عند تنصيب أو حذف أي برنامج يقو م الجهاز بأعادة التشغيل

[AHMED ALKASS]

السلام عليكم ورحمة الله وبركاته
كيف حالكم أخواني
معي مشكله في الجهاز أرجو أن تساعدوني
عندي فايروس عند تنصيب أو حذف أي برنامج يقوم الجهاز بأعادة التشغيل​

 

[Al jNtEeL]

وعليكم السلاام ورحمة الله وبركاته


(1)

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيلها واتبع الشرح :

ستظهر لك هذه الشاشة السوداء ماعليك سوى الإنتظار :

تخبرك الرسالة القادمة بأنه سيتم إعادة التشغيل تلقائيا :

بعد إعادة التشغيل وعند بدء الدخول ستظهر لك هذه النافذه ماعليـك سوى الإنتظار

هذه هو التقرير قد خرج انسخه والصقه في ردك القادم

(2)

حمل أداة الهايجاك​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

بعد ان تشغل البرنامج اعمل الاتي :

ستظهر لك هذه النافذه .. اتبع الشرح :

ثم ستظهر لك هذه النافذه ::

انسخ التقرير كاملا وارفقه في ردك القادم لتحليله​

 

[AHMED ALKASS]

أخواني هذا هوالتقرير​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49, on 2009-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\program files\firebird\firebird_1_5\bin\fbguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\program files\firebird\firebird_1_5\bin\fbserver.exe
C:\Program Files\Internet Explorer\iexplore.exe
J:\حقيبة الصيانة 6×1.exe
C:\DOCUME~1\8D6E~1\LOCALS~1\Temp\ir_ext_temp_3\autorun.exe
C:\DOCUME~1\8D6E~1\LOCALS~1\Temp\ir_ext_temp_3\AutoPlay\Docs\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EE04252-A6AF-4D1D-A050-26A7AB0A38F9}: NameServer = 192.168.1.1
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\program files\firebird\firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\program files\firebird\firebird_1_5\bin\fbserver.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4421 bytes​

 

[AHMED ALKASS]

ComboFix 08-09-22.06 - سالم 01/13/2009 21:37:38.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.297 [GMT 3:00]
Running from: C:\DOCUME~1\8D6E~1\LOCALS~1\Temp\ir_ext_temp_2\AutoPlay\Docs\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\bifrost\server.exe
.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 18:37 --------- d-----w C:\Program Files\Bifrost
2009-01-13 18:37 --------- d-----w C:\Documents and Settings\سالم\Application Data\AdobeUM
2009-01-11 20:34 62,845 ----a-w C:\WINDOWS\system32\Output.exe
2009-01-11 20:34 317,440 ----a-w C:\WINDOWS\system32\DaB3.exe
2009-01-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-11 19:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-11 19:25 --------- d-----w C:\Program Files\Common Files\Adobe
2009-01-10 19:47 --------- d-----w C:\Program Files\أحكام التجويد
2009-01-10 09:50 --------- d-----w C:\Program Files\Microsoft ActiveSync
2009-01-10 09:43 --------- d-----w C:\Program Files\Your Uninstaller 2008
2009-01-10 06:18 --------- d-----w C:\Program Files\Video Convert Master
2009-01-10 05:53 --------- d-----w C:\Program Files\Apple Software Update
2009-01-10 05:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-10 05:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-10 05:52 --------- d-----w C:\Program Files\InterVideo Information Service
2009-01-10 05:52 --------- d-----w C:\Program Files\Google
2009-01-10 05:52 --------- d-----w C:\Program Files\Common Files\Ulead
2009-01-10 05:51 --------- d-----w C:\Program Files\Common Files\InterVideo
2009-01-10 05:43 --------- d-----w C:\Program Files\Real
2009-01-10 05:43 --------- d-----w C:\Program Files\Common Files\xing shared
2009-01-10 05:43 --------- d-----w C:\Program Files\Common Files\Real
2009-01-09 20:29 --------- d-----w C:\Program Files\Internet Download Manager
2009-01-09 20:27 --------- d-----w C:\Program Files\OPENSKY
2009-01-09 11:56 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2009-01-09 11:07 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2009-01-09 11:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-01-09 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-01-08 20:42 --------- d-----w C:\Program Files\Magic Video Converter
2009-01-08 20:41 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-12-28 13:09 --------- d-----w C:\Program Files\TechniSat DVB
2008-12-28 13:09 --------- d-----w C:\Program Files\DVBViewerTE
2008-12-27 16:45 --------- d-----w C:\Program Files\Paltalk Messenger
2008-12-27 16:32 --------- d-----w C:\Program Files\GameSpy Arcade
2008-12-27 16:28 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-12-27 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2008-12-27 12:32 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-12-27 12:31 --------- d-----w C:\Program Files\Ulead Systems
2008-12-27 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-12-25 21:51 --------- d-----w C:\Program Files\Xilisoft
2008-12-25 19:32 --------- d-----w C:\Program Files\SmartSound Software
2008-12-25 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-12-25 19:25 --------- d-----w C:\Program Files\Windows Media Components
2008-12-25 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-12-25 19:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-12-24 02:15 --------- d-----w C:\Program Files\Common Files\delet
2008-12-24 01:40 --------- d-----w C:\Program Files\Ulead System
2008-12-19 03:29 --------- d-----w C:\Program Files\Persian Satellite Team
2008-12-17 00:33 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
.
((((((((((((((((((((((((((((( snapshot@Sun 01-11-2009_21.54.43.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-11 19:26:18 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1025-7B44-A70000000000}\SC_Reader.exe
+ 2003-03-17 20:00:00 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
- 2009-01-10 19:50:02 363,320 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2009-01-11 19:20:52 362,528 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-03 21:55:46 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
+ 2004-02-23 18:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
- 2008-11-28 11:49:36 52,890 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2009-01-11 19:53:17 52,890 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-11-28 11:49:37 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2009-01-11 19:53:17 52,900 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-11-28 11:49:36 318,566 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2009-01-11 19:53:17 318,566 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-11-28 11:49:37 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2009-01-11 19:53:17 380,486 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 1996-01-12 15:00:00 24,576 ----a-w C:\WINDOWS\system32\STKIT432.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 01:39 PM 1358632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [11/05/2008 12:14 AM 241080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 05:38 PM 78008]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/10/2009 08:42 AM 259624]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [01/10/2007 11:08 AM 2360880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
palstart.exe [2006-03-10 104448]
«©م، ¢¬نïé Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 99328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^OSListener.lnk]
backup=C:\WINDOWS\pss\OSListener.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^palstart.exe]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\palstart.exe
backup=C:\WINDOWS\pss\palstart.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Server4PC.lnk]
backup=C:\WINDOWS\pss\Server4PC.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^user^قائمة ابدأ^البرامج^بدء التشغيل^Sonic CinePlayer Quick Launch.lnk]
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 08/04/2004 12:56 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 01/10/2009 08:52 AM 198144 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 11/13/2006 01:39 PM 1358632 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 02/19/2007 04:25 PM 196608 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 02/19/2007 04:25 PM 225280 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 03/20/2006 05:34 PM 295856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 09/01/2006 03:57 PM 356352 C:\Program Files\Ringz Studio\Storm Codec\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 11/05/2008 12:14 AM 241080 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 01/10/2009 08:42 AM 259624 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= C:\\Program Files\\Microsoft ActiveSync\\Wcescomm.exe
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\WINDOWS\\Explorer.EXE"=
"C:\\Documents and Settings\\All Users\\قائمة ابدأ\\البرامج\\بدء التشغيل\\palstart.exe"=
"C:\\dvbdream\\dvbdream.exe"=
"C:\\ProgDVB\\ProgDVB.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"=
"C:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=
"C:\\WINDOWS\\system32\\hkcmd.exe"=
"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"C:\\PROGRA~1\\MICROS~2\\rapimgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [07/19/2008 05:35 PM 78416]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [07/19/2002 08:10 AM 6656]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [07/19/2008 05:37 PM 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\program files\firebird\firebird_1_5\bin\fbguard.exe [01/17/2006 01:05 AM 65536]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [08/04/2004 12:56 AM 14336]
R3 asc3360pr;asc3360pr;C:\WINDOWS\system32\drivers\gijkmn.sys [ ]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\program files\firebird\firebird_1_5\bin\fbserver.exe [01/17/2006 01:05 AM 1527895]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [03/14/2006 04:22 AM 349184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [01/09/2009 02:07 PM 306432]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b9f4596-97ca-11dd-8fbb-00d0d7162e9c}]
\sHELl\AuTopLay\coMmAnd - I:\jtns.exe
\sHELl\AutoRun\command - I:\jtns.exe
\sHELl\exPlore\CommaNd - I:\jtns.exe
\sHELl\Open\CoMmAnd - I:\jtns.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c45d2ce-952c-11dd-8fae-00d0d7162e9c}]
\Shell\AutoRun\command - I:\f6cavn.bat
\Shell\explore\Command - I:\f6cavn.bat
\Shell\open\Command - I:\f6cavn.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b9e19b2-a21e-11dd-8fd9-00d0d7162e9c}]
\sheLL\AUTOPlaY\coMmaNd - axyeh.cmd
\sheLL\AutoRun\command - axyeh.cmd
\sheLL\exPLorE\Command - axyeh.cmd
\sheLL\opEn\COMmand - axyeh.cmd
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)​

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
vbsfile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-01-13 21:38:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.​

--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
Completion time: 01/13/2009 21:40:50
ComboFix-quarantined-files.txt 2009-01-13 18:40:37
ComboFix2.txt 2009-01-11 19:46:07
Pre-Run: 3,281,780,736 bytes free
Post-Run: 3,363,954,688 bytes free
240 --- E O F --- 2009-01-10 20:58:52​

 

[AHMED ALKASS]

UP​

 

[AHMED ALKASS]

مش معقول أخواني أين المساعده

 

[gaberbkr]

قم بتعطيل القيم التالية فقط وذلك عن طريق تشغيل الآداة مرة آخرى
ووضع علامة آمام القيم فقط
ثم الضغط على
Fix cheched

J:\حقيبة الصيانة 6×1.exe
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe

 

[ابـــو عــبــد الــلــه]

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي