مشكلة في جهازي

  • بادئ الموضوع بادئ الموضوع dhohvd
  • تاريخ البدء تاريخ البدء
  • المشاهدات 744
D

dhohvd

زيزوومي جديد
إنضم
4 يناير 2008
المشاركات
32
مستوى التفاعل
1
النقاط
40
غير متصل
انا كان وعندي بروكسي وعلي ماظن البروكسي هو من خرب الجهاز ولااستطيع ا اشاهد اي صورة او اي مقطع صوت وفيديو ولا استطيع ا ادخل الي البرامج ويقول لي خطاء في C++
ارجوا من الاخوة الكرام ان يساعدوي وانا مستعد لاي شيء تريدونة لا اريد ا افرمت جهازي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:54 PM, on 3/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
F:\autorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Application Data\cleaner\run.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Application Data\cleaner\PrivacySuite.exe
C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 1 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live Messenger Khalid Edition v5.5 Arabic\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O14 - IERESET.INF: START_PAGE_URL=http://zonanet1.blogspot.com
O20 - Winlogon Notify: hfpsbtbo - C:\WINDOWS\SYSTEM32\hfpsbtbo32.dll
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
--
End of file - 5459 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات

اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0

هلا بك

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes


اثناء الفحص ممكن يعاد تشغيل الجهاز


وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى



 
توقيع : Demo-dashDemo-dash is verified member.
تأييد 0
ComboFix 09-03-10.03 - Administrator 2009-03-12 1:20:03.1 - NTFSx86 DSREPAIR
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.246.135 [GMT -12:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 32256 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\system32\digeste.dll
c:\windows\system32\drivers\ati4mtxx.sys
c:\windows\system32\gasretyw0.dll
c:\windows\system32\hfpsbtbo.dll
c:\windows\system32\hfpsbtbo32.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\rs32net.exe
c:\windows\system32\wpv001234083759.cpx
c:\windows\wiaserviv.log
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATI4MTXX
-------\Legacy_ICF
-------\Legacy_TCPSR
-------\Service_ati4mtxx
-------\Service_ICF
-------\Service_tcpsr

((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.
2009-03-12 01:23 . 2009-03-12 01:23 <DIR> d-------- c:\windows\system32\xircom
2009-03-12 01:23 . 2009-03-12 01:23 <DIR> d-------- c:\windows\srchasst
2009-03-12 01:23 . 2009-03-12 01:23 <DIR> d-------- c:\program files\microsoft frontpage
2009-03-11 13:33 . 2009-03-11 13:33 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-11 13:13 . 2009-03-11 13:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\CyberScrub
2009-03-11 13:12 . 2009-03-11 13:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\cleaner
2009-03-11 13:06 . 2009-03-11 13:05 107,190 -r-hs---- C:\cb.exe
2009-03-11 02:01 . 2009-02-05 09:55 31,704 --a------ c:\windows\system32\drivers\hssdrv.sys
2009-03-09 11:46 . 2004-08-03 23:10 274,304 --a------ c:\windows\system32\drivers\bthport.sys
2009-03-09 11:46 . 2004-08-04 00:56 152,576 --a------ c:\windows\system32\irftp.exe
2009-03-09 11:46 . 2004-08-03 22:58 100,992 --a------ c:\windows\system32\drivers\bthpan.sys
2009-03-09 11:46 . 2004-08-03 23:10 59,648 --a------ c:\windows\system32\drivers\rfcomm.sys
2009-03-09 11:46 . 2004-08-04 00:56 27,136 --a------ c:\windows\system32\irmon.dll
2009-03-09 11:46 . 2004-08-03 23:10 18,944 --a------ c:\windows\system32\drivers\BTHUSB.SYS
2009-03-09 11:46 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\BthEnum.sys
2009-03-09 11:46 . 2004-08-04 00:56 8,192 --a------ c:\windows\system32\wshirda.dll
2009-03-09 10:36 . 2009-03-09 10:36 <DIR> d-------- c:\program files\WLAN
2009-03-09 10:36 . 2005-08-19 14:25 1,396,835 --a------ c:\windows\system32\AegisE5.dll
2009-03-09 10:36 . 2005-08-19 14:35 385,024 --a------ c:\windows\system32\athcfg11.dll
2009-03-09 10:36 . 2006-01-17 10:42 249,856 --a------ c:\windows\system32\wgapi.dll
2009-03-09 10:36 . 2005-08-19 14:31 237,568 --a------ c:\windows\system32\wcapi.dll
2009-03-09 10:36 . 2005-08-19 14:25 192,512 --a------ c:\windows\system32\AegisI5.exe
2009-03-09 10:36 . 2005-08-19 14:34 77,824 --a------ c:\windows\system32\athcfg11res.dll
2009-03-09 10:36 . 2005-08-19 14:35 36,864 --a------ c:\windows\system32\acs.exe
2009-03-09 10:36 . 2009-03-09 10:36 17,801 --a------ c:\windows\system32\drivers\AegisP.sys
2009-03-09 09:57 . 2006-01-05 16:56 360,288 --a------ c:\windows\system32\ar5523.sys
2009-03-09 09:57 . 2005-07-27 21:15 149,392 --a------ c:\windows\system32\ar5523.bin
2009-03-09 09:57 . 2005-07-27 21:16 44,160 --a------ c:\windows\system32\athfmwdl.sys
2009-03-09 09:57 . 2006-05-12 16:26 13,110 --a------ c:\windows\system32\net5523.inf
2009-03-09 09:57 . 2006-05-04 14:03 1,863 --a------ c:\windows\system32\athfmwdl.inf
2009-03-09 09:57 . 2006-02-23 16:26 26 -ra------ c:\windows\system32\net5523.cat
2009-03-09 09:57 . 2005-07-27 21:09 26 --a------ c:\windows\system32\athfmwdl.cat
2009-03-09 04:19 . 2009-03-09 04:19 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-09 04:19 . 2009-03-09 04:19 1,409 --a------ c:\windows\QTFont.for
2009-03-08 09:37 . 2006-01-05 16:56 360,288 --a------ c:\windows\system32\drivers\ar5523.sys
2009-03-08 09:37 . 2005-07-27 21:15 149,392 --a------ c:\windows\system32\drivers\ar5523.bin
2009-03-08 07:42 . 2009-03-09 02:51 <DIR> d-------- c:\documents and settings\Administrator\Contacts
2009-03-08 07:42 . 2009-03-08 07:42 268 --ah----- C:\sqmdata00.sqm
2009-03-08 07:42 . 2009-03-08 07:42 244 --ah----- C:\sqmnoopt00.sqm
2009-03-08 07:41 . 2009-03-08 07:41 <DIR> d-------- c:\program files\Windows Live Messenger Khalid Edition v5.5 Arabic
2009-03-08 07:41 . 2009-03-08 07:41 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{6CF41A80-289A-4651-96E0-C4829485C662}
2009-03-07 09:57 . 2009-03-07 09:57 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-03-07 06:11 . 2009-03-11 02:02 <DIR> d-------- c:\program files\Hotspot Shield
2009-03-06 15:20 . 2009-03-09 08:05 <DIR> d-------- C:\temp
2009-03-06 15:15 . 2009-03-06 15:15 <DIR> d-------- c:\program files\uTorrent
2009-03-06 15:15 . 2009-03-11 02:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2009-03-06 15:15 . 2009-03-06 15:15 20 --a------ C:\New WinRAR archive.rar
2009-03-06 15:12 . 2009-03-06 15:13 <DIR> d-------- c:\program files\USB Disk Security
2009-03-06 15:10 . 2009-03-06 01:05 <DIR> d-------- c:\program files\Internet Download Manager
2009-03-06 15:10 . 2009-03-08 05:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IDM
2009-03-06 15:10 . 2009-03-12 01:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DMCache
2009-03-06 15:07 . 2009-03-06 15:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-03-06 15:06 . 2004-08-03 23:07 171,776 --a------ c:\windows\system32\drivers\kmixer.sys
2009-03-06 15:06 . 2004-08-03 22:39 142,464 --a------ c:\windows\system32\drivers\aec.sys
2009-03-06 15:06 . 2004-08-03 23:15 82,944 --a------ c:\windows\system32\drivers\wdmaud.sys
2009-03-06 15:06 . 2004-08-03 23:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2009-03-06 15:06 . 2001-08-17 14:00 54,272 --a------ c:\windows\system32\drivers\swmidi.sys
2009-03-06 15:06 . 2004-08-03 23:07 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2009-03-06 15:06 . 2004-08-03 22:58 7,552 --a------ c:\windows\system32\drivers\MSKSSRV.sys
2009-03-06 15:06 . 2004-08-03 23:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys
2009-03-06 15:06 . 2004-08-03 22:58 5,376 --a------ c:\windows\system32\drivers\MSPCLOCK.sys
2009-03-06 15:06 . 2004-08-03 22:58 4,992 --a------ c:\windows\system32\drivers\MSPQM.sys
2009-03-06 15:06 . 2004-08-03 23:07 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2009-03-06 15:05 . 2009-03-08 09:37 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-06 15:05 . 2009-03-06 15:05 <DIR> d-------- c:\program files\CONEXANT
2009-03-06 15:05 . 2009-03-06 15:20 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-06 15:04 . 2009-03-06 15:05 6 --a------ C:\ISACER.ID
2009-03-06 15:02 . 2009-03-06 15:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-06 15:01 . 2009-03-06 15:02 <DIR> d-------- c:\program files\VistaCodecPack
2009-03-06 15:01 . 2007-09-30 07:39 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 15:01 . 2009-03-06 15:01 <DIR> d-------- c:\program files\ImTOO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 13:05 14,336 ----a-w c:\windows\system32\svchost.exe
2009-03-12 12:49 90,112 ----a-w c:\windows\DUMP2904.tmp
2009-03-12 01:23 90,112 ----a-w c:\windows\DUMP3b34.tmp
2009-03-11 18:10 130,560 ----a-w c:\windows\system32\notepad.exe
2009-03-11 17:52 90,112 ----a-w c:\windows\DUMP2877.tmp
2009-03-09 22:38 90,112 ----a-w c:\windows\DUMP23b4.tmp
2009-03-08 19:07 90,112 ----a-w c:\windows\DUMP24cd.tmp
2009-03-08 13:36 90,112 ----a-w c:\windows\DUMP2356.tmp
2009-03-08 13:16 --------- d-----w c:\program files\Paltalk Messenger
2009-03-08 13:16 --------- d-----w c:\program files\ManyCam 2.3
2009-03-07 03:10 155,995 ----a-w c:\windows\java\Packages\XRZDFFFT.ZIP
2009-03-06 23:11 --------- d-----w c:\program files\Camfrog
2009-03-06 23:11 --------- d-----w c:\documents and settings\Administrator\Application Data\Camfrog
2009-03-06 23:01 --------- d-----w c:\program files\Trek 310
2009-03-06 23:01 --------- d-----w c:\program files\Common Files\Trek310
2009-03-06 21:58 --------- d-----w c:\documents and settings\Administrator\Application Data\Paltalk
2009-03-06 13:22 --------- d-----w c:\program files\K-Lite Codec Pack
.
------- Sigcheck -------
2007-08-19 03:22 2191872 1ee735d90b7511f3ba8ead600df5ed18 c:\windows\system32\ntoskrnl.exe
2007-08-19 06:09 1548800 d3a1e7c5132db4dab597a84d3859a9a5 c:\windows\explorer.exe
2004-08-03 10:56 76800 827ecbbea2a1a5e318acccdbd3d21a6f c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-03-11 02:01 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 76800]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-03-11 2737584]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2003-09-28 167424]
"ManyCam"="c:\program files\ManyCam 2.3\ManyCam.exe" [2008-10-13 1852712]
"MsnMsgr"="c:\program files\Windows Live Messenger Khalid Edition v5.5 Arabic\MsnMsgr.Exe" [2008-03-02 5786648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-07-13 815104]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-08-30 348160]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2005-04-24 97480]
"ACU"="c:\program files\WLAN\ACU.exe" [2006-01-05 364544]
"SoundMan"="SOUNDMAN.EXE" [2005-04-14 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 76800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 11011584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="%windir%\System32\Newlogo.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\Program Files\\WLAN\\ACU.exe"=
"c:\\WINDOWS\\vsnpstd2.exe"=
"c:\\WINDOWS\\system32\\CF28049.exe"=
"c:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winmpjiho.exe"=
"c:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winfhavrw.exe"=
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-05 117208]
R3 aic32p;aic32p;\??\c:\windows\system32\drivers\lovlqj.sys --> c:\windows\system32\drivers\lovlqj.sys [?]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-03-11 31704]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-13 21632]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = local
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-12 01:24:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\rundll32.exe
c:\program files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\docume~1\ADMINI~1\LOCALS~1\temp\winmpjiho.exe
c:\docume~1\ADMINI~1\LOCALS~1\temp\winfhavrw.exe
.
**************************************************************************
.
Completion time: 2009-03-12 1:29:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 13:28:59
Pre-Run: 17,041,039,360 bytes free
Post-Run: 16,936,648,704 bytes free
230
 
تأييد 0
هذة اول صورة عندما اشغل اي برنامج هذة الصورة وانا مشغل برنامج مليديا الريل كلاسيك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى