\imm32.dll
04/14/2008 02:00 PM 110080 0da85218e92526972a821587e6a8bf8f c:\windows\system32\imm32.dll
04/14/2008 02:00 PM 110080 0da85218e92526972a821587e6a8bf8f c:\windows\system32\dllcache\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 02:00 PM 15360]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [12/11/2008 09:36 PM 155904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [03/18/2009 06:50 PM 4363504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [04/02/2009 08:08 AM 2790832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 02:00 PM 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 02:00 PM 455168]
"antinetcut2"="c:\program files\Anti Netcut\Anti NetCut.exe" [09/16/2006 02:37 PM 69694]
"Vistadrv"="e:\برامج\برامج منوعة\برنامج صغير لتحويل شكل الدرايف ( القرص ) للفيستا\Vista Drive Status\vsdrv.exe" [07/30/2006 03:37 AM 121089]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/31/2009 04:44 AM 185896]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [10/09/2008 08:18 AM 173408]
"igfxtray"="c:\windows\system32\igfxtray.exe" [10/14/2005 02:49 PM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [10/31/2006 02:00 PM 114688]
"igfxpers"="c:\windows\system32\igfxpers.exe" [10/31/2006 02:00 PM 94208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [03/02/2009 12:08 PM 209153]
"SigmatelSysTrayApp"="sttray.exe" [10/31/2006 02:00 PM 282624 c:\windows\sttray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 02:00 PM 15360]
c:\documents and settings\ں¥ê§_ي¤§î\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [12/20/2002 1:17:56 AM 57344]
StopCut.lnk - c:\program files\stopcut\StopCut.exe [11/6/2007 5:56:08 PM 57372]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VersionTrackerPro.lnk - c:\windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [4/3/2009 7:28:37 PM 53248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 10:19 PM 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Outlook Express"=c:\program files\Outlook Express\msimn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=c:\program files\Winamp\winampa.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [4/3/2009 9:07:22 PM 186625]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/3/2009 9:07:23 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [4/3/2009 9:07:22 PM 432897]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 2:00:00 PM 14336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [3/31/2009 2:22:19 AM 603904]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 7:31:34 PM 42000]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [12/11/2008 09:36 PM]
2009-04-01 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [10/22/2007 10:13 AM]
2009-04-01 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [10/22/2007 10:13 AM]
2009-04-03 c:\windows\Tasks\User_Feed_Synchronization-{BF76127F-B307-4C39-9015-73831139E73D}.job
- c:\windows\system32\msfeedssync.exe [03/08/2009 04:31 AM]
2009-04-03 c:\windows\Tasks\الصيانة بنقرة واحدة.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [12/11/2008 09:36 PM]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {D93AE0B7-9016-427C-853C-8817906C1874} = 66.11.234.90,66.11.234.91
TCP: {FE33E2FE-CD37-471F-A64B-D233909A7CC1} = 66.11.234.90,66.11.234.91
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-03 23:09:33
Windows 5.1.2600 Service Pack 3, v.5657 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\idmmbc.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 04/03/2009 23:10:21
ComboFix-quarantined-files.txt 2009-04-03 21:10:19
Pre-Run: 4,203,823,104 bytes free
Post-Run: 4,255,371,264 bytes free
265 --- E O F --- 2009-04-01 23:58:31
هذا تقرير ادة
ComboFix 09-04-01.01 - احمد_وجدى 04/03/2009 23:08:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.2550.2131 [GMT 2:00]
Running from: c:\documents and settings\احمد_وجدى\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\\setup.exe
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 21:07 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\DMCache
2009-04-03 19:07 --------- d-----w c:\program files\Avira
2009-04-03 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-03 17:37 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\VersionTracker Pro
2009-04-03 17:28 --------- d-----w c:\program files\TechTracker
2009-04-03 15:47 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\IDM
2009-04-03 07:51 --------- d-----w c:\program files\Winamp
2009-04-03 06:09 --------- d-----w c:\program files\EsetOnlineScanner
2009-04-02 23:17 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\QuickScan
2009-04-02 20:33 --------- d-----w c:\program files\Windows Media Components
2009-04-02 20:33 --------- d-----w c:\program files\Ashampoo
2009-04-02 20:32 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Thinstall
2009-04-02 18:23 --------- d-----w c:\program files\Axialis
2009-04-02 13:19 --------- d-----w c:\program files\nLite
2009-04-02 06:13 --------- d-----w c:\program files\Internet Download Manager
2009-04-01 23:48 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Uniblue
2009-04-01 23:47 --------- d-----w c:\program files\Uniblue
2009-04-01 21:17 --------- d-----w c:\program files\UltraISO
2009-04-01 21:16 --------- d-----w c:\program files\Common Files\EZB Systems
2009-04-01 21:10 --------- d-----w c:\program files\Vista Rainbar
2009-04-01 04:02 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Windows Search
2009-04-01 03:55 --------- d-----w c:\program files\Windows Desktop Search
2009-04-01 03:55 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Windows Desktop Search
2009-04-01 03:36 --------- d-----w c:\program files\Microsoft Silverlight
2009-04-01 01:14 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-31 22:09 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-31 16:22 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Boost Windows
2009-03-31 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\Ashampoo
2009-03-31 16:15 --------- d-----w c:\program files\netcut
2009-03-31 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-31 09:05 --------- d-----w c:\program files\Yahoo!
2009-03-31 09:05 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Yahoo!
2009-03-31 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-31 07:44 --------- d-----w c:\program files\hkSFV
2009-03-31 03:26 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-31 02:44 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-31 02:44 --------- d-----w c:\program files\Common Files\xing shared
2009-03-31 02:44 --------- d-----w c:\program files\Common Files\Real
2009-03-31 02:39 --------- d-----w c:\program files\Real
2009-03-31 01:56 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Media Player Classic
2009-03-31 00:51 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\TuneUp Software
2009-03-31 00:48 --------- d-----w c:\program files\Styler
2009-03-31 00:48 --------- d-----w c:\documents and settings\احمد_وجدى\Application Data\Styler
2009-03-31 00:46 --------- d-----w c:\program files\PowerMenu
2009-03-31 00:45 --------- d-----w c:\program files\Intel
2009-03-31 00:43 --------- d-----w c:\program files\Sigmatel
2009-03-31 00:42 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-31 00:39 --------- d-----w c:\program files\XP TCPIP Repair
2009-03-31 00:38 --------- d-----w c:\program files\DSL Speed
2009-03-31 00:38 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-31 00:38 --------- d-----w c:\program files\Anti Netcut
2009-03-31 00:38 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-31 00:37 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-03-31 00:37 286,720 ------w c:\windows\Setup1.exe
2009-03-31 00:37 --------- d-----w c:\program files\WinPcap
2009-03-31 00:37 --------- d-----w c:\program files\stopcut
2009-03-31 00:36 --------- d-----w c:\program files\Common Files\Intel
2009-03-31 00:22 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-03-31 00:22 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-03-31 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-31 00:20 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-31 00:09 --------- d-----w c:\program files\microsoft frontpage
2009-03-26 15:35 210,352 ----a-w c:\windows\system32\idmmbc.dll
2009-03-16 12:18 69,448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 12:18 517,448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 12:18 235,352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 12:18 22,360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-09 13:27 453,456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 13:27 4,178,264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 13:27 1,846,632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-08 02:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-02-13 09:31 55,640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-07 16:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 16:20 265,720 -c--a-w c:\windows\system32\msdbg2.dll
2009-01-07 16:20 26,112 -c--a-w c:\windows\system32\idndl.dll
2009-01-07 16:20 24,576 -c--a-w c:\windows\system32\nlsdl.dll
2009-01-07 16:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2006-09-16 14:20 3,808 -c--a-w c:\program files\SETUP.LST
2006-09-16 14:20 1,880,140 -c--a-w c:\program files\Anti NetCut.CAB
.
------- Sigcheck -------
10/31/2007 12:32 AM 14336 9ae650ad5d3df02fbd28ce26746cca5b c:\windows\ServicePackFiles\i386\svchost.exe
04/14/2008 02:00 PM 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\system32\svchost.exe
04/14/2008 02:00 PM 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\system32\dllcache\svchost.exe
10/31/2007 12:32 AM 578560 d988e5d722cee54ace40d000a191e5cc c:\windows\ServicePackFiles\i386\user32.dll
04/14/2008 02:00 PM 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\user32.dll
04/14/2008 02:00 PM 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\system32\dllcache\user32.dll
10/31/2007 12:32 AM 82432 6627e8084166e142b8f4e970a6c23489 c:\windows\ServicePackFiles\i386\ws2_32.dll
04/14/2008 02:00 PM 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\system32\ws2_32.dll
04/14/2008 02:00 PM 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\system32\dllcache\ws2_32.dll
10/31/2007 12:33 AM 507904 56adf995fff58eb7d0dd0819343fb0eb c:\windows\ServicePackFiles\i386\winlogon.exe
04/14/2008 02:00 PM 507904 ed0ef0a136dec83df69f04118870003e c:\windows\system32\winlogon.exe
04/14/2008 02:00 PM 507904 ed0ef0a136dec83df69f04118870003e c:\windows\system32\dllcache\winlogon.exe
10/30/2007 07:33 PM 182656 f2bc1026931be54ef3134f7586b7ef8c c:\windows\ServicePackFiles\i386\ndis.sys
04/14/2008 02:00 PM 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
04/14/2008 02:00 PM 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
10/30/2007 06:41 PM 36608 01101d3c7934ac2318a3880e33ae60a0 c:\windows\ServicePackFiles\i386\ip6fw.sys
04/14/2008 02:00 PM 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\dllcache\ip6fw.sys
04/14/2008 02:00 PM 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys
04/14/2008 02:00 PM 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\explorer.exe
10/31/2007 12:32 AM 1033728 54b20714bcf2c49a4c3a182ee24e7736 c:\windows\ServicePackFiles\i386\explorer.exe
04/14/2008 02:00 PM 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\system32\dllcache\explorer.exe
10/31/2007 12:32 AM 108544 18fb4870d9b53aedab08fb404133a1c5 c:\windows\ServicePackFiles\i386\services.exe
04/14/2008 02:00 PM 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\system32\services.exe
04/14/2008 02:00 PM 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\system32\dllcache\services.exe
10/31/2007 12:32 AM 13312 99592b6ce7fc25a4f69692f7092ee455 c:\windows\ServicePackFiles\i386\lsass.exe
04/14/2008 02:00 PM 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\system32\lsass.exe
04/14/2008 02:00 PM 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\system32\dllcache\lsass.exe
10/31/2007 12:32 AM 15360 44a23969244da9d90ac46b6879dfe6e2 c:\windows\ServicePackFiles\i386\ctfmon.exe
04/14/2008 02:00 PM 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\system32\ctfmon.exe
04/14/2008 02:00 PM 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\system32\dllcache\ctfmon.exe
10/31/2007 12:32 AM 57856 1c97a84d6940a56eae099ec61bb15e43 c:\windows\ServicePackFiles\i386\spoolsv.exe
04/14/2008 02:00 PM 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\system32\spoolsv.exe
04/14/2008 02:00 PM 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\system32\dllcache\spoolsv.exe
10/31/2007 12:33 AM 26112 371f47017847266ee67b5dbf4450c61f c:\windows\ServicePackFiles\i386\userinit.exe
04/14/2008 02:00 PM 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
04/14/2008 02:00 PM 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\dllcache\userinit.exe
10/31/2007 12:32 AM 295424 1de047476b49991ad30abf0f63a68977 c:\windows\ServicePackFiles\i386\termsrv.dll
04/14/2008 02:00 PM 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\termsrv.dll
04/14/2008 02:00 PM 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\dllcache\termsrv.dll
10/31/2007 12:31 AM 986624 903395d528efa871cc5c9fe789399760 c:\windows\ServicePackFiles\i386\kernel32.dll
04/14/2008 02:00 PM 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\system32\kernel32.dll
04/14/2008 02:00 PM 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\system32\dllcache\kernel32.dll
10/31/2007 12:32 AM 17408 bd5208439f06c939cffe3e2ecec19311 c:\windows\ServicePackFiles\i386\powrprof.dll
04/14/2008 02:00 PM 17408 50a166237a0fa771261275a405646cc0 c:\windows\system32\powrprof.dll
04/14/2008 02:00 PM 17408 50a166237a0fa771261275a405646cc0 c:\windows\system32\dllcache\powrprof.dll
10/31/2007 12:31 AM 110080 dfd5b67f8d700c33506944a168f3963b c:\windows\ServicePackFiles\i386\imm32.dll
04/14/2008 02:00 PM 110080 0da85218e92526972a821587e6a8bf8f c:\windows\system32\imm32.dll
04/14/2008 02:00 PM 110080 0da85218e92526972a821587e6a8bf8f c:\windows\system32\dllcache\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 02:00 PM 15360]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [12/11/2008 09:36 PM 155904]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [03/18/2009 06:50 PM 4363504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [04/02/2009 08:08 AM 2790832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 02:00 PM 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [04/14/2008 02:00 PM 455168]
"antinetcut2"="c:\program files\Anti Netcut\Anti NetCut.exe" [09/16/2006 02:37 PM 69694]
"Vistadrv"="e:\برامج\برامج منوعة\برنامج صغير لتحويل شكل الدرايف ( القرص ) للفيستا\Vista Drive Status\vsdrv.exe" [07/30/2006 03:37 AM 121089]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/31/2009 04:44 AM 185896]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [10/09/2008 08:18 AM 173408]
"igfxtray"="c:\windows\system32\igfxtray.exe" [10/14/2005 02:49 PM 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [10/31/2006 02:00 PM 114688]
"igfxpers"="c:\windows\system32\igfxpers.exe" [10/31/2006 02:00 PM 94208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [03/02/2009 12:08 PM 209153]
"SigmatelSysTrayApp"="sttray.exe" [10/31/2006 02:00 PM 282624 c:\windows\sttray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 02:00 PM 15360]
c:\documents and settings\ں¥ê§_ي¤§î\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [12/20/2002 1:17:56 AM 57344]
StopCut.lnk - c:\program files\stopcut\StopCut.exe [11/6/2007 5:56:08 PM 57372]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VersionTrackerPro.lnk - c:\windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [4/3/2009 7:28:37 PM 53248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [5/26/2008 10:19:14 PM 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 10:19 PM 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Outlook Express"=c:\program files\Outlook Express\msimn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=c:\program files\Winamp\winampa.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [4/3/2009 9:07:22 PM 186625]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/3/2009 9:07:23 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [4/3/2009 9:07:22 PM 432897]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 2:00:00 PM 14336]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [3/31/2009 2:22:19 AM 603904]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 7:31:34 PM 42000]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [12/11/2008 09:36 PM]
2009-04-01 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [10/22/2007 10:13 AM]
2009-04-01 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [10/22/2007 10:13 AM]
2009-04-03 c:\windows\Tasks\User_Feed_Synchronization-{BF76127F-B307-4C39-9015-73831139E73D}.job
- c:\windows\system32\msfeedssync.exe [03/08/2009 04:31 AM]
2009-04-03 c:\windows\Tasks\الصيانة بنقرة واحدة.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [12/11/2008 09:36 PM]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {D93AE0B7-9016-427C-853C-8817906C1874} = 66.11.234.90,66.11.234.91
TCP: {FE33E2FE-CD37-471F-A64B-D233909A7CC1} = 66.11.234.90,66.11.234.91
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-03 23:09:33
Windows 5.1.2600 Service Pack 3, v.5657 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\idmmbc.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 04/03/2009 23:10:21
ComboFix-quarantined-files.txt 2009-04-03 21:10:19
Pre-Run: 4,203,823,104 bytes free
Post-Run: 4,255,371,264 bytes free
265 --- E O F --- 2009-04-01 23:58:31
تأييد
0