أخي Al jNtEeL أشكر لك ما تقدم من خدمة
إليك التقرير
Deckard's System Scanner v20071014.68
Run by a on 2008-11-22 19:51:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-11-22 16:51:09 UTC - RP63 - نقطة اختبار النظام
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-11-22 19:52:00
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\a\سطح المكتب\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: TBSB09737 Class - {36553CAC-7228-4F16-B057-28DE0A8A3839} - E:\برامج\برنامج ساحاتي\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: TBSB01923 Class - {7FF4E31C-74EB-433D-A8AA-A12A99521674} - E:\برامج\برنامج ساحاتي\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - E:\برامج\برنامج ساحاتي\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [PSwitch] E:\برامج\لتخطي الحجب\Proxy_Switcher_Pro_v3.9.0_build-4059\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - E:\برامج\برنامج ساحاتي\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
O9 - Extra 'Tools' menuitem: Sahate Toolbar - {1A295E8E-E51B-42CE-81B2-B73614F0FCD2} - E:\برامج\برنامج ساحاتي\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\system32\antiwpa.dll (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 8510 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 JavaQuickStarterService (Java Quick Starter) - "c:\program files\java\jre6\bin\jqs.exe" -service -config "c:\program files\java\jre6\lib\deploy\jqs\jqs.conf" <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6 U10>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: وحدة تحكم الفيديو
Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_01881028&REV_03\3&61AAA01&0&11
Manufacturer:
Name: وحدة تحكم الفيديو
PNP Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_01881028&REV_03\3&61AAA01&0&11
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: جهاز مودم PCI
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_542314F1&REV_03\3&61AAA01&0&F3
Manufacturer:
Name: جهاز مودم PCI
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_542314F1&REV_03\3&61AAA01&0&F3
Service:
-- Files created between 2008-10-22 and 2008-11-22 -----------------------------
2008-11-22 17:03:21 106293 -r-hs---- C:\ln9.exe
2008-11-21 21:43:29 0 d-------- C:\WINDOWS\pss
2008-11-19 21:31:43 96976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-11-19 21:31:43 87855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-11-19 21:31:43 10784 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-11-19 21:31:43 4325920 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-11-19 17:48:46 0 d-------- C:\kis7125
2008-11-18 18:42:09 1865175 --a------ C:\تعريب الكاسبر.exe
2008-11-18 16:41:03 105746 -r-hs---- C:\ceb6eu98.bat
2008-11-18 16:33:24 0 d-------- C:\Program Files\Kaspersky Lab
2008-11-18 16:24:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-14 19:09:35 0 dr-h----- C:\Documents and Settings\a\Recent
2008-11-14 06:02:30 84992 -r-hs---- C:\WINDOWS\system32\kav321.dll
2008-11-14 06:01:47 84992 -----n--- C:\WINDOWS\system32\kav320.dll
2008-11-14 06:01:47 106293 -r-hs---- C:\WINDOWS\system32\amvo.exe
2008-11-08 18:21:57 0 d--h---c- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
-- Find3M Report ---------------------------------------------------------------
2008-11-22 17:06:29 254594 --a------ C:\WINDOWS\system32\perfh001.dat
2008-11-22 17:06:29 41274 --a------ C:\WINDOWS\system32\perfc001.dat
2008-11-22 17:02:23 837 --a------ C:\Documents and Settings\a\Application Data\AdobeDLM.log
2008-10-25 23:20:45 992 --a------ C:\Documents and Settings\a\Application Data\dm.ini
2008-10-22 21:51:03 0 d-------- C:\Program Files\Google
2008-10-22 21:46:20 0 d-------- C:\Documents and Settings\a\Application Data\Google
2008-10-14 23:29:00 0 d-------- C:\Documents and Settings\a\Application Data\Ashampoo
2008-10-14 23:28:32 0 d-------- C:\Program Files\Ashampoo
2008-10-12 15:11:02 0 d-------- C:\Program Files\Messenger
2008-10-11 23:34:10 0 d-------- C:\Documents and Settings\a\Application Data\GRETECH
2008-10-11 23:32:14 0 d-------- C:\Documents and Settings\a\Application Data\vlc
2008-10-11 23:32:06 0 d-------- C:\Documents and Settings\a\Application Data\Real
2008-10-11 23:31:33 0 d-------- C:\Program Files\Common Files
2008-10-11 23:31:33 0 d-------- C:\Program Files\Common Files\xing shared
2008-10-11 23:31:25 0 d-------- C:\Program Files\Common Files\Real
2008-10-11 23:20:52 0 d-------- C:\Program Files\Real
2008-10-10 13:13:10 0 d-------- C:\Documents and Settings\a\Application Data\NCH Swift Sound
2008-09-29 20:24:13 0 d-------- C:\Program Files\Java
2008-09-29 20:23:58 0 d-------- C:\Documents and Settings\a\Application Data\Sun
2008-09-29 20:13:51 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-09-28 19:28:08 0 d-------- C:\Program Files\Common Files\InstallShield
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{36553CAC-7228-4F16-B057-28DE0A8A3839}]
E:\برامج\برنامج ساحاتي\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{7FF4E31C-74EB-433D-A8AA-A12A99521674}]
E:\برامج\برنامج ساحاتي\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
09/29/2008 08:24 PM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
09/29/2008 08:24 PM 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1A295E8E-E51B-42CE-81B2-B73614F0FCD2}"= E:\برامج\برنامج ساحاتي\IEToolbar\Sahate Toolbar\tbu01951\sahate.dll [ ]
[-HKEY_CLASSES_ROOT\CLSID\{1A295E8E-E51B-42CE-81B2-B73614F0FCD2}]
[HKEY_CLASSES_ROOT\TBSB09737.TBSB09737.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09737.TBSB09737]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2006 05:09 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2006 05:06 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/06/2006 05:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [09/29/2008 08:24 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/11/2008 11:31 PM]
"AVP"="c:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"dlmMgr"="C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" [10/03/2006 06:59 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [10/11/2008 11:34 PM]
"amva"="C:\WINDOWS\system32\amvo.exe" [11/22/2008 05:02 PM]
"PSwitch"="E:\برامج\لتخطي الحجب\Proxy_Switcher_Pro_v3.9.0_build-4059\Proxy Switcher Standard\ProxySwitcher.exe" []
C:\Documents and Settings\a\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 08:24:54 ê]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1fdca60-b0c6-11dd-a3fa-0010c67e49cb}]
AutoRun\command- F:\ogcikeq.com
explore\Command- F:\ogcikeq.com
open\Command- F:\ogcikeq.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdd58120-6bd8-11dd-8b68-806d6172696f}]
AutoRun\command- C:\ln9.exe
explore\Command- C:\ln9.exe
open\Command- C:\ln9.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdd58121-6bd8-11dd-8b68-806d6172696f}]
AutoRun\command- E:\ln9.exe
explore\Command- E:\ln9.exe
open\Command- E:\ln9.exe
-- End of Deckard's System Scanner: finished at 2008-11-22 19:52:33 ------------
k: