سما الروح
زيزوومي نشيط
- إنضم
- 31 مايو 2009
- المشاركات
- 119
- مستوى التفاعل
- 0
- النقاط
- 120
غير متصل
- بادئ الموضوع سما الروح
- تاريخ البدء
- 1,775
format
زيزوومي ماسى
غير متصل
و عليكم السلام و رحمة الله و بركته ...
حياك الله ...
أعمل التالي ...
حمل هذه الأداة ...
شغلها و روح على [ Do a system scan and save log ] ...
شوي و يعطيك تقرير داخل مفكرة ...
أنسخه كاملا ً ... و بشكل صحيح ...
و لصقه في ردك القادم ...
حياك الله ...
أعمل التالي ...
حمل هذه الأداة ...
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغلها و روح على [ Do a system scan and save log ] ...
شوي و يعطيك تقرير داخل مفكرة ...
أنسخه كاملا ً ... و بشكل صحيح ...
و لصقه في ردك القادم ...
توقيع : format
تأييد
0
سما الروح
زيزوومي نشيط
- إنضم
- 31 مايو 2009
- المشاركات
- 119
- مستوى التفاعل
- 0
- النقاط
- 120
غير متصل
مشكووووووووووور ع الرد
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:28 ص, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Siemens\reader_s.exe
C:\program Files\MicPhone\antit.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sopidkc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\undlh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Siemens\My Documents\ادوات\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Siemens\reader_s.exe
O4 - HKCU\..\Run: [shv] C:\program Files\MicPhone\antit.exe
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-1196570488-3115301302-219612191-4315\service.exe
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\progra~1\MicPhone\antit.dll
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: خدمة تحديث Google (gupdate1c9e25748145436) (gupdate1c9e25748145436) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 9495 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:28 ص, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Siemens\reader_s.exe
C:\program Files\MicPhone\antit.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sopidkc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\undlh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Siemens\My Documents\ادوات\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Siemens\reader_s.exe
O4 - HKCU\..\Run: [shv] C:\program Files\MicPhone\antit.exe
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-1196570488-3115301302-219612191-4315\service.exe
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\progra~1\MicPhone\antit.dll
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: خدمة تحديث Google (gupdate1c9e25748145436) (gupdate1c9e25748145436) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 9495 bytes
توقيع : سما الروح
تأييد
0
format
زيزوومي ماسى
غير متصل
قم بحدف التالي
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Siemens\reader_s.exe
O4 - HKCU\..\Run: [shv] C:\program Files\MicPhone\antit.exe
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-1196570488-3115301302-219612191-4315
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Siemens\reader_s.exe
O4 - HKCU\..\Run: [shv] C:\program Files\MicPhone\antit.exe
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-1196570488-3115301302-219612191-4315
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
توقيع : format
تأييد
0
format
زيزوومي ماسى
غير متصل
طريقة الحذف للاكس بي
بعدين استخدم ها الادوات
التحميل من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
بعدين
عطل جميع برامج الحمايه ,,
نزل هذه الاداة
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
التعديل الأخير بواسطة المشرف:
توقيع : format
تأييد
0
سما الروح
زيزوومي نشيط
- إنضم
- 31 مايو 2009
- المشاركات
- 119
- مستوى التفاعل
- 0
- النقاط
- 120
غير متصل
ComboFix 09-05-31.05 - Siemens 06/01/2009 10:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.985.598 [GMT 3:00]
Running from: c:\documents and settings\Siemens\My Documents\ادوات\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Siemens\Application Data\fbsipvda.dll
c:\documents and settings\Siemens\reader_s.exe
c:\windows\dhcp\svchost.exe
c:\windows\IE4 Error Log.txt
c:\windows\KBPK090601.log
c:\windows\system32\3361
c:\windows\system32\3361\mlog
c:\windows\system32\3361\SVCHOST.EXE
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\dncyool64.sys
c:\windows\system32\dpcxool64.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\Iasv32.dll
c:\windows\system32\msncache.dll
c:\windows\system32\ntalme.sys
c:\windows\system32\reader_s.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wtukd32.exe
c:\windows\TEMP\mta106172.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_dhcpsrv
-------\Legacy_ias
-------\Legacy_kspamox
-------\Legacy_msncache
-------\Legacy_ntalme
-------\Legacy_sopidkc
-------\Service_dhcpsrv
-------\Service_ias
-------\Service_kspamox
-------\Service_msncache
-------\Service_ntalme
-------\Service_sopidkc
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.
2009-06-01 07:35 . 2009-06-01 07:37 82475 ----a-w- C:\oltci.exe
2009-06-01 07:22 . 2009-06-01 07:51 115660 ----a-w- c:\windows\system32\drivers\6e910b49.sys
2009-06-01 06:27 . 2009-06-01 07:51 115660 ----a-w- c:\windows\system32\drivers\4a207baf.sys
2009-06-01 06:26 . 2009-06-01 06:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-06-01 05:34 . 2009-06-01 05:34 -------- d-----w- c:\program files\Ask Search Assistant
2009-06-01 05:07 . 2009-06-01 07:37 705 ----a-w- C:\pehbb.exe
2009-06-01 05:06 . 2009-06-01 07:37 7168 ----a-w- C:\undlh.exe
2009-06-01 04:47 . 2009-06-01 07:45 -------- d-----w- c:\windows\dhcp
2009-06-01 04:45 . 2009-06-01 04:45 -------- d-sh--r- c:\program files\MicPhone
2009-06-01 04:45 . 2009-06-01 04:45 705 ----a-w- C:\efmwq.exe
2009-06-01 04:44 . 2009-06-01 07:51 115660 ----a-w- c:\windows\system32\drivers\396e5109.sys
2009-06-01 04:44 . 2009-06-01 04:44 7168 ----a-w- C:\ggqkybn.exe
2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Real
2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-01 01:21 . 2009-06-01 01:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-30 14:08 . 2009-05-30 21:24 30720 ----a-w- c:\documents and settings\Siemens\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-05-30 14:08 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Siemens\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-05-30 02:12 . 2009-05-30 02:12 -------- d-----w- c:\documents and settings\Siemens\Application Data\COWON
2009-05-30 02:10 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Siemens\Application Data\Macromedia\Flash Player\
2009-05-28 21:33 . 2009-05-28 21:33 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-28 21:33 . 2009-05-28 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-28 19:14 . 2009-05-28 19:14 -------- d-----w- c:\documents and settings\Siemens\Application Data\vlc
2009-05-28 19:07 . 2009-05-28 19:07 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\ACD Systems
2009-05-28 19:07 . 2009-05-28 19:07 -------- d-----w- c:\documents and settings\Siemens\Application Data\ACD Systems
2009-05-28 18:51 . 2009-05-28 18:51 -------- d-----w- c:\documents and settings\Siemens\Application Data\Media Player Classic
2009-05-28 18:12 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-28 15:51 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 14:17 . 2001-09-18 10:38 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-28 14:17 . 2001-09-18 10:38 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-28 14:17 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-28 14:17 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-28 14:12 . 2009-05-28 14:12 -------- d-s---w- c:\documents and settings\Siemens\UserData
2009-05-28 11:52 . 2009-05-28 11:52 152576 ----a-w- c:\documents and settings\Siemens\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-28 11:47 . 2009-05-28 11:47 -------- d-----w- c:\windows\Sun
2009-05-28 08:58 . 2009-05-28 17:01 -------- d--h--w- c:\windows\$hf_mig$
2009-05-27 21:16 . 2009-05-27 21:16 390664 ----a-w- c:\documents and settings\Siemens\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-27 18:18 . 2009-05-27 18:18 -------- d-----w- c:\documents and settings\Siemens\Contacts
2009-05-27 05:21 . 2009-05-27 05:21 -------- d-----w- c:\documents and settings\Siemens\Application Data\Yahoo!
2009-05-27 05:21 . 2009-05-27 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-27 05:21 . 2009-06-01 01:32 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 07:39 . 2001-09-19 15:00 40180 ----a-w- c:\windows\system32\perfc001.dat
2009-06-01 07:39 . 2001-09-19 15:00 251750 ----a-w- c:\windows\system32\perfh001.dat
2009-06-01 07:32 . 2009-06-01 07:16 -------- d-----w- c:\documents and settings\Siemens\Application Data\cleaner
2009-06-01 07:16 . 2009-06-01 07:16 -------- d-----w- c:\documents and settings\Siemens\Application Data\CyberScrub
2009-06-01 06:26 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\Siemens\Application Data\Skype
2009-06-01 06:23 . 2009-05-26 16:55 -------- d-----w- c:\program files\Google
2009-06-01 05:01 . 2009-05-26 17:04 -------- d-----w- c:\program files\MSN Messenger
2009-06-01 04:45 . 2004-08-03 23:14 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-01 01:22 . 2009-05-26 16:32 -------- d-----w- c:\program files\Common Files\Real
2009-06-01 01:22 . 2009-05-26 16:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-01 01:22 . 2009-05-26 16:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-30 22:14 . 2009-05-26 17:06 -------- d-----w- c:\program files\Windows Live
2009-05-28 18:13 . 2009-05-26 15:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-28 11:54 . 2009-05-26 16:58 -------- d-----w- c:\program files\Java
2009-05-27 22:46 . 2009-05-26 17:11 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-26 17:20 . 2009-05-26 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-05-26 17:20 . 2009-05-26 17:15 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-26 17:15 . 2009-05-26 17:15 -------- d-----w- c:\program files\Nero
2009-05-26 17:15 . 2009-05-26 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\program files\VideoLAN
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\program files\Skype
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\Siemens\Application Data\Paltalk
2009-05-26 17:04 . 2009-05-26 17:04 94632 ----a-w- c:\documents and settings\Siemens\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 17:03 . 2009-05-26 17:03 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-26 17:03 . 2009-05-26 17:03 -------- d-----w- c:\program files\mpegable
2009-05-26 17:00 . 2009-05-26 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-26 16:59 . 2009-05-26 16:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\Common Files\COWON
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\JetAudio
2009-05-26 16:58 . 2009-05-26 15:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 16:57 . 2009-05-26 16:57 2232 ----a-w- c:\windows\java\Packages\Data\Z71FJ5JN.DAT
2009-05-26 16:57 . 2009-05-26 16:57 155995 ----a-w- c:\windows\java\Packages\BNRZRPJB.ZIP
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\ZNX3NLF9.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\G9N93RFZ.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\S7VDZ3TV.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\NV9BTVB5.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\IAZ7J3XR.DAT
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\documents and settings\Siemens\Application Data\GRETECH
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\program files\GRETECH
2009-05-26 16:50 . 2009-05-26 16:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-26 16:47 . 2009-05-26 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 16:35 . 2009-05-26 16:35 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 16:32 . 2009-05-26 16:32 -------- d-----w- c:\program files\Real
2009-05-26 16:31 . 2009-05-26 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-26 16:31 . 2009-05-26 16:31 -------- d-----w- c:\program files\CyberLink
2009-05-26 16:29 . 2009-05-26 16:29 -------- d-----w- c:\program files\Microsoft.NET
2009-05-26 16:28 . 2009-05-26 16:28 -------- d-----w- c:\program files\Microsoft Works
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\Yahoo!
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\ACD Systems
2009-05-26 16:15 . 2009-05-26 16:15 -------- d-----w- c:\documents and settings\Siemens\Application Data\TOSHIBA
2009-05-26 16:09 . 2009-05-26 16:09 -------- d-----w- c:\program files\Toshiba
2009-05-26 16:06 . 2009-05-26 16:06 -------- d-----w- c:\program files\Launch Manager
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\program files\Atheros
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2009-05-26 16:04 . 2009-05-26 16:04 251 ----a-w- c:\windows\xUninstall.bat
2009-05-26 16:03 . 2009-05-26 16:03 -------- d-----w- c:\documents and settings\Siemens\Application Data\InstallShield
2009-05-26 16:02 . 2009-05-26 16:02 -------- d-----w- c:\program files\Synaptics
2009-05-26 16:02 . 2009-05-26 15:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-26 15:59 . 2009-05-26 15:59 -------- d-----w- c:\program files\Motorola
2009-05-26 15:57 . 2009-05-26 15:57 -------- d-----w- c:\program files\Realtek
2009-05-26 15:57 . 2009-05-26 15:57 315392 ----a-w- c:\windows\HideWin.exe
2009-05-26 15:53 . 2009-05-26 15:53 -------- d-----w- c:\program files\Intel
2009-05-26 15:45 . 2009-05-26 15:45 -------- d-----w- c:\program files\microsoft frontpage
2009-05-26 15:42 . 2009-05-26 15:42 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-09 02:19 . 2009-05-26 16:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2004-08-04 00:55 . 2004-08-04 00:55 161547 --sha-r- c:\windows\system32\qyfmcoq.dll
.
------- Sigcheck -------
[-] 2009-06-01 04:45 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\dllcache\ndis.sys
[-] 2009-06-01 04:45 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-06-26 20005928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-11-29 5724184]
"shv"="c:\program files\MicPhone\antit.exe" [2009-06-01 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-01 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2006-05-04 2808832]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-26 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\MicPhone\antit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3621:TCP"= 3621:TCP:fsdueguw
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/04/2008 05:55 م 84240]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [26/05/2009 07:06 م 118784]
S2 dqqojium;Windows Support;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:56 ص 14336]
S2 gupdate1c9e25748145436;خدمة تحديث Google (gupdate1c9e25748145436);c:\program files\Google\Update\GoogleUpdate.exe [01/06/2009 04:21 ص 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dqqojium
.
Contents of the 'Scheduled Tasks' folder
2009-06-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 01:21]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
SafeBoot-procexp90.sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plusnetwork.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-06-01 10:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?x???0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A?`??????????????w?h@???????????????A??X????????A???@??J??vs@??J????????@??J?????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A?`??????????????w?h@???????????????A??X????????A???@??J??vs@??J????????@??J?????
Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A?`??????????????w?h@???????????????A??X????????A???@??J??vs@??J????????@??J?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\396e5109]
"ImagePath"="\SystemRoot\System32\drivers\396e5109.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4a207baf]
"ImagePath"="\SystemRoot\System32\drivers\4a207baf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6e910b49]
"ImagePath"="\SystemRoot\System32\drivers\6e910b49.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dqqojium]
"ServiceDll"="c:\windows\system32\qyfmcoq.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2948)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-01 10:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 07:52
Pre-Run: 75,861,000,192 bytes free
Post-Run: 75,807,928,320 bytes free
293 --- E O F --- 2009-05-28 17:41
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.985.598 [GMT 3:00]
Running from: c:\documents and settings\Siemens\My Documents\ادوات\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Siemens\Application Data\fbsipvda.dll
c:\documents and settings\Siemens\reader_s.exe
c:\windows\dhcp\svchost.exe
c:\windows\IE4 Error Log.txt
c:\windows\KBPK090601.log
c:\windows\system32\3361
c:\windows\system32\3361\mlog
c:\windows\system32\3361\SVCHOST.EXE
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\dncyool64.sys
c:\windows\system32\dpcxool64.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\Iasv32.dll
c:\windows\system32\msncache.dll
c:\windows\system32\ntalme.sys
c:\windows\system32\reader_s.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wtukd32.exe
c:\windows\TEMP\mta106172.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_dhcpsrv
-------\Legacy_ias
-------\Legacy_kspamox
-------\Legacy_msncache
-------\Legacy_ntalme
-------\Legacy_sopidkc
-------\Service_dhcpsrv
-------\Service_ias
-------\Service_kspamox
-------\Service_msncache
-------\Service_ntalme
-------\Service_sopidkc
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.
2009-06-01 07:35 . 2009-06-01 07:37 82475 ----a-w- C:\oltci.exe
2009-06-01 07:22 . 2009-06-01 07:51 115660 ----a-w- c:\windows\system32\drivers\6e910b49.sys
2009-06-01 06:27 . 2009-06-01 07:51 115660 ----a-w- c:\windows\system32\drivers\4a207baf.sys
2009-06-01 06:26 . 2009-06-01 06:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-06-01 06:21 . 2009-06-01 06:21 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-06-01 05:34 . 2009-06-01 05:34 -------- d-----w- c:\program files\Ask Search Assistant
2009-06-01 05:07 . 2009-06-01 07:37 705 ----a-w- C:\pehbb.exe
2009-06-01 05:06 . 2009-06-01 07:37 7168 ----a-w- C:\undlh.exe
2009-06-01 04:47 . 2009-06-01 07:45 -------- d-----w- c:\windows\dhcp
2009-06-01 04:45 . 2009-06-01 04:45 -------- d-sh--r- c:\program files\MicPhone
2009-06-01 04:45 . 2009-06-01 04:45 705 ----a-w- C:\efmwq.exe
2009-06-01 04:44 . 2009-06-01 07:51 115660 ----a-w- c:\windows\system32\drivers\396e5109.sys
2009-06-01 04:44 . 2009-06-01 04:44 7168 ----a-w- C:\ggqkybn.exe
2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Real
2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-01 01:21 . 2009-06-01 01:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-30 14:08 . 2009-05-30 21:24 30720 ----a-w- c:\documents and settings\Siemens\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-05-30 14:08 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Siemens\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-05-30 02:12 . 2009-05-30 02:12 -------- d-----w- c:\documents and settings\Siemens\Application Data\COWON
2009-05-30 02:10 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Siemens\Application Data\Macromedia\Flash Player\
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
2009-05-28 21:33 . 2009-05-28 21:33 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-28 21:33 . 2009-05-28 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-28 19:14 . 2009-05-28 19:14 -------- d-----w- c:\documents and settings\Siemens\Application Data\vlc
2009-05-28 19:07 . 2009-05-28 19:07 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\ACD Systems
2009-05-28 19:07 . 2009-05-28 19:07 -------- d-----w- c:\documents and settings\Siemens\Application Data\ACD Systems
2009-05-28 18:51 . 2009-05-28 18:51 -------- d-----w- c:\documents and settings\Siemens\Application Data\Media Player Classic
2009-05-28 18:12 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-28 15:51 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 14:17 . 2001-09-18 10:38 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-28 14:17 . 2001-09-18 10:38 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-28 14:17 . 2001-08-17 11:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-05-28 14:17 . 2001-08-17 11:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-28 14:12 . 2009-05-28 14:12 -------- d-s---w- c:\documents and settings\Siemens\UserData
2009-05-28 11:52 . 2009-05-28 11:52 152576 ----a-w- c:\documents and settings\Siemens\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-28 11:47 . 2009-05-28 11:47 -------- d-----w- c:\windows\Sun
2009-05-28 08:58 . 2009-05-28 17:01 -------- d--h--w- c:\windows\$hf_mig$
2009-05-27 21:16 . 2009-05-27 21:16 390664 ----a-w- c:\documents and settings\Siemens\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-27 18:18 . 2009-05-27 18:18 -------- d-----w- c:\documents and settings\Siemens\Contacts
2009-05-27 05:21 . 2009-05-27 05:21 -------- d-----w- c:\documents and settings\Siemens\Application Data\Yahoo!
2009-05-27 05:21 . 2009-05-27 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-27 05:21 . 2009-06-01 01:32 -------- d-----w- c:\documents and settings\Siemens\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 07:39 . 2001-09-19 15:00 40180 ----a-w- c:\windows\system32\perfc001.dat
2009-06-01 07:39 . 2001-09-19 15:00 251750 ----a-w- c:\windows\system32\perfh001.dat
2009-06-01 07:32 . 2009-06-01 07:16 -------- d-----w- c:\documents and settings\Siemens\Application Data\cleaner
2009-06-01 07:16 . 2009-06-01 07:16 -------- d-----w- c:\documents and settings\Siemens\Application Data\CyberScrub
2009-06-01 06:26 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\Siemens\Application Data\Skype
2009-06-01 06:23 . 2009-05-26 16:55 -------- d-----w- c:\program files\Google
2009-06-01 05:01 . 2009-05-26 17:04 -------- d-----w- c:\program files\MSN Messenger
2009-06-01 04:45 . 2004-08-03 23:14 212480 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-01 01:22 . 2009-05-26 16:32 -------- d-----w- c:\program files\Common Files\Real
2009-06-01 01:22 . 2009-05-26 16:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-01 01:22 . 2009-05-26 16:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-30 22:14 . 2009-05-26 17:06 -------- d-----w- c:\program files\Windows Live
2009-05-28 18:13 . 2009-05-26 15:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-28 11:54 . 2009-05-26 16:58 -------- d-----w- c:\program files\Java
2009-05-27 22:46 . 2009-05-26 17:11 -------- d-----w- c:\program files\Paltalk Messenger
2009-05-26 17:20 . 2009-05-26 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-05-26 17:20 . 2009-05-26 17:15 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-26 17:15 . 2009-05-26 17:15 -------- d-----w- c:\program files\Nero
2009-05-26 17:15 . 2009-05-26 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\program files\VideoLAN
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\program files\Skype
2009-05-26 17:11 . 2009-05-26 17:11 -------- d-----w- c:\documents and settings\Siemens\Application Data\Paltalk
2009-05-26 17:04 . 2009-05-26 17:04 94632 ----a-w- c:\documents and settings\Siemens\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 17:03 . 2009-05-26 17:03 47104 ------w- c:\windows\AKDeInstall.exe
2009-05-26 17:03 . 2009-05-26 17:03 -------- d-----w- c:\program files\mpegable
2009-05-26 17:00 . 2009-05-26 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-26 16:59 . 2009-05-26 16:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\Common Files\COWON
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\JetAudio
2009-05-26 16:58 . 2009-05-26 15:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 16:57 . 2009-05-26 16:57 2232 ----a-w- c:\windows\java\Packages\Data\Z71FJ5JN.DAT
2009-05-26 16:57 . 2009-05-26 16:57 155995 ----a-w- c:\windows\java\Packages\BNRZRPJB.ZIP
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\ZNX3NLF9.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\G9N93RFZ.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\S7VDZ3TV.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\NV9BTVB5.DAT
2009-05-26 16:57 . 2009-05-26 16:57 2678 ----a-w- c:\windows\java\Packages\Data\IAZ7J3XR.DAT
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\documents and settings\Siemens\Application Data\GRETECH
2009-05-26 16:55 . 2009-05-26 16:55 -------- d-----w- c:\program files\GRETECH
2009-05-26 16:50 . 2009-05-26 16:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-26 16:47 . 2009-05-26 16:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-26 16:35 . 2009-05-26 16:35 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 16:32 . 2009-05-26 16:32 -------- d-----w- c:\program files\Real
2009-05-26 16:31 . 2009-05-26 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-26 16:31 . 2009-05-26 16:31 -------- d-----w- c:\program files\CyberLink
2009-05-26 16:29 . 2009-05-26 16:29 -------- d-----w- c:\program files\Microsoft.NET
2009-05-26 16:28 . 2009-05-26 16:28 -------- d-----w- c:\program files\Microsoft Works
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\Yahoo!
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-26 16:24 . 2009-05-26 16:24 -------- d-----w- c:\program files\ACD Systems
2009-05-26 16:15 . 2009-05-26 16:15 -------- d-----w- c:\documents and settings\Siemens\Application Data\TOSHIBA
2009-05-26 16:09 . 2009-05-26 16:09 -------- d-----w- c:\program files\Toshiba
2009-05-26 16:06 . 2009-05-26 16:06 -------- d-----w- c:\program files\Launch Manager
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\program files\Atheros
2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2009-05-26 16:04 . 2009-05-26 16:04 251 ----a-w- c:\windows\xUninstall.bat
2009-05-26 16:03 . 2009-05-26 16:03 -------- d-----w- c:\documents and settings\Siemens\Application Data\InstallShield
2009-05-26 16:02 . 2009-05-26 16:02 -------- d-----w- c:\program files\Synaptics
2009-05-26 16:02 . 2009-05-26 15:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-26 15:59 . 2009-05-26 15:59 -------- d-----w- c:\program files\Motorola
2009-05-26 15:57 . 2009-05-26 15:57 -------- d-----w- c:\program files\Realtek
2009-05-26 15:57 . 2009-05-26 15:57 315392 ----a-w- c:\windows\HideWin.exe
2009-05-26 15:53 . 2009-05-26 15:53 -------- d-----w- c:\program files\Intel
2009-05-26 15:45 . 2009-05-26 15:45 -------- d-----w- c:\program files\microsoft frontpage
2009-05-26 15:42 . 2009-05-26 15:42 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-09 02:19 . 2009-05-26 16:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2004-08-04 00:55 . 2004-08-04 00:55 161547 --sha-r- c:\windows\system32\qyfmcoq.dll
.
------- Sigcheck -------
[-] 2009-06-01 04:45 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\dllcache\ndis.sys
[-] 2009-06-01 04:45 212480 1DDCD4F10C093B87A59A0FBA97E8462D c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-06-26 20005928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-29 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-11-29 5724184]
"shv"="c:\program files\MicPhone\antit.exe" [2009-06-01 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-01 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2006-05-04 2808832]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-26 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\MicPhone\antit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3621:TCP"= 3621:TCP:fsdueguw
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/04/2008 05:55 م 84240]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [26/05/2009 07:06 م 118784]
S2 dqqojium;Windows Support;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 03:56 ص 14336]
S2 gupdate1c9e25748145436;خدمة تحديث Google (gupdate1c9e25748145436);c:\program files\Google\Update\GoogleUpdate.exe [01/06/2009 04:21 ص 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dqqojium
.
Contents of the 'Scheduled Tasks' folder
2009-06-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 01:21]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
SafeBoot-procexp90.sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plusnetwork.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-06-01 10:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?x???0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A?`??????????????w?h@???????????????A??X????????A???@??J??vs@??J????????@??J?????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A?`??????????????w?h@???????????????A??X????????A???@??J??vs@??J????????@??J?????
Wbutton = c:\program files\Launch Manager\WButton.exe?????0???\???????0??????????????|???|???????|????????L????????J????F?????????????h?????????????B????????|p??|????m??|??A???????????A?`??????????????w?h@???????????????A??X????????A???@??J??vs@??J????????@??J?????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\396e5109]
"ImagePath"="\SystemRoot\System32\drivers\396e5109.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4a207baf]
"ImagePath"="\SystemRoot\System32\drivers\4a207baf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6e910b49]
"ImagePath"="\SystemRoot\System32\drivers\6e910b49.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dqqojium]
"ServiceDll"="c:\windows\system32\qyfmcoq.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2948)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-01 10:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 07:52
Pre-Run: 75,861,000,192 bytes free
Post-Run: 75,807,928,320 bytes free
293 --- E O F --- 2009-05-28 17:41
توقيع : سما الروح
تأييد
0
format
زيزوومي ماسى
غير متصل
حمل هذهالأداة ...
شغلهاو روح على [ Do a system scan and save log ] ...
شوي و يعطيك تقريرداخل مفكرة ...
أنسخه كاملاً ... و بشكل صحيح ...
و لصقه في ردكالقادم ...
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
شغلهاو روح على [ Do a system scan and save log ] ...
شوي و يعطيك تقريرداخل مفكرة ...
أنسخه كاملاً ... و بشكل صحيح ...
و لصقه في ردكالقادم ...
توقيع : format
تأييد
0
سما الروح
زيزوومي نشيط
- إنضم
- 31 مايو 2009
- المشاركات
- 119
- مستوى التفاعل
- 0
- النقاط
- 120
غير متصل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:41 م, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program Files\MicPhone\antit.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
F:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [shv] C:\program Files\MicPhone\antit.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\progra~1\MicPhone\antit.dll
O23 - Service: خدمة تحديث Google (gupdate1c9e25748145436) (gupdate1c9e25748145436) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 8156 bytes
Scan saved at 12:17:41 م, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program Files\MicPhone\antit.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
F:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [shv] C:\program Files\MicPhone\antit.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\progra~1\MicPhone\antit.dll
O23 - Service: خدمة تحديث Google (gupdate1c9e25748145436) (gupdate1c9e25748145436) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
--
End of file - 8156 bytes
توقيع : سما الروح
تأييد
0
format
زيزوومي ماسى
غير متصل
أغلق برنامج الحماية
و قم بتعطيل استعادة النظام كما في الشرح
حمل الأداة من هنا
أو
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم ألصقه بردك القادم
و قم بتعطيل استعادة النظام كما في الشرح
حمل الأداة من هنا
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
أو
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل
تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير
ثم ألصقه بردك القادم
توقيع : format
تأييد
0
