- بادئ الموضوع xحموديx
- تاريخ البدء
- 1,040
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:22:57 ص, on 16/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Program Files\Star Downloader\stardown.exe
C:\Documents and Settings\win xp\سطح المكتب\RunScanner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SuNotification] C:\Program Files\ShadowStor\ShadowSurfer\suatshut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ShadowSurfer.lnk = C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 10561 bytes
Scan saved at 02:22:57 ص, on 16/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\Program Files\Star Downloader\stardown.exe
C:\Documents and Settings\win xp\سطح المكتب\RunScanner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SuNotification] C:\Program Files\ShadowStor\ShadowSurfer\suatshut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ShadowSurfer.lnk = C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 10561 bytes
توقيع : xحموديx
تأييد
0
Runscanner logfile
* = signed file
- = file not found
General info
------------
Computer name : AUTO-A09B0BDFAC
Creation time : 16/07/2009 02:20:40 ص
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.8.0.0
User Language : العربية (السعودية)
User rights : Administrator
Windows folder : C:\WINDOWS
Running processes
-----------------
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE (Broadcom Corporation.)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe (ShadowStor, Inc.)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe (Matt Holwood)
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe (Matt Holwood)
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
* C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
* C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
* C:\Program Files\CyberLink\Shared files\RichVideo.exe
* C:\Documents and Settings\win xp\سطح المكتب\RunScanner.exe (Runscanner.net)
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
* C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\WINDOWS\system32\STacSV.exe (SigmaTel, Inc.)
C:\Program Files\Star Downloader\stardown.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
* C:\WINDOWS\Explorer.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
* C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
Unrated items
-------------
002 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
002 C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
002 C:\qttask.exe (Apple Inc.)
002 C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
002 C:\Program Files\ShadowStor\ShadowSurfer\suatshut.exe (ShadowStor, Inc.)
003 * C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
003 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
004 C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe (ShadowStor, Inc.)
005 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
005 C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
010 * C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Antivirus)
010 * C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! iAVS4 Control Service)
010 * C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! Mail Scanner)
010 * C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
010 C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira AntiVir Guard)
010 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira AntiVir MailGuard)
010 C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira AntiVir Scheduler)
010 C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira AntiVir WebGuard)
010 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Bluetooth Service)
010 * C:\Program Files\CyberLink\Shared files\RichVideo.exe (Cyberlink RichVideo Service(CRVS))
010 * C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google Updater Service)
010 * C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (SeaPort)
010 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer)
010 C:\WINDOWS\system32\STacSV.exe (SigmaTel Audio Service)
011 * C:\Program Files\CyberLink\PowerDVD\000.fcl ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
011 c:\windows\SYSTEM32\DRIVERS\APPDRV.SYS (APPDRV)
011 * C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (aswFsBlk)
011 * C:\WINDOWS\system32\drivers\aswRdr.sys (aswRdr)
011 * C:\WINDOWS\system32\drivers\Aavmker4.sys (avast! Asynchronous Virus Monitor)
011 * C:\WINDOWS\system32\drivers\aswTdi.sys (avast! Network Shield Support)
011 * C:\WINDOWS\system32\drivers\aswSP.sys (avast! Self Protection)
011 * C:\WINDOWS\system32\drivers\aswMon2.sys (avast! Standard Shield Support)
011 * C:\Program Files\Avira\AntiVir Desktop\avgio.sys (avgio)
011 * C:\WINDOWS\system32\DRIVERS\avgntflt.sys (avgntflt)
011 * C:\WINDOWS\system32\DRIVERS\avipbb.sys (avipbb)
011 C:\WINDOWS\system32\drivers\btaudio.sys (Bluetooth Audio Device)
011 C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Bluetooth Bus Enumerator)
011 C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Bluetooth LAN Access Server)
011 C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Bluetooth Modem)
011 C:\WINDOWS\system32\drivers\btserial.sys (Bluetooth Serial Driver)
011 C:\WINDOWS\system32\DRIVERS\btport.sys (Bluetooth Virtual Communications Driver)
011 C:\WINDOWS\system32\DRIVERS\btwhid.sys (btwhid)
011 C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS (Conexant Setup API)
011 C:\WINDOWS\system32\drivers\Shadow.sys (Shadow)
011 * C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (ssmdrv)
011 C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM USB Bluetooth Driver)
011 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (برنامج تشغيل بطاقة Dell Wireless WLAN اللاسلكية)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
031 * C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) {828030A1-22C1-4009-854F-8E305202313F}
031 * C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) {828030A1-22C1-4009-854F-8E305202313F}
031 * C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) {03C514A3-1EFB-4856-9F99-10D7BE1653C0}
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
041 * C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll {2318C2B1-4965-11d4-9B18-009027A5CD4F}
042 C:\Program Files\Paltalk Messenger\Paltalk.exe (AVM Software Inc.) {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
052 * C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
052 * C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll {AA58ED58-01DD-4d91-8333-CF10577473F7}
052 * C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
052 C:\Program Files\Common Files\Justdo\Jd2002.dll (justDo Software) {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}
052 C:\PROGRA~1\STARDO~1\SDIEInt.dll {FFFFFEF0-5B30-21D4-945D-000000000000}
052 * C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {9030D464-4C02-4ABF-8ECC-5164760863C6}
061 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 C:\Program Files\JetAudio\JetFlExt.dll (COWON America) {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}
061 C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation.) {6af09ec9-b429-11d4-a1fb-0090960218cb}
061 C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll (Nokia) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
061 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
061 * C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll (Microsoft Corporation) {00F33137-EE26-412F-8D71-F84E4C2C6625}
061 * C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll (Microsoft Corporation) {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
061 * C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll (Microsoft Corporation) {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}
061 * C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll (Microsoft Corporation) {00F346CB-35A4-465B-8B8F-65A29DBAB1F6}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
061 * C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) {0563DB41-F538-4B37-A92D-4659049B7766}
064 * C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
067 C:\WINDOWS\system32\sunotify.dll (ShadowStor, Inc)
068 C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
068 C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
068 C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
069 C:\WINDOWS\system32\bthcrp.dll (Broadcom Corporation.)
069 C:\WINDOWS\system32\mdimon.dll (Microsoft Corporation)
100 ShellNext HKCU :
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
105 &تصدير إلى Microsoft Excel : res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
105 Download with Star Downloader : C:\Program Files\Star Downloader\sdie.htm
105 Save Flash with Flash Catcher : res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
105 Send to &Bluetooth Device... : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
170 {10c6a2fc-3d99-11de-a467-002269be6b56} : G:\AutoRun.exe
170 {10c6a2ff-3d99-11de-a467-002269be6b56} : G:\AutoRun.exe
170 {5315f3d0-4981-11de-a4c3-002269be6b56} : G:\AutoRun.exe
170 {5315f3d1-4981-11de-a4c3-002269be6b56} : G:\AutoRun.exe
170 {716d09b8-6e57-11de-a5b2-002269be6b56} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
170 {716d09b9-6e57-11de-a5b2-002269be6b56} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
170 {7767ec17-3e5c-11de-a469-002269be6b56} : G:\AutoRun.exe
170 {7767ec18-3e5c-11de-a469-002269be6b56} : G:\AutoRun.exe
170 {99501906-48a8-11de-a4be-00234d4e05f3} : G:\AutoRun.exe
170 {99501909-48a8-11de-a4be-00234d4e05f3} : G:\AutoRun.exe
173 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
225 GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 C:\Program Files\JetAudio\JetFlExt.dll (COWON America) {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}
225 C:\Program Files\JetAudio\JetFlExt.dll (COWON America) {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
227 C:\Program Files\JetAudio\JetFlExt.dll (COWON America) {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
254 C:\WINDOWS\system32\btncopy.dll (Broadcom Corporation.) {7842554E-6BED-11D2-8CDB-B05550C10000}
254 C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll (Nokia) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 c:\windows\system32\drivers\InCDFs.sys
011 c:\windows\system32\drivers\InCDRm.sys
011 c:\windows\system32\drivers\InCDPass.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 c:\windows\system32\DRIVERS\splitcam.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll
067
* = signed file
- = file not found
General info
------------
Computer name : AUTO-A09B0BDFAC
Creation time : 16/07/2009 02:20:40 ص
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.8.0.0
User Language : العربية (السعودية)
User rights : Administrator
Windows folder : C:\WINDOWS
Running processes
-----------------
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
* C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE (Broadcom Corporation.)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe (ShadowStor, Inc.)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe (Matt Holwood)
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe (Matt Holwood)
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
* C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
* C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
* C:\Program Files\CyberLink\Shared files\RichVideo.exe
* C:\Documents and Settings\win xp\سطح المكتب\RunScanner.exe (Runscanner.net)
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
* C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\WINDOWS\system32\STacSV.exe (SigmaTel, Inc.)
C:\Program Files\Star Downloader\stardown.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
* C:\WINDOWS\Explorer.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
* C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
* C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
Unrated items
-------------
002 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
002 C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
002 C:\qttask.exe (Apple Inc.)
002 C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
002 C:\Program Files\ShadowStor\ShadowSurfer\suatshut.exe (ShadowStor, Inc.)
003 * C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
003 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
004 C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe (ShadowStor, Inc.)
005 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
005 C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
010 * C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Antivirus)
010 * C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! iAVS4 Control Service)
010 * C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! Mail Scanner)
010 * C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
010 C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira AntiVir Guard)
010 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira AntiVir MailGuard)
010 C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira AntiVir Scheduler)
010 C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira AntiVir WebGuard)
010 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Bluetooth Service)
010 * C:\Program Files\CyberLink\Shared files\RichVideo.exe (Cyberlink RichVideo Service(CRVS))
010 * C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google Updater Service)
010 * C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (SeaPort)
010 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer)
010 C:\WINDOWS\system32\STacSV.exe (SigmaTel Audio Service)
011 * C:\Program Files\CyberLink\PowerDVD\000.fcl ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
011 c:\windows\SYSTEM32\DRIVERS\APPDRV.SYS (APPDRV)
011 * C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (aswFsBlk)
011 * C:\WINDOWS\system32\drivers\aswRdr.sys (aswRdr)
011 * C:\WINDOWS\system32\drivers\Aavmker4.sys (avast! Asynchronous Virus Monitor)
011 * C:\WINDOWS\system32\drivers\aswTdi.sys (avast! Network Shield Support)
011 * C:\WINDOWS\system32\drivers\aswSP.sys (avast! Self Protection)
011 * C:\WINDOWS\system32\drivers\aswMon2.sys (avast! Standard Shield Support)
011 * C:\Program Files\Avira\AntiVir Desktop\avgio.sys (avgio)
011 * C:\WINDOWS\system32\DRIVERS\avgntflt.sys (avgntflt)
011 * C:\WINDOWS\system32\DRIVERS\avipbb.sys (avipbb)
011 C:\WINDOWS\system32\drivers\btaudio.sys (Bluetooth Audio Device)
011 C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Bluetooth Bus Enumerator)
011 C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Bluetooth LAN Access Server)
011 C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Bluetooth Modem)
011 C:\WINDOWS\system32\drivers\btserial.sys (Bluetooth Serial Driver)
011 C:\WINDOWS\system32\DRIVERS\btport.sys (Bluetooth Virtual Communications Driver)
011 C:\WINDOWS\system32\DRIVERS\btwhid.sys (btwhid)
011 C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS (Conexant Setup API)
011 C:\WINDOWS\system32\drivers\Shadow.sys (Shadow)
011 * C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (ssmdrv)
011 C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM USB Bluetooth Driver)
011 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (برنامج تشغيل بطاقة Dell Wireless WLAN اللاسلكية)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
031 * C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) {828030A1-22C1-4009-854F-8E305202313F}
031 * C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) {828030A1-22C1-4009-854F-8E305202313F}
031 * C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) {03C514A3-1EFB-4856-9F99-10D7BE1653C0}
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
041 * C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll {2318C2B1-4965-11d4-9B18-009027A5CD4F}
042 C:\Program Files\Paltalk Messenger\Paltalk.exe (AVM Software Inc.) {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
052 * C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
052 * C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll {AA58ED58-01DD-4d91-8333-CF10577473F7}
052 * C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
052 C:\Program Files\Common Files\Justdo\Jd2002.dll (justDo Software) {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}
052 C:\PROGRA~1\STARDO~1\SDIEInt.dll {FFFFFEF0-5B30-21D4-945D-000000000000}
052 * C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {9030D464-4C02-4ABF-8ECC-5164760863C6}
061 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 C:\Program Files\JetAudio\JetFlExt.dll (COWON America) {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}
061 C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation.) {6af09ec9-b429-11d4-a1fb-0090960218cb}
061 C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll (Nokia) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
061 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
061 * C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll (Microsoft Corporation) {00F33137-EE26-412F-8D71-F84E4C2C6625}
061 * C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll (Microsoft Corporation) {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
061 * C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll (Microsoft Corporation) {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}
061 * C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll (Microsoft Corporation) {00F346CB-35A4-465B-8B8F-65A29DBAB1F6}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
061 * C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) {0563DB41-F538-4B37-A92D-4659049B7766}
064 * C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
067 C:\WINDOWS\system32\sunotify.dll (ShadowStor, Inc)
068 C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
068 C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
068 C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
069 C:\WINDOWS\system32\bthcrp.dll (Broadcom Corporation.)
069 C:\WINDOWS\system32\mdimon.dll (Microsoft Corporation)
100 ShellNext HKCU :
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
105 &تصدير إلى Microsoft Excel : res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
105 Download with Star Downloader : C:\Program Files\Star Downloader\sdie.htm
105 Save Flash with Flash Catcher : res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
105 Send to &Bluetooth Device... : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
170 {10c6a2fc-3d99-11de-a467-002269be6b56} : G:\AutoRun.exe
170 {10c6a2ff-3d99-11de-a467-002269be6b56} : G:\AutoRun.exe
170 {5315f3d0-4981-11de-a4c3-002269be6b56} : G:\AutoRun.exe
170 {5315f3d1-4981-11de-a4c3-002269be6b56} : G:\AutoRun.exe
170 {716d09b8-6e57-11de-a5b2-002269be6b56} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
170 {716d09b9-6e57-11de-a5b2-002269be6b56} : C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
170 {7767ec17-3e5c-11de-a469-002269be6b56} : G:\AutoRun.exe
170 {7767ec18-3e5c-11de-a469-002269be6b56} : G:\AutoRun.exe
170 {99501906-48a8-11de-a4be-00234d4e05f3} : G:\AutoRun.exe
170 {99501909-48a8-11de-a4be-00234d4e05f3} : G:\AutoRun.exe
173 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
225 GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 C:\Program Files\JetAudio\JetFlExt.dll (COWON America) {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}
225 C:\Program Files\JetAudio\JetFlExt.dll (COWON America) {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 GUID / CLSID not found {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
227 C:\Program Files\JetAudio\JetFlExt.dll (COWON America) {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
254 C:\WINDOWS\system32\btncopy.dll (Broadcom Corporation.) {7842554E-6BED-11D2-8CDB-B05550C10000}
254 C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll (Nokia) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 c:\windows\system32\drivers\InCDFs.sys
011 c:\windows\system32\drivers\InCDRm.sys
011 c:\windows\system32\drivers\InCDPass.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 c:\windows\system32\DRIVERS\splitcam.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll
067
توقيع : xحموديx
تأييد
0
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
السلام عليكم
اخوي لاهنت احذف هالتولبار من اضافة واوزاله البرامج
GoogleToolbar
و
Yahoo! Toolbar
ثم من التقرير احذف هالقيمتين
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
ثم هل انت مثبت الأفاست والأفيرا بشكل كامل ؟؟ او واحد فقحص عند الطلب ؟؟
لاهنت احذف واحد فيهم اذا كان التثبيت كامل ثم عطل برنامج الحمايه
اخوي لاهنت احذف هالتولبار من اضافة واوزاله البرامج
GoogleToolbar
و
Yahoo! Toolbar
ثم من التقرير احذف هالقيمتين
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
طريقة الحذف
ثم نزل هذه الاداة واتبع الشرح التالي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبيفقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
ثم هل انت مثبت الأفاست والأفيرا بشكل كامل ؟؟ او واحد فقحص عند الطلب ؟؟
لاهنت احذف واحد فيهم اذا كان التثبيت كامل ثم عطل برنامج الحمايه
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
توقيع : Demo-dash
تأييد
0
ComboFix 09-07-14.08 - win xp 07/16/2009 3:27.1.2 - NTFSx86
Running from: c:\documents and settings\win xp\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\flash.exe
c:\windows\Mylist.dll
c:\windows\system32\vm.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 00:12 . 2009-07-16 00:12 -------- d-----w- c:\documents and settings\win xp\Application Data\CyberScrub
2009-07-15 23:19 . 2009-07-15 23:19 -------- d-----w- c:\documents and settings\win xp\Local Settings\Application Data\Runscanner.net
2009-07-11 19:01 . 2009-07-11 19:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-11 19:01 . 2009-07-11 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-11 19:01 . 2009-07-11 19:01 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-11 19:00 . 2009-07-11 19:01 -------- d-----w- c:\program files\Nokia
2009-07-11 19:00 . 2009-07-11 18:59 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-07-11 19:00 . 2009-07-11 19:00 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-11 19:00 . 2009-07-11 19:00 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-11 19:00 . 2009-07-11 19:00 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-11 19:00 . 2009-07-11 19:00 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-02 03:58 . 2009-07-14 23:39 -------- d-----w- c:\documents and settings\win xp\Application Data\MessengerDiscovery 2
2009-07-02 03:57 . 2009-07-02 03:57 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-06-26 13:27 . 2009-06-26 13:27 390664 ----a-w- c:\documents and settings\win xp\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-26 13:25 . 2009-06-26 13:25 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-06-17 06:13 . 2009-06-17 06:13 -------- d-----w- c:\program files\Any Audio Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 00:24 . 2001-09-19 14:00 58920 ----a-w- c:\windows\system32\perfc001.dat
2009-07-16 00:24 . 2001-09-19 14:00 328690 ----a-w- c:\windows\system32\perfh001.dat
2009-07-16 00:16 . 2009-07-16 00:09 -------- d-----w- c:\documents and settings\win xp\Application Data\cleaner
2009-07-16 00:03 . 2008-03-18 03:13 -------- d-----w- c:\program files\Google
2009-07-14 20:47 . 2009-05-15 12:42 -------- d-----w- c:\documents and settings\win xp\Application Data\Nokia
2009-07-12 22:01 . 2009-06-14 06:44 -------- d-----w- c:\documents and settings\win xp\Application Data\Skype
2009-07-11 19:06 . 2009-05-13 22:41 -------- d-----w- c:\documents and settings\win xp\Application Data\PC Suite
2009-07-11 18:59 . 2009-05-13 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-11 15:54 . 2009-06-14 06:45 -------- d-----w- c:\documents and settings\win xp\Application Data\skypePM
2009-07-04 23:44 . 2008-03-17 15:17 245896 ----a-w- c:\documents and settings\win xp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 05:57 . 2009-06-10 09:56 -------- d-----w- c:\program files\The Cleaner
2009-06-29 02:01 . 2009-06-03 04:25 -------- d-----w- c:\program files\SplitCam
2009-06-26 13:21 . 2009-04-13 14:13 -------- d-----w- c:\program files\Common Files\Real
2009-06-14 06:45 . 2009-06-14 06:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-14 06:44 . 2009-06-14 06:44 -------- d-----r- c:\program files\Skype
2009-06-14 06:44 . 2009-06-14 06:44 -------- d-----w- c:\program files\Common Files\Skype
2009-06-14 06:44 . 2008-03-30 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-14 02:30 . 2008-03-30 09:38 -------- d-----w- c:\documents and settings\win xp\Application Data\Paltalk
2009-06-14 02:13 . 2008-03-30 09:38 -------- d-----w- c:\program files\Paltalk Messenger
2009-06-03 04:25 . 2008-03-17 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 00:29 . 2009-02-05 05:57 -------- d-----w- c:\program files\All2Chat
2009-06-02 19:23 . 2009-06-02 19:23 -------- d-----w- c:\program files\Acoustica MP3 Audio Mixer
2009-06-01 23:55 . 2009-02-04 04:26 -------- d-----w- c:\program files\SWiSHmax
2009-05-24 22:06 . 2009-05-10 19:31 -------- d-----w- c:\program files\AFAQ Wireless
2009-05-24 16:42 . 2008-10-12 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-20 11:21 . 2009-05-20 11:21 -------- d-----w- c:\documents and settings\win xp\Application Data\CyberLink
2009-05-15 12:40 . 2009-05-15 12:40 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-15 12:40 . 2009-05-15 12:40 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-15 12:40 . 2009-05-15 12:40 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-15 12:04 . 2009-05-15 12:41 36901176 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_ara_web.exe
2009-05-13 22:32 . 2009-05-13 22:32 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-13 22:32 . 2009-05-13 22:32 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-13 22:32 . 2009-05-13 22:32 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-13 22:29 . 2009-05-13 22:32 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara_web.exe
2009-04-27 10:51 . 2009-03-18 05:01 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 10:51 . 2009-03-18 05:01 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-21 10:48 . 2009-04-21 10:49 286720 ----a-w- c:\windows\iun506.exe
2009-06-12 11:10 . 2009-02-05 20:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-09 05:32 . 2009-03-09 04:30 1388576 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
------- Sigcheck -------
[-] 2008-04-14 15:59 1571328 6B8B7B206FA0C50B4CF99EEE2AC14BC7 c:\windows\SoftwareDistribution\Download\b86141217825998609b93e71cc29eb6e\sfcfiles.dll
[-] 2007-12-15 17:12 1547776 B0BACE02277B1979F22CE785536F651F c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 137752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"SuNotification"="c:\program files\ShadowStor\ShadowSurfer\suatshut.exe" [2005-01-28 40960]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-18 209153]
"QuickTime Task"="C:\qttask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-26 198160]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-07 405504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sunotify]
2005-01-25 18:59 45056 ----a-w- c:\windows\system32\sunotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S0 Shadow;Shadow; [x]
S1 aswSP;avast! Self Protection; [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-06-09 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-06-09 434945]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2006-12-07 108032]
.
Contents of the 'Scheduled Tasks' folder
2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Download with Star Downloader - c:\program files\Star Downloader\sdie.htm
IE: Save Flash with Flash Catcher - c:\program files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java -
FF - ProfilePath - c:\documents and settings\win xp\Application Data\Mozilla\Firefox\Profiles\v4exnv5b.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-16 03:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\l3codeca.acm
- - - - - - - > 'lsass.exe'(1044)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-07-16 3:31
ComboFix-quarantined-files.txt 2009-07-16 00:31
Pre-Run: 33,244,659,712 bytes free
Post-Run: 33,232,723,968 bytes free
170 --- E O F --- 2009-05-14 00:23
Running from: c:\documents and settings\win xp\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\flash.exe
c:\windows\Mylist.dll
c:\windows\system32\vm.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 00:12 . 2009-07-16 00:12 -------- d-----w- c:\documents and settings\win xp\Application Data\CyberScrub
2009-07-15 23:19 . 2009-07-15 23:19 -------- d-----w- c:\documents and settings\win xp\Local Settings\Application Data\Runscanner.net
2009-07-11 19:01 . 2009-07-11 19:01 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-11 19:01 . 2009-07-11 19:01 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-11 19:01 . 2009-07-11 19:01 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-11 19:00 . 2009-07-11 19:01 -------- d-----w- c:\program files\Nokia
2009-07-11 19:00 . 2009-07-11 18:59 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-07-11 19:00 . 2009-07-11 19:00 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-11 19:00 . 2009-07-11 19:00 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-11 19:00 . 2009-07-11 19:00 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-11 19:00 . 2009-07-11 19:00 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-02 03:58 . 2009-07-14 23:39 -------- d-----w- c:\documents and settings\win xp\Application Data\MessengerDiscovery 2
2009-07-02 03:57 . 2009-07-02 03:57 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-06-26 13:27 . 2009-06-26 13:27 390664 ----a-w- c:\documents and settings\win xp\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-26 13:25 . 2009-06-26 13:25 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-06-17 06:13 . 2009-06-17 06:13 -------- d-----w- c:\program files\Any Audio Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 00:24 . 2001-09-19 14:00 58920 ----a-w- c:\windows\system32\perfc001.dat
2009-07-16 00:24 . 2001-09-19 14:00 328690 ----a-w- c:\windows\system32\perfh001.dat
2009-07-16 00:16 . 2009-07-16 00:09 -------- d-----w- c:\documents and settings\win xp\Application Data\cleaner
2009-07-16 00:03 . 2008-03-18 03:13 -------- d-----w- c:\program files\Google
2009-07-14 20:47 . 2009-05-15 12:42 -------- d-----w- c:\documents and settings\win xp\Application Data\Nokia
2009-07-12 22:01 . 2009-06-14 06:44 -------- d-----w- c:\documents and settings\win xp\Application Data\Skype
2009-07-11 19:06 . 2009-05-13 22:41 -------- d-----w- c:\documents and settings\win xp\Application Data\PC Suite
2009-07-11 18:59 . 2009-05-13 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-11 15:54 . 2009-06-14 06:45 -------- d-----w- c:\documents and settings\win xp\Application Data\skypePM
2009-07-04 23:44 . 2008-03-17 15:17 245896 ----a-w- c:\documents and settings\win xp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 05:57 . 2009-06-10 09:56 -------- d-----w- c:\program files\The Cleaner
2009-06-29 02:01 . 2009-06-03 04:25 -------- d-----w- c:\program files\SplitCam
2009-06-26 13:21 . 2009-04-13 14:13 -------- d-----w- c:\program files\Common Files\Real
2009-06-14 06:45 . 2009-06-14 06:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-14 06:44 . 2009-06-14 06:44 -------- d-----r- c:\program files\Skype
2009-06-14 06:44 . 2009-06-14 06:44 -------- d-----w- c:\program files\Common Files\Skype
2009-06-14 06:44 . 2008-03-30 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-14 02:30 . 2008-03-30 09:38 -------- d-----w- c:\documents and settings\win xp\Application Data\Paltalk
2009-06-14 02:13 . 2008-03-30 09:38 -------- d-----w- c:\program files\Paltalk Messenger
2009-06-03 04:25 . 2008-03-17 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 00:29 . 2009-02-05 05:57 -------- d-----w- c:\program files\All2Chat
2009-06-02 19:23 . 2009-06-02 19:23 -------- d-----w- c:\program files\Acoustica MP3 Audio Mixer
2009-06-01 23:55 . 2009-02-04 04:26 -------- d-----w- c:\program files\SWiSHmax
2009-05-24 22:06 . 2009-05-10 19:31 -------- d-----w- c:\program files\AFAQ Wireless
2009-05-24 16:42 . 2008-10-12 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-20 11:21 . 2009-05-20 11:21 -------- d-----w- c:\documents and settings\win xp\Application Data\CyberLink
2009-05-15 12:40 . 2009-05-15 12:40 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-15 12:40 . 2009-05-15 12:40 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-15 12:40 . 2009-05-15 12:40 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-15 12:04 . 2009-05-15 12:41 36901176 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_ara_web.exe
2009-05-13 22:32 . 2009-05-13 22:32 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-13 22:32 . 2009-05-13 22:32 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-13 22:32 . 2009-05-13 22:32 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-13 22:29 . 2009-05-13 22:32 34649904 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_ara_web.exe
2009-04-27 10:51 . 2009-03-18 05:01 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 10:51 . 2009-03-18 05:01 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-21 10:48 . 2009-04-21 10:49 286720 ----a-w- c:\windows\iun506.exe
2009-06-12 11:10 . 2009-02-05 20:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-09 05:32 . 2009-03-09 04:30 1388576 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
------- Sigcheck -------
[-] 2008-04-14 15:59 1571328 6B8B7B206FA0C50B4CF99EEE2AC14BC7 c:\windows\SoftwareDistribution\Download\b86141217825998609b93e71cc29eb6e\sfcfiles.dll
[-] 2007-12-15 17:12 1547776 B0BACE02277B1979F22CE785536F651F c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 137752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"SuNotification"="c:\program files\ShadowStor\ShadowSurfer\suatshut.exe" [2005-01-28 40960]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-18 209153]
"QuickTime Task"="C:\qttask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-26 198160]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-07 405504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sunotify]
2005-01-25 18:59 45056 ----a-w- c:\windows\system32\sunotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=c:\documents and settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S0 Shadow;Shadow; [x]
S1 aswSP;avast! Self Protection; [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-06-09 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-06-09 434945]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2006-12-07 108032]
.
Contents of the 'Scheduled Tasks' folder
2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Download with Star Downloader - c:\program files\Star Downloader\sdie.htm
IE: Save Flash with Flash Catcher - c:\program files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
FF - ProfilePath - c:\documents and settings\win xp\Application Data\Mozilla\Firefox\Profiles\v4exnv5b.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2009-07-16 03:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\l3codeca.acm
- - - - - - - > 'lsass.exe'(1044)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-07-16 3:31
ComboFix-quarantined-files.txt 2009-07-16 00:31
Pre-Run: 33,244,659,712 bytes free
Post-Run: 33,232,723,968 bytes free
170 --- E O F --- 2009-05-14 00:23
توقيع : xحموديx
تأييد
0
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
والان احذف احد برنامج الحمايه وابقى على برنامج واحد
وحمل وثبت هالبرنامج
وخبرنا الوضع
وحمل وثبت هالبرنامج
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
وخبرنا الوضع
توقيع : Demo-dash
تأييد
0
Demo-dash
داعم للمنتدى،(خبراء زيزووم )
داعــــم للمنتـــــدى
★★ نجم المنتدى ★★
كبار الشخصيات
فريق دعم البرامج العامة
غير متصل
طيب حلو ... اعمل التالي
حمل هالأداه
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
لحذف مخلفات برنامج الأفاست لانه من تقرير الهاي جاك باقي بالجهاز
اعد التشغيل وقبل ظهور شاشة الويندوز
اضغط باستمرار على زر f8
ستاتيك شاشة فيهاا عدة خيارات اختر منهاا
safemode
ثم اختر التالي
من الشاشة التالية اختر حساب الادمن او اي حساب تريد
اخيرا اضغط موافق للدخول لسطح المكتب
وقم باستخدام الأداه لحذف مخلفات الافاست
ثم اعد تشغيل جهاز بالوضع العادي وحمل البرنامج الي فوق وثبته وقولنا الاوضاع
توقيع : Demo-dash
تأييد
0
التقرير الاخير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:30:20 ص, on 17/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SuNotification] C:\Program Files\ShadowStor\ShadowSurfer\suatshut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ShadowSurfer.lnk = C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 8378 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:30:20 ص, on 17/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe
C:\Program Files\MessengerDiscovery 2\MessengerDiscovery 2.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SuNotification] C:\Program Files\ShadowStor\ShadowSurfer\suatshut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ShadowSurfer.lnk = C:\Program Files\ShadowStor\ShadowSurfer\ShadowSurfer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 8378 bytes
توقيع : xحموديx
تأييد
0