عرض مشاركة واحدة
قديم 03-01-2010, 13:42   #5
معلومات العضو
عبدالله الجامعي
أمل مضيء
الصورة الرمزية عبدالله الجامعي







عبدالله الجامعي غير متصل

افتراضي

السلام عليكم ورحمة الله
عذراً على التأخير
قمت بفحص الكومبو وعملت المطلوب وفحصت مرة اخرى
وهذه النتيجة

كود PHP:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04
:40:54 مon 03/01/10
Platform
Windows Vista SP1 (WinNT 6.00.1905)
MSIEInternet Explorer v8.00 (8.00.6001.18813)
Boot modeNormal

Running processes
:
C:\Windows\system32\Dwm.exe
C
:\Windows\Explorer.EXE
C
:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C
:\Program Files\Microsoft Security Essentials\msseces.exe
C
:\Windows\system32\taskeng.exe
C
:\Windows\system32\wbem\unsecapp.exe
C
:\Windows\system32\conime.exe
C
:\Program Files\Windows Media Player\wmpnscfg.exe
C
:\Program Files\Common Files\Real\Update_OB\realsched.exe
C
:\Program Files\Internet Explorer\iexplore.exe
C
:\Program Files\Internet Explorer\iexplore.exe
C
:\Windows\system32\SearchFilterHost.exe
C
:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page about:blank
R1 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157
R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896
R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page http://go.microsoft.com/fwlink/?LinkId=54896
R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page http://en.us.acer.yahoo.com
R1 HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 HKCU\Software\Microsoft\Internet Explorer\Main,Local Page 
R0 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page 
R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer 46;86;28;118:80
R1 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride local
R0 
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName 
O2 BHOSnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 
BHOAcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 
BHOSkype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 
BHORealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 
BHOمساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 
BHOJava(tmPlug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 
BHOHotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 
ToolbarAcer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 
ToolbarSnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 
HKLM\..\Run: [avgnt"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 
HKLM\..\Run: [MSSE"C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 
HKLM\..\Run: [TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 
HKCU\..\Run: [msnmsgr"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 
HKCU\..\Run: [RegClean Expert Scheduler"C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 
StartupDisabled
O4 
- Global StartupDisabled
O6 
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 
Extra context menu item: &ieSpell Options res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 Extra context menu itemCheck &Spelling res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 Extra context menu itemE&xport to Microsoft Excel res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 Extra context menu itemLookup on Merriam Webster file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 Extra context menu itemLookup on Wikipedia file://C:\Program Files\ieSpell\wikipedia.HTM
O8 Extra context menu itemSend image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 
Extra context menu itemSend page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 
Extra context menu itemSothink SWF Catcher C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 
Extra context menu itemإفحص هذا الرابط للتأكد من خلوه من الفايروسات  http://www.drweb.com/online/drweb-online-en.html
O9 Extra buttonieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 
Extra 'Tools' menuitemieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 
Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 
Extra 'Tools' menuitemieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 
Extra buttonPalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 
Extra buttonSkype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 
Extra buttonResearch - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 
Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 
Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 
Extra buttonSothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 
Extra 'Tools' menuitemSothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 
DPFCabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 DPFJustin.tv Publisher http://ar.justin.tv/plugins/justintv_publisher.CAB
O16 DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} (SeeTooControl Class) - http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c9c8b27eafef3e5d0&browserVersion=6.0
O16 DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O16 DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259513218084
O16 DPF: {7253A666-804A-1107-A4DC-00E04C504788} (BMC Control) - http://74.86.65.63/bmc.cab
O16 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) - http://174.36.224.246/imscp/talks3n.cab
O16 DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 Protocolskype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 
ServiceAgere Modem Call Progress Audio (AgereModemAudio) - Agere Systems C:\Windows\system32\agrsmsvc.exe
O23 
ServiceALaunch Service (ALaunchService) - Unknown owner C:\Acer\ALaunch\ALaunchSvc.exe
O23 
ServiceAvira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 
ServiceAvira AntiVir Guard (AntiVirService) - Avira GmbH C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 
ServiceCapture Device Service InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 
ServiceSymantec Lic NetConnect service (CLTNetCnService) - Unknown owner C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 Servicednnxsdpkokjfzz Helper c:\windows\system32\egpnniq.exe
O23 
ServiceeLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 
ServiceeNet Service Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 
ServiceeRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 
ServiceeSettings Service (eSettingsService) - Unknown owner C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 
ServiceHotspot Shield Service (HotspotShieldService) - Unknown owner C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 
ServiceHotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 
ServiceHotspot Shield Tray Service (HssTrayService) - Unknown owner C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 
ServiceLightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 
ServiceMBAMService Malwarebytes Corporation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: TeamViewer 4 (TeamViewer4) - Unknown owner - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 11181 bytes