ساااعوني في برنامج الحمايه avg

ب

بطبعي حيرتهم

زيزوومي جديد
إنضم
9 مايو 2009
المشاركات
55
مستوى التفاعل
0
النقاط
50
غير متصل
السلام عليكم
ياااجماااعه شووفولي حل تعبت وزهقت
بعد ماحملت برنامج الحمايه avgوخلاص تثبت صارت تطلعلي كل شوي صفحااات غريبه بالانجلش
فياليت تلقولي حل
انا برفع الصور وانتوووو شوفوهااا
بس ابي رد عااااااااااااااااجل
URL%5D


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

URL%5D


 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : Corporation
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:08:38 ص, on 27/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\STacSV.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 9178 bytes
 
تأييد 0
بعد مااحمل البرنامج .احذفه
 
تأييد 0
عطل برنامج الحماية لديك


نزل هذه الاداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة

 
توقيع : Corporation
تأييد 0
ComboFix 09-06-26.02 - Administrator 06/27/2009 8:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2046.1368 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 05:06 . 2009-06-27 05:06 -------- d-----w- c:\program files\Trend Micro
2009-06-27 03:30 . 2009-06-27 03:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\windows\system32\scripting
2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\windows\system32\en
2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\windows\system32\bits
2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\windows\l2schemas
2009-06-26 14:51 . 2009-06-26 14:51 -------- d-----w- c:\windows\ServicePackFiles
2009-06-25 02:36 . 2009-06-25 02:36 -------- d-sh--w- C:\found.000
2009-06-23 19:26 . 2008-04-14 00:12 73796 ------w- c:\windows\system32\slserv.exe
2009-06-23 19:25 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-06-23 19:24 . 2008-04-14 00:11 39936 ------w- c:\windows\system32\dimsroam.dll
2009-06-23 02:17 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\log
2009-06-23 01:42 . 2009-06-23 01:42 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-06-23 01:20 . 2009-06-14 13:08 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-23 01:08 . 2009-06-23 01:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-06-23 01:03 . 2009-06-23 01:03 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-23 01:03 . 2009-06-23 01:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 01:03 . 2009-06-23 01:03 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-23 01:03 . 2009-06-23 01:03 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 01:03 . 2009-06-23 01:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 01:03 . 2009-06-26 23:26 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-23 01:03 . 2009-06-23 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-23 01:03 . 2009-06-23 01:03 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-06-23 01:03 . 2009-06-23 01:03 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-06-23 00:04 . 2009-06-23 00:04 -------- d-----w- c:\documents and settings\Administrator\log
2009-06-23 00:00 . 2009-06-23 01:03 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-22 23:48 . 2009-06-22 23:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-22 23:48 . 2009-06-22 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-22 22:14 . 2009-06-26 15:06 5526 ----a-w- c:\windows\system32\plusc.exe
2009-06-22 21:46 . 2009-06-22 21:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-06-22 16:02 . 2009-06-22 16:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-22 15:54 . 2009-06-22 15:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-22 15:52 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-22 15:52 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-22 15:52 . 2009-06-22 15:52 -------- d-----w- c:\windows\ie8updates
2009-06-22 15:52 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-22 15:50 . 2009-06-22 15:51 -------- dc-h--w- c:\windows\ie8
2009-06-22 15:50 . 2009-06-26 23:25 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-22 15:02 . 2009-06-22 15:02 -------- d-----w- c:\program files\AVG
2009-06-22 13:39 . 2009-06-23 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-20 22:06 . 2009-06-20 22:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-06-20 15:09 . 2009-06-20 15:09 -------- d-----w- c:\windows\Sun
2009-06-20 14:23 . 2009-06-20 14:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\COWON
2009-06-20 05:28 . 2009-06-20 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-20 04:16 . 2009-06-20 04:17 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-20 04:09 . 2009-06-20 04:09 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-20 03:50 . 2009-06-20 03:51 2926768 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 14:56 . 2008-08-18 14:46 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-23 00:20 . 2009-03-05 14:09 -------- d-----w- c:\program files\Internet Download Manager
2009-06-20 15:49 . 2008-07-16 20:25 -------- d-----w- c:\program files\Yahoo!
2009-06-20 06:07 . 2009-03-05 14:08 -------- d-----w- c:\program files\Google
2009-06-20 06:03 . 2009-04-08 00:02 -------- d-----w- c:\program files\BitComet
2009-06-20 03:51 . 2009-03-05 14:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-05-22 19:31 . 2009-04-08 00:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer
2009-05-22 19:28 . 2009-04-07 23:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon
2009-05-22 19:14 . 2009-05-22 19:14 390664 ----a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-13 05:15 . 2004-08-03 21:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 21:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-03 20:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 21:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 00:35 . 2009-04-08 00:35 0 ----a-w- c:\windows\nsreg.dat
2009-04-08 00:19 . 2009-03-05 14:11 95608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 00:14 . 2009-04-08 00:14 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-04-08 00:14 . 2009-04-08 00:14 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-04-08 00:13 . 2009-03-05 14:25 76 --sh--r- c:\windows\CT4CET.bin
2009-04-08 00:06 . 2009-04-08 00:06 192784 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 00:05 . 2009-04-08 00:05 47104 ------w- c:\windows\AKDeInstall.exe
2009-04-08 00:03 . 2009-04-08 00:04 286720 ----a-w- c:\windows\iun503.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-27_05.48.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 05:48 . 2008-10-16 11:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-27 05:48 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-27 05:48 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-27 05:48 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 05:48 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-27 05:48 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-27 05:48 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-27 05:48 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-27 05:48 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-27 05:48 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-27 05:48 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-27 05:48 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-27 05:48 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 13:08 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-06-20 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-16 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-07-16 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-23 01:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19607:TCP"= 19607:TCP:BitComet 19607 TCP
"19607:UDP"= 19607:UDP:BitComet 19607 UDP

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [26/02/2009 12:46 م 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [23/06/2009 04:03 ص 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/06/2009 04:03 ص 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/06/2009 04:03 ص 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/06/2009 04:03 ص 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [23/06/2009 04:03 ص 1368952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [26/02/2009 12:46 م 5576712]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [26/02/2009 12:46 م 563720]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 06:19 م 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [23/06/2009 04:03 ص 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [26/02/2009 12:46 م 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [26/02/2009 12:46 م 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [26/02/2009 12:46 م 27232]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [08/04/2009 03:15 ص 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [08/04/2009 03:15 ص 7424]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [23/06/2009 04:03 ص 29208]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [17/07/2008 05:28 م 108032]
S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [08/04/2009 03:15 ص 141376]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5C6E6E98-FBF6-A675-B4C7-FC3FB5B04F08}]
c:\windows\system32\msn.exe
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 15:20]

2009-06-27 c:\windows\Tasks\User_Feed_Synchronization-{22165FCC-FBA9-47AF-9A25-29887B2D1C5E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6yrx7ss7.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-27 08:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP000000C72E83E1DFBBFD8B3A 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-606747145-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,9d,6f,51,5b,94,8e,41,81,0e,c9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,9d,6f,51,5b,94,8e,41,81,0e,c9,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1be7ad27-c451-4894-93b4-683d48def1e3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000142
"Therad"=dword:00000021
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,9f,46,7f,70,ce,85,4f,b9,8a,e1,ca,7b,28,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):91,c9,4c,38,a2,5a,bf,33,2e,07,d4,6c,83,63,06,6e,83,78,0b,3d,0f,
eb,38,3e,7b,7d,4d,f3,f7,d7,66,91,17,71,78,a0,38,59,e5,3d,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2372)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-27 8:56
ComboFix-quarantined-files.txt 2009-06-27 05:56
ComboFix2.txt 2009-06-27 05:49

Pre-Run: 37,815,099,392 bytes free
Post-Run: 37,798,916,096 bytes free

256 --- E O F --- 2009-06-26 15:05
 
تأييد 0
التقرير الي قبله مانتبهت ماعطلت برنامج الحمايه
وهذا التقرير بعد ماعطلت برنامج الحمااايه
ComboFix 09-06-26.02 - Administrator 06/27/2009 8:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2046.1354 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 05:06 . 2009-06-27 05:06 -------- d-----w- c:\program files\Trend Micro
2009-06-27 03:30 . 2009-06-27 03:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\windows\system32\scripting
2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\windows\system32\en
2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\windows\system32\bits
2009-06-26 14:54 . 2009-06-26 14:54 -------- d-----w- c:\windows\l2schemas
2009-06-26 14:51 . 2009-06-26 14:51 -------- d-----w- c:\windows\ServicePackFiles
2009-06-25 02:36 . 2009-06-25 02:36 -------- d-sh--w- C:\found.000
2009-06-23 19:26 . 2008-04-14 00:12 73796 ------w- c:\windows\system32\slserv.exe
2009-06-23 19:25 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-06-23 19:24 . 2008-04-14 00:11 39936 ------w- c:\windows\system32\dimsroam.dll
2009-06-23 02:17 . 2009-06-23 02:17 -------- d-----w- c:\documents and settings\log
2009-06-23 01:42 . 2009-06-23 01:42 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-06-23 01:20 . 2009-06-14 13:08 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-23 01:08 . 2009-06-23 01:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2009-06-23 01:03 . 2009-06-23 01:03 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-06-23 01:03 . 2009-06-23 01:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 01:03 . 2009-06-23 01:03 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-23 01:03 . 2009-06-23 01:03 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 01:03 . 2009-06-23 01:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 01:03 . 2009-06-26 23:26 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-23 01:03 . 2009-06-23 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-23 01:03 . 2009-06-23 01:03 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-06-23 01:03 . 2009-06-23 01:03 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-06-23 00:04 . 2009-06-23 00:04 -------- d-----w- c:\documents and settings\Administrator\log
2009-06-23 00:00 . 2009-06-23 01:03 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-22 23:48 . 2009-06-22 23:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-22 23:48 . 2009-06-22 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-22 22:14 . 2009-06-26 15:06 5526 ----a-w- c:\windows\system32\plusc.exe
2009-06-22 21:46 . 2009-06-22 21:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-06-22 16:02 . 2009-06-22 16:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-22 15:54 . 2009-06-22 15:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-22 15:52 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-22 15:52 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-22 15:52 . 2009-06-22 15:52 -------- d-----w- c:\windows\ie8updates
2009-06-22 15:52 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-22 15:50 . 2009-06-22 15:51 -------- dc-h--w- c:\windows\ie8
2009-06-22 15:50 . 2009-06-26 23:25 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-22 15:02 . 2009-06-22 15:02 -------- d-----w- c:\program files\AVG
2009-06-22 13:39 . 2009-06-23 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-20 22:06 . 2009-06-20 22:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-06-20 15:09 . 2009-06-20 15:09 -------- d-----w- c:\windows\Sun
2009-06-20 14:23 . 2009-06-20 14:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\COWON
2009-06-20 05:28 . 2009-06-20 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-20 04:16 . 2009-06-20 04:17 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-20 04:09 . 2009-06-20 04:09 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-20 03:50 . 2009-06-20 03:51 2926768 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 14:56 . 2008-08-18 14:46 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-23 00:20 . 2009-03-05 14:09 -------- d-----w- c:\program files\Internet Download Manager
2009-06-20 15:49 . 2008-07-16 20:25 -------- d-----w- c:\program files\Yahoo!
2009-06-20 06:07 . 2009-03-05 14:08 -------- d-----w- c:\program files\Google
2009-06-20 06:03 . 2009-04-08 00:02 -------- d-----w- c:\program files\BitComet
2009-06-20 03:51 . 2009-03-05 14:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-05-22 19:31 . 2009-04-08 00:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer
2009-05-22 19:28 . 2009-04-07 23:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Desktopicon
2009-05-22 19:14 . 2009-05-22 19:14 390664 ----a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-13 05:15 . 2004-08-03 21:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-03 21:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-03 20:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 21:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 00:35 . 2009-04-08 00:35 0 ----a-w- c:\windows\nsreg.dat
2009-04-08 00:19 . 2009-03-05 14:11 95608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 00:14 . 2009-04-08 00:14 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-04-08 00:14 . 2009-04-08 00:14 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-04-08 00:13 . 2009-03-05 14:25 76 --sh--r- c:\windows\CT4CET.bin
2009-04-08 00:06 . 2009-04-08 00:06 192784 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 00:05 . 2009-04-08 00:05 47104 ------w- c:\windows\AKDeInstall.exe
2009-04-08 00:03 . 2009-04-08 00:04 286720 ----a-w- c:\windows\iun503.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-27_05.48.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 05:48 . 2008-10-16 11:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-27 05:48 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-27 05:48 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-27 05:48 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 05:48 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-27 05:48 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-27 05:48 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-27 05:48 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-27 05:48 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-27 05:48 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-27 05:48 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-27 05:48 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-27 05:48 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-27 05:48 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-27 05:48 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 13:08 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-06-20 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-16 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-07-16 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-23 01:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19607:TCP"= 19607:TCP:BitComet 19607 TCP
"19607:UDP"= 19607:UDP:BitComet 19607 UDP

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [26/02/2009 12:46 م 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [23/06/2009 04:03 ص 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/06/2009 04:03 ص 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/06/2009 04:03 ص 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/06/2009 04:03 ص 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [23/06/2009 04:03 ص 1368952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [26/02/2009 12:46 م 5576712]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [26/02/2009 12:46 م 563720]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 06:19 م 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [23/06/2009 04:03 ص 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [26/02/2009 12:46 م 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [26/02/2009 12:46 م 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [26/02/2009 12:46 م 27232]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [08/04/2009 03:15 ص 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [08/04/2009 03:15 ص 7424]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [23/06/2009 04:03 ص 29208]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [17/07/2008 05:28 م 108032]
S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [08/04/2009 03:15 ص 141376]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5C6E6E98-FBF6-A675-B4C7-FC3FB5B04F08}]
c:\windows\system32\msn.exe
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 15:20]

2009-06-27 c:\windows\Tasks\User_Feed_Synchronization-{22165FCC-FBA9-47AF-9A25-29887B2D1C5E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6yrx7ss7.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-27 09:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000010939B445DFE756D348 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-606747145-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,9d,6f,51,5b,94,8e,41,81,0e,c9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,9d,6f,51,5b,94,8e,41,81,0e,c9,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1be7ad27-c451-4894-93b4-683d48def1e3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000142
"Therad"=dword:00000021
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,9f,46,7f,70,ce,85,4f,b9,8a,e1,ca,7b,28,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):91,c9,4c,38,a2,5a,bf,33,2e,07,d4,6c,83,63,06,6e,83,78,0b,3d,0f,
eb,38,3e,7b,7d,4d,f3,f7,d7,66,91,17,71,78,a0,38,59,e5,3d,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(192)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvapi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-27 9:02
ComboFix-quarantined-files.txt 2009-06-27 06:01
ComboFix2.txt 2009-06-27 05:56
ComboFix3.txt 2009-06-27 05:49

Pre-Run: 37,812,129,792 bytes free
Post-Run: 37,796,118,528 bytes free

266 --- E O F --- 2009-06-26 15:05
 
تأييد 0
عطل استعادة النظام

وحمل اداة الكاسبر من الرابط التالي





يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او من هنا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل





تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير




zyzoom-3d6517b067.png




zyzoom-7717063ed7.png




zyzoom-cda271da05.png




zyzoom-26888dbf15.png




zyzoom-3f4576c288.png




ثم قوم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وارفع التقرير هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


 
التعديل الأخير بواسطة المشرف:
توقيع : Corporation
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى