جهازى مصاب ؟! مع تقرير الهيجاك

  • بادئ الموضوع بادئ الموضوع شموس
  • تاريخ البدء تاريخ البدء
  • المشاهدات 743
ش

شموس

زيزوومي جديد
إنضم
12 فبراير 2008
المشاركات
66
مستوى التفاعل
0
النقاط
80
الإقامة
egypt
غير متصل
السلام عليكم

جهازى بطىء فى الاقلاع والاغلاق
وإدارة المهام مخفية حاولت ارجاعها كما فى موضوع سابق هنا بالمنتدى ولم ترجع :cr:
اتمنى ان اجد الحل لاصلاح الجهاز عندكم....:smile:
التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:04 ص, on 12/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\w.i.s\Lab files\LabVIEW_86_downloader.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
F:\w.i.s\حماية الجهاز\launch الفحص فى الوضع الامن.exe
C:\DOCUME~1\eng_kmu\LOCALS~1\Temp\RarSFX1\_start.exe
C:\DOCUME~1\eng_kmu\LOCALS~1\Temp\RarSFX1\setup.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\w.i.s\حماية الجهاز\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Download-AR Toolbar - {9fd3a1fa-dbcf-454f-81c2-d93ab1dacd73} - C:\Program Files\Download-AR\tbDow1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Download-AR Toolbar - {9fd3a1fa-dbcf-454f-81c2-d93ab1dacd73} - C:\Program Files\Download-AR\tbDow1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Download-AR Toolbar - {9fd3a1fa-dbcf-454f-81c2-d93ab1dacd73} - C:\Program Files\Download-AR\tbDow1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\system32\autorun.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [LabVIEW_86_downloader] F:\w.i.s\Lab files\LabVIEW_86_downloader.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{30959CE6-6945-46FE-B105-7C7CA0EC451A}: NameServer = 212.210.150.1,1.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{30959CE6-6945-46FE-B105-7C7CA0EC451A}: NameServer = 212.210.150.1,1.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{30959CE6-6945-46FE-B105-7C7CA0EC451A}: NameServer = 212.210.150.1,1.0.0.0
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
--
End of file - 10404 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات



اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم



 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
على فكرة الاداة خلصت والجهاز لم يرستر تلقائى فضل فترة طويلة انا اللى رسترته

وبعد ما فتح شغلت الاداة وده التقرير اللى ظهرلى ...

وشكرا على اهتمامك

.....

ComboFix 09-04-20.05 - eng_kmu 04/20/2009 13:07.2 - NTFSx86
Running from: c:\documents and settings\eng_kmu\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.
2009-04-20 11:04 . 2009-04-20 11:05 -------- d-----w C:\32788R22FWJFW
2009-04-18 14:42 . 2009-04-18 14:42 126 ----a-w c:\windows\mdm.ini
2009-04-18 08:18 . 2009-04-18 11:15 -------- d-----w C:\multioperation
2009-04-18 07:40 . 2009-04-18 12:11 -------- d-----w C:\JK
2009-04-18 06:55 . 2009-04-18 07:40 -------- d-----w C:\multiplexer
2009-04-17 10:38 . 2009-04-12 10:15 -------- d--h--w C:\$AVG8.VAULT$
2009-04-16 06:31 . 2009-03-06 14:00 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:31 . 2009-02-06 09:54 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-16 06:31 . 2005-07-26 04:20 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-16 06:31 . 2009-02-09 10:01 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:31 . 2009-02-06 10:22 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 06:31 . 2009-02-09 10:01 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:31 . 2009-02-06 09:41 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:31 . 2009-02-09 10:01 728576 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:31 . 2009-02-09 10:01 617984 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:31 . 2009-02-09 10:01 715264 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 06:26 . 2009-03-27 07:09 1193414 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 06:26 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 17:53 . 2009-04-16 07:36 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-15 17:53 . 2009-04-16 07:36 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-15 17:53 . 2009-04-20 06:56 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-15 17:53 . 2009-04-15 20:17 -------- d-----w c:\documents and settings\eng_kmu\Application Data\AVGTOOLBAR
2009-04-15 17:53 . 2009-04-16 07:38 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-15 17:05 . 2009-04-15 17:05 590039 ----a-w c:\windows\MATLAB Screen Saver.edm
2009-04-15 17:05 . 2009-04-15 17:05 330752 ----a-w c:\windows\MATLAB Screen Saver.SCR
2009-04-15 16:52 . 2009-04-19 13:44 156 ----a-w c:\windows\matlab.ini
2009-04-15 16:48 . 2009-04-15 16:48 -------- d-----w c:\documents and settings\eng_kmu\Application Data\MathWorks
2009-04-15 16:46 . 2002-02-15 11:38 647872 ----a-w c:\windows\system32\mscomct2.ocx
2009-04-15 16:46 . 2002-02-15 11:38 2362 ----a-w c:\windows\system32\mscomct2.dep
2009-04-15 16:45 . 2009-04-15 16:45 19 ----a-w c:\windows\exlink.ini
2009-04-15 16:45 . 2000-05-29 18:32 148992 ----a-w c:\windows\system32\mllink5.dll
2009-04-15 16:45 . 1998-09-20 00:57 645120 ----a-w c:\windows\system32\config.gms
2009-04-15 16:41 . 2009-04-16 18:55 -------- d---a-w C:\MATLAB6p5
2009-04-13 17:42 . 2002-04-23 10:50 13492 ----a-w c:\windows\system32\defprtr2.ppd
2009-04-12 10:20 . 2009-04-12 10:20 -------- d-----w c:\windows\system32\xircom
2009-04-12 10:20 . 2009-04-12 10:20 -------- d-----w c:\windows\srchasst
2009-04-12 08:56 . 2009-04-12 08:56 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-12 07:58 . 2009-04-12 07:58 -------- d-----w c:\documents and settings\eng_kmu\DoctorWeb
2009-04-11 09:46 . 2009-04-11 09:46 24 ----a-w c:\windows\cdplayer.ini
2009-04-11 07:29 . 2009-04-18 06:54 -------- d-----w C:\project1
2009-04-10 13:14 . 2009-04-11 08:04 -------- d-----w C:\MUX4x1
2009-04-10 12:49 . 2009-04-10 13:14 -------- d-----w C:\walaa1
2009-04-08 21:49 . 2009-04-08 21:49 -------- d-----w c:\windows\system32\KB905474
2009-04-08 21:49 . 2009-03-10 20:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-08 21:49 . 2009-03-10 20:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-08 21:49 . 2009-02-09 16:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt
2009-04-08 17:44 . 2003-02-28 16:26 139536 ----a-w c:\windows\system32\javaee.dll
2009-04-06 13:23 . 2009-04-06 13:23 169 ----a-w c:\windows\RtlRack.ini
2009-04-06 08:36 . 2001-08-17 20:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-06 08:36 . 2001-08-17 20:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-06 08:36 . 2001-08-17 12:55 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-06 08:36 . 2001-08-17 12:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-06 08:36 . 2001-08-17 12:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-06 08:36 . 2001-08-17 12:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-05 13:22 . 2009-04-05 13:23 1995 ----a-w c:\windows\AccMling.ini
2009-04-05 13:22 . 2009-04-05 13:22 -------- d-----w c:\windows\LHSP
2009-04-05 13:22 . 1996-11-07 23:48 368912 ----a-w c:\windows\system32\VBAR332.DLL
2009-04-05 13:22 . 1996-09-24 15:16 244496 ----a-w c:\windows\system32\VBAR2232.DLL
2009-04-05 13:22 . 1996-09-24 15:16 98356 ----a-w c:\windows\system32\MSJTER32.DLL
2009-04-05 13:22 . 1996-09-24 15:16 965904 ----a-w c:\windows\system32\MSJT3032.DLL
2009-04-05 13:22 . 1996-09-24 15:16 33552 ----a-w c:\windows\system32\MSJINT32.DLL
2009-04-05 13:22 . 1995-08-29 02:52 220672 ----a-w c:\windows\system32\BC450RTL.DLL
2009-04-05 13:22 . 1999-09-21 11:38 28672 ----a-w c:\windows\AGTCOMM.DLL
2009-04-05 13:19 . 2009-04-05 13:23 2327 ----a-w c:\windows\EasyLingo.MIF
2009-04-05 13:19 . 1997-08-11 10:39 298496 ----a-w c:\windows\uninst.exe
2009-04-03 16:12 . 2009-04-03 16:12 -------- d-----w c:\documents and settings\eng_kmu\Local Settings\Application Data\Ahead
2009-04-02 20:15 . 2009-04-02 20:15 -------- d--h--w c:\windows\PIF
2009-04-02 19:59 . 2009-04-02 19:59 -------- d-----w c:\documents and settings\eng_kmu\Application Data\iSilo
2009-04-02 13:42 . 2009-04-04 05:36 116 ----a-w c:\windows\NeroDigital.ini
2009-04-02 13:35 . 2000-06-26 09:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-04-02 13:35 . 2004-07-26 15:16 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-04-02 13:35 . 2004-07-26 15:16 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-04-02 13:35 . 2004-07-26 15:16 262144 ------w c:\windows\system32\ImagXR7.dll
2009-04-02 13:35 . 2004-07-26 15:16 1568768 ------w c:\windows\system32\ImagX7.dll
2009-04-02 13:35 . 2001-07-09 09:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-03-31 07:12 . 2009-03-31 07:12 -------- d-----w c:\documents and settings\eng_kmu\WINDOWS
2009-03-30 19:57 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-03-30 14:43 . 2009-04-18 14:41 636 ----a-w c:\windows\ODBC.INI
2009-03-30 14:43 . 2003-06-18 15:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-03-30 14:39 . 2009-04-01 08:09 -------- d-----w c:\windows\SHELLNEW
2009-03-29 08:09 . 2009-03-29 08:09 -------- d-----w C:\Office2003SP3Changes
2009-03-29 07:26 . 2009-03-30 19:03 -------- d-----w c:\documents and settings\eng_kmu\Application Data\GetRightToGo
2009-03-28 11:15 . 2009-03-28 11:15 -------- d-----w C:\Downloads
2009-03-28 10:31 . 2009-03-28 10:31 -------- d-----w c:\documents and settings\eng_kmu\Local Settings\Application Data\Conduit
2009-03-28 10:31 . 2009-04-11 15:22 -------- d-----w c:\documents and settings\eng_kmu\Local Settings\Application Data\Download-AR
2009-03-28 10:25 . 2009-03-28 10:25 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-03-28 10:24 . 2009-04-19 13:34 -------- d-----w c:\documents and settings\eng_kmu\Local Settings\Application Data\ApplicationHistory
2009-03-28 10:12 . 2009-03-28 10:12 -------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-03-28 10:11 . 2007-09-10 13:12 253952 ----a-w c:\windows\system32\HP1006LM.DLL
2009-03-28 10:11 . 2007-08-23 08:34 65536 ----a-w c:\windows\system32\HPPLVS.dll
2009-03-28 09:45 . 2008-07-11 00:28 50200 ----a-w c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-03-28 09:44 . 2008-07-11 00:28 79896 ----a-w c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-03-28 09:41 . 2009-03-28 09:41 -------- d-----w c:\windows\system32\RsFx
2009-03-28 09:29 . 2009-03-28 09:29 -------- d-----w c:\windows\system32\URTTEMP
2009-03-28 09:15 . 2009-03-28 09:15 -------- d-sh--w c:\windows\ftpcache
2009-03-28 09:11 . 2004-08-03 21:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-03-28 08:59 . 2009-03-29 16:34 -------- d-----w c:\windows\system32\CatRoot_bak
2009-03-28 08:47 . 2009-03-28 08:47 -------- d-----w c:\documents and settings\eng_kmu\Local Settings\Application Data\Microsoft Help
2009-03-28 08:45 . 2009-03-28 11:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-28 08:43 . 2009-03-28 08:53 83160 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-28 08:42 . 2009-03-28 08:42 -------- d-----w c:\windows\system32\XPSViewer
2009-03-28 08:41 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-28 08:41 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-03-28 08:41 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-28 08:41 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-28 08:41 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-03-28 08:41 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-03-28 08:41 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-03-28 08:20 . 2009-04-10 12:49 -------- d-----w C:\walaa
2009-03-28 08:07 . 2009-02-06 10:29 2142720 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-28 08:07 . 2009-02-06 10:32 2186112 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-28 08:07 . 2009-02-06 09:49 2020864 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-28 08:07 . 2009-02-06 09:49 2062976 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-28 07:00 . 2003-02-28 16:26 46352 ----a-w c:\windows\setdebug.exe
2009-03-28 07:00 . 2003-02-28 16:26 171280 ----a-w c:\windows\system32\jit.dll
2009-03-28 07:00 . 2003-02-28 14:54 7315 ----a-w c:\windows\system32\javasup.vxd
2009-03-28 07:00 . 2003-02-28 14:35 6550 ----a-w c:\windows\jautoexp.dat
2009-03-28 07:00 . 2003-02-28 14:34 313856 ----a-w c:\windows\system32\dx3j.dll
2009-03-28 06:51 . 2009-02-20 21:44 3067904 -c----w c:\windows\system32\dllcache\mshtml.dll
2009-03-28 06:47 . 2008-05-01 14:30 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-03-27 23:00 . 2009-03-27 23:00 -------- d-s---w c:\windows\system32\Microsoft
2009-03-27 22:55 . 2008-05-08 12:28 202752 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-03-27 22:53 . 2008-10-24 11:25 455936 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-03-27 22:52 . 2008-12-11 10:24 333184 -c----w c:\windows\system32\dllcache\srv.sys
2009-03-27 22:45 . 2008-10-15 16:53 339456 -c----w c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 11:15 . 2009-03-27 11:29 -------- d-----w c:\documents and settings\eng_kmu\Application Data\Free Download Manager
2009-04-20 11:08 . 2009-03-27 11:48 -------- d-----w c:\documents and settings\eng_kmu\Application Data\DMCache
2009-04-18 16:36 . 2009-03-27 11:48 -------- d-----w c:\documents and settings\eng_kmu\Application Data\IDM
2009-04-18 15:44 . 2009-03-28 10:31 -------- d-----w c:\program files\Download-AR
2009-04-18 14:35 . 2009-04-18 14:35 -------- d-----w c:\program files\Web Publish
2009-04-17 15:47 . 2009-04-17 15:47 -------- d-----w c:\program files\Common Files\xing shared
2009-04-17 15:47 . 2009-03-27 10:19 -------- d-----w c:\program files\Common Files\Real
2009-04-17 15:46 . 2009-03-27 10:19 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-17 15:46 . 2009-03-27 10:19 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-17 14:47 . 2009-03-27 10:22 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 17:53 . 2009-04-15 17:53 -------- d-----w c:\program files\AVG
2009-04-12 10:20 . 2009-04-12 10:20 -------- d-----w c:\program files\microsoft frontpage
2009-04-08 17:44 . 2009-04-08 17:44 2232 ----a-w c:\windows\java\Packages\Data\FHZ53DNR.DAT
2009-04-08 17:44 . 2009-04-08 17:44 155995 ----a-w c:\windows\java\Packages\31NZXVBP.ZIP
2009-04-08 17:44 . 2009-04-08 17:44 2678 ----a-w c:\windows\java\Packages\Data\FJLZ971V.DAT
2009-04-08 17:44 . 2009-04-08 17:44 2678 ----a-w c:\windows\java\Packages\Data\SAAPBBTF.DAT
2009-04-08 17:44 . 2009-04-08 17:44 2678 ----a-w c:\windows\java\Packages\Data\SEKTRX7P.DAT
2009-04-08 17:44 . 2009-04-08 17:44 2678 ----a-w c:\windows\java\Packages\Data\IN971B75.DAT
2009-04-08 17:44 . 2009-04-08 17:44 2678 ----a-w c:\windows\java\Packages\Data\6SFDNNHZ.DAT
2009-04-05 14:31 . 2009-03-27 10:41 57104 ----a-w c:\documents and settings\eng_kmu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 13:23 . 2009-04-05 13:22 -------- d-----w c:\program files\QuickWiz
2009-04-05 13:22 . 2009-04-05 13:22 -------- d-----w c:\program files\Common Files\Accent Shared
2009-04-05 13:22 . 2009-04-05 13:22 -------- d-----w c:\program files\Common Files\GuruNet Shared
2009-04-02 13:37 . 2009-04-02 13:37 -------- d-----w c:\program files\Common Files\Nero
2009-04-02 13:35 . 2009-04-02 13:35 -------- d-----w c:\program files\Ahead
2009-04-02 13:35 . 2009-04-02 13:35 -------- d-----w c:\program files\Common Files\Ahead
2009-03-31 07:13 . 2009-03-31 07:13 -------- d-----w c:\program files\Schanz Interactive
2009-03-30 14:40 . 2009-03-30 14:40 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-29 12:04 . 2009-03-27 11:48 -------- d-----w c:\program files\Internet Download Manager
2009-03-28 11:10 . 2009-03-28 08:45 -------- d-----w c:\program files\Microsoft Visual Studio 9.0
2009-03-28 10:31 . 2009-03-28 10:31 -------- d-----w c:\program files\Conduit
2009-03-28 10:12 . 2009-03-28 10:11 -------- d-----w c:\program files\HP
2009-03-28 10:11 . 2009-03-28 09:21 -------- d--h--w c:\program files\Avago-HP
2009-03-28 09:42 . 2009-03-28 08:51 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-28 09:39 . 2009-03-28 08:45 -------- d-----w c:\program files\Microsoft.NET
2009-03-28 08:50 . 2009-03-28 08:50 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-28 08:50 . 2009-03-28 08:50 -------- d-----w c:\program files\Microsoft Synchronization Services
2009-03-28 08:50 . 2009-03-28 08:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-28 08:44 . 2009-03-28 08:44 -------- d-----w c:\program files\Microsoft SDKs
2009-03-28 08:42 . 2009-03-28 08:42 -------- d-----w c:\program files\MSBuild
2009-03-28 08:42 . 2009-03-28 08:42 -------- d-----w c:\program files\Reference Assemblies
2009-03-28 08:38 . 2009-03-28 08:38 -------- d-----w c:\program files\MSXML 6.0
2009-03-27 14:12 . 2009-03-27 14:12 -------- d-----w c:\program files\Visual CertExam Suite
2009-03-27 14:12 . 2009-03-27 10:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 14:12 . 2009-03-27 10:35 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-27 13:45 . 2009-03-27 10:17 -------- d-----w c:\documents and settings\eng_kmu\Application Data\Winamp
2009-03-27 12:26 . 2009-03-27 12:26 -------- d-----w c:\program files\Xilisoft
2009-03-27 12:22 . 2009-03-27 12:22 -------- d-----w c:\program files\Realtek Sound Manager
2009-03-27 12:22 . 2009-03-27 12:22 -------- d-----w c:\program files\AvRack
2009-03-27 11:29 . 2009-03-27 11:29 -------- d-----w c:\program files\Free Download Manager
2009-03-27 11:29 . 2009-03-27 11:29 -------- d-----w c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-03-27 11:29 . 2009-03-27 10:19 -------- d-----w c:\program files\Google
2009-03-27 11:02 . 2009-03-27 10:53 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-27 10:59 . 2009-03-27 10:48 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-27 10:53 . 2009-03-27 10:52 -------- d-----w c:\documents and settings\eng_kmu\Application Data\FairStars Audio Converter
2009-03-27 10:53 . 2009-03-27 10:48 -------- d-----w c:\program files\Yahoo!
2009-03-27 10:53 . 2009-03-27 10:53 -------- d-----w c:\documents and settings\eng_kmu\Application Data\Yahoo!
2009-03-27 10:52 . 2009-03-27 10:52 -------- d-----w c:\program files\FairStars Audio Converter
2009-03-27 10:41 . 2009-03-27 10:41 -------- d-----w c:\documents and settings\eng_kmu\Application Data\Apple Computer
2009-03-27 10:37 . 2009-03-27 10:37 -------- d-----w c:\program files\Sarm Software
2009-03-27 10:36 . 2009-03-27 10:17 -------- d-----w c:\program files\Winamp
2009-03-27 10:34 . 2009-03-27 10:34 -------- d-----w c:\program files\Winamp Toolbar
2009-03-27 10:34 . 2009-03-27 10:34 -------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-03-27 10:34 . 2009-03-27 10:34 -------- d-----w c:\documents and settings\All Users\Application Data\OrbNetworks
2009-03-27 10:34 . 2009-03-27 10:34 -------- d-----w c:\program files\Winamp Remote
2009-03-27 10:30 . 2009-03-27 10:30 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-27 10:30 . 2009-03-27 10:30 -------- d-----w c:\program files\Avira
2009-03-27 10:26 . 2009-03-27 10:26 -------- d-----w c:\program files\Sagasoft
2009-03-27 10:19 . 2009-03-27 10:19 -------- d-----w c:\program files\Real
2009-03-27 10:17 . 2009-03-27 10:16 -------- d-----w c:\program files\QuickTime
2009-03-27 10:16 . 2009-03-27 10:16 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-27 10:16 . 2009-03-27 10:16 -------- d-----w c:\program files\Apple Software Update
2009-03-27 10:16 . 2009-03-27 10:16 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-03-27 10:03 . 2009-03-27 10:03 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:00 . 2004-08-03 23:56 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:14 . 2006-06-23 03:54 668160 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:14 . 2004-08-03 23:56 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2006-06-23 03:50 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2006-06-23 03:52 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2006-06-23 03:48 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-03 23:56 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-03 23:56 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:32 . 2006-06-23 03:48 2186112 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2004-08-03 23:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2001-08-23 13:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-03 22:59 2062976 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-03 23:56 55808 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9fd3a1fa-dbcf-454f-81c2-d93ab1dacd73}]
2009-04-18 15:48 1883672 ----a-w c:\program files\Download-AR\tbDow1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9fd3a1fa-dbcf-454f-81c2-d93ab1dacd73}"= "c:\program files\Download-AR\tbDow1.dll" [2009-04-18 1883672]
[HKEY_CLASSES_ROOT\clsid\{9fd3a1fa-dbcf-454f-81c2-d93ab1dacd73}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9FD3A1FA-DBCF-454F-81C2-D93AB1DACD73}"= "c:\program files\Download-AR\tbDow1.dll" [2009-04-18 1883672]
[HKEY_CLASSES_ROOT\clsid\{9fd3a1fa-dbcf-454f-81c2-d93ab1dacd73}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-12-23 2745776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Soltek"="c:\windows\system32\autorun.exe" [2001-10-29 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-16 1601304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-17 198160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-02-09 65024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-31 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-16 07:36 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-02-24 186625]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-02-12 432897]
R3 abp470n5;abp470n5; [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-16 325128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-16 298264]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - HELPSVC
*Deregistered* - AFD
*Deregistered* - AntiVirSchedulerService
*Deregistered* - AntiVirService
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avg8wd
*Deregistered* - avgio
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - avgntflt
*Deregistered* - avipbb
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - matlabserver
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - MSSQL$SQLEXPRESS
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - SQLWriter
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssmdrv
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WinDriver6
*Deregistered* - winmgmt
*Deregistered* - WS2IFSL
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
*Deregistered* - XilinxPC4Driver
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: تحميل الفيديو بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlfvideo.htm
IE: تحميل الكل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlall.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل المحددة بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dlselected.htm
IE: تحميل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
files\Free Download Manager\dllink.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {30959CE6-6945-46FE-B105-7C7CA0EC451A} = 212.210.150.1,1.0.0.0
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-20 13:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{51fa1baa-f1d3-41cc-8fc1-ef5ea6321496}]
@Denied: (Full) (Everyone)
"Model"=dword:00000065
"Therad"=dword:0000001a
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):84,19,aa,e3,d5,8a,22,19,71,4b,2e,cc,6e,ca,82,ac,a0,06,82,8c,70,
8c,14,a0,4a,a3,0b,9e,ed,99,75,2a,04,65,7d,50,53,8a,d3,76,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(652)
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-20 13:21
ComboFix-quarantined-files.txt 2009-04-20 11:21
ComboFix2.txt 2009-04-12 10:11
Pre-Run: 9,105,600,512 bytes free
Post-Run: 9,097,367,552 bytes free
508 --- E O F --- 2009-04-19 20:33
 
تأييد 0
والان من التقرير الاول الي ارفقتيه

احذفي


R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll



 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll



 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll



 O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll



O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll



O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll


O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll



O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll



O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll



O3 - Toolbar: Download-AR Toolbar - {9fd3a1fa-dbcf-454f-81c2-d93ab1dacd73} - C:\Program Files\Download-AR\tbDow1.dll


 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe


 O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')


 O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')


 O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')


 O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')


 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1



طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png


ثم اذهبي الى اضافة وازاله البرامج واحذفي هذي ان وجدت


AVG8


AR Toolbar



Winamp Toolbar


Yahoo! Toolbar


Google Toolbar




عطل برنامج الحمايه واستخدم اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png


005.png



ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png

وارفقي تقرير هاي جكا جديد
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
شكرا على اهتمامك
ربنا يجعله فى ميزان حسناتك

هذا تقرير الاداة الاولى.. .SmitfraudFix.exe
.............

SmitFraudFix v2.411
Scan done at 15:25:00.71, Fri 03/20/2009
Run from C:\Documents and Settings\eng_kmu\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\autorun.inf
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 212.210.150.1
DNS Server Search Order: 1.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{30959CE6-6945-46FE-B105-7C7CA0EC451A}: NameServer=212.210.150.1,1.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{30959CE6-6945-46FE-B105-7C7CA0EC451A}: NameServer=212.210.150.1,1.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{30959CE6-6945-46FE-B105-7C7CA0EC451A}: NameServer=212.210.150.1,1.0.0.0

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End


وهذا تقرير الهيجاك

................


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:27, on 20/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
F:\w.i.s\حماية الجهاز\HiJackThis.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\system32\autorun.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\eng_kmu\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\eng_kmu\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الفيديو بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: تحميل الكل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تحميل المحددة بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تحميل بواسطة Free Download Manager -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
Files\Free Download Manager\dllink.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{30959CE6-6945-46FE-B105-7C7CA0EC451A}: NameServer = 212.210.150.1,1.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{30959CE6-6945-46FE-B105-7C7CA0EC451A}: NameServer = 212.210.150.1,1.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{30959CE6-6945-46FE-B105-7C7CA0EC451A}: NameServer = 212.210.150.1,1.0.0.0
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
--
End of file - 5755 bytes
 
تأييد 0
التقرير حلو ... بعتقد الان في تحسن في سرعه الجهاز صحيح ؟؟

من التقرير الأخير احذفي


O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)


 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


 O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')


 O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')



طريقة الحذف

mg%20%283%29.png


mg%20%284%29.png


حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

لنتاكدان الجها خالي من الفايروسات لانها بالعاده تسبب المشاكل الي ذكرتيها
.. بعد كذا راح اعطيك اداه تفعيل ادارة المهام وماأتلفته الفايروسات وان شاء الله خير
 
التعديل الأخير بواسطة المشرف:
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
لما الاداة السابقة تحمل ...

كنت عايزة اسأل على حاجة

مفيش حل للفلاشات هى السبب فى نقل الفيروسات على جهازى ...
على الرغم انى منزلة الافيرا و avg
لكن بردوا جهازى بيتفيروس

وخاصة المعامل فى الكلية اجهزتها مليان فيروسات

ادارة المهام رجعت الحمد لله
 
تأييد 0
حل فايروسات الي تتنقل خلال الفلاشات عبر هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


^^
هنا تفعيل .. أعملي عكس هالشرح .. اغلقي القرائة التلقائية

ثم عندما تشبكين فلاش بالجهاز .. اذهبي على لفلاشة كليك يمين ثم فحص من الفايروسات بأي برنامج حمايه

لو مثلا القرائة التلقائية مفعله بمجردشبك الفلاش بالجهاز بتنتشر الفايروسات
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى