أخواني .. حاسس إنو جهازي مصاب بفايرس

F

fofo_912

زيزوومي نشيط
إنضم
10 أبريل 2008
المشاركات
132
مستوى التفاعل
1
النقاط
170
الإقامة
KSA
غير متصل
السلام عليكم ورحمة الله وبركاتهأخواني .. حاسس إنو جهازي مصاب بفايرس .. لما أشغل ماسنجر .. فجأءة يعلق .. وتصبح الدرجة الحرارة عالية .. ويصبح الـPC Usage100%وهكذا ... مرات مع صفحات الويب .. فكيف أتأكد من أن هذه المشكلة هي من فايرس ؟؟؟وشكرا ..
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حياكي اختي

اعملي الاتي بالترتيب


(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد 0
أخي هذا تقرير هايجاك :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13:44 ص, on 17/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zoom Player\zplayer.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\My Prog\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: plentyoftorrents.com Toolbar - {34e460f4-5d42-49ef-bfbc-9a55f34e9a45} - C:\Program Files\plentyoftorrents.com\tbplen.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: plentyoftorrents.com Toolbar - {34e460f4-5d42-49ef-bfbc-9a55f34e9a45} - C:\Program Files\plentyoftorrents.com\tbplen.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: plentyoftorrents.com Toolbar - {34e460f4-5d42-49ef-bfbc-9a55f34e9a45} - C:\Program Files\plentyoftorrents.com\tbplen.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8646 bytes
... سأضع التقرير التاني .. لاحقا .. بإنتظار الرد .​
 
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


ياريت لو تعمليه بلتريتب فوفو ...

و أنا تبين لي أنه تقرير لهاي جيك لا يوجد فيه أي مشكلة ...

أفحصي بلكامبو فيكس ... و بعدها أعطيني تقرير هايجيك ...

[ عن أذنك حمود على بين ما تجي ] ...
 
توقيع : MMA_LORD_735
تأييد 0
سأقوم بعمل التقرير .. ووضعه هنا ..
 
تأييد 0
إليك التقرير .. أخي ..
.......................... التقرير ....................

ComboFix 08-12-16.03 - Harley 12/18/2008 10:55:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.3062.2506 [GMT 3:00]
Running from: f:\my prog\new\لفحص الجهاز مثل هايجاك\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000124_.tmp.dll
c:\windows\system32\BReWErS.dll
c:\windows\system32\DivXc32.dll
c:\windows\system32\DivXc32f.dll
c:\windows\system32\drivers\downld
c:\windows\system32\lphccs3j0e7b5.exe
c:\windows\system32\msmpeg4.dll
c:\windows\system32\phccs3j0e7b5.bmp
c:\windows\system32\systeminfo3.dll
c:\windows\system32\tmp47.tmp
c:\windows\system32\tmp48.tmp
.
((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 08:03 --------- d-----w c:\documents and settings\Harley\Application Data\IDM
2008-12-18 08:03 --------- d-----w c:\documents and settings\Harley\Application Data\DMCache
2008-12-18 08:02 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-18 08:00 9,180 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-18 08:00 7,153,696 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-18 08:00 61,160 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-18 08:00 1,450,016 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-18 07:43 --------- d-----w c:\program files\SpeedFan
2008-12-18 07:19 --------- d-----w c:\documents and settings\Harley\Application Data\uTorrent
2008-12-17 23:02 --------- d-----w c:\program files\Zoom Player
2008-12-17 22:54 --------- d-----w c:\program files\Restaurant Rush
2008-12-17 22:50 --------- d-----w c:\program files\eMule
2008-12-17 03:59 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-16 22:18 --------- d-----w c:\program files\Smarty Uninstaller Pro
2008-12-07 13:28 440 ----a-w c:\documents and settings\Mastool\Application Data\mindhabits.dat
2008-12-07 05:25 4,876 ----a-w c:\documents and settings\Harley\Application Data\mindhabits.dat
2008-12-07 05:07 --------- d-----w c:\program files\MindHabits
2008-11-29 00:23 --------- d-----w c:\program files\TuneUp Utilities 2009
2008-11-25 13:46 3,532 ----a-w C:\drmHeader.bin
2008-11-24 15:55 --------- d-----w c:\program files\plentyoftorrents.com
2008-11-24 15:55 --------- d-----w c:\program files\Conduit
2008-11-23 20:14 --------- d-----w c:\program files\Eidos
2008-11-21 10:21 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-21 10:21 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-21 10:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-15 21:21 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-15 21:21 --------- d-----w c:\documents and settings\Harley\Application Data\Media Player Classic
2008-11-15 21:21 --------- d-----w c:\documents and settings\Harley\Application Data\bsplayer
2008-11-10 21:49 --------- d-----w c:\program files\Brain Workout
2008-11-06 17:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 17:09 --------- d-----w c:\program files\Team JPN
2008-11-04 15:40 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-04 15:40 22,328 ----a-w c:\documents and settings\Harley\Application Data\PnkBstrK.sys
2008-11-04 15:18 --------- d-----w c:\program files\Electronic Arts
2008-10-31 23:18 --------- d-----w c:\program files\Reference Assemblies
2008-10-31 23:18 --------- d-----w c:\program files\MSBuild
2008-10-31 23:12 --------- d-----w c:\program files\MSXML 6.0
2008-10-30 15:48 --------- d-----w c:\program files\MagicISO
2008-10-27 16:22 --------- d-----w c:\program files\Ubisoft
2008-10-27 15:44 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 19:37 --------- d-----w c:\documents and settings\Harley\Application Data\Uniblue
2008-10-21 13:29 --------- d-----w c:\program files\Internet Download Manager
2008-10-19 19:37 --------- d-----w c:\program files\Uniblue
2008-10-18 21:04 --------- d-----w c:\program files\Microsoft.NET
2008-10-18 21:01 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-18 18:18 --------- d-----w c:\program files\Golden Al-Wafi Translator
2008-10-18 18:18 --------- d-----w c:\program files\Crystal Player
2008-10-18 18:18 --------- d-----w c:\program files\CloneDVD
2008-10-18 18:18 --------- d-----w c:\documents and settings\Mastool\Application Data\TeraCopy
2008-10-18 18:18 --------- d-----w c:\documents and settings\Harley\Application Data\TeraCopy
2008-10-18 18:18 --------- d-----w c:\documents and settings\Harley\Application Data\iolo
2008-10-18 18:18 --------- d-----w c:\documents and settings\Guest\Application Data\iolo
2008-10-18 18:18 --------- d-----w c:\documents and settings\Guest\Application Data\DMCache
2008-10-18 18:18 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-29 22:57 81,920 ----a-w c:\documents and settings\Harley\Application Data\ezpinst.exe
2008-09-29 22:57 47,360 ----a-w c:\documents and settings\Harley\Application Data\pcouffin.sys
2007-09-16 06:35 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 06:35 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 06:35 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 06:35 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 06:35 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34e460f4-5d42-49ef-bfbc-9a55f34e9a45}"= "c:\program files\plentyoftorrents.com\tbplen.dll" [07/27/2008 09:11 PM 1606680]
[HKEY_CLASSES_ROOT\clsid\{34e460f4-5d42-49ef-bfbc-9a55f34e9a45}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{34e460f4-5d42-49ef-bfbc-9a55f34e9a45}]
07/27/2008 09:11 PM 1606680 --a------ c:\program files\plentyoftorrents.com\tbplen.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34e460f4-5d42-49ef-bfbc-9a55f34e9a45}"= "c:\program files\plentyoftorrents.com\tbplen.dll" [07/27/2008 09:11 PM 1606680]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34E460F4-5D42-49EF-BFBC-9A55F34E9A45}"= "c:\program files\plentyoftorrents.com\tbplen.dll" [07/27/2008 09:11 PM 1606680]
[HKEY_CLASSES_ROOT\clsid\{34e460f4-5d42-49ef-bfbc-9a55f34e9a45}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [08/16/2007 04:19 PM 5728112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [06/22/2008 09:49 PM 2566656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [11/03/2007 04:50 AM 6731312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [10/07/2008 01:33 PM 13574144]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [08/04/2004 10:56 AM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.DIV3"= DivXc32.dll
"VIDC.DIV4"= DivXc32f.dll
"VIDC.MPG4"= msmpeg4.dll
"VIDC.MP42"= msmpeg4.dll
"VIDC.MP43"= msmpeg4.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Harley^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 11/03/2007 04:50 AM 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 05/11/2007 03:06 AM 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 08/04/2004 10:56 AM 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 09/24/2008 07:22 AM 5256776 c:\program files\eMule\emule.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 06/22/2008 09:49 PM 2566656 c:\program files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 10/06/2005 06:03 PM 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 10/13/2004 07:24 PM 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 08/16/2007 04:19 PM 5728112 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 10/07/2008 01:33 PM 13574144 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 10/07/2008 01:33 PM 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 12/14/2007 11:36 AM 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 07/07/2008 10:34 AM 167936 c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 08/15/2008 02:20 AM 155648 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 03/20/2008 08:23 PM 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 04/04/2006 08:01 PM 1368064 c:\program files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 06/10/2008 04:27 AM 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 06/13/2008 06:28 AM 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 06/15/2007 07:03 AM 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 10/07/2008 01:33 PM 1630208 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 06/15/2007 07:03 AM 16132608 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\JetAudio\\JetAudio.exe"=
"c:\\Program Files\\Team JPN\\SpiderMan Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-30 566120]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-30 566120]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-11-21 603904]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd7e98dc-5295-11dd-888d-0019d1b073af}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe AngAntiVirus.vbs
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://VeryCD.265.com
uInternet Settings,ProxyOverride = local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
FF - ProfilePath - c:\documents and settings\Harley\Application Data\Mozilla\Firefox\Profiles\s71c8krx.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2008-12-18 11:01:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1188)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(3404)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 12/18/2008 11:06:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-18 08:05:50
Pre-Run: 80,923,590,656 bytes free
Post-Run: 81,554,964,480 bytes free
250 --- E O F --- 2008-12-18 07:46:48
........................ إنتهى التقرير ......................​
 
تأييد 0
ها كيف التقرير ؟؟
 
تأييد 0
ها كيف التقرير ؟؟
 
تأييد 0

كان فيه فيروووسات وانحذفت

الحين سوي لي تقرير هايجاك

ايش رايك الحين يجهازك تمام ولا لا >>>>> سوي اعادة تشغيل قبل ماتعطينا رايك
 
توقيع : فارس الملاك
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى