فحص تقرير الهايجك

[العراقي nit]

السلام عليكم
لو سمحتوا ممكن فحص هذا التقرير مع الشكر الجزيل​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:04:25 ص, on 06/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winsersec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\sdaemon.exe
C:\WINDOWS\winwd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\hamza\My Documents\Downloads\Music\Faster.exe
C:\Documents and Settings\hamza\Desktop\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - HKLM\..\Run: [SWd] C:\WINDOWS\winwd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: winser - Unknown owner - C:\WINDOWS\system32\winsersec.exe
--
End of file - 6706 bytes
​

 

[ابـــو عــبــد الــلــه]

وعليكم السلام


اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

​

 

[العراقي nit]

عليكم السلام
تفضل اخي الغالي ابو ريما هذا تقرير الاداة ​

ComboFix 09-04-04.01 - hamza 04/06/2009 10:38:08.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1014.695 [GMT 3:00]
Running from: c:\documents and settings\hamza\My Documents\Downloads\Programs\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\hamza\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\hamza\LOCALS~1\Temp\tmp2.tmp
.
((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 06:51 --------- d-----w c:\program files\UZC Trial
2009-03-29 08:07 160,138 ----a-w c:\windows\Sqirlz Water Reflections Uninstaller.exe
2009-03-29 08:07 --------- d-----w c:\program files\Sqirlz Water Reflections
2009-03-28 19:33 --------- d-----w c:\program files\ma-config.com
2009-03-28 19:33 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-28 06:58 --------- d-----w c:\documents and settings\hamza\Application Data\Axialis
2009-03-28 06:57 --------- d-----w c:\program files\Axialis
2009-03-27 18:57 --------- d-----w c:\program files\Drawing for Children
2009-03-27 08:23 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-26 19:14 --------- d-----w c:\program files\Wireless WEP Key Password Spy
2009-03-26 19:10 --------- d-----w c:\program files\netcut
2009-03-26 09:08 --------- d-----w c:\program files\QuickWiz(2)
2009-03-25 08:57 --------- d-----w c:\documents and settings\hamza\Application Data\Thinstall
2009-03-24 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-24 07:03 --------- d-----w c:\program files\security
2009-03-23 16:02 --------- d-----w c:\program files\Common Files\GuruNet Shared
2009-03-23 16:02 --------- d-----w c:\program files\Common Files\Accent Shared
2009-03-23 07:51 --------- d-----w c:\program files\USB Disk Security
2009-03-20 16:44 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-03-20 16:44 172,032 ------w c:\windows\Setup1.exe
2009-03-16 14:18 --------- d-----w c:\documents and settings\hamza\Application Data\AntsSoft
2009-03-10 07:45 --------- d-----w c:\documents and settings\hamza\Application Data\Faces
2009-03-08 18:35 --------- d-----w c:\program files\Auslogics
2009-03-08 18:35 --------- d-----w c:\documents and settings\hamza\Application Data\Auslogics
2009-03-08 09:29 --------- d-----w c:\documents and settings\hamza\Application Data\IDM
2009-03-08 09:28 --------- d-----w c:\program files\Internet Download Manager
2009-03-05 07:27 --------- d-----w c:\program files\Driver-Soft
2009-03-04 14:57 --------- d-----w c:\program files\DFX
2009-03-04 14:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-04 07:11 --------- d-----w c:\documents and settings\hamza\Application Data\Media Player Classic
2009-03-02 06:46 44,544 ------w c:\windows\AWuninstall.exe
2009-03-02 06:46 --------- d-----w c:\program files\Lokas
2009-03-01 07:20 --------- d-----w c:\documents and settings\hamza\Application Data\CyberLink
2009-03-01 07:17 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-01 07:15 --------- d-----w c:\program files\CyberLink
2009-02-17 08:46 --------- d-----w c:\program files\Common Files\Nero
2009-02-17 08:43 --------- d-----w c:\program files\Common Files\Ahead
2009-02-17 08:43 --------- d-----w c:\program files\Ahead
2009-02-17 08:06 --------- d-----w c:\program files\Common Files\Adobe
2009-02-16 13:10 --------- d-----w c:\program files\WIDCOMM
2009-02-16 10:25 --------- d-----w c:\program files\ShaPlus Google Translator
2009-02-16 06:33 --------- d-----w c:\documents and settings\All Users\Application Data\DFX
2009-02-16 06:13 --------- d-----w c:\documents and settings\hamza\Application Data\Avira
2009-02-16 06:05 --------- d-----w c:\program files\Windows Live
2009-02-14 21:29 --------- d-----w c:\documents and settings\hamza\Application Data\DMCache
2009-02-14 10:02 --------- d-----w c:\documents and settings\hamza\Application Data\CyberScrub
2009-02-14 10:02 --------- d-----w c:\documents and settings\hamza\Application Data\cleaner
2009-02-14 09:57 --------- d-----w c:\program files\Common Files\xing shared
2009-02-14 09:56 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-14 09:56 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-14 09:56 --------- d-----w c:\program files\Real
2009-02-14 09:56 --------- d-----w c:\program files\Google
2009-02-14 09:56 --------- d-----w c:\program files\Common Files\Real
2009-02-14 09:42 --------- d-----w c:\program files\Yahoo!
2009-02-14 09:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-14 09:26 --------- d-----w c:\program files\GRETECH
2009-02-14 09:26 --------- d-----w c:\documents and settings\hamza\Application Data\GRETECH
2009-02-14 09:26 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-02-14 09:24 --------- d-----w c:\program files\Avira
2009-02-14 09:24 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-02-14 09:08 --------- d-----w c:\program files\CONEXANT
2009-02-14 09:06 --------- d-----w c:\program files\Hewlett-Packard
2009-02-14 09:00 --------- d-----w c:\program files\DIFX
2009-02-14 08:56 --------- d-----w c:\program files\Marvell
2009-02-14 08:56 --------- d-----w c:\documents and settings\hamza\Application Data\TMP
2009-02-14 08:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-14 08:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-02-14 08:52 --------- d-----w c:\program files\DellTPad
2009-02-14 08:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-14 08:49 --------- d-----w c:\program files\SigmaTel
2009-02-14 08:48 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-14 08:47 --------- d-----w c:\program files\Dell
2009-02-14 08:43 --------- d-----w c:\program files\Intel
2009-02-14 08:28 --------- d-----w c:\program files\microsoft frontpage
2009-01-28 11:23 663,552 ------w c:\windows\system32\NETw5c32.dll
2009-01-28 11:23 2,756,608 ----a-r c:\windows\system32\NETw5r32.dll
2009-01-22 14:49 206,256 ----a-w c:\windows\system32\idmmbc.dll
.
((((((((((((((((((((((((((((( SnapShot@Fri 03-27-2009_ 9.24.01.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-04-18 21:57:20 92,160 ----a-w c:\windows\netlock.dll
+ 2005-04-18 21:57:18 58,368 ----a-w c:\windows\pcsecshext.dll
+ 2005-04-18 21:57:16 111,104 ----a-w c:\windows\sdaemon.exe
+ 1997-06-06 23:52:10 11,264 ----a-w c:\windows\sporder.dll
+ 2005-04-18 21:57:44 20,224 ----a-w c:\windows\system32\drivers\2kwinsec.sys
+ 2005-04-18 21:57:30 20,352 ----a-w c:\windows\system32\drivers\winsec.sys
- 2009-03-27 05:56:14 40,326 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-06 07:20:38 40,326 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-27 05:56:14 311,938 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-06 07:20:38 311,938 ----a-w c:\windows\system32\perfh009.dat
+ 2005-04-13 22:37:28 69,632 ----a-w c:\windows\system32\servdll.dll
+ 2005-04-13 22:37:34 53,248 ----a-w c:\windows\system32\winsersec.exe
+ 2005-04-18 21:56:42 26,624 ----a-w c:\windows\winwd.exe
+ 2005-04-18 21:56:44 36,352 ----a-w c:\windows\wsec32hk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 09:49 PM 4662776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [08/16/2007 04:19 PM 5728112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [03/08/2009 09:09 PM 2745776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 03:00 PM 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:00 PM 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [05/16/2007 07:50 PM 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [05/16/2007 07:50 PM 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [05/16/2007 07:50 PM 137752]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM 405504]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [05/10/2007 01:01 AM 36864]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [06/12/2008 02:28 PM 266497]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [07/13/2008 11:26 PM 753664]
"SDaemon"="c:\windows\sdaemon.exe" [04/19/2005 12:57 AM 111104]
"SWd"="c:\windows\winwd.exe" [04/19/2005 12:56 AM 26624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [2005-04-19 20352]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-02-14 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-02-14 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-02-14 41217]
R2 winser;winser;c:\windows\system32\winsersec.exe [2005-04-14 53248]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-02-14 108032]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [2009-02-14 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2009-02-14 235584]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2009-02-14 7424]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.SYS [2009-02-14 194304]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-03 32512]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: avsda.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-06 10:39:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):25,88,e2,c7,b3,ec,50,cb,38,5f,12,f2,ca,21,e2,87,63,42,23,dd,99,
b2,ce,c2,e0,79,09,d0,9a,8b,9c,d6,84,98,fb,c4,f0,c1,67,c8,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{882e8f70-c422-47c8-b39a-72b04c201561}]
@Denied: (Full) (Everyone)
"Model"=dword:00000042
"Therad"=dword:00000017
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1228)
c:\windows\system32\avsda.dll
.
Completion time: 04/06/2009 10:40:16
ComboFix-quarantined-files.txt 2009-04-06 07:40:14
Pre-Run: 20,578,320,384 bytes free
Post-Run: 20,709,081,088 bytes free
207 --- E O F --- 2009-03-22 15:42:06​

 

[العراقي nit]

ايـــــــــــــــــــــــــــــــــــــــــــــــــــــــــــن الرد​

 

[العراقي nit]

ويــ ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟نــــــــــــكم

 

[العراقي nit]

ويــــــــــــــــــــــــــــن الـــــــــــــــــــــــــــــــرد ياخــــــــــــــــــــــــــــبراء

 

[Demo-dashDemo-dash is verified member.]

افحص جهازك بـ

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفق التقرير بردك القادم
​