رحمة كمال 2 أرسلي تقرير عن المشاركة قامت بالمشاركة 23 يونيو, 2011 السلام عليكــم ورحمـة الله وبركاتــة ، متأخرة لكن الحمد لله لحقت بكم هذا هو تحليلى أحتفظت بنسخة من الدورة على الجهاز ليسهل على الرجوع إليه Logfile of Trend Micro HijackThis v2.0.2 This should be the newest version. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) This should be the newest version. Boot mode: Normal Very safe This entry was classified from our visitors as good. C:\WINDOWS\System32\smss.exe Very safe This entry was classified from our visitors as good. C:\WINDOWS\system32\winlogon.exe Very safe This entry was classified from our visitors as good. C:\WINDOWS\system32\services.exe Safe This entry was classified from our visitors as good. C:\WINDOWS\system32\lsass.exe Very safe This entry was classified from our visitors as good. C:\WINDOWS\system32\svchost.exe Safe This entry was classified from our visitors as good. C:\WINDOWS\System32\svchost.exe Very safe This entry was classified from our visitors as good. C:\WINDOWS\system32\spoolsv.exe Safe This entry was classified from our visitors as good. C:\WINDOWS\Explorer.EXE Very safe This entry was classified from our visitors as good. C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Very safe This is a unknown process. This entry was classified from our visitors as good. G:\ãÍãæÏ\3.0\Apps\apdproxy.exe Possibly nasty! According to our database this process runs normally in c:\programme\adobe\photoshop.*\! Check if you know this process and arrange a viruscheck where required. Part of Adobe Phothoshop C:\WINDOWS\system32\DrvIcon.exe Safe (4.22 / 5.00) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe Very safe This is a unknown process. This entry was classified from our visitors as good. C:\WINDOWS\system32\hkcmd.exe Safe This entry was classified from our visitors as good. C:\WINDOWS\system32\igfxtray.exe Safe This entry was classified from our visitors as good. C:\Program Files\Common Files\LightScribe\LSSrvc.exe Safe This entry was classified from our visitors as good. C:\WINDOWS\system32\igfxsrvc.exe Safe This entry was classified from our visitors as good. C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe Very safe Possibly nasty! According to our database this process runs normally in c:\program\nero\nero 7\nero backitup\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good. C:\Nokia PC Suite 6\LaunchApplication.exe Possibly nasty! According to our database this process runs normally in c:\programme\nokia\nokia pc suite.*\! Check if you know this process and arrange a viruscheck where required. Nokia PC Suite C:\WINDOWS\system32\igfxpers.exe Very safe This entry was classified from our visitors as good. C:\Program Files\Visual+\PowerMenu\PowerMenu.exe Possibly nasty! According to our database this process runs normally in c:\programme\powermenu\! Check if you know this process and arrange a viruscheck where required. C:\WINDOWS\RTHDCPL.EXE Very safe This entry was classified from our visitors as good. C:\program files\real\realplayer\update\realsched.exe Safe Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\real\update_ob\! Check if you know this process and arrange a viruscheck where required. Checks for updates for RealPlayer C:\Program Files\Winamp\winampa.exe Very safe C:\WINDOWS\system32\ctfmon.exe Very safe This entry was classified from our visitors as good. C:\Program Files\Internet Download Manager\IDMan.exe Safe This entry was classified from our visitors as good. C:\Program Files\LClock\LClock.exe Safe Possibly nasty! According to our database this process runs normally in c:\windows\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good. C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe Safe Safe (4.3 / 5.00) C:\WINDOWS\system32\sizer.exe Possibly nasty! According to our database this process runs normally in c:\programme\sizer\! Check if you know this process and arrange a viruscheck where required. Sizer - Window Resizer C:\WINDOWS\system32\TaskSwitchXP.exe Possibly nasty! According to our database this process runs normally in c:\programme\taskswitchxp\! Check if you know this process and arrange a viruscheck where required. Task Switch XP C:\Program Files\Ela-Salaty\Salaty.exe Very safe Safe (3.81 / 5.00) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe Very safe Yahoo! Messenger C:\Program Files\PC Connectivity Solution\ServiceLayer.exe Safe Possibly nasty! According to our database this process runs normally in c:\programme\.*pcsuite\services\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good. C:\WINDOWS\system32\svchost.exe Safe This entry was classified from our visitors as good. C:\Program Files\Internet Download Manager\IEMonitor.exe Safe This entry was classified from our visitors as good. C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Safe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! This entry was classified from our visitors as good. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google/ This page has been identified as safe. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 Safe This entry was classified from our visitors as good. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 Safe This entry was classified from our visitors as good. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 Safe This entry was classified from our visitors as good. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 Very safe This entry was classified from our visitors as good. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Safe This entry was classified from our visitors as good. O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll Safe This entry was classified from our visitors as good. O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Safe Unknown application. This entry was classified from our visitors as good. O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll Neutral rpbrowserrecordplugin.dll - RealPlayer, http://www.real.com/realsuperpass.html?o page=404__404_index.html O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\ãÍãæÏ\3.0\Apps\apdproxy.exe" Adobe Photoshop Album Starter Edition O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good. O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Safe This entry was classified from our visitors as good. O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\system32\DrvIcon.exe Safe (4.22 / 5.00) O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice Very safe Unknown application. This entry was classified from our visitors as good. O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe Safe Application that implements the Intel Hotkey command. O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe Safe Not dangerous, but unnecessary. Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good. O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe Safe Associated with "Nero Burning Rom" CD writing software. Checks for driver issues O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Nokia PC Suite 6\LaunchApplication.exe -startup Nokia PC Suite 6 O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe Safe Intel Common User Interface Module O4 - HKLM\..\Run: [PowerMenu] C:\Program Files\Visual+\PowerMenu\PowerMenu.exe -hideself on Power Menu O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE Safe This entry was classified from our visitors as good. O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe Neutral Not dangerous, but unnecessary. vSweetIM - send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. They are only able to see these advanced smiley-faces if they also have SweetIM installed O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon Very safe Not dangerous, but unnecessary. Find more information about its use here O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot Part of RealPlayer O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" Very safe Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don t take over as default player for various media types. Available via Start -> Programs O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe Safe This entry was classified from our visitors as good. O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c Safe Safe (3.75 / 5.00) O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot Very safe Not dangerous, but unnecessary. Internet Download Manager - download files faster, schedule and resume O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe Very safe Longhorn Systray Clock O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden Very safe Safe (4.51 / 5.00) O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet Very safe Yahoo Instant Messenger O4 - HKCU\..\Run: [Resize] C:\WINDOWS\system32\sizer.exe Safe (4.33 / 5.00) O4 - HKCU\..\Run: [TaskSwitch] C:\WINDOWS\system32\TaskSwitchXP.exe Unknown application. O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') Safe Office related O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE') Longhorn Systray Clock O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') Safe Unknown application. This entry was classified from our visitors as good. O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') Neutral Office related O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') Safe Unknown application. This entry was classified from our visitors as good. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') Safe This entry was classified from our visitors as good. O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') Very safe Unknown application. This entry was classified from our visitors as good. O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') Safe This entry was classified from our visitors as good. O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') Safe Unknown application. This entry was classified from our visitors as good. O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe Very safe Muslim Prayer Timer O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm The entry &Download All using 4shared Desktop has been identified as safe. O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm Very safe Safe (4.13 / 5.00) O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm Safe Safe (4.18 / 5.00) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 Very safe The entry E&xport to Microsoft Excel has been identified as safe. O8 - Extra context menu item: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm The entry ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager has been identified as safe. O8 - Extra context menu item: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm Safe The entry ÊÍãíá ÈæÇÓØÉ Internet Download Manager has been identified as safe. O8 - Extra context menu item: ÊÍãíá ãÍÊæì FLV ÈæÇÓØÉ Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm Safe The entry ÊÍãíá ãÍÊæì FLV ÈæÇÓØÉ Internet Download Manager has been identified as safe. O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll Safe This entry was classified from our visitors as good. O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll Very safe This entry was classified from our visitors as good. O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll Safe This entry was classified from our visitors as good. O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll Very safe This entry was classified from our visitors as good. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL Safe The entry Research has been identified as safe. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Safe This entry was classified from our visitors as good. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Safe This entry was classified from our visitors as good. O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll Safe This entry should be safe. This entry was classified from our visitors as good. O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...client/muweb_si te.cab?1302335295109 This entry has been identified as safe. O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe Safe Unknown service. (EHttpSrv.exe) This entry was classified from our visitors as good. O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Safe Unknown service. (ekrn.exe) This entry was classified from our visitors as good. O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe Safe Safe (3.82 / 5.00) O23 - Service: ÎÏãÉ Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe Safe (3.82 / 5.00) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe Very safe This service (LSSrvc.exe) was identified as a good one. This entry was classified from our visitors as good. O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe Very safe This service (NBService.exe) was identified as a good one. O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe Safe This service (NMIndexingService.exe) was identified as a good one. O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe Very safe This service (ServiceLayer.exe) was identified as a good one. This entry was classified from our visitors as good. O24 - Desktop Component 0: (no name) - http://www.moheet.com/image/58/225-300/582046.jpg O24 - Desktop Component 1: (no name) - http://www.hitarek.net/images/hiLove-002.jpg Short analysis شكرا زمردة شارك هذه المشاركه رابط المشاركه شارك
*زمـــردة* 59 أرسلي تقرير عن المشاركة قامت بالمشاركة 25 يونيو, 2011 وعليكم السلام ورحمة الله وبركاته حياكِ الله ياحبيبة لاعليكِ تمام بارك الله فيكِ طيب التقرير نسخه خطأ ياحبيبة نريد نسخه من ملف التيكست الذى يظهر بعد الفحص بالهايجاك وليس من الموقع بإنتظارك بإذن الله بارك الله فيكِ حبوبتى : ) شارك هذه المشاركه رابط المشاركه شارك
رحمة كمال 2 أرسلي تقرير عن المشاركة قامت بالمشاركة 26 يونيو, 2011 معذرة أخطأت فى الفهم ها هو تقرير التكيست Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:03:59, on 26/06/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE G:\ãÍãæÏ\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\DrvIcon.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Visual+\PowerMenu\PowerMenu.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\sizer.exe C:\WINDOWS\system32\TaskSwitchXP.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Ela-Salaty\Salaty.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\ãÍãæÏ\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\system32\DrvIcon.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PowerMenu] C:\Program Files\Visual+\PowerMenu\PowerMenu.exe -hideself on O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Resize] C:\WINDOWS\system32\sizer.exe O4 - HKCU\..\Run: [TaskSwitch] C:\WINDOWS\system32\TaskSwitchXP.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: ÊÍãíá ãÍÊæì FLV ÈæÇÓØÉ Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1302335295109 O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ÎÏãÉ Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - http://www.moheet.com/image/58/225-300/582046.jpg O24 - Desktop Component 1: (no name) - http://www.hitarek.net/images/hiLove-002.jpg -- End of file - 8901 bytes شارك هذه المشاركه رابط المشاركه شارك
*زمـــردة* 59 أرسلي تقرير عن المشاركة قامت بالمشاركة 26 يونيو, 2011 وعليكم السلام ورحمة الله وبركاته حياكِ الله رحمة الحبيبة لا عليكِ ياحبيبة بإذن الله ربي يوفقك نبدأ توكلنا على الله أول شىء أود أن ننتبه له ياحبيبة هذه الجزئية بالتقرير Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:03:59, on 26/06/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Logfile of Trend Micro HijackThis v2.0.2 هذا اصدار البرنامج الذى نعمل عليه والمقصود منه الهايجاك Scan saved at 23:03:59, on 26/06/2011 هذا وقت وتاريخ عمل التقرير أى الفحص وهنا إذا الأخت عندها شكوى بالجهاز ووضعت التقرير بمجرد عمله نقارن الوقت والتاريخ بالتقرير بالوقت والتاريخ الحالى فربما هناك مشكلة بالتاريخ عندها وطبعاً بتحدث مشاكل نتيجة لذلك منها برنامج الماسنجر + برنامج الانتى فيرس وبعض البرامج الأخرى وبمجرد ضبط الوقت والتاريخ بيصير كله تمام Platform: Windows XP SP2 (WinNT 5.01.2600) نوع الويندوز واصداره MSIE: Internet Explorer v7.00 (7.00.6000.20733) اصدار الاكسبلولر Boot mode: Normal نوع تبويت الجهاز Normal أم Safe mode والآن ياحبيبة احتاج وجهة نظرك بالقيم الموجودة بالتقرير طبعاً دون تطبيقها سنتناقش اولاً يمكنكِ مراجعة الموضوع المجمع للتذكر ولا ضير فى ذلك ابداً بإذن الله بإنتظارك بإذن الله : ) شارك هذه المشاركه رابط المشاركه شارك
*زمـــردة* 59 أرسلي تقرير عن المشاركة قامت بالمشاركة 26 يونيو, 2011 هل تتذكرين البرامج والملفات النشطة التى تعمل بالذاكرة كنا وضعنا موقع لفحص الملفات التى نشتبه بها هذا شرح الفحص على الموقع وكيفية رفع ملف من هذه الملفات على موقع http://www.virustotal.com/ هذه الخطوات لعمل فحص لملف مشكوك بأمره بإنتظارك بإذن الله : ) شارك هذه المشاركه رابط المشاركه شارك