احمد حسن شلقام
زيزوومي نشيط
- إنضم
- 24 فبراير 2008
- المشاركات
- 147
- مستوى التفاعل
- 30
- النقاط
- 180
غير متصل
ارجوا من الاخوة الافاضل التكرم مساعدتى على التخلص من فيرس Genetic trojan حيث ان برنامج النود يكتشفة ولا يستطيع القضاء علية
- بادئ الموضوع احمد حسن شلقام
- تاريخ البدء
- 1,763
MAAX
عضوشرف
غير متصل
الله يحييك اخوي
حمل هذا البرنامج
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
حمل هذا البرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
تأييد
0
احمد حسن شلقام
زيزوومي نشيط
- إنضم
- 24 فبراير 2008
- المشاركات
- 147
- مستوى التفاعل
- 30
- النقاط
- 180
غير متصل
هذا هو الملف ال طلبتة بعد تشغل الاداة
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:18:35 مساءاً, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\system32\VisualTask\VisualTask.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\OpjctDock\ObjectDock.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ( MISHO )
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTask] Windows\\system32\\VisualTask\\VisualTask.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "ayman"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VisualTask] Windows\\system32\\VisualTask\\VisualTask.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ObjectDock.lnk = C:\WINDOWS\system32\OpjctDock\ObjectDock.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00B39F7-0745-4A44-97FA-CB5E2A140B88}: NameServer = 217.52.47.140,217.52.47.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 5332 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:18:35 مساءاً, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\system32\VisualTask\VisualTask.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\OpjctDock\ObjectDock.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ( MISHO )
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTask] Windows\\system32\\VisualTask\\VisualTask.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "ayman"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VisualTask] Windows\\system32\\VisualTask\\VisualTask.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ObjectDock.lnk = C:\WINDOWS\system32\OpjctDock\ObjectDock.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00B39F7-0745-4A44-97FA-CB5E2A140B88}: NameServer = 217.52.47.140,217.52.47.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 5332 bytes
تأييد
0
MAAX
عضوشرف
غير متصل
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
تأييد
0
احمد حسن شلقام
زيزوومي نشيط
- إنضم
- 24 فبراير 2008
- المشاركات
- 147
- مستوى التفاعل
- 30
- النقاط
- 180
غير متصل
هذا التقرير الثانى
ComboFix 09-05-18.06 - ayman 05/19/2009 18:28.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1015.606 [GMT 3:00]
Running from: c:\documents and settings\ayman\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\system32\rmoc3260.dll
F:\install.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.
2009-05-19 15:18 . 2009-05-19 15:18 -------- d-----w c:\program files\Trend Micro
2009-05-19 12:09 . 2009-05-19 12:09 -------- d-----w c:\program files\ESET
2009-05-18 21:58 . 2009-05-18 21:58 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Google
2009-05-18 21:57 . 2009-05-18 21:58 -------- d-----w c:\program files\Google
2009-05-18 05:29 . 2009-05-18 05:29 -------- d-----w c:\program files\OpinionSquare
2009-05-17 19:40 . 2009-05-17 19:40 -------- d-----w c:\documents and settings\ayman\Application Data\NCH Swift Sound
2009-05-17 18:33 . 2009-05-17 18:33 -------- d-----w c:\program files\ClaroCOM
2009-05-17 18:28 . 2009-05-17 18:28 -------- d-----w c:\program files\CallIT
2009-05-17 18:28 . 2009-05-17 18:28 -------- d-----w c:\windows\Downloaded Installations
2009-05-17 18:07 . 2009-05-17 18:07 -------- d-----w c:\program files\iCall
2009-05-17 17:13 . 2009-05-17 17:13 -------- d-----w c:\documents and settings\ayman\Application Data\Skype
2009-05-17 17:13 . 2009-05-17 17:13 -------- d-----w c:\program files\Skype
2009-05-17 17:13 . 2009-05-17 17:13 -------- d-----w c:\program files\Common Files\Skype
2009-05-17 17:13 . 2009-05-17 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-17 16:29 . 2009-05-17 16:29 -------- d-----w c:\program files\Kaspersky Lab
2009-05-17 15:30 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-05-17 15:30 . 2009-05-17 15:30 -------- d-----w c:\program files\Alwil Software
2009-05-17 14:29 . 2009-05-17 14:29 -------- d-sh--w C:\FOUND.001
2009-05-17 09:34 . 2009-05-17 09:34 10 ----a-w c:\windows\popcinfo.dat
2009-05-16 23:47 . 2009-05-16 23:47 -------- d-sh--w C:\FOUND.000
2009-05-16 21:08 . 2009-05-16 21:08 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-16 16:10 . 2009-05-16 16:10 -------- d-----w c:\program files\Technitium
2009-05-16 16:07 . 2009-05-16 16:07 -------- d-----w c:\program files\WinPcap
2009-05-16 16:07 . 2009-05-16 16:07 -------- d-----w c:\program files\netcut
2009-05-16 12:45 . 2009-05-16 12:45 -------- d-----w c:\windows\Sun
2009-05-16 08:59 . 2009-05-16 08:59 -------- d-----w c:\program files\AVG
2009-05-16 08:54 . 2009-05-16 08:54 -------- d-----w c:\program files\Opera
2009-05-16 08:08 . 2009-05-16 08:08 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-15 19:21 . 2009-05-15 19:21 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Identities
2009-05-15 15:57 . 2009-05-15 15:57 12876 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-15 15:36 . 2009-05-15 15:36 -------- d-s---w c:\documents and settings\ayman\UserData
2009-05-15 15:32 . 2009-05-15 15:32 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Apple Computer
2009-05-15 15:32 . 2009-05-15 15:32 -------- d-----w c:\documents and settings\ayman\Application Data\Apple Computer
2009-05-15 15:31 . 2009-05-15 15:31 -------- d-----w c:\program files\Safari
2009-05-15 15:31 . 2009-05-15 15:31 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Apple
2009-05-15 15:31 . 2009-05-15 15:31 -------- d-----w c:\program files\Apple Software Update
2009-05-15 15:31 . 2009-05-15 15:31 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-15 11:05 . 2009-05-15 11:05 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\ESET
2009-05-15 09:19 . 2009-05-15 09:19 -------- d-----w c:\documents and settings\ayman\Application Data\ESET
2009-05-15 09:18 . 2009-05-15 09:18 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-15 00:36 . 2009-05-15 00:36 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Yahoo
2009-05-15 00:29 . 2009-05-15 00:29 -------- d-----w c:\documents and settings\ayman\Application Data\Media Player Classic
2009-05-15 00:29 . 2009-05-15 00:29 -------- d-----w c:\program files\MSBuild
2009-05-15 00:29 . 2009-05-15 00:29 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-15 00:26 . 2009-05-15 00:26 -------- d-----w c:\windows\system32\XPSViewer
2009-05-15 00:25 . 2009-05-15 00:25 -------- d-----w c:\program files\Reference Assemblies
2009-05-15 00:24 . 2006-06-29 10:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-15 00:19 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-15 00:19 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-15 00:19 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-05-15 00:19 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-15 00:19 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-15 00:19 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-05-15 00:19 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-05-15 00:19 . 2009-02-09 18:56 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-15 00:19 . 2004-01-11 22:00 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-15 00:19 . 2009-05-15 00:19 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-15 00:18 . 2009-05-15 00:18 -------- d-----w c:\documents and settings\ayman\Application Data\URSoft
2009-05-15 00:18 . 2009-05-15 00:18 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-05-15 00:18 . 2009-05-15 00:18 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-15 00:17 . 2009-05-15 00:17 -------- d-----w c:\documents and settings\ayman\Application Data\Webroot
2009-05-15 00:17 . 2009-05-15 00:17 -------- d-----w c:\program files\Common Files\Webroot Shared
2009-05-15 00:17 . 2009-05-15 00:17 -------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-05-15 00:17 . 2009-05-15 00:17 -------- d-----w c:\program files\Webroot
2009-05-15 00:16 . 2007-11-26 11:47 194888 ----a-w c:\windows\Unwash6.exe
2009-05-15 00:16 . 2009-05-15 00:16 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-15 00:16 . 2009-05-15 00:16 -------- d-----w c:\program files\Yahoo!
2009-05-15 00:14 . 2009-05-15 00:14 410976 ----a-w c:\windows\system32\deploytk.dll
2009-05-15 00:14 . 2009-05-15 00:14 -------- d-----w c:\program files\Java
2009-05-15 00:09 . 2009-05-15 00:09 -------- d-----w c:\program files\No More Cut
2009-05-15 00:06 . 2009-05-15 00:32 335 ----a-w c:\windows\nsreg.dat
2009-05-15 00:06 . 2009-05-15 00:06 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Mozilla
2009-05-15 00:05 . 2009-05-15 00:05 -------- d-----w c:\documents and settings\ayman\Application Data\IDM
2009-05-15 00:05 . 2009-05-15 00:05 -------- d-----w c:\documents and settings\ayman\Application Data\DMCache
2009-05-15 00:04 . 2009-05-15 00:04 -------- d-----w c:\program files\Internet Download Manager
2009-05-15 00:00 . 2007-10-17 12:12 30720 ----a-r c:\windows\system32\drivers\l251x86.sys
2009-05-15 00:00 . 2009-05-15 00:00 -------- d-----w c:\windows\system32\Atheros_L2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\AOL Companion
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Viewpoint
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Common Files\Nullsoft
2009-05-15 00:33 . 2009-05-15 00:33 8552 ----a-w c:\windows\system32\drivers\asctrm.sys
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Real
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Common Files\Real
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Common Files\aolshare
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\America Online 8.0
2009-05-15 00:33 . 2009-05-15 00:32 -------- d-----w c:\program files\Common Files\AOL
2009-05-14 23:58 . 2009-05-14 23:58 -------- d-----w c:\program files\Realtek
2009-05-14 23:58 . 2009-05-14 23:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 23:58 . 2009-05-14 23:58 315392 ----a-w c:\windows\HideWin.exe
2009-05-14 23:58 . 2009-05-14 23:58 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-14 23:50 . 2009-05-14 23:50 -------- d-----w c:\program files\Intel
2009-05-14 23:46 . 2009-05-14 23:48 11744 ----a-w c:\documents and settings\ayman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 23:45 . 2009-05-14 23:45 -------- d-----w c:\program files\iColorFolder
2009-05-14 23:42 . 2009-05-14 23:42 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-09 12:21 . 2009-04-09 12:21 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-03-26 15:35 . 2009-05-07 07:42 210352 ----a-w c:\windows\system32\idmmbc.dll
.
------- Sigcheck -------
[-] 2007-09-29 21:44 2321920 0E8A78B032C8D1D5B1C8F7487D841CF4 c:\windows\system32\ntoskrnl.exe
[-] 2007-06-22 14:27 3597824 79FAC11072B5FFE1E54ED4E2A367E0A2 c:\windows\explorer.exe
[-] 2007-05-01 03:21 172544 799CA26CE13F012F37AEC542913E00A5 c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-15 2807216]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="c:\program files\Webroot\Washer\WashIdx.exe" [2007-11-26 55624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ObjectDock.lnk - c:\windows\system32\OpjctDock\ObjectDock.exe [2009-5-15 1826885]
AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2009-5-15 221258]
America Online 8.0 Tray Icon.lnk - c:\program files\America Online 8.0\aoltray.exe [2009-5-15 36940]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=
"c:\\program files\\opinionsquare\\opnsqr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 08:53 مساءاً 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 08:51 مساءاً 468224]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [15/05/2009 03:16 صباحاً 598856]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [03/08/2005 12:10 صباحاً 32512]
.
Contents of the 'Scheduled Tasks' folder
2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-VisualTask - Windows\\system32\\VisualTask\\VisualTask.exe
HKCU-Run-eyeBeam SIP Client - (no file)
HKU-Default-Run-VisualTask - Windows\\system32\\VisualTask\\VisualTask.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/?tb_id=80028
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {F00B39F7-0745-4A44-97FA-CB5E2A140B88} = 217.52.47.140,217.52.47.130
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ayman\Application Data\Mozilla\Firefox\Profiles\1xji6dov.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60195&qkw=
FF - component: c:\documents and settings\ayman\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-05-19 18:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2009-05-19 18:30
ComboFix-quarantined-files.txt 2009-05-19 15:30
Pre-Run: 3,697,713,152 bytes free
Post-Run: 3,690,536,960 bytes free
219
ComboFix 09-05-18.06 - ayman 05/19/2009 18:28.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.1015.606 [GMT 3:00]
Running from: c:\documents and settings\ayman\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\system32\rmoc3260.dll
F:\install.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.
2009-05-19 15:18 . 2009-05-19 15:18 -------- d-----w c:\program files\Trend Micro
2009-05-19 12:09 . 2009-05-19 12:09 -------- d-----w c:\program files\ESET
2009-05-18 21:58 . 2009-05-18 21:58 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Google
2009-05-18 21:57 . 2009-05-18 21:58 -------- d-----w c:\program files\Google
2009-05-18 05:29 . 2009-05-18 05:29 -------- d-----w c:\program files\OpinionSquare
2009-05-17 19:40 . 2009-05-17 19:40 -------- d-----w c:\documents and settings\ayman\Application Data\NCH Swift Sound
2009-05-17 18:33 . 2009-05-17 18:33 -------- d-----w c:\program files\ClaroCOM
2009-05-17 18:28 . 2009-05-17 18:28 -------- d-----w c:\program files\CallIT
2009-05-17 18:28 . 2009-05-17 18:28 -------- d-----w c:\windows\Downloaded Installations
2009-05-17 18:07 . 2009-05-17 18:07 -------- d-----w c:\program files\iCall
2009-05-17 17:13 . 2009-05-17 17:13 -------- d-----w c:\documents and settings\ayman\Application Data\Skype
2009-05-17 17:13 . 2009-05-17 17:13 -------- d-----w c:\program files\Skype
2009-05-17 17:13 . 2009-05-17 17:13 -------- d-----w c:\program files\Common Files\Skype
2009-05-17 17:13 . 2009-05-17 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-17 16:29 . 2009-05-17 16:29 -------- d-----w c:\program files\Kaspersky Lab
2009-05-17 15:30 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-05-17 15:30 . 2009-05-17 15:30 -------- d-----w c:\program files\Alwil Software
2009-05-17 14:29 . 2009-05-17 14:29 -------- d-sh--w C:\FOUND.001
2009-05-17 09:34 . 2009-05-17 09:34 10 ----a-w c:\windows\popcinfo.dat
2009-05-16 23:47 . 2009-05-16 23:47 -------- d-sh--w C:\FOUND.000
2009-05-16 21:08 . 2009-05-16 21:08 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-16 16:10 . 2009-05-16 16:10 -------- d-----w c:\program files\Technitium
2009-05-16 16:07 . 2009-05-16 16:07 -------- d-----w c:\program files\WinPcap
2009-05-16 16:07 . 2009-05-16 16:07 -------- d-----w c:\program files\netcut
2009-05-16 12:45 . 2009-05-16 12:45 -------- d-----w c:\windows\Sun
2009-05-16 08:59 . 2009-05-16 08:59 -------- d-----w c:\program files\AVG
2009-05-16 08:54 . 2009-05-16 08:54 -------- d-----w c:\program files\Opera
2009-05-16 08:08 . 2009-05-16 08:08 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-15 19:21 . 2009-05-15 19:21 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Identities
2009-05-15 15:57 . 2009-05-15 15:57 12876 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-15 15:36 . 2009-05-15 15:36 -------- d-s---w c:\documents and settings\ayman\UserData
2009-05-15 15:32 . 2009-05-15 15:32 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Apple Computer
2009-05-15 15:32 . 2009-05-15 15:32 -------- d-----w c:\documents and settings\ayman\Application Data\Apple Computer
2009-05-15 15:31 . 2009-05-15 15:31 -------- d-----w c:\program files\Safari
2009-05-15 15:31 . 2009-05-15 15:31 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Apple
2009-05-15 15:31 . 2009-05-15 15:31 -------- d-----w c:\program files\Apple Software Update
2009-05-15 15:31 . 2009-05-15 15:31 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-15 11:05 . 2009-05-15 11:05 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\ESET
2009-05-15 09:19 . 2009-05-15 09:19 -------- d-----w c:\documents and settings\ayman\Application Data\ESET
2009-05-15 09:18 . 2009-05-15 09:18 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-15 00:36 . 2009-05-15 00:36 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Yahoo
2009-05-15 00:29 . 2009-05-15 00:29 -------- d-----w c:\documents and settings\ayman\Application Data\Media Player Classic
2009-05-15 00:29 . 2009-05-15 00:29 -------- d-----w c:\program files\MSBuild
2009-05-15 00:29 . 2009-05-15 00:29 2272 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-15 00:26 . 2009-05-15 00:26 -------- d-----w c:\windows\system32\XPSViewer
2009-05-15 00:25 . 2009-05-15 00:25 -------- d-----w c:\program files\Reference Assemblies
2009-05-15 00:24 . 2006-06-29 10:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-15 00:19 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-15 00:19 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-15 00:19 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-05-15 00:19 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-15 00:19 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-15 00:19 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-05-15 00:19 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-05-15 00:19 . 2009-02-09 18:56 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-15 00:19 . 2004-01-11 22:00 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-15 00:19 . 2009-05-15 00:19 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-15 00:18 . 2009-05-15 00:18 -------- d-----w c:\documents and settings\ayman\Application Data\URSoft
2009-05-15 00:18 . 2009-05-15 00:18 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-05-15 00:18 . 2009-05-15 00:18 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-15 00:17 . 2009-05-15 00:17 -------- d-----w c:\documents and settings\ayman\Application Data\Webroot
2009-05-15 00:17 . 2009-05-15 00:17 -------- d-----w c:\program files\Common Files\Webroot Shared
2009-05-15 00:17 . 2009-05-15 00:17 -------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-05-15 00:17 . 2009-05-15 00:17 -------- d-----w c:\program files\Webroot
2009-05-15 00:16 . 2007-11-26 11:47 194888 ----a-w c:\windows\Unwash6.exe
2009-05-15 00:16 . 2009-05-15 00:16 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-15 00:16 . 2009-05-15 00:16 -------- d-----w c:\program files\Yahoo!
2009-05-15 00:14 . 2009-05-15 00:14 410976 ----a-w c:\windows\system32\deploytk.dll
2009-05-15 00:14 . 2009-05-15 00:14 -------- d-----w c:\program files\Java
2009-05-15 00:09 . 2009-05-15 00:09 -------- d-----w c:\program files\No More Cut
2009-05-15 00:06 . 2009-05-15 00:32 335 ----a-w c:\windows\nsreg.dat
2009-05-15 00:06 . 2009-05-15 00:06 -------- d-----w c:\documents and settings\ayman\Local Settings\Application Data\Mozilla
2009-05-15 00:05 . 2009-05-15 00:05 -------- d-----w c:\documents and settings\ayman\Application Data\IDM
2009-05-15 00:05 . 2009-05-15 00:05 -------- d-----w c:\documents and settings\ayman\Application Data\DMCache
2009-05-15 00:04 . 2009-05-15 00:04 -------- d-----w c:\program files\Internet Download Manager
2009-05-15 00:00 . 2007-10-17 12:12 30720 ----a-r c:\windows\system32\drivers\l251x86.sys
2009-05-15 00:00 . 2009-05-15 00:00 -------- d-----w c:\windows\system32\Atheros_L2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\AOL Companion
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Viewpoint
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Common Files\Nullsoft
2009-05-15 00:33 . 2009-05-15 00:33 8552 ----a-w c:\windows\system32\drivers\asctrm.sys
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Real
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Common Files\Real
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\Common Files\aolshare
2009-05-15 00:33 . 2009-05-15 00:33 -------- d-----w c:\program files\America Online 8.0
2009-05-15 00:33 . 2009-05-15 00:32 -------- d-----w c:\program files\Common Files\AOL
2009-05-14 23:58 . 2009-05-14 23:58 -------- d-----w c:\program files\Realtek
2009-05-14 23:58 . 2009-05-14 23:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-14 23:58 . 2009-05-14 23:58 315392 ----a-w c:\windows\HideWin.exe
2009-05-14 23:58 . 2009-05-14 23:58 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-14 23:50 . 2009-05-14 23:50 -------- d-----w c:\program files\Intel
2009-05-14 23:46 . 2009-05-14 23:48 11744 ----a-w c:\documents and settings\ayman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-14 23:45 . 2009-05-14 23:45 -------- d-----w c:\program files\iColorFolder
2009-05-14 23:42 . 2009-05-14 23:42 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-09 12:21 . 2009-04-09 12:21 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-03-26 15:35 . 2009-05-07 07:42 210352 ----a-w c:\windows\system32\idmmbc.dll
.
------- Sigcheck -------
[-] 2007-09-29 21:44 2321920 0E8A78B032C8D1D5B1C8F7487D841CF4 c:\windows\system32\ntoskrnl.exe
[-] 2007-06-22 14:27 3597824 79FAC11072B5FFE1E54ED4E2A367E0A2 c:\windows\explorer.exe
[-] 2007-05-01 03:21 172544 799CA26CE13F012F37AEC542913E00A5 c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-15 2807216]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="c:\program files\Webroot\Washer\WashIdx.exe" [2007-11-26 55624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ObjectDock.lnk - c:\windows\system32\OpjctDock\ObjectDock.exe [2009-5-15 1826885]
AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2009-5-15 221258]
America Online 8.0 Tray Icon.lnk - c:\program files\America Online 8.0\aoltray.exe [2009-5-15 36940]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=
"c:\\program files\\opinionsquare\\opnsqr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 08:53 مساءاً 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 08:51 مساءاً 468224]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [15/05/2009 03:16 صباحاً 598856]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [03/08/2005 12:10 صباحاً 32512]
.
Contents of the 'Scheduled Tasks' folder
2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-VisualTask - Windows\\system32\\VisualTask\\VisualTask.exe
HKCU-Run-eyeBeam SIP Client - (no file)
HKU-Default-Run-VisualTask - Windows\\system32\\VisualTask\\VisualTask.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/?tb_id=80028
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {F00B39F7-0745-4A44-97FA-CB5E2A140B88} = 217.52.47.140,217.52.47.130
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\ayman\Application Data\Mozilla\Firefox\Profiles\1xji6dov.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60195&qkw=
FF - component: c:\documents and settings\ayman\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-05-19 18:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2009-05-19 18:30
ComboFix-quarantined-files.txt 2009-05-19 15:30
Pre-Run: 3,697,713,152 bytes free
Post-Run: 3,690,536,960 bytes free
219
تأييد
0
احمد حسن شلقام
زيزوومي نشيط
- إنضم
- 24 فبراير 2008
- المشاركات
- 147
- مستوى التفاعل
- 30
- النقاط
- 180
غير متصل
شكرا على ردك السابق وجزاك الله خيرا
بعد اذنك ممكن شرح بسيط كل هذة البرامج من باب العلم بالشئ وشكرا مرة تانية
بعد اذنك ممكن شرح بسيط كل هذة البرامج من باب العلم بالشئ وشكرا مرة تانية
تأييد
0
احمد حسن شلقام
زيزوومي نشيط
- إنضم
- 24 فبراير 2008
- المشاركات
- 147
- مستوى التفاعل
- 30
- النقاط
- 180
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:09:25 مساءاً, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\system32\VisualTask\VisualTask.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\OpjctDock\ObjectDock.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\shellmon.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ObjectDock.lnk = C:\WINDOWS\system32\OpjctDock\ObjectDock.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EA28DD8-D66F-4CE3-A6AE-2AC290AB7844}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00B39F7-0745-4A44-97FA-CB5E2A140B88}: NameServer = 217.52.47.140,217.52.47.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 5118 bytes
Scan saved at 07:09:25 مساءاً, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\system32\VisualTask\VisualTask.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\OpjctDock\ObjectDock.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\shellmon.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ObjectDock.lnk = C:\WINDOWS\system32\OpjctDock\ObjectDock.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EA28DD8-D66F-4CE3-A6AE-2AC290AB7844}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00B39F7-0745-4A44-97FA-CB5E2A140B88}: NameServer = 217.52.47.140,217.52.47.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 5118 bytes
تأييد
0
احمد حسن شلقام
زيزوومي نشيط
- إنضم
- 24 فبراير 2008
- المشاركات
- 147
- مستوى التفاعل
- 30
- النقاط
- 180
غير متصل
اعمل scan للبرتشن c ال بيظهر فية الفيرس
تأييد
0
احمد حسن شلقام
زيزوومي نشيط
- إنضم
- 24 فبراير 2008
- المشاركات
- 147
- مستوى التفاعل
- 30
- النقاط
- 180
غير متصل
عملت اسكان وهذة هى النتيجة
C:\pagefile.sys - error opening
C:\WINDOWS\system32\config\system.LOG - error opening
C:\WINDOWS\system32\config\software.LOG - error opening
C:\WINDOWS\system32\config\default.LOG - error opening
C:\WINDOWS\system32\config\SECURITY - error opening
C:\WINDOWS\system32\config\SAM - error opening
C:\WINDOWS\system32\config\SAM.LOG - error opening
C:\WINDOWS\system32\config\SECURITY.LOG - error opening
C:\WINDOWS\system32\config\SYSTEM - error opening
C:\WINDOWS\system32\config\SOFTWARE - error opening
C:\WINDOWS\system32\config\DEFAULT - error opening
C:\WINDOWS\system32\CatRoot2\tmp.edb - error opening
C:\WINDOWS\system32\CatRoot2\edb.log - error opening
C:\WINDOWS\system32\CatRoot2\edbtmp.log - error opening
C:\WINDOWS\Downloaded Installations\{887F33AB-C4E3-4DA7-8ED8-5D901D3AB1DB}\SGOOPE1.5.msi » MSI » Data1.cab » CAB » osenxpresources.dll » PECompact v2.xx - unpack error
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Documents and Settings\ayman\NTUSER.DAT - error opening
C:\Documents and Settings\ayman\ntuser.dat.LOG - error opening
C:\Documents and Settings\ayman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Documents and Settings\ayman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Documents and Settings\ayman\Local Settings\Application Data\Identities\{66445455-21AA-46A1-B6FD-FED91248E31E}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\My Documents\Downloads\Compressed\Hamam-Elnsaa-DVD.rar » RAR » Hamam-Elnsaa-DVD\
C:\Documents and Settings\ayman\My Documents\Downloads\Compressed\AfLaMElzeM.CoM-Satellite TV for PC 2009 Titanium Edition-l0st.rar » RAR » AfLaMElzeM.CoM-Satellite TV for PC 2009 Titanium Edition-l0st\Satellite TV for PC 2009 Titanium Edition\Sat.TV.For.PC.ED.2009.PF67.exe » INNO » file0403.bin - probably a variant of Win32/Spy.Agent trojan
C:\Documents and Settings\ayman\My Documents\Downloads\Compressed\نود اخر اصدار\opsetup.xpi » ZIP » opinstaller.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\ayman\My Documents\Downloads\Compressed\New Folder\yasur1.myegy.com.ewdp-prozac.part1.rar » RAR » yasur1.myegy.com.ewdp-prozac.rmvb - next archive volume not found
C:\Documents and Settings\ayman\My Documents\Downloads\Programs\AppRemover.exe » 7ZIP » AVSDKList.zip » ZIP » output.xml - error - password-protected file
C:\Documents and Settings\ayman\My Documents\Downloads\Programs\AppRemover.exe » 7ZIP » ManualUninstallConfig.zip » ZIP » out.xml - error - password-protected file
C:\Documents and Settings\ayman\Application Data\IDM\idmmzcc3\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\IDM\idmmzcc02\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/deploy/jqs/ff/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Internet Download Manager\idmmzcc.xpi » ZIP » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\reporter.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\No More Cut\AutoPlay\autorun.cdd » ZIP » _proj.dat - error - password-protected file
C:\Program Files\No More Cut\AutoPlay\autorun.cdd » ZIP » _detect.dat - error - password-protected file
C:\Program Files\No More Cut\AutoPlay\autorun.cdd » ZIP » _fonts.dat - error - password-protected file
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\America Online 8.0\Jiti\Viewpoint.exe » NSIS - unpack error
C:\Program Files\OpinionSquare\opnsqr.exe - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP107\A0006433.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP107\A0006436.dll » CAB » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP109\A0006458.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP109\A0006468.exe - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP110\A0006502.msi » MSI » prinstaller.cab » CAB » prmrsr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP110\A0006503.msi » MSI » prinstaller.cab » CAB » prmrsr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP111\A0006525.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP111\A0006526.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP114\A0006573.exe - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP116\A0006626.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP118\A0006646.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP118\A0006654.dll » CAB » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP121\A0007756.msi » MSI » prinstaller.cab » CAB » prmrsr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP121\A0007757.msi » MSI » prinstaller.cab » CAB » prmrsr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP122\A0007785.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP122\A0007786.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP127\A0007861.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP127\A0007864.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP130\A0008066.exe - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP130\A0008095.exe » RAR » 32788R22FWJFW\badclsid.c - archive damaged
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP131\A0008185.exe - probably a variant of Win32/Spy.Agent trojan
C:\WINDOWS\system32\config\system.LOG - error opening
C:\WINDOWS\system32\config\software.LOG - error opening
C:\WINDOWS\system32\config\default.LOG - error opening
C:\WINDOWS\system32\config\SECURITY - error opening
C:\WINDOWS\system32\config\SAM - error opening
C:\WINDOWS\system32\config\SAM.LOG - error opening
C:\WINDOWS\system32\config\SECURITY.LOG - error opening
C:\WINDOWS\system32\config\SYSTEM - error opening
C:\WINDOWS\system32\config\SOFTWARE - error opening
C:\WINDOWS\system32\config\DEFAULT - error opening
C:\WINDOWS\system32\CatRoot2\tmp.edb - error opening
C:\WINDOWS\system32\CatRoot2\edb.log - error opening
C:\WINDOWS\system32\CatRoot2\edbtmp.log - error opening
C:\WINDOWS\Downloaded Installations\{887F33AB-C4E3-4DA7-8ED8-5D901D3AB1DB}\SGOOPE1.5.msi » MSI » Data1.cab » CAB » osenxpresources.dll » PECompact v2.xx - unpack error
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Documents and Settings\ayman\NTUSER.DAT - error opening
C:\Documents and Settings\ayman\ntuser.dat.LOG - error opening
C:\Documents and Settings\ayman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Documents and Settings\ayman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Documents and Settings\ayman\Local Settings\Application Data\Identities\{66445455-21AA-46A1-B6FD-FED91248E31E}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\My Documents\Downloads\Compressed\Hamam-Elnsaa-DVD.rar » RAR » Hamam-Elnsaa-DVD\
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
- error openingC:\Documents and Settings\ayman\My Documents\Downloads\Compressed\AfLaMElzeM.CoM-Satellite TV for PC 2009 Titanium Edition-l0st.rar » RAR » AfLaMElzeM.CoM-Satellite TV for PC 2009 Titanium Edition-l0st\Satellite TV for PC 2009 Titanium Edition\Sat.TV.For.PC.ED.2009.PF67.exe » INNO » file0403.bin - probably a variant of Win32/Spy.Agent trojan
C:\Documents and Settings\ayman\My Documents\Downloads\Compressed\نود اخر اصدار\opsetup.xpi » ZIP » opinstaller.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\ayman\My Documents\Downloads\Compressed\New Folder\yasur1.myegy.com.ewdp-prozac.part1.rar » RAR » yasur1.myegy.com.ewdp-prozac.rmvb - next archive volume not found
C:\Documents and Settings\ayman\My Documents\Downloads\Programs\AppRemover.exe » 7ZIP » AVSDKList.zip » ZIP » output.xml - error - password-protected file
C:\Documents and Settings\ayman\My Documents\Downloads\Programs\AppRemover.exe » 7ZIP » ManualUninstallConfig.zip » ZIP » out.xml - error - password-protected file
C:\Documents and Settings\ayman\Application Data\IDM\idmmzcc3\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\IDM\idmmzcc02\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/deploy/jqs/ff/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\ayman\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Internet Download Manager\idmmzcc.xpi » ZIP » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\reporter.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\No More Cut\AutoPlay\autorun.cdd » ZIP » _proj.dat - error - password-protected file
C:\Program Files\No More Cut\AutoPlay\autorun.cdd » ZIP » _detect.dat - error - password-protected file
C:\Program Files\No More Cut\AutoPlay\autorun.cdd » ZIP » _fonts.dat - error - password-protected file
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\America Online 8.0\Jiti\Viewpoint.exe » NSIS - unpack error
C:\Program Files\OpinionSquare\opnsqr.exe - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP107\A0006433.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP107\A0006436.dll » CAB » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP109\A0006458.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP109\A0006468.exe - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP110\A0006502.msi » MSI » prinstaller.cab » CAB » prmrsr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP110\A0006503.msi » MSI » prinstaller.cab » CAB » prmrsr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP111\A0006525.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP111\A0006526.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP114\A0006573.exe - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP116\A0006626.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP118\A0006646.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP118\A0006654.dll » CAB » chrome.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP121\A0007756.msi » MSI » prinstaller.cab » CAB » prmrsr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP121\A0007757.msi » MSI » prinstaller.cab » CAB » prmrsr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP122\A0007785.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP122\A0007786.msi » MSI » opinstaller.cab » CAB » opnsqr - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP127\A0007861.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP127\A0007864.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP130\A0008066.exe - probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP130\A0008095.exe » RAR » 32788R22FWJFW\badclsid.c - archive damaged
C:\System Volume Information\_restore{F7B36CFD-BF9A-4C77-B054-7E0823EE51B9}\RP131\A0008185.exe - probably a variant of Win32/Spy.Agent trojan
تأييد
0
احمد حسن شلقام
زيزوومي نشيط
- إنضم
- 24 فبراير 2008
- المشاركات
- 147
- مستوى التفاعل
- 30
- النقاط
- 180
غير متصل
تأييد
0
MAAX
عضوشرف
غير متصل
عطل استعادة النظام حسب الشرح التالي
ثم
ثم
حمل اداة الكاسبر من الرابط التالي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
تأييد
0