A-3siri
زيزوومي نشيط
غير متصل
- بادئ الموضوع A-3siri
- تاريخ البدء
- 599
MMA_LORD_735
زيزوومي جديد
- إنضم
- 17 مايو 2008
- المشاركات
- 3,645
- مستوى التفاعل
- 7
- النقاط
- 0
غير متصل
و عليكم السلام و رحمة الله و بركته ...
أعمل التالي ...
حمل هذا الأداءة ...
شغلها ... و روح على أول خيار ...
شوي و بيعطيك تقرير داخل مفكرة ...
أنسخه كاملا ً و بشكل صحيح ...
و لصقه في ردك القادم ...
أعمل التالي ...
حمل هذا الأداءة ...
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغلها ... و روح على أول خيار ...
شوي و بيعطيك تقرير داخل مفكرة ...
أنسخه كاملا ً و بشكل صحيح ...
و لصقه في ردك القادم ...
توقيع : MMA_LORD_735
تأييد
0
A-3siri
زيزوومي نشيط
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:12:31 , on 30/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WIND0WS.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo133.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\Wyyo\wyyo.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\camel\mysql\bin\mysqld-nt.exe
C:\camel\cstry.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\bin mastor\Local Settings\Temporary Internet Files\Content.IE5\KAHETMLD\HiJackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WINDOWS] C:\WINDOWS\system32\WIND0WS.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WINDOWS] C:\WINDOWS\system32\WIND0WS.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Wyyo Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo133.exe
--
End of file - 8688 bytes
فديتني ح ـاولـت ايضا في الادهـ ما ضبطت مع ـاي ~~~
Scan saved at 07:12:31 , on 30/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WIND0WS.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo133.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\Wyyo\wyyo.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\camel\mysql\bin\mysqld-nt.exe
C:\camel\cstry.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\bin mastor\Local Settings\Temporary Internet Files\Content.IE5\KAHETMLD\HiJackThis[1].exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WINDOWS] C:\WINDOWS\system32\WIND0WS.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WINDOWS] C:\WINDOWS\system32\WIND0WS.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Wyyo Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo133.exe
--
End of file - 8688 bytes
فديتني ح ـاولـت ايضا في الادهـ ما ضبطت مع ـاي ~~~
توقيع : A-3siri
تأييد
0
KoNaMi
زيزوومى فضى
غير متصل
اعمل الاتي
عطل جميع برامج الحمايه ,,
نزل هذه الاداة
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
عطل جميع برامج الحمايه ,,
نزل هذه الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
توقيع : KoNaMi
تأييد
0
A-3siri
زيزوومي نشيط
غير متصل
وهذا النقرير . يا ليت تعطيني رابط النتيجه ابي اشوف
ComboFix 09-04-29.07 - bin mastor 04/30/2009 20:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.3061.2537 [GMT 3:00]
Running from: c:\documents and settings\bin mastor\سطح المكتب\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\BINMAS~1\LOCALS~1\Temp\install_flash_player.exe
c:\windows\system32\kakle.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.
2009-04-30 17:02 . 2009-04-30 17:02 -------- d-----w c:\documents and settings\LocalService\Application Data\TeamViewer
2009-04-30 02:04 . 2009-04-30 03:14 -------- d-----w C:\camel
2009-04-29 23:27 . 2009-04-29 23:27 -------- d-----w c:\program files\Trend Micro
2009-04-29 23:21 . 2003-11-04 12:11 159744 ----a-w c:\windows\system32\lfpng13n.dll
2009-04-29 23:21 . 2003-11-04 12:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-04-29 23:21 . 2004-05-14 13:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-04-29 23:21 . 2004-05-14 13:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-04-29 23:21 . 2004-01-11 23:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-04-29 23:21 . 2004-05-14 13:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-04-29 23:21 . 2004-05-14 13:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-04-29 23:21 . 2004-05-14 13:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-04-29 23:21 . 2004-05-14 13:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-04-29 22:33 . 2009-04-29 22:33 13824 ----a-w c:\windows\system32\drivers\splitcam.sys
2009-04-29 22:32 . 2009-04-29 22:32 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-29 18:47 . 2009-04-29 18:47 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\TeamViewer
2009-04-28 07:02 . 2009-04-28 07:02 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-27 22:25 . 2009-04-30 17:04 -------- d-----w c:\documents and settings\bin mastor\Application Data\Skype
2009-04-27 22:25 . 2009-04-27 22:25 -------- d-----w c:\program files\Skype
2009-04-23 12:13 . 2009-04-26 22:12 -------- d-----w c:\program files\StartClock
2009-04-23 11:50 . 2009-04-29 03:09 -------- d-----w c:\program files\TeamViewer
2009-04-23 11:28 . 2009-04-23 17:14 -------- d-----w c:\documents and settings\bin mastor\Application Data\TeamViewer
2009-04-23 11:28 . 2009-04-23 11:28 -------- d-----w c:\documents and settings\bin mastor\temp
2009-04-23 10:55 . 2009-04-30 03:41 -------- d-----w c:\documents and settings\bin mastor\Local Settings\Application Data\Google
2009-04-22 02:26 . 2009-04-22 02:26 -------- d-----w C:\Temp
2009-04-22 01:46 . 2009-04-22 01:46 -------- d-----w c:\documents and settings\bin mastor\Application Data\Apple Computer
2009-04-21 21:20 . 2009-04-21 21:20 -------- d-----w c:\documents and settings\bin mastor\Local Settings\Application Data\TechSmith
2009-04-21 20:57 . 2008-01-07 11:29 352 ---ha-w c:\windows\nod32fixtemdono.reg
2009-04-21 20:13 . 2008-07-10 10:56 107864 ----a-w c:\windows\system32\tsccvid.dll
2009-04-21 20:13 . 2009-04-21 20:13 -------- d-----w c:\program files\Common Files\TechSmith Shared
2009-04-21 19:13 . 2009-04-21 19:13 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-21 18:23 . 2009-04-21 18:25 -------- d-----w c:\program files\Video-AVI to GIF Converter
2009-04-21 18:07 . 2009-04-30 17:02 -------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-04-21 18:06 . 2005-12-15 17:42 5120 ----a-r c:\windows\system32\vnetinst.dll
2009-04-21 18:06 . 2005-12-15 17:42 9600 ----a-r c:\windows\system32\drivers\vmnetadapter.sys
2009-04-21 18:06 . 2005-12-15 17:42 106496 ----a-w c:\windows\system32\vmnetdhcp.exe
2009-04-21 18:06 . 2005-12-15 17:42 135168 ----a-w c:\windows\system32\vmnat.exe
2009-04-21 18:06 . 2005-12-15 17:42 15616 ----a-w c:\windows\system32\drivers\vmnetuserif.sys
2009-04-21 18:06 . 2005-12-15 17:42 10240 ----a-r c:\windows\system32\drivers\vmnet.sys
2009-04-21 18:06 . 2005-12-15 17:42 385024 ----a-w c:\windows\system32\vnetlib.dll
2009-04-21 18:01 . 2009-04-21 18:01 -------- d-----w c:\program files\Common Files\VMware
2009-04-21 18:01 . 2009-04-21 18:01 -------- d-----w c:\program files\VMware
2009-04-21 11:09 . 2009-04-21 11:10 -------- d-----w c:\documents and settings\bin mastor\Local Settings\Application Data\Digsby
2009-04-21 11:09 . 2009-04-21 11:10 -------- d-----w c:\documents and settings\bin mastor\Application Data\Digsby
2009-04-21 11:07 . 2009-04-21 11:07 -------- d-----w c:\documents and settings\All Users\Application Data\Winferno
2009-04-21 11:03 . 2009-04-21 11:03 -------- d-----w c:\documents and settings\bin mastor\Application Data\Jenkat
2009-04-21 11:02 . 2009-04-24 23:55 -------- d-----w c:\program files\Winferno
2009-04-21 11:00 . 2009-04-28 19:06 -------- d-----w c:\program files\Wyyo
2009-04-21 11:00 . 2009-04-28 06:24 -------- d-----w c:\documents and settings\All Users\Application Data\Wyyo
2009-04-21 10:38 . 2009-04-21 10:38 -------- d-----w c:\documents and settings\LocalService\سطح المكتب
2009-04-21 09:44 . 2009-04-21 09:44 -------- d-----w c:\documents and settings\bin mastor\Local Settings\Application Data\ESET
2009-04-21 08:40 . 2009-04-21 08:40 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-21 08:29 . 2009-04-21 08:38 -------- d-s---w c:\documents and settings\Administrator
2009-04-18 12:51 . 2009-04-21 08:38 -------- d-----w c:\documents and settings\bin mastor\Local Settings\Application Data\TechSmith(2)
2009-04-18 12:40 . 2009-04-22 01:05 -------- d-----w c:\program files\Video GIF Converter
2009-04-18 05:33 . 2009-04-24 18:43 -------- d-----w c:\program files\Hotspot Shield
2009-04-18 04:49 . 2009-04-21 08:39 -------- d-----w c:\program files\TuneUp Utilities 2009(2)
2009-04-18 02:19 . 2009-04-18 02:19 -------- d-----w c:\documents and settings\bin mastor\Application Data\Media Player Classic
2009-04-17 08:43 . 2009-04-17 08:43 -------- d-----w c:\documents and settings\bin mastor\Application Data\TechSmith
2009-04-17 08:33 . 2009-04-21 09:40 -------- d-----w c:\documents and settings\bin mastor\Application Data\DivX
2009-04-16 22:34 . 2009-04-21 20:13 -------- d-----w c:\windows\system32\QuickTime
2009-04-16 22:13 . 2009-04-21 20:13 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-04-16 22:13 . 2009-04-21 18:29 -------- d-----w c:\program files\TechSmith
2009-04-15 23:09 . 2009-04-21 08:41 -------- d-----w c:\program files\Common Files\VMware(2)
2009-04-15 23:09 . 2009-04-21 08:41 -------- d-----w c:\program files\VMware(2)
2009-04-15 22:33 . 2009-04-29 02:16 -------- d-----w c:\documents and settings\bin mastor\Application Data\VMware
2009-04-15 22:08 . 2009-04-30 17:02 -------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-04-14 21:09 . 2009-04-15 22:11 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-14 21:03 . 2009-04-21 08:43 -------- d-----w c:\documents and settings\All Users\Application Data\Lies shim upload curb
2009-04-14 21:02 . 2009-04-21 08:43 -------- d-----w c:\documents and settings\bin mastor\Application Data\internet fast
2009-04-14 21:02 . 2009-04-21 08:43 -------- d-----w c:\program files\MessengerPlus! 3(2)
2009-04-14 20:40 . 2009-04-24 20:41 -------- d-----w c:\documents and settings\bin mastor\Contacts
2009-04-14 20:37 . 2009-04-21 09:51 -------- d-----w c:\program files\MSN Messenger
2009-04-14 20:35 . 2009-04-14 20:35 -------- d-----w c:\program files\ESET
2009-04-14 20:09 . 2009-04-14 20:09 -------- d-----w c:\documents and settings\bin mastor\Application Data\ESET
2009-04-14 20:08 . 2009-04-14 20:08 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-14 19:46 . 2009-04-14 19:46 -------- d-----w c:\windows\Sun
2009-04-14 19:37 . 2001-08-17 11:02 9600 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-14 19:37 . 2001-08-17 11:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-14 19:37 . 2004-08-03 20:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-14 19:37 . 2004-08-03 20:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-14 16:19 . 2005-06-20 01:57 110592 ----a-w c:\windows\system32\uci32100.dll
2009-04-14 16:19 . 2009-04-14 16:19 -------- d-----w c:\program files\CONEXANT
2009-04-14 16:03 . 2009-04-14 16:03 -------- d-----w c:\windows\speech
2009-04-14 16:01 . 2009-04-14 16:02 -------- d-----w c:\program files\Golden Al-Wafi Translator
2009-04-14 16:01 . 2009-04-14 16:01 172032 ------w c:\windows\Setup1.exe
2009-04-14 16:01 . 2009-04-14 16:01 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-14 15:59 . 2009-04-14 15:59 -------- d-----w c:\program files\MumboJumbo
2009-04-14 15:58 . 2009-04-27 04:39 -------- d-----w c:\program files\Quranzu1
2009-04-14 15:07 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-04-14 15:06 . 2004-08-04 00:41 57216 ----a-w c:\windows\system32\drivers\redbook.sys
2009-04-14 15:05 . 2004-08-04 00:55 73728 ----a-w c:\windows\system32\usbui.dll
2009-04-14 15:05 . 2009-04-28 07:02 -------- d-sh--w c:\windows\Installer
2009-04-14 15:05 . 2001-09-19 11:00 61440 -c--a-w c:\windows\system32\dllcache\spcplui.dll
2009-04-14 15:05 . 2001-09-19 11:00 77824 -c--a-w c:\windows\system32\dllcache\spcommon.dll
2009-04-14 15:05 . 2001-09-19 11:00 774144 -c--a-w c:\windows\system32\dllcache\spttseng.dll
2009-04-14 15:05 . 2001-09-19 11:00 36864 -c--a-w c:\windows\system32\dllcache\sapisvr.exe
2009-04-14 15:05 . 2004-08-03 21:55 741376 -c--a-w c:\windows\system32\dllcache\sapi.dll
2009-04-14 15:05 . 2009-04-29 23:27 -------- d-----r C:\Program Files
2009-04-14 15:03 . 2009-04-21 08:29 -------- d-----w C:\Documents and Settings
2009-04-14 15:03 . 2009-04-14 12:12 -------- d-----w c:\documents and settings\All Users
2009-04-14 15:03 . 2009-04-14 12:13 -------- d--h--w c:\documents and settings\Default User
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 17:06 . 2001-09-19 11:00 44696 ----a-w c:\windows\system32\perfc001.dat
2009-04-30 17:06 . 2001-09-19 11:00 262804 ----a-w c:\windows\system32\perfh001.dat
2009-04-29 22:32 . 2009-04-26 14:31 -------- d-----w c:\program files\SplitCam
2009-04-27 22:25 . 2009-04-27 22:25 -------- d-----w c:\program files\Common Files\Skype
2009-04-27 13:18 . 2009-04-27 13:18 -------- d-----w c:\program files\Multiskype
2009-04-27 03:21 . 2009-04-27 03:21 -------- d-----w c:\program files\WinWatermark 2.2
2009-04-26 14:02 . 2009-04-26 14:02 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-24 21:51 . 2009-04-24 21:51 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-24 21:51 . 2009-04-24 21:50 -------- d-----w c:\program files\Google
2009-04-23 15:00 . 2009-04-14 14:15 -------- d-----w c:\program files\Internet Download Manager
2009-04-23 15:00 . 2009-04-14 14:13 -------- d-----w c:\program files\Crcle Developement
2009-04-21 09:51 . 2009-04-14 14:12 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-14 19:57 . 2009-04-14 12:12 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-14 19:53 . 2009-04-14 19:53 2232 ----a-w c:\windows\java\Packages\Data\PZLBZNZR.DAT
2009-04-14 19:53 . 2009-04-14 19:53 155995 ----a-w c:\windows\java\Packages\4J53B537.ZIP
2009-04-14 19:53 . 2009-04-14 19:53 2678 ----a-w c:\windows\java\Packages\Data\93TZPRP7.DAT
2009-04-14 19:53 . 2009-04-14 19:53 2678 ----a-w c:\windows\java\Packages\Data\ZLBX7JH7.DAT
2009-04-14 19:53 . 2009-04-14 19:53 2678 ----a-w c:\windows\java\Packages\Data\NXFLZTRX.DAT
2009-04-14 19:53 . 2009-04-14 19:53 2678 ----a-w c:\windows\java\Packages\Data\BPV575B1.DAT
2009-04-14 19:53 . 2009-04-14 19:53 2678 ----a-w c:\windows\java\Packages\Data\444GOE8P.DAT
2009-04-14 14:14 . 2009-04-14 14:14 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-14 14:14 . 2009-04-14 14:14 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-14 14:12 . 2009-04-14 14:12 99496 ----a-w c:\documents and settings\bin mastor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 14:11 . 2009-04-14 14:11 -------- d-----w c:\program files\Windows Live
2009-04-14 14:07 . 2009-04-14 14:07 -------- d-----w c:\program files\Ozone
2009-04-14 13:56 . 2009-04-14 13:56 -------- d-----w c:\program files\Common Files\xing shared
2009-04-14 13:56 . 2009-04-14 13:55 -------- d-----w c:\program files\Common Files\Real
2009-04-14 13:56 . 2009-04-14 13:56 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-14 13:56 . 2009-04-14 13:55 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-14 13:55 . 2009-04-14 13:55 -------- d-----w c:\program files\Real
2009-04-14 13:52 . 2009-04-14 13:51 -------- d-----w c:\program files\QuickTime
2009-04-14 13:52 . 2009-04-14 13:52 -------- d-----w c:\program files\Common Files\Apple
2009-04-14 13:51 . 2009-04-14 13:51 -------- d-----w c:\program files\Apple Software Update
2009-04-14 13:49 . 2009-04-14 13:48 -------- d-----w c:\program files\DivX
2009-04-14 13:42 . 2009-04-14 13:42 -------- d-----w c:\program files\Java
2009-04-14 13:38 . 2009-04-14 13:38 -------- d-----w c:\program files\Common Files\Adobe
2009-04-14 13:36 . 2009-04-14 13:36 -------- d-----w c:\program files\Microsoft Works
2009-04-14 13:36 . 2009-04-14 13:36 -------- d-----w c:\program files\MSBuild
2009-04-14 12:24 . 2009-04-14 12:24 16608 ----a-w c:\windows\gdrv.sys
2009-04-14 12:13 . 2009-04-14 12:13 -------- d-----w c:\program files\microsoft frontpage
2009-04-14 12:12 . 2001-09-19 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-14 12:10 . 2009-04-14 12:10 22144 ----a-w c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2008-03-29 16:19 1547776 6E932D21E116B51ED9D5157E31C48E33 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-24 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"WINDOWS"="c:\windows\system32\WIND0WS.exe" [2008-04-14 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-14 198160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"WINDOWS"="c:\windows\system32\WIND0WS.exe" [2008-04-14 147456]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-12-31 16132608]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-12-31 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 CamelMysql;CamelMysql;c:\camel\mysql\bin\mysqld-nt.exe [2008-01-18 5750784]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-04-27 185640]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-14 603904]
S2 Wyyo Service;Wyyo Service;c:\documents and settings\All Users\Application Data\Wyyo\wyyo133.exe [2009-04-27 54760]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-04-30 20:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6a4245f9-f282-48c4-825f-b1258b703b4d}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006e
"Therad"=dword:00000008
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,99,98,1c,a1,85,8b,f7,07,5a,a1,62,96,51,bd,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b2,60,91,e4,6e,7f,71,29,f8,7e,ea,d1,0e,24,47,5b,41,34,80,76,b7,
73,82,20,25,42,03,3f,dc,25,c2,db,3c,23,cf,3b,1e,40,33,40,00,00,00,00,00,00,\
.
Completion time: 2009-04-30 20:12
ComboFix-quarantined-files.txt 2009-04-30 17:12
Pre-Run: 16,414,224,384 bytes free
Post-Run: 17,377,050,624 bytes free
258
توقيع : A-3siri
تأييد
0
مهندس عادل
زيزوومى مميز
غير متصل
اخى الكريم
لقد جربت حلول كثيرة لهذة المشكلة
والحل الناجح المضمون نتيجتة وانا مجربة هو على الرابط الاتى فى المنتدى
وارجو الافادة بالنتيجة وتقبل تحياتى
لقد جربت حلول كثيرة لهذة المشكلة
والحل الناجح المضمون نتيجتة وانا مجربة هو على الرابط الاتى فى المنتدى
وارجو الافادة بالنتيجة وتقبل تحياتى
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
توقيع : مهندس عادل
تأييد
0
A-3siri
زيزوومي نشيط
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:52:51 م, on 06/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bin mastur\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
--
End of file - 4997 bytes
هذا هو يا طويل العمر Scan saved at 03:52:51 م, on 06/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bin mastur\سطح المكتب\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
--
End of file - 4997 bytes
توقيع : A-3siri
تأييد
0