كاسبر سكاي
زيزوومى فعال
غير متصل
بسم الله الرحمن الرحيم
طلعت لي مشكلة ادارة المهام و الريجستري ومشكله ثانيه مادري وش هي
وهذه الصورطلعت لي مشكلة ادارة المهام و الريجستري ومشكله ثانيه مادري وش هي
- بادئ الموضوع كاسبر سكاي
- تاريخ البدء
- 2,275
PrinceOfPersia
زيزوومي VIP
- إنضم
- 19 أبريل 2008
- المشاركات
- 4,718
- مستوى التفاعل
- 7,773
- النقاط
- 1,220
- الإقامة
- الكويت
- الموقع الالكتروني
- forum.zyzoom.net
غير متصل
السلام عليكم
موضوع الريجستري والمهام
الحل هنا بإذن الله
موضوع الريجستري والمهام
الحل هنا بإذن الله
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : PrinceOfPersia
تأييد
0
MAAX
عضوشرف
غير متصل
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
تأييد
0
كاسبر سكاي
زيزوومى فعال
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:37 PM, on 4/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\sara\LOCALS~1\Temp\urpjm.exe
C:\DOCUME~1\sara\LOCALS~1\Temp\winreoy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\sara\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=Explorer.exe "C:\DOCUME~1\sara\LOCALS~1\Temp\winKjz2RF4nBPipfZ.exe"
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - Startup: خادم الجمل.lnk = C:\camel\camelserver.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CamelApache - Unknown owner - C:\camel\apache\apache.exe (file missing)
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 6089 bytes
Scan saved at 5:14:37 PM, on 4/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\sara\LOCALS~1\Temp\urpjm.exe
C:\DOCUME~1\sara\LOCALS~1\Temp\winreoy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\sara\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=Explorer.exe "C:\DOCUME~1\sara\LOCALS~1\Temp\winKjz2RF4nBPipfZ.exe"
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - Startup: خادم الجمل.lnk = C:\camel\camelserver.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CamelApache - Unknown owner - C:\camel\apache\apache.exe (file missing)
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 6089 bytes
توقيع : كاسبر سكاي
تأييد
0
MAAX
عضوشرف
غير متصل
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
تأييد
0
كاسبر سكاي
زيزوومى فعال
غير متصل
ترى مااعاد تشغيل الجهاز يوم سويت الفح صالاخير
ComboFix 09-04-04.01 - sara 2009-04-11 17:28:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.502.105 [GMT 3:00]
Running from: c:\documents and settings\sara\Desktop\قرآشيع سطح المكتب\زيزوم\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\str.sys
c:\windows\system32\kakle.dll
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.
2009-04-11 15:31 . 2009-04-11 15:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-04-08 16:33 . 2009-04-09 11:08 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-08 16:33 . 2009-04-08 16:33 1,409 --a------ c:\windows\QTFont.for
2009-04-07 15:54 . 2009-04-07 15:54 7,168 --ahs---- c:\windows\Thumbs.db
2009-03-29 17:32 . 2009-03-29 17:32 6,912,054 --a------ c:\windows\startup.bmp
2009-03-29 17:32 . 2004-08-03 19:56 218,624 --a------ c:\windows\system32\uxtheme.backup
2009-03-29 17:25 . 2009-03-29 17:32 <DIR> d-------- c:\windows\VistaMizer
2009-03-27 22:08 . 2009-03-27 22:09 <DIR> d-------- c:\program files\ScrollBar
2009-03-27 22:08 . 2009-03-27 22:08 <DIR> d-------- c:\documents and settings\sara\Application Data\Sam Francke
2009-03-26 23:45 . 2005-09-16 14:57 94,208 --a------ c:\windows\system32\TCtrlCommon.dll
2009-03-26 23:45 . 2005-09-16 14:57 73,728 --a------ c:\windows\system32\TDispVol.exe
2009-03-26 23:45 . 2002-03-03 04:40 45,056 --a------ c:\windows\system32\TDispVol.dll
2009-03-24 16:16 . 2009-03-24 16:16 552 --a------ c:\windows\system32\d3d8caps.dat
2009-03-19 17:01 . 2009-03-22 11:06 7,168 --a------ c:\windows\hello.exe
2009-03-11 20:48 . 2009-03-16 20:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-11 06:09 . 2009-03-11 06:09 268 --ah----- C:\sqmdata01.sqm
2009-03-11 06:09 . 2009-03-11 06:09 244 --ah----- C:\sqmnoopt01.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
2004-08-03 19:56 801280 8c27c9aea4f6e83675801f18697e753d c:\windows\system32\wininet.dll
2004-08-03 19:56 801280 8c27c9aea4f6e83675801f18697e753d c:\windows\system32\dllcache\wininet.dll
2004-08-03 19:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\VistaMizer\old\wininet.dll
2004-08-03 19:56 541696 55aca85eb80e2155e20211aaaddd711a c:\windows\system32\winlogon.exe
2004-08-03 19:56 541696 55aca85eb80e2155e20211aaaddd711a c:\windows\system32\dllcache\winlogon.exe
2004-08-03 19:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\VistaMizer\old\winlogon.exe
2004-08-03 20:05 2272256 002e42dc877017a8357ad28953cf4340 c:\windows\system32\ntkrnlpa.exe
2004-08-03 20:05 2015232 fb142b7007ca2eea76966c6c5cc12150 c:\windows\VistaMizer\old\ntkrnlpa.exe
2004-08-03 18:18 2405376 7e51de9afbc06bae346235bfd6f63a00 c:\windows\system32\ntoskrnl.exe
2004-08-03 18:18 2148352 626309040459c3915997ef98ec1c8d40 c:\windows\VistaMizer\old\ntoskrnl.exe
2004-08-03 19:56 1550336 49290030ce8bb6a2c5af4339b122261f c:\windows\explorer.exe
2004-08-03 19:56 1550336 49290030ce8bb6a2c5af4339b122261f c:\windows\system32\dllcache\explorer.exe
2004-08-03 19:56 1032192 a0732187050030ae399b241436565e64 c:\windows\VistaMizer\old\explorer.exe
2004-08-03 19:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 c:\windows\system32\ctfmon.exe
2004-08-03 19:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 c:\windows\system32\dllcache\ctfmon.exe
2004-08-03 19:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-13 5793816]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 25088]
"DriverCure"="c:\program files\ParetoLogic\DriverCure\DriverCure.exe" [2009-01-21 2974800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-13 290845]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 473232]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 c:\windows\RTHDCPL.EXE]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-16 c:\windows\system32\TDispVol.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-12-20 2752512]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-11-30 6444616]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\sara\\Desktop\\برآمج وتعاريف\\BlueSoleil 6.4.240.2_Crack\\BlueSoleilCS.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\The KMPlayer\\KMPlayer.exe"=
"c:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ParetoLogic\\DriverCure\\DriverCure.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [2008-01-17 24635]
R2 ISD;Intel(r) 82802 Firmware Hub Device (Intel(r) Security Driver);c:\windows\system32\drivers\ISECDRV.SYS [2009-01-28 32108]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-13 179856]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\kqprdn.sys --> c:\windows\system32\drivers\kqprdn.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-13 15504]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-01-28 27632]
S2 CamelApache;CamelApache;"c:\camel\apache\apache.exe" --ntservice --> c:\camel\apache\apache.exe [?]
S2 yfknyqz;yfknyqz;\??\c:\windows\system32\drivers\srwgapggv.sys --> c:\windows\system32\drivers\srwgapggv.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 30088]
S3 CamelMysql;CamelMysql;c:\camel\mysql\bin\mysqld-nt.exe --defaults-file="c:\camel\mysql\ini\my.ini" CamelMysql --> c:\camel\mysql\bin\mysqld-nt.exe --defaults-file=c:\camel\mysql\ini\my.ini [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{391c5a62-f924-11dd-8a3b-0018dea75ad9}]
\sHell\AUTOplaY\coMmAnD - D:\deov.pif
\sHell\AutoRun\command - D:\deov.pif
\sHell\eXpLore\CommAND - D:\deov.pif
\sHell\open\cOmMAnd - D:\deov.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c4458e-ee22-11dd-8a25-0018dea75ad9}]
\SheLL\AUtOplay\ComMand - E:\ichqj.cmd
\SheLL\AutoRun\command - E:\ichqj.cmd
\SheLL\exploRe\COMmanD - E:\ichqj.cmd
\SheLL\opeN\COmmANd - E:\ichqj.cmd
.
Contents of the 'Scheduled Tasks' folder
2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-04-08 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-01-21 08:38]
2009-04-07 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 08:36]
2009-04-10 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-02-13 02:39]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\sara\Application Data\Mozilla\Firefox\Profiles\o1sy6ywa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-11 17:33:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
Completion time: 2009-04-11 17:35:53
ComboFix-quarantined-files.txt 2009-04-11 14:35:51
Pre-Run: 144,080,928,768 bytes free
Post-Run: 145,721,323,520 bytes free
193
ComboFix 09-04-04.01 - sara 2009-04-11 17:28:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.502.105 [GMT 3:00]
Running from: c:\documents and settings\sara\Desktop\قرآشيع سطح المكتب\زيزوم\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\str.sys
c:\windows\system32\kakle.dll
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.
2009-04-11 15:31 . 2009-04-11 15:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-04-08 16:33 . 2009-04-09 11:08 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-08 16:33 . 2009-04-08 16:33 1,409 --a------ c:\windows\QTFont.for
2009-04-07 15:54 . 2009-04-07 15:54 7,168 --ahs---- c:\windows\Thumbs.db
2009-03-29 17:32 . 2009-03-29 17:32 6,912,054 --a------ c:\windows\startup.bmp
2009-03-29 17:32 . 2004-08-03 19:56 218,624 --a------ c:\windows\system32\uxtheme.backup
2009-03-29 17:25 . 2009-03-29 17:32 <DIR> d-------- c:\windows\VistaMizer
2009-03-27 22:08 . 2009-03-27 22:09 <DIR> d-------- c:\program files\ScrollBar
2009-03-27 22:08 . 2009-03-27 22:08 <DIR> d-------- c:\documents and settings\sara\Application Data\Sam Francke
2009-03-26 23:45 . 2005-09-16 14:57 94,208 --a------ c:\windows\system32\TCtrlCommon.dll
2009-03-26 23:45 . 2005-09-16 14:57 73,728 --a------ c:\windows\system32\TDispVol.exe
2009-03-26 23:45 . 2002-03-03 04:40 45,056 --a------ c:\windows\system32\TDispVol.dll
2009-03-24 16:16 . 2009-03-24 16:16 552 --a------ c:\windows\system32\d3d8caps.dat
2009-03-19 17:01 . 2009-03-22 11:06 7,168 --a------ c:\windows\hello.exe
2009-03-11 20:48 . 2009-03-16 20:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-11 06:09 . 2009-03-11 06:09 268 --ah----- C:\sqmdata01.sqm
2009-03-11 06:09 . 2009-03-11 06:09 244 --ah----- C:\sqmnoopt01.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
2004-08-03 19:56 801280 8c27c9aea4f6e83675801f18697e753d c:\windows\system32\wininet.dll
2004-08-03 19:56 801280 8c27c9aea4f6e83675801f18697e753d c:\windows\system32\dllcache\wininet.dll
2004-08-03 19:56 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\VistaMizer\old\wininet.dll
2004-08-03 19:56 541696 55aca85eb80e2155e20211aaaddd711a c:\windows\system32\winlogon.exe
2004-08-03 19:56 541696 55aca85eb80e2155e20211aaaddd711a c:\windows\system32\dllcache\winlogon.exe
2004-08-03 19:56 502272 01c3346c241652f43aed8e2149881bfe c:\windows\VistaMizer\old\winlogon.exe
2004-08-03 20:05 2272256 002e42dc877017a8357ad28953cf4340 c:\windows\system32\ntkrnlpa.exe
2004-08-03 20:05 2015232 fb142b7007ca2eea76966c6c5cc12150 c:\windows\VistaMizer\old\ntkrnlpa.exe
2004-08-03 18:18 2405376 7e51de9afbc06bae346235bfd6f63a00 c:\windows\system32\ntoskrnl.exe
2004-08-03 18:18 2148352 626309040459c3915997ef98ec1c8d40 c:\windows\VistaMizer\old\ntoskrnl.exe
2004-08-03 19:56 1550336 49290030ce8bb6a2c5af4339b122261f c:\windows\explorer.exe
2004-08-03 19:56 1550336 49290030ce8bb6a2c5af4339b122261f c:\windows\system32\dllcache\explorer.exe
2004-08-03 19:56 1032192 a0732187050030ae399b241436565e64 c:\windows\VistaMizer\old\explorer.exe
2004-08-03 19:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 c:\windows\system32\ctfmon.exe
2004-08-03 19:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 c:\windows\system32\dllcache\ctfmon.exe
2004-08-03 19:56 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-13 5793816]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 25088]
"DriverCure"="c:\program files\ParetoLogic\DriverCure\DriverCure.exe" [2009-01-21 2974800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-13 290845]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 473232]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 c:\windows\RTHDCPL.EXE]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-16 c:\windows\system32\TDispVol.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-12-20 2752512]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-11-30 6444616]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\sara\\Desktop\\برآمج وتعاريف\\BlueSoleil 6.4.240.2_Crack\\BlueSoleilCS.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\The KMPlayer\\KMPlayer.exe"=
"c:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ParetoLogic\\DriverCure\\DriverCure.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [2008-01-17 24635]
R2 ISD;Intel(r) 82802 Firmware Hub Device (Intel(r) Security Driver);c:\windows\system32\drivers\ISECDRV.SYS [2009-01-28 32108]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-13 179856]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\kqprdn.sys --> c:\windows\system32\drivers\kqprdn.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-13 15504]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-01-28 27632]
S2 CamelApache;CamelApache;"c:\camel\apache\apache.exe" --ntservice --> c:\camel\apache\apache.exe [?]
S2 yfknyqz;yfknyqz;\??\c:\windows\system32\drivers\srwgapggv.sys --> c:\windows\system32\drivers\srwgapggv.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 30088]
S3 CamelMysql;CamelMysql;c:\camel\mysql\bin\mysqld-nt.exe --defaults-file="c:\camel\mysql\ini\my.ini" CamelMysql --> c:\camel\mysql\bin\mysqld-nt.exe --defaults-file=c:\camel\mysql\ini\my.ini [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{391c5a62-f924-11dd-8a3b-0018dea75ad9}]
\sHell\AUTOplaY\coMmAnD - D:\deov.pif
\sHell\AutoRun\command - D:\deov.pif
\sHell\eXpLore\CommAND - D:\deov.pif
\sHell\open\cOmMAnd - D:\deov.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c4458e-ee22-11dd-8a25-0018dea75ad9}]
\SheLL\AUtOplay\ComMand - E:\ichqj.cmd
\SheLL\AutoRun\command - E:\ichqj.cmd
\SheLL\exploRe\COMmanD - E:\ichqj.cmd
\SheLL\opeN\COmmANd - E:\ichqj.cmd
.
Contents of the 'Scheduled Tasks' folder
2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-04-08 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-01-21 08:38]
2009-04-07 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 08:36]
2009-04-10 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-02-13 02:39]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\sara\Application Data\Mozilla\Firefox\Profiles\o1sy6ywa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-11 17:33:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
Completion time: 2009-04-11 17:35:53
ComboFix-quarantined-files.txt 2009-04-11 14:35:51
Pre-Run: 144,080,928,768 bytes free
Post-Run: 145,721,323,520 bytes free
193
توقيع : كاسبر سكاي
تأييد
0
كاسبر سكاي
زيزوومى فعال
غير متصل
تقريرهايجك جديد
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:24 PM, on 4/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sara\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - Startup: خادم الجمل.lnk = C:\camel\camelserver.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CamelApache - Unknown owner - C:\camel\apache\apache.exe (file missing)
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5789 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:24 PM, on 4/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sara\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ??C?I E???? C?II?? ??? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - Startup: خادم الجمل.lnk = C:\camel\camelserver.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CamelApache - Unknown owner - C:\camel\apache\apache.exe (file missing)
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5789 bytes
توقيع : كاسبر سكاي
تأييد
0
كاسبر سكاي
زيزوومى فعال
غير متصل
سويت سكان ببرنامج الحمايه اللي عندي عطاني هالتقرير ..يفيد ؟
Malwarebytes' Anti-Malware 1.34
إصدار قاعدة البيانات: 1757
Windows 5.1.2600 Service Pack 2
4/11/2009 5:50:43 PM
mbam-log-2009-04-11 (17-50-36).txt
نوع الفحص: فحص سريع
العناصر المفحوصة: 59296
الوقت المنقضي: 3 minute(s), 14 second(s)
عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 0
قيم التسجيل المصابة: 0
عناصر بيانات التسجيل المصابة: 2
المجلدات المصابة: 0
الملفات المصابة: 0
عمليات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
وحدات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
مفاتيح التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
قيم التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
عناصر بيانات التسجيل المصابة:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
المجلدات المصابة:
(لم يتم كشف عناصر خبيثة)
الملفات المصابة:
(لم يتم كشف عناصر خبيثة)
Malwarebytes' Anti-Malware 1.34
إصدار قاعدة البيانات: 1757
Windows 5.1.2600 Service Pack 2
4/11/2009 5:50:43 PM
mbam-log-2009-04-11 (17-50-36).txt
نوع الفحص: فحص سريع
العناصر المفحوصة: 59296
الوقت المنقضي: 3 minute(s), 14 second(s)
عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 0
قيم التسجيل المصابة: 0
عناصر بيانات التسجيل المصابة: 2
المجلدات المصابة: 0
الملفات المصابة: 0
عمليات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
وحدات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
مفاتيح التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
قيم التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
عناصر بيانات التسجيل المصابة:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
المجلدات المصابة:
(لم يتم كشف عناصر خبيثة)
الملفات المصابة:
(لم يتم كشف عناصر خبيثة)
توقيع : كاسبر سكاي
تأييد
0
كاسبر سكاي
زيزوومى فعال
غير متصل
جيت اسوي النقطه اللي قلت بس جهازي انقليزي
هل هي هذه نفسها ؟:q:
هل هي هذه نفسها ؟:q:
توقيع : كاسبر سكاي
تأييد
0
كاسبر سكاي
زيزوومى فعال
غير متصل
هذه تقرير ببرنامج الحمايه اللي عندي
Malwarebytes' Anti-Malware 1.34
إصدار قاعدة البيانات: 1757
Windows 5.1.2600 Service Pack 2
4/11/2009 6:10:06 PM
mbam-log-2009-04-11 (18-09-56).txt
نوع الفحص: فحص سريع
العناصر المفحوصة: 59591
الوقت المنقضي: 3 minute(s), 13 second(s)
عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 0
قيم التسجيل المصابة: 0
عناصر بيانات التسجيل المصابة: 2
المجلدات المصابة: 0
الملفات المصابة: 0
عمليات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
وحدات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
مفاتيح التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
قيم التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
عناصر بيانات التسجيل المصابة:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
المجلدات المصابة:
(لم يتم كشف عناصر خبيثة)
الملفات المصابة:
(لم يتم كشف عناصر خبيثة)
Malwarebytes' Anti-Malware 1.34
إصدار قاعدة البيانات: 1757
Windows 5.1.2600 Service Pack 2
4/11/2009 6:10:06 PM
mbam-log-2009-04-11 (18-09-56).txt
نوع الفحص: فحص سريع
العناصر المفحوصة: 59591
الوقت المنقضي: 3 minute(s), 13 second(s)
عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 0
قيم التسجيل المصابة: 0
عناصر بيانات التسجيل المصابة: 2
المجلدات المصابة: 0
الملفات المصابة: 0
عمليات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
وحدات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
مفاتيح التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
قيم التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
عناصر بيانات التسجيل المصابة:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
المجلدات المصابة:
(لم يتم كشف عناصر خبيثة)
الملفات المصابة:
(لم يتم كشف عناصر خبيثة)
توقيع : كاسبر سكاي
تأييد
0
MAAX
عضوشرف
غير متصل
حمل الاداة التالية
شغلها فتظهر لك واجهة الاداة
احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغلها فتظهر لك واجهة الاداة
احتر خيار التنظيف فتظهر شاشة الدوس للفحص
اتركها حتى تنتهي ويظهر التقرير
انسخه والصقه بمشاركتك القادمة
تأييد
0
زمان الصمت
زيزوومى متألق
- إنضم
- 25 فبراير 2009
- المشاركات
- 474
- مستوى التفاعل
- 1
- النقاط
- 470
غير متصل
توقيع : زمان الصمت
تأييد
0
كاسبر سكاي
زيزوومى فعال
غير متصل
وهذا التقرير بعد التنظيف
Engine Version : 5300.2777
Engine Load Time : 23063 milliseconds
AV DAT Version : 5492.0000 488805 detections Built Sunday, January 11, 2009
Extra DAT : 0 detections
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (No Action Taken (Clean failed) )
Process : C:\DOCUME~1\sara\LOCALS~1\Temp\winhtru.exe : contains "Trojan" called "Spam-Mailbot" (Deleted )
Memory : Deleted
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\sara\NTUSER.DAT : Scan Failed
c:\Documents and Settings\sara\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\sara\Application Data\Mozilla\Firefox\Profiles\o1sy6ywa.default\parent.lock : Scan Failed
c:\Documents and Settings\sara\Application Data\Mozilla\Firefox\Profiles\o1sy6ywa.default\places.sqlite-journal : Scan Failed
File : c:\Documents and Settings\sara\Desktop\قرآشيع سطح المكتب\زيزوم\44\basic\avscan.exe : contains "Virus" called "W32/Sality.gen" (Cleaned )
c:\Documents and Settings\sara\Desktop\قرآشيع سطح المكتب\زيزوم\44\basic\avscan.exe : Repaired
c:\Documents and Settings\sara\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\sara\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\sara\Local Settings\Temp\etilqs_oSKxVv3it1wIna1diwRf : Scan Failed
c:\Documents and Settings\sara\Local Settings\Temp\Perflib_Perfdata_eb0.dat : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
Scanning the registry
Registry : Clean
Summary :-
FilesFound : 80697
FilesScanned : 51091
FilesNotScanned : 29606
ObjectsFound : 156978
ObjectsInfected : 53
ObjectsCleaned : 51
ObjectsDeleted : 1
FilesInfected : 1
FilesCleaned : 1
FilesMoved : 0
FilesDeleted : 0
Started at : 6:19:44 PM Saturday, April 11, 2009
Ended at : 7:15:07 PM Saturday, April 11, 2009
Duration : 55 minutes 23 seconds
6127 MB scanned in 3323 seconds = 1888 KB/s
Engine Version : 5300.2777
Engine Load Time : 23063 milliseconds
AV DAT Version : 5492.0000 488805 detections Built Sunday, January 11, 2009
Extra DAT : 0 detections
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (Cleaned )
Process : C:\WINDOWS\Explorer.EXE : contains "Trojan" called "W32/Sality!mem" (No Action Taken (Clean failed) )
Process : C:\DOCUME~1\sara\LOCALS~1\Temp\winhtru.exe : contains "Trojan" called "Spam-Mailbot" (Deleted )
Memory : Deleted
Please wait ... building list of critical files to scan
Critical : Clean
Scanning the computer's cookie directories
Cookies : Clean
c:\pagefile.sys : Scan Failed
c:\Documents and Settings\LocalService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\LocalService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\NTUSER.DAT : Scan Failed
c:\Documents and Settings\NetworkService\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\sara\NTUSER.DAT : Scan Failed
c:\Documents and Settings\sara\ntuser.dat.LOG : Scan Failed
c:\Documents and Settings\sara\Application Data\Mozilla\Firefox\Profiles\o1sy6ywa.default\parent.lock : Scan Failed
c:\Documents and Settings\sara\Application Data\Mozilla\Firefox\Profiles\o1sy6ywa.default\places.sqlite-journal : Scan Failed
File : c:\Documents and Settings\sara\Desktop\قرآشيع سطح المكتب\زيزوم\44\basic\avscan.exe : contains "Virus" called "W32/Sality.gen" (Cleaned )
c:\Documents and Settings\sara\Desktop\قرآشيع سطح المكتب\زيزوم\44\basic\avscan.exe : Repaired
c:\Documents and Settings\sara\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat : Scan Failed
c:\Documents and Settings\sara\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG : Scan Failed
c:\Documents and Settings\sara\Local Settings\Temp\etilqs_oSKxVv3it1wIna1diwRf : Scan Failed
c:\Documents and Settings\sara\Local Settings\Temp\Perflib_Perfdata_eb0.dat : Scan Failed
c:\WINDOWS\system32\config\default : Scan Failed
c:\WINDOWS\system32\config\default.LOG : Scan Failed
c:\WINDOWS\system32\config\SAM : Scan Failed
c:\WINDOWS\system32\config\SAM.LOG : Scan Failed
c:\WINDOWS\system32\config\SECURITY : Scan Failed
c:\WINDOWS\system32\config\SECURITY.LOG : Scan Failed
c:\WINDOWS\system32\config\software : Scan Failed
c:\WINDOWS\system32\config\software.LOG : Scan Failed
c:\WINDOWS\system32\config\system : Scan Failed
c:\WINDOWS\system32\config\system.LOG : Scan Failed
Scanning the registry
Registry : Clean
Summary :-
FilesFound : 80697
FilesScanned : 51091
FilesNotScanned : 29606
ObjectsFound : 156978
ObjectsInfected : 53
ObjectsCleaned : 51
ObjectsDeleted : 1
FilesInfected : 1
FilesCleaned : 1
FilesMoved : 0
FilesDeleted : 0
Started at : 6:19:44 PM Saturday, April 11, 2009
Ended at : 7:15:07 PM Saturday, April 11, 2009
Duration : 55 minutes 23 seconds
6127 MB scanned in 3323 seconds = 1888 KB/s
توقيع : كاسبر سكاي
تأييد
0
MAAX
عضوشرف
غير متصل
ممتاز
الان ببرنامج الحماية اللي عندك اعمل التالي
وبعد انتهاء الفحص اعمل التالي
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
الان ببرنامج الحماية اللي عندك اعمل التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وبعد انتهاء الفحص اعمل التالي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
تأييد
0
كاسبر سكاي
زيزوومى فعال
غير متصل
هذا التقرير
Malwarebytes' Anti-Malware 1.34
إصدار قاعدة البيانات: 1757
Windows 5.1.2600 Service Pack 2
4/11/2009 8:28:39 PM
mbam-log-2009-04-11 (20-28-33).txt
نوع الفحص: فحص كامل (C:\|)
العناصر المفحوصة: 141412
الوقت المنقضي: 32 minute(s), 13 second(s)
عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 0
قيم التسجيل المصابة: 0
عناصر بيانات التسجيل المصابة: 2
المجلدات المصابة: 0
الملفات المصابة: 0
عمليات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
وحدات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
مفاتيح التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
قيم التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
عناصر بيانات التسجيل المصابة:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
المجلدات المصابة:
(لم يتم كشف عناصر خبيثة)
الملفات المصابة:
(لم يتم كشف عناصر خبيثة)
الحين بسوي لهن حذف وهو يطلب مني اعادة التشغيل لتكملة عملية الحذف وبعيد التشغيل واشوف
Malwarebytes' Anti-Malware 1.34
إصدار قاعدة البيانات: 1757
Windows 5.1.2600 Service Pack 2
4/11/2009 8:28:39 PM
mbam-log-2009-04-11 (20-28-33).txt
نوع الفحص: فحص كامل (C:\|)
العناصر المفحوصة: 141412
الوقت المنقضي: 32 minute(s), 13 second(s)
عمليات الذاكرة المصابة: 0
وحدات الذاكرة المصابة: 0
مفاتيح التسجيل المصابة: 0
قيم التسجيل المصابة: 0
عناصر بيانات التسجيل المصابة: 2
المجلدات المصابة: 0
الملفات المصابة: 0
عمليات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
وحدات الذاكرة المصابة:
(لم يتم كشف عناصر خبيثة)
مفاتيح التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
قيم التسجيل المصابة:
(لم يتم كشف عناصر خبيثة)
عناصر بيانات التسجيل المصابة:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
المجلدات المصابة:
(لم يتم كشف عناصر خبيثة)
الملفات المصابة:
(لم يتم كشف عناصر خبيثة)
الحين بسوي لهن حذف وهو يطلب مني اعادة التشغيل لتكملة عملية الحذف وبعيد التشغيل واشوف
توقيع : كاسبر سكاي
تأييد
0