لدي مشكله عند الدخول للويندوز

الحالة
مغلق و غير مفتوح للمزيد من الردود.
ص

صمت السكوت

زيزوومى محترف
إنضم
3 أبريل 2008
المشاركات
5,058
مستوى التفاعل
53
النقاط
830
غير متصل
اخواني الافاضل لدي جهاز نظام فيستا اذا ارد تشغيل الجهاز تاتيني شاشه سوداء بالبدايه يقوم اليندوز بها بالعد الى 27 تقريبا ثم يشتغل ارجوا منكم الطريقه لازالة هذه الشاشه
 

توقيع : صمت السكوت
ترتيب حسب التاريخ ترتيب حسب الأصوات
مرحبا


اعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​



وهل الشاشه السودا الي تطلع زي كذا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
ايوالله نفس الشاشه الي انت حطيتها بالتمام
 
توقيع : صمت السكوت
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:53 AM, on 8/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\hp\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - Global Startup: Finish Artera Turbo 3.40 Setup.lnk = C:\Artera_Setup\SETUP.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8049 bytes
 
توقيع : صمت السكوت
تأييد 0
استعملي هالاداه


عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم


 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
بعد كذا احذفي التالي من تقرير الهاي جاك

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =



R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName


 O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)


 O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll


 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)



zyzoom-9d2a15fead.png



mg%20%283%29.png



mg%20%284%29.png







استخدم هذه الاداة للتنظيف


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




zyzoom-2992f8024f.png




zyzoom-a44eb4e208.png






رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png

quot-bot-left.gif

quot-bot-right.gif
ويفضل لو تحذفين برنامج

Artera
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
ComboFix 08-08-28.04 - hp 2008-08-29 6:27:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1256.966.1033.18.329 [GMT 3:00]
Running from: C:\Users\hp\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\hp\AppData\Roaming\macromedia\Flash Player\#Shareds\KJY4W3SK\iforex.com
C:\Users\hp\AppData\Roaming\macromedia\Flash Player\#Shareds\KJY4W3SK\iforex.com\Emerp\Events\flash_.swf\user_data.sol
C:\Users\hp\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Users\hp\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
2008-08-29 05:55 . 2008-08-29 05:55 <DIR> d-------- C:\Users\hp\AppData\Roaming\ACD Systems
2008-08-29 05:52 . 2008-08-29 05:52 <DIR> d-------- C:\Users\All Users\ACD Systems
2008-08-29 05:52 . 2008-08-29 05:52 <DIR> d-------- C:\ProgramData\ACD Systems
2008-08-29 05:51 . 2008-08-29 05:52 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-08-29 05:51 . 2008-08-29 05:51 <DIR> d-------- C:\Program Files\ACD Systems
2008-08-29 05:00 . 2008-08-29 05:00 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-29 05:00 . 2008-08-29 06:32 35,383,072 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2008-08-29 05:00 . 2008-08-29 05:10 41,624 --ahs---- C:\WINDOWS\System32\drivers\fidbox.idx
2008-08-29 04:58 . 2008-08-29 05:15 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-08-29 04:58 . 2008-08-29 05:15 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-08-29 04:27 . 2006-10-26 21:56 32,592 --a------ C:\WINDOWS\System32\msonpmon.dll
2008-08-29 04:23 . 2008-04-10 08:01 737,792 --a------ C:\WINDOWS\System32\inetcomm.dll
2008-08-29 04:23 . 2008-04-10 05:43 84,480 --a------ C:\WINDOWS\System32\INETRES.dll
2008-08-29 04:16 . 2008-08-29 04:16 <DIR> d-------- C:\Users\hp\AppData\Roaming\URSoft
2008-08-29 04:16 . 2008-08-29 05:23 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-29 04:16 . 2008-08-29 05:23 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-29 04:16 . 2008-08-29 04:21 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-08-29 04:14 . 2008-08-29 04:43 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-08-29 04:14 . 2008-08-29 04:43 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-08-29 04:07 . 2008-08-29 04:07 <DIR> d-------- C:\Program Files\Common Files\bronz
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 03:06 --------- d-----w C:\Users\hp\AppData\Roaming\uTorrent
2008-08-29 01:30 --------- d-----w C:\Program Files\MSBuild
2008-08-29 01:30 --------- d-----w C:\Program Files\Microsoft Works
2008-08-29 01:29 --------- d-----w C:\ProgramData\SiteAdvisor
2008-08-28 23:32 --------- d-----w C:\ProgramData\McAfee
2008-08-28 23:31 --------- d-----w C:\Program Files\Google
2008-07-13 02:05 174 --sha-w C:\Program Files\desktop.ini
2008-07-13 02:01 --------- d-----w C:\Program Files\Windows Mail
2008-07-13 01:13 --------- d-----w C:\Users\abdul-rahman\AppData\Roaming\CyberLink
2008-01-13 23:16 9,278,904 ----a-w C:\Users\hp\BearShareV6.exe
2007-11-29 20:01 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-29 20:01 32 ----a-w C:\ProgramData\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2007-11-11 01:00 61440]
[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 17:13 394680 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-03 03:32 167936]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 23:39 46704]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 21:54 131072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 21:54 151552]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-02-26 21:54 126976]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 12:45 222208]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Finish Artera Turbo 3.40 Setup.lnk - C:\Artera_Setup\SETUP.EXE [2007-03-15 16:26:18 60928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 10:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-09-25 16:54 229952 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-11-06 21:58 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-24 05:24 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-12 01:44 1232896 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-24 13:56 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-11-15 08:02 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-29 10:49 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-10-21 00:35 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
--a------ 2006-11-02 12:45 215552 C:\WINDOWS\WindowsMobile\wmdSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 18:10 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{28DD47D1-367C-4A38-A2C4-57F7D75D60CF}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{89D7D933-07F1-4E5F-8D24-56ABAB16E972}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{3B87092F-2713-41C2-9845-E2268A6CF165}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{33893EB0-95E2-41A6-A36F-36C49BEFA745}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F3696824-04E8-4023-88A6-303851F19225}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2A0F1468-8DE1-4000-9862-E2BD2B908BE2}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{27B2AFE5-A1AF-42B4-B6BC-C61056D49538}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F13D51BC-FDF7-45CF-92D5-8686C8669EE0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{12799AEF-BB63-44B8-A82A-552B8D1236C1}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 MPNatDrv;Artera NAT Driver;C:\Windows\system32\DRIVERS\mpnat2k.sys [2007-03-15 15:25]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cdaa90b-ac45-11dc-b77b-001a6b3ee355}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
s of the 'Scheduled Tasks' folder
2008-06-23 C:\Windows\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 19:36]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\abrdtk85.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-29 06:32:21
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-29 6:34:26
ComboFix-quarantined-files.txt 2008-08-29 03:34:21
Pre-Run: 71,675,482,112 bytes free
Post-Run: 71,780,708,352 bytes free
172 --- E O F --- 2008-07-13 02:02:15
 
توقيع : صمت السكوت
تأييد 0
توقيع : Juve GuardJuve Guard is verified member.
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى