مساعدة بخصوص tazebama

  • بادئ الموضوع بادئ الموضوع achour
  • تاريخ البدء تاريخ البدء
  • المشاهدات 720
A

achour

زيزوومي جديد
إنضم
6 فبراير 2008
المشاركات
91
مستوى التفاعل
0
النقاط
110
الإقامة
tunisia
غير متصل

السلام عليكم

رجاء مساعدة بخصوص tazebama

اليكم التقارير :


ComboFix 09-03-18.01 - picard2 2009-03-19 5:31:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1492 [GMT 1:00]
Lancé depuis: c:\documents and settings\picard2\Desktop\ComboFix.exe
AV: G DATA AntiVirus 2008 *On-access scanning enabled* (Outdated)
FW: G DATA Personal Firewall *enabled*
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\picard2\Application Data\addon.dat
c:\documents and settings\picard2\Application Data\tazebama
c:\documents and settings\picard2\Application Data\tazebama\tazebama.log
c:\documents and settings\picard2\Application Data\tazebama\zPharaoh.dat
C:\zPharaoh.exe
D:\Autorun.inf
d:\recycler\RECYCLER .exe
d:\recycler\WinrRarSerialInstall.exe
D:\zPharaoh.exe
E:\autorun.inf
H:\autorun.inf
h:\recycler\InstallMSN11Ar.exe
h:\recycler\RECYCLER .exe
h:\recycler\RECYCLER.exe
H:\smss.exe
H:\zPharaoh.exe
----- Cloneurs de fichier -----
c:\documents and settings\picard2\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
c:\documents and settings\picard2\Application Data\Microsoft\Installer\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}\ARPPRODUCTICON.exe
c:\windows\Installer\{072A1145-79D5-4BEB-4D8A-59CCB7CB31AE}\ARPPRODUCTICON.exe
c:\windows\Installer\{097CF8DE-C007-F3C5-2A80-C1AD2A9D7EFB}\ARPPRODUCTICON.exe
c:\windows\Installer\{0E5E5B46-61B6-3FF3-5C7C-87F1AC00568E}\ARPPRODUCTICON.exe
c:\windows\Installer\{0F200FB1-B904-1820-0EEA-15C458B575B3}\ARPPRODUCTICON.exe
c:\windows\Installer\{145C6099-E682-AFBB-4E4C-2FE72333E2FB}\ARPPRODUCTICON.exe
c:\windows\Installer\{15A0B9F3-DCE9-42D8-0F81-A03C0BF9BB3B}\ARPPRODUCTICON.exe
c:\windows\Installer\{19A84EB1-D85B-BB4F-0030-B7E2BC1ACB6F}\ARPPRODUCTICON.exe
c:\windows\Installer\{1BF4CB7A-85C6-0480-30D9-C8F711C9D99E}\ARPPRODUCTICON.exe
c:\windows\Installer\{2034E9E2-60F5-A335-363F-9FA9B0864FBA}\ARPPRODUCTICON.exe
c:\windows\Installer\{233EE11F-A04C-B612-AEDF-16A312986113}\ARPPRODUCTICON.exe
c:\windows\Installer\{3405EF6E-6E68-AF1A-A165-4832ADA3221E}\ARPPRODUCTICON.exe
c:\windows\Installer\{354DC3BC-A17F-E931-E696-E57EF0BF39B1}\ARPPRODUCTICON.exe
c:\windows\Installer\{39BBA37B-E375-4977-6EC2-9FB182A18CD1}\ARPPRODUCTICON.exe
c:\windows\Installer\{3CFC1E5C-52C5-F564-BBBD-A791A0ED2868}\ARPPRODUCTICON.exe
c:\windows\Installer\{40A77C5E-831D-53B7-6DD6-049390E99737}\ARPPRODUCTICON.exe
c:\windows\Installer\{43673268-252B-10C5-A96B-BD766CECF1BC}\ARPPRODUCTICON.exe
c:\windows\Installer\{43B7C43F-406C-4DE5-DCC5-6712A09890D1}\ARPPRODUCTICON.exe
c:\windows\Installer\{4517BAE4-D4F2-3A21-38F7-8E4D798515E3}\ARPPRODUCTICON.exe
c:\windows\Installer\{4B0F42ED-C1AA-1EE3-694C-B338B60D202A}\ARPPRODUCTICON.exe
c:\windows\Installer\{4DE8C2BD-F830-CB44-3C55-FC77DE3FDB80}\ARPPRODUCTICON.exe
c:\windows\Installer\{4FAF0223-13C2-E94B-6E9E-D5807EFE8589}\ARPPRODUCTICON.exe
c:\windows\Installer\{51007CF9-CB4C-265B-D62A-FF6BFD327ABA}\ARPPRODUCTICON.exe
c:\windows\Installer\{526AAE17-8067-9BF2-C56B-EE8CEED32254}\ARPPRODUCTICON.exe
c:\windows\Installer\{56BA64AD-C2DF-9C71-E521-F87A2D335F57}\ARPPRODUCTICON.exe
c:\windows\Installer\{57A17677-2064-D213-F2C0-37874112BCE8}\ARPPRODUCTICON.exe
c:\windows\Installer\{785A16DC-26B7-3184-D5F7-4186C90F77B9}\ARPPRODUCTICON.exe
c:\windows\Installer\{849A20E0-8A09-45F9-BE58-4DAE823E8CE4}\ARPPRODUCTICON.exe
c:\windows\Installer\{85785A25-4ED5-1CDF-24BF-4AD32FFDCD3D}\ARPPRODUCTICON.exe
c:\windows\Installer\{93693EB3-E1E9-BC11-76D9-E03BF7338FC9}\ARPPRODUCTICON.exe
c:\windows\Installer\{9541B99F-5A88-9C02-6424-F17883E907A9}\ARPPRODUCTICON.exe
c:\windows\Installer\{973DFE07-93EE-4EC0-73B2-1E9B1EB1B46D}\ARPPRODUCTICON.exe
c:\windows\Installer\{97B2C4BB-08B1-6092-0F67-62AFA077444C}\ARPPRODUCTICON.exe
c:\windows\Installer\{A70FF5D5-D3A5-27EF-9751-3280710AFB9C}\ARPPRODUCTICON.exe
c:\windows\Installer\{A958AD7D-A598-A2B6-CB71-19033DAD6730}\ARPPRODUCTICON.exe
c:\windows\Installer\{A9F95496-FA05-9808-2A6A-850D7CD6513A}\ARPPRODUCTICON.exe
c:\windows\Installer\{AAFEE577-C6AE-AB27-479D-592E2A74DBCE}\ARPPRODUCTICON.exe
c:\windows\Installer\{B18A9215-5C66-C719-F861-2491E0726B78}\ARPPRODUCTICON.exe
c:\windows\Installer\{B41B9D4A-42D5-F51F-4F9A-626D9A06CB4C}\ARPPRODUCTICON.exe
c:\windows\Installer\{B9A5D708-5F66-1B3D-A2D5-4A6E24BF32F7}\ARPPRODUCTICON.exe
c:\windows\Installer\{BB10A37C-4BFB-BC3D-2CE4-72895A56FFAA}\ARPPRODUCTICON.exe
c:\windows\Installer\{C12C6589-32A4-2D8E-C8D5-C85CCF40157F}\ARPPRODUCTICON.exe
c:\windows\Installer\{C1609713-CAE7-9D05-46C5-97CF48ECE7E7}\ARPPRODUCTICON.exe
c:\windows\Installer\{C40B3988-1BF3-12FD-10AC-F708BF1C5CFC}\ARPPRODUCTICON.exe
c:\windows\Installer\{C876E6DA-EC76-B2EC-6E09-3A7E00233750}\ARPPRODUCTICON.exe
c:\windows\Installer\{CAEFCB7D-C290-57B2-D10D-E3DDBA524232}\ARPPRODUCTICON.exe
c:\windows\Installer\{CC93120F-55BA-2E8A-C3B6-982B57600A89}\ARPPRODUCTICON.exe
c:\windows\Installer\{D72C29C6-8476-B58D-9453-6D0FCD7FF481}\ARPPRODUCTICON.exe
c:\windows\Installer\{DD9E5033-7C22-4665-2232-1F8E5BB3B450}\ARPPRODUCTICON.exe
c:\windows\Installer\{E4ABEF81-DE3D-DF19-BC99-BC34E2BD16B3}\ARPPRODUCTICON.exe
c:\windows\Installer\{ED3948D4-05E9-A37B-1D52-2466AEA87F5E}\ARPPRODUCTICON.exe
c:\windows\Installer\{EF4A88E7-AB69-EB25-2920-0F46F27D0DB2}\ARPPRODUCTICON.exe
c:\windows\Installer\{F5F16F97-9094-02B8-2BF0-F03E67C4E55C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 ))))))))))))))))))))))))))))))))))))
.
2009-03-19 05:27 . 2009-03-19 05:27 <DIR> d-------- C:\!KillBox
2009-03-18 22:03 . 2009-03-18 22:03 0 --a------ c:\windows\ativpsrm.bin
2009-03-18 22:02 . 2009-03-18 22:02 <DIR> d--hs---- C:\found.000
2009-03-18 21:16 . 2009-03-18 21:16 <DIR> d-------- c:\documents and settings\picard2\Application Data\Logitech
2009-03-18 21:15 . 2009-03-18 21:15 <DIR> d--hs---- c:\windows\ftpcache
2009-03-18 21:12 . 2009-03-18 21:12 <DIR> d-------- c:\program files\MUSICMATCH
2009-03-18 21:12 . 2009-03-18 21:12 81,920 -r------- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-03-18 21:12 . 2009-03-18 21:13 28,256 --a------ c:\windows\system32\drivers\MxlW2k.sys
2009-03-18 21:10 . 2009-03-18 21:11 <DIR> d-------- c:\program files\Logitech
2009-03-18 21:10 . 2009-03-18 21:10 <DIR> d-------- c:\program files\Common Files\Logitech
2009-03-18 21:10 . 2004-04-26 07:09 71,405 --a------ c:\windows\system32\drivers\LMouKE.Sys
2009-03-18 21:10 . 2004-04-26 07:09 54,657 --a------ c:\windows\system32\drivers\L8042mou.Sys
2009-03-18 21:10 . 2004-04-26 07:11 13,105 --a------ c:\windows\system32\drivers\L8042Kbd.sys
2009-03-18 13:21 . 2009-03-18 13:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ArcSoft
2009-03-18 13:14 . 2009-03-19 05:23 154,751 --a------ c:\documents and settings\tazebama.dl_
2009-03-18 13:14 . 2009-03-19 05:23 154,751 --a------ c:\documents and settings\hook.dl_
2009-03-18 13:14 . 2009-03-19 05:23 32,768 --a------ c:\documents and settings\tazebama.dll
2009-03-18 10:50 . 2009-03-18 10:51 <DIR> d-------- c:\windows\system32\Codec
2009-03-18 10:50 . 2009-03-18 10:50 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-03-18 10:50 . 2008-01-25 14:06 10,624 --a------ c:\windows\system32\drivers\archlp.sys
2009-03-18 10:42 . 2009-03-18 21:38 <DIR> d-------- c:\program files\DVBViewer
2009-03-18 10:42 . 2009-03-18 10:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\CMUV
2009-03-18 10:25 . 2009-03-18 21:58 33 --a------ C:\ProgDVB.ini
2009-03-18 10:20 . 2009-03-18 10:20 <DIR> d-------- c:\documents and settings\picard2\Application Data\skypePM
2009-03-18 10:20 . 2009-03-18 10:20 48 --ah----- c:\windows\system32\ezsidmv.dat
2009-03-18 10:19 . 2009-03-18 21:58 <DIR> d-------- c:\program files\ProgDVB
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 20:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 12:14 834,415 ----a-w c:\windows\system32\mstsc.exe
2009-03-18 12:14 499,567 ----a-w c:\windows\system32\mspaint.exe
2009-03-18 12:14 271,215 ----a-w c:\windows\system32\calc.exe
2009-03-18 10:36 925,551 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
2009-03-18 10:36 326,511 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-03-18 10:36 1,454,959 ----a-w c:\windows\system32\dxdiag.exe
2009-03-18 09:36 --------- d-----w c:\documents and settings\picard2\Application Data\Skype
2009-03-18 06:38 --------- d-----w c:\documents and settings\All Users\Application Data\G DATA
2009-03-18 06:36 45,768 ----a-w c:\windows\system32\drivers\MiniIcpt.sys
2009-03-18 06:36 32,072 ----a-w c:\windows\system32\drivers\HookCentre.sys
2009-03-18 06:36 --------- d-----w c:\program files\G DATA InternetSecurity
2009-03-18 06:33 41,928 ----a-w c:\windows\system32\drivers\GDTdiIcpt.sys
2009-03-18 06:33 19,328 ----a-w c:\windows\system32\drivers\GDNdisIc.sys
2009-03-18 06:33 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-18 06:33 --------- d-----w c:\program files\Common Files\G DATA
2009-03-18 06:32 --------- d-----w c:\documents and settings\picard2\Application Data\InstallShield
2009-03-18 06:13 --------- d-----w c:\program files\Google
2009-03-18 06:11 --------- d-----w c:\program files\HumaxSmartSuite
2009-03-18 06:08 --------- d-----w c:\documents and settings\picard2\Application Data\ATI
2009-03-18 06:08 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-03-18 06:06 --------- d-----w c:\program files\TechniSat DVB
2009-03-18 06:06 --------- d-----w c:\program files\DVBViewerTE
2009-03-18 06:06 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-03-18 06:02 --------- d-----w c:\program files\Common Files\Skype
2009-03-18 06:02 --------- d-----r c:\program files\Skype
2009-03-18 06:01 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-18 06:00 --------- d-----w c:\program files\No-IP
2009-03-18 06:00 --------- d-----w c:\program files\Infinity USB
2009-03-18 05:55 --------- d-----w c:\program files\Vimicro
2009-03-18 05:53 --------- d-----w c:\program files\ATI Technologies
2009-03-18 05:49 315,392 ----a-w c:\windows\HideWin.exe
2009-03-18 05:49 --------- d-----w c:\program files\Realtek
2009-03-18 05:49 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-03-18 05:46 --------- d-----w c:\program files\Intel
2009-03-18 05:40 --------- d-----w c:\program files\Microsoft WSE
2009-03-18 05:40 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-18 05:39 --------- d-----w c:\program files\Reference Assemblies
2009-03-18 05:39 --------- d-----w c:\program files\MSXML 6.0
2009-03-18 05:39 --------- d-----w c:\program files\MSBuild
2009-03-18 05:38 --------- d-----w c:\program files\VistaExperience.org
2009-03-18 05:38 --------- d-----w c:\program files\Styler
2009-03-18 05:38 --------- d-----w c:\documents and settings\picard2\Application Data\Styler
2009-03-18 05:33 --------- d-----w c:\program files\Unlocker
2009-03-18 05:33 --------- d-----w c:\program files\PowerCmd
2009-03-18 05:33 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-18 05:33 --------- d-----w c:\documents and settings\picard2\Application Data\Desktopicon
2009-03-18 05:32 --------- d-----w c:\program files\Windows Sidebar
2009-03-18 05:32 --------- d-----w c:\program files\Sysinternals
2009-03-18 05:32 --------- d-----w c:\program files\IZArc
2009-03-18 05:32 --------- d-----w c:\program files\Hunt Virus Utilities
2009-03-18 05:32 --------- d-----w c:\program files\HashTab Shell Extension
2009-03-18 05:32 --------- d-----w c:\program files\Common Files\Stardock
2009-03-18 05:32 --------- d-----w c:\program files\Alky for Applications
2009-03-18 05:27 --------- d-----w c:\program files\CCleaner
2009-03-18 05:25 --------- d-----w c:\program files\uTorrent
2009-03-18 05:25 --------- d-----w c:\documents and settings\picard2\Application Data\uTorrent
2009-03-18 05:19 --------- d-----w c:\program files\System
2009-03-18 05:19 --------- d-----w c:\program files\Desktop
2009-03-18 05:19 --------- d-----w c:\program files\7-Zip
2009-03-18 05:18 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-18 05:18 --------- d-----w c:\program files\Stanimir Stoyanov
2009-03-17 18:41 --------- d-----w c:\program files\Windows Live
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-16 16:24 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-20 23:56 827,904 ----a-w c:\windows\system32\wininet.dll
2008-12-20 23:56 827,904 ------w c:\windows\system32\dllcache\wininet.dll
2008-12-19 09:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:41 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:24 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-04-07 06:59 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-18 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-03-18 16384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTT"="c:\htt-humaxgbox\HTT-Startup.bat\" [X]
"GDFirewallTray"="c:\program files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe" [2007-10-25 1189552]
"AVKTray"="c:\program files\G DATA InternetSecurity\AVKTray\AVKTray.exe" [2007-11-07 603720]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-03-31 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 c:\windows\Alcmtr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]
c:\documents and settings\picard2\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 98304]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
G DATA Firewall Tray.lnk - c:\program files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe [2009-03-18 1189552]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-03-18 196608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2009-03-18 729967]
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-03-18 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-05-12 10:49 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^picard2^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\picard2\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 13:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-19 19:27 65536 c:\program files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 c:\program files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-12-08 13:41 26499880 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-10-11 11:04 1826816 c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-03-18 19328]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-03-18 10624]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-03-18 13696]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-03-18 718408]
R2 AVKService;G DATA Scheduler;c:\program files\G DATA InternetSecurity\AVK\AVKService.exe [2009-03-18 407112]
R2 AVKWCtl;AntiVirus Monitor;c:\program files\G DATA InternetSecurity\AVK\AVKWCtl.exe [2009-03-18 1091144]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-03-18 41928]
R2 ioperm;ioperm support for Cygwin driver;c:\htt-humaxgbox\cygwin\bin\ioperm.sys [2006-07-11 12800]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2009-03-18 29696]
R3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA InternetSecurity\Firewall\GDFwSvc.exe [2009-03-18 1496648]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-03-18 45768]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-03-18 32072]
R3 INFUSB;INFUSB;c:\windows\system32\drivers\infusb.sys [2009-03-18 15904]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-12-16 70016]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2009-03-18 462212]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - SRSERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-19 05:33:07
Windows 5.1.2600 Service Pack 3, v.5657 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Heure de fin: 2009-03-19 5:34:12
ComboFix-quarantined-files.txt 2009-03-19 04:34:10
Avant-CF: 37 657 632 768 bytes free
Après-CF: 37,811,650,560 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff
c:\wubildr.mbr="Ubuntu"
312 --- E O F --- 2009-03-17 08:41:54


وتقرير الهايجك



Logfile of HijackThis v1.99.1
Scan saved at 05:34:42, on 19/03/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hunt Virus Utilities\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [HTT] \"C:\HTT-HumaxGbox\HTT-Startup.bat\
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe
O23 - Service: AntiVirus Monitor (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe​
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام

بعطيك يا الغالي اداتين تفحص فيهم الجهاز

عطلوا استعاده النظام حسب الشرح الاتي



dis_sys_xp.jpg



وحمل هالأداة وافحص فيها

رابط مباشر
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




وبس تخلص من الفحص بهذه الأداة افحص بالكاسبر


حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير


zyzoom-7ce8879e89.png


zyzoom-cdd75c8aa3.png


zyzoom-89156f000e.png


zyzoom-6d533c4f2e.png


zyzoom-f20f3644d0.png


ثم قم بضغط التقرير ورفعه هنا>>>>
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




افحص بالأداة الأولى وافحص بالكاسبر وعطني التقرير حقها واعد تشغيل الجهاز وعطني تقرير هايجاك جديد
 
توقيع : AbOdy
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى