ماذا يعني وجود ملف خطير ( يوحد صوره )

ن

نسيم نجد

زيزوومى متألق
إنضم
27 أغسطس 2007
المشاركات
342
مستوى التفاعل
35
النقاط
430
الموقع الالكتروني
www.zyzoom.org
غير متصل
مساء الخير لكل الاخوان الزيزوميين ..

هذه الصوره من برنامج الافيرا سكورتي ..

ودايما كل مااسوي فحص للكمبيوتر يظهر ملف امام كلمة خطر كما في الصوره ..

ولااعلم هل هو ملف مشبوه او فايروس او ماهو بالضبط ؟؟

مع ملاحظة انني عندما انصب الافيرا على اي جهاز واحيانا يكون الجهاز

لسا جديد وبعد مااسوي فحص يطلع كما في الصوره ..

مع انه النسخه منزلها انا من موقع الافيرا ..

i19560_.jpg
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
بصراحه أخي هذه الرساله تظهر لي أيضا بجهازي عندما كنت منصب الأفيرا ومن الشركه أيضا


لا أعلم مالمعنى منها وكان يخرج لي عدد الملفات (2)


ولكن على أي حال فلا داعي للخوف فهي ليست خطيره أيدا لاداعي للقلق


أتمنى من لهم خبره افادتنا


 
تأييد 0
حياك الله ...

أعمل التالي ...

حمل هذه الأداة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها و روح على [ Do a system scan and save log ] ...

شوي و يعطيك تقرير داخل مفكرة ...

أنسخه كاملا ً ... و بشكل صحيح ...

و لصقه في ردك القادم ...
 
توقيع : MMA_LORD_735
تأييد 0
مشكور اخوي زعيم الشعراء ..

وبارك الله فيك وبنتظار باقي المشاركات ..
 
تأييد 0
MMA_LORD_735 قال:
حياك الله ...

أعمل التالي ...

حمل هذه الأداة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها و روح على [ Do a system scan and save log ] ...

شوي و يعطيك تقرير داخل مفكرة ...

أنسخه كاملا ً ... و بشكل صحيح ...

و لصقه في ردك القادم ...
أنقر للتوسيع...

:u:
 
توقيع : MMA_LORD_735
تأييد 0
مشكور مشرفنا الغالي .. وهذا التقرير حسب فهمي البسيط انه سليم .. ولااستغني عن رأيك بالتأكيد ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:02, on 28/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cherry\CDI\cdi.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\kh\Local Settings\Application Data\Xenocode\Start\2.23\Xenocode.Sandbox.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\kh\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PROPEL~1\PRPL_I~2.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-18 Startup: Xenocode Sandbox Manager.lnk = C:\Documents and Settings\kh\Local Settings\Application Data\Xenocode\Start\2.23\Xenocode.Sandbox.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xenocode Sandbox Manager.lnk = C:\Documents and Settings\kh\Local Settings\Application Data\Xenocode\Start\2.23\Xenocode.Sandbox.exe (User 'Default user')
O4 - Startup: Xenocode Sandbox Manager.lnk = C:\Documents and Settings\kh\Local Settings\Application Data\Xenocode\Start\2.23\Xenocode.Sandbox.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10610 bytes
 
تأييد 0
العفو حبيبي ...

والله في كم قيمة شاكك فيهم !! ...

قد يكون الملف سليم ! ...

و قد يكون ضار ...

على أي حال ... أعمل التالي ما نخسر شي ...

أعمل التالي بترتــــيب ...

أولاً أغلق الأنتي فايروس ألي عندك ...

ثم ... حمل هذه الاداة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها ... تظهر لك رسالة أضغط على [ Yes ] ...

تظهر رسالة بعدها مباشرة أيضاً أضغط على [ Yes ] ...

لح تشتغل الاداة و تسوي فحص ...

<< أثناء الفحص ممكن يسوي الجهاز ريستارد << أعادة تشغيل ...

بعد أعادة التشغيل ... تعود الاداة و تكمل فحص ...

أنتظر ولا تفتح أي برنامج حتى يظهر لك التقرير داخل مفكرة ...

و بهذا يكون أنتهى الفحص و التنظيف ...

أنسخ التقرير بشكل كامل ... و صحيح ...

و لصقه في ردك القادم ...
 
توقيع : MMA_LORD_735
تأييد 0
لااخلى ولااعدم لطفك وذوقك ... وخبرتك :smile::smile: ..

ComboFix 09-06-26.02 - kh 06/28/2009 14:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.1014.545 [GMT -7:00]
Running from: c:\documents and settings\kh\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\kh\Application Data\QUAD Backups
c:\documents and settings\kh\Application Data\QUAD Backups\04.23.2009,07-42-24\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\04.23.2009,08-23-53\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\04.23.2009,08-42-14\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\04.23.2009,09-05-49\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\04.23.2009,09-09-43\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\04.23.2009,09-13-20\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\05.06.2009,09-25-02\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\05.07.2009,17-35-34\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\05.21.2009,14-50-40\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\05.21.2009,14-51-40\Automatic.reg
c:\documents and settings\kh\Application Data\QUAD Backups\06.06.2009,12-32-57\Automatic.reg
c:\documents and settings\kh\Desktop\QUAD Registry Cleaner.lnk
c:\documents and settings\kh\Start Menu\Programs\QUAD Utilities
c:\documents and settings\kh\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
c:\documents and settings\kh\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
c:\documents and settings\kh\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\merge this one after patch.reg
c:\program files\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner v1.5.69_Patch.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe.BAK
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\program files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\Downloaded Program Files\Quarantine
c:\windows\system32\AutoRun.inf
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.
2009-06-28 16:29 . 2009-06-28 16:29 -------- d-----w- c:\program files\iFoxSoft
2009-06-28 16:03 . 2009-06-28 16:22 -------- d-----w- c:\program files\xat.com Image Optimizer
2009-06-23 22:33 . 2009-06-23 22:33 -------- d-----w- c:\program files\Microsoft Works
2009-06-23 22:30 . 2009-06-23 22:30 -------- d-----w- c:\program files\Microsoft.NET
2009-06-23 22:27 . 2009-06-23 22:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-23 22:25 . 2009-06-23 22:32 -------- d-----w- c:\windows\SHELLNEW
2009-06-23 22:23 . 2009-06-23 22:23 -------- d--h--r- C:\MSOCache
2009-06-23 16:37 . 2009-06-23 16:37 76620 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-23 16:12 . 2009-06-23 16:12 -------- d-----w- c:\documents and settings\kh\Local Settings\Application Data\Xenocode
2009-06-23 15:40 . 2009-02-21 15:25 691592 ----a-w- c:\windows\system32\OGACheckControl.DLL
2009-06-23 15:40 . 2009-01-01 04:34 528744 ----a-w- c:\windows\system32\OGAVerify.exe
2009-06-23 15:40 . 2009-01-01 04:34 502120 ----a-w- c:\windows\system32\OGAAddin.dll
2009-06-23 15:39 . 2009-06-23 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-22 20:59 . 2009-06-22 20:59 -------- d-----w- c:\windows\system32\ivtMobCache
2009-06-22 20:58 . 2009-06-22 20:58 -------- d-----w- c:\program files\Uniblue
2009-06-22 15:32 . 2009-06-22 15:32 63 ----a-w- c:\windows\AlfaStart.CMD
2009-06-19 16:22 . 2009-06-19 16:24 1456848 ----a-w- c:\documents and settings\kh\Application Data\IDM\DwnlData\kh\R150023_1023\R150023.exe
2009-06-18 23:26 . 2009-06-18 23:26 4758792 ----a-w- c:\documents and settings\kh\Application Data\Uniblue\DriverScanner\Download\pci_ven_14e4_dev_170c_subsys_01af10284_60_0_0.EXE
2009-06-18 22:58 . 2008-12-22 08:15 2652451 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-06-18 22:56 . 2009-06-22 20:58 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-06-18 21:31 . 2009-06-22 20:57 -------- d-----w- c:\program files\Reimage
2009-06-18 00:50 . 2009-06-18 00:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-06-18 00:50 . 2009-06-18 00:50 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-06-18 00:50 . 2009-06-18 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-06-18 00:50 . 2009-06-18 00:50 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-06-18 00:50 . 2009-06-18 00:50 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-18 00:50 . 2009-06-18 00:50 21361 ----a-w- c:\windows\AegisP.sys
2009-06-18 00:49 . 2008-03-13 10:25 2530176 ----a-w- c:\windows\system32\drivers\NETw4x32.sys
2009-06-18 00:49 . 2007-08-08 22:29 2772992 ----a-w- c:\windows\system32\NETw4r32.dll
2009-06-18 00:49 . 2007-08-08 22:28 684032 ----a-w- c:\windows\system32\NETw4c32.dll
2009-06-18 00:49 . 2009-06-18 00:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-06-18 00:49 . 2009-06-18 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-06-18 00:48 . 2009-06-18 00:48 -------- d-----w- c:\documents and settings\kh\Application Data\Intel
2009-06-18 00:46 . 2009-06-18 00:46 -------- d-----w- c:\documents and settings\kh\Application Data\Foxit
2009-06-18 00:43 . 2007-03-22 17:49 212992 ----a-w- c:\windows\system32\UCI32M19.dll
2009-06-18 00:43 . 2007-02-20 01:41 988032 ----a-w- c:\windows\system32\drivers\HSF_DPV.sys
2009-06-18 00:43 . 2007-02-20 01:40 209536 ----a-w- c:\windows\system32\drivers\HSFHWAZL.sys
2009-06-18 00:43 . 2007-02-20 01:40 731136 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-18 00:42 . 2009-06-18 00:42 -------- d-----w- c:\program files\Common Files\Cherry
2009-06-18 00:42 . 2009-06-18 00:42 -------- d-----w- c:\program files\Cherry
2009-06-18 00:41 . 2002-10-22 16:57 118784 ------w- c:\windows\system32\SKUTIL.DLL
2009-06-18 00:41 . 2002-10-21 20:33 53248 ------w- c:\windows\system32\SKUSBKBD.DLL
2009-06-18 00:41 . 2002-07-02 00:24 40960 ------w- c:\windows\system32\SKDAEMON.EXE
2009-06-18 00:41 . 2002-06-17 13:49 151552 ------w- c:\windows\system32\SKUNINST.EXE
2009-06-18 00:41 . 2002-03-19 15:09 1216168 ------w- c:\windows\system32\RAK3CFG.EXE
2009-06-18 00:41 . 2001-12-12 03:37 45056 ------w- c:\windows\system32\SKOSD.DLL
2009-06-18 00:41 . 2001-04-28 15:00 32768 ------w- c:\windows\system32\SKSMAILD.EXE
2009-06-18 00:41 . 2001-04-28 14:59 45056 ------w- c:\windows\system32\SKMEDIA.DLL
2009-06-18 00:41 . 2001-04-28 14:58 49152 ------w- c:\windows\system32\SKHOOKS.DLL
2009-06-18 00:41 . 2000-11-23 23:16 53248 ------w- c:\windows\system32\SKSETUP.DLL
2009-06-17 23:29 . 2009-06-17 23:29 -------- d-----w- c:\program files\ParetoLogic
2009-06-17 23:29 . 2009-06-17 23:29 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-17 23:29 . 2009-06-17 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-17 22:21 . 2009-06-17 22:22 -------- d-----w- c:\documents and settings\kh\Application Data\DriverCure
2009-06-17 22:21 . 2009-06-22 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-06-17 22:21 . 2009-06-17 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-06-17 21:05 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2009-06-17 21:05 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2009-06-16 21:59 . 2004-06-14 21:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2009-06-15 23:34 . 2009-06-15 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-06-13 02:01 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-11 16:02 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:02 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 21:14 . 2009-06-09 21:14 -------- d-----w- c:\program files\Unlocker
2009-06-09 19:29 . 2009-06-09 19:29 -------- d-sh--w- c:\documents and settings\kh\PrivacIE
2009-06-09 19:29 . 2009-06-09 19:29 -------- d-sh--w- c:\documents and settings\kh\IECompatCache
2009-06-09 19:27 . 2009-06-09 19:27 -------- d-sh--w- c:\documents and settings\kh\IETldCache
2009-06-09 19:25 . 2009-06-09 19:25 -------- d-----w- c:\windows\ie8updates
2009-06-09 19:21 . 2009-06-09 19:24 -------- dc-h--w- c:\windows\ie8
2009-06-09 19:19 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-08 22:25 . 2006-11-24 09:47 446 ----a-w- c:\windows\system32\z010.reg
2009-06-08 22:25 . 2006-10-21 23:42 1138688 ----a-w- c:\windows\system32\SRESTART.EXE
2009-06-08 22:05 . 2009-06-08 22:06 -------- d-----w- c:\program files\Avant Browser
2009-06-08 21:53 . 2009-06-08 21:53 -------- d-----w- c:\documents and settings\kh\Local Settings\Application Data\Flock
2009-06-08 21:53 . 2009-06-08 21:53 -------- d-----w- c:\documents and settings\kh\Application Data\Flock
2009-06-08 21:52 . 2009-06-18 00:46 -------- d-----w- c:\program files\Flock
2009-06-05 23:38 . 2009-06-05 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DeskSoft
2009-06-05 23:37 . 2009-06-05 23:37 26920 ----a-w- c:\windows\system32\drivers\dsnpfd.sys
2009-06-05 23:37 . 2009-06-05 23:37 -------- d-----w- c:\documents and settings\kh\Application Data\DeskSoft
2009-06-05 23:37 . 2009-06-05 23:37 -------- d-----w- c:\program files\BWMeter
2009-06-03 22:44 . 2009-06-03 23:24 -------- d-----w- c:\program files\Propel Accelerator - Free Trial
2009-06-03 00:30 . 2009-06-03 00:30 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 22:01 . 2008-10-04 20:49 -------- d-----w- c:\documents and settings\kh\Application Data\DMCache
2009-06-28 16:29 . 2008-10-03 11:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 23:22 . 2008-10-21 20:58 -------- d-----w- c:\program files\Internet Download Manager
2009-06-24 00:24 . 2008-10-03 11:13 99888 ----a-w- c:\documents and settings\kh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 22:34 . 2008-10-04 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-23 22:33 . 2008-10-04 18:45 -------- d-----w- c:\program files\MSBuild
2009-06-22 20:57 . 2008-12-06 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-06-22 20:57 . 2008-12-20 20:07 -------- d-----w- c:\program files\ma-config.com
2009-06-22 20:55 . 2008-11-15 21:10 -------- d-----w- c:\program files\SetPoint
2009-06-19 16:51 . 2008-10-03 11:19 -------- d-----w- c:\program files\Dell
2009-06-18 22:59 . 2008-11-18 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-06-18 22:57 . 2008-10-11 23:49 -------- d-----w- c:\documents and settings\kh\Application Data\Uniblue
2009-06-15 21:50 . 2009-05-29 12:10 -------- d-----w- c:\documents and settings\kh\Application Data\IDM
2009-06-10 17:24 . 2009-05-28 18:18 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-06-03 00:29 . 2009-05-25 08:11 -------- d-----w- c:\program files\nLite
2009-05-29 13:48 . 2009-05-29 13:48 198064 ----a-w- c:\documents and settings\kh\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-28 20:20 . 2009-04-15 23:14 117760 ----a-w- c:\documents and settings\kh\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-28 19:23 . 2009-05-28 19:23 -------- d-----w- c:\documents and settings\kh\Application Data\Avira
2009-05-28 18:26 . 2009-05-28 18:18 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-28 18:26 . 2009-05-28 18:18 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-05-28 18:18 . 2009-05-28 18:18 -------- d-----w- c:\program files\Avira
2009-05-28 18:18 . 2008-10-04 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-28 18:10 . 2009-05-27 21:49 -------- d-----w- c:\program files\Common Files\BitDefender
2009-05-28 18:09 . 2009-05-28 17:33 81984 ----a-w- c:\windows\system32\bdod.bin
2009-05-28 17:33 . 2009-05-28 17:33 132 ----a-w- C:\httpdwl.dat
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 13:15 . 2008-10-29 17:05 -------- d-----w- c:\documents and settings\kh\Application Data\Nokia
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 20:18 . 2009-05-06 20:17 -------- d-----w- c:\program files\Allok Video to MP4 Converter
2009-05-04 00:04 . 2009-04-15 23:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-04-28 19:16 . 2009-04-07 15:05 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 18:42 . 2009-04-16 18:42 7680 ----a-w- c:\documents and settings\kh\Application Data\Thinstall\JAP\4000009b00002i\IEXPLORE.EXE
2009-04-16 18:41 . 2009-04-16 18:41 7680 ----a-w- c:\documents and settings\kh\Application Data\Thinstall\JAP\1000000b00002i\rundll32.exe
2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 21:45 . 2009-04-07 21:45 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-04-06 22:32 . 2009-04-07 21:41 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2009-04-07 21:41 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-04 22:52 . 2009-04-04 22:52 7680 ----a-w- c:\documents and settings\kh\Application Data\Thinstall\JAP\4000002400002i\javaw.exe
2009-04-01 09:44 . 2009-04-01 09:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-01 09:43 . 2009-04-01 09:43 152576 ----a-w- c:\documents and settings\kh\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-05-28 209153]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-18 198160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\kh\Start Menu\Programs\Startup\
Xenocode Sandbox Manager.lnk - c:\documents and settings\kh\Local Settings\Application Data\Xenocode\Start\2.23\Xenocode.Sandbox.exe [2009-6-23 733368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
backup=c:\windows\pss\SetPoint.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^kh^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\kh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/07/2008 08:45 م 20616]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [08/04/2009 06:58 ص 28544]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [28/05/2009 11:18 ص 97608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 02:07 م 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 02:07 م 72944]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [28/05/2009 11:18 ص 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [28/05/2009 11:18 ص 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/05/2009 11:18 ص 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [28/05/2009 11:18 ص 434945]
R2 Cherry Device Interface;Cherry Device Interface;c:\program files\Cherry\CDI\cdi.exe [27/09/2007 02:49 م 585774]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/04/2009 02:41 م 179856]
R2 MUsbFltr;USB WTMouse Filter Service;c:\windows\system32\drivers\MUsbFltr.sys [18/11/2008 02:32 م 6528]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [28/05/2009 11:18 ص 69632]
R3 Ch2kPS2;Cherry PS/2 Keyboard Driver (CDI);c:\windows\system32\drivers\Ch2kPS2.sys [22/08/2007 03:02 م 130816]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [05/06/2009 04:37 م 26920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/04/2009 02:41 م 15504]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07/12/2008 12:44 م 30088]
S3 cpuz128;cpuz128;\??\c:\docume~1\kh\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\kh\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 02:58 م 26248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 05:13 م 234864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [04/01/2009 12:23 م 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [04/01/2009 12:23 م 8320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 02:07 م 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-17 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2008-12-29 23:37]
2009-06-23 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 19:25]
2009-06-17 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 19:25]
2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{372237B5-F8CD-4144-AA61-9C20724325A2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: bitdefender.com\www
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-28 15:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a1,83,ce,4f,3f,bd,57,a5,43,f0,f6,7e,b1,ac,80,a9,7d,cc,15,1f,1b,
79,3f,85,3c,a6,20,dc,a9,53,5e,56,f7,cd,6c,92,3e,c7,02,7c,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):42,e1,71,8a,2e,b8,25,62,ec,6c,db,09,8e,25,db,33,c1,52,df,76,3f,
d9,44,82,a9,4c,9d,19,db,02,6a,65,62,6b,12,cc,10,26,0f,d8,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d43d1084-203b-41f2-9d91-8731170f7535}]
@Denied: (Full) (Everyone)
"Model"=dword:00000054
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,cb,f1,b0,bc,85,56,d7,36,40,c8,8f,12,ed,80,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e4bbba98-7186-483a-8125-7947a28381e6}]
@Denied: (Full) (Everyone)
"Model"=dword:00000013
"Therad"=dword:0000000f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1852)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'lsass.exe'(1916)
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\WgaTray.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2009-06-28 15:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-28 22:07
Pre-Run: 61,870,202,880 bytes free
Post-Run: 65,950,916,608 bytes free
346 --- E O F --- 2009-06-28 15:01
 
تأييد 0
تسلملي يا قلبي :b: ...

انت كل لزوق و الطيبة والله ...

المهم ... مثل ما كنت متوقع ...

لحين لا هنت عطيني تقرير هايجك جديد ...
 
توقيع : MMA_LORD_735
تأييد 0
السلام عليكم أخوتتي. أخي الكريم الملف الخطر ليس إلا ملف من ملفات النظام التي لا يتمكن الأفيرا من الوصول إليه نظرا لأن الونداوز يستعمله,وغالبا يكون أحد الملفين التاليين pagefileأو hiberfil يمكنك أخي التحقق من دالك بقرائة تقرير الأفيرا بالبحث عن كلمة warnings الإنذار ليس بفيرس.
 
تأييد 0
مشكور اخوي / ch.tarik

والله يعطيك العافيه .. طمنتني ..

نرجع لمشرفنا العزيز .. هذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:18, on 28/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Cherry\CDI\cdi.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\kh\Local Settings\Application Data\Xenocode\Start\2.23\Xenocode.Sandbox.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kh\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PROPEL~1\PRPL_I~2.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-18 Startup: Xenocode Sandbox Manager.lnk = C:\Documents and Settings\kh\Local Settings\Application Data\Xenocode\Start\2.23\Xenocode.Sandbox.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xenocode Sandbox Manager.lnk = C:\Documents and Settings\kh\Local Settings\Application Data\Xenocode\Start\2.23\Xenocode.Sandbox.exe (User 'Default user')
O4 - Startup: Xenocode Sandbox Manager.lnk = C:\Documents and Settings\kh\Local Settings\Application Data\Xenocode\Start\2.23\Xenocode.Sandbox.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Cherry Device Interface - Cherry, Auerbach Germany,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
- C:\Program Files\Cherry\CDI\cdi.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10476 bytes
 
تأييد 0
اخواني الف شكر لكم على مساعدتكم وباذن الله سوف ارجع للموضوع غدا لاستكمال

اضافاتكم ..
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى