مشكلة كبيرة في الجهاز وهذا تقرير الهايجاك

[tedatasoft]

السلام عليكم

Logfile of HijackThis v1.99.1
Scan saved at 12:05:53 م, on 28/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\internet download manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ws4s.com\LOCALS~1\Temp\Rar$EX00.922\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ***xpsp5***BY:MOHAMED EL-NASEH*** Internet Explorer
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\internet download manager\IDMIECC.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [upload curb default new] C:\Documents and Settings\All Users\Application Data\Lies shim upload curb\Stupid Plan.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\internet download manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Livepile] C:\DOCUME~1\ws4s.com\APPLIC~1\MEMOAM~1\move user.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: IDM بواسطة FLV تحميل محتوى فيديو - C:\Program Files\internet download manager\IEGetVL.htm
O8 - Extra context menu item: IDM تحميل بواسطة - C:\Program Files\internet download manager\IEExt.htm
O8 - Extra context menu item: IDM تحميل جميع الروابط بواسطة - C:\Program Files\internet download manager\IEGetAll.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BAEE131D-290A-4541-A50A-8936F159563A} (Crystal Print Control 10.2) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

والكاسبر عندى 2009 كل الحماية معمول عليها x وملونة بالاحمر وتقريبا في حد هجم الجهاز وكاسبر مش عاوز يفتح
منتظر الحل

 

[tedatasoft]

اوكى جارى

 

[ابـــو عــبــد الــلــه]

كيف الوضع معك

:: :?: ::​

 

[tedatasoft]

هذا هو التقرير ComboFix 09-04-03.01 - ws4s.com 04/04/2009 14:36:08.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1015.650 [GMT 2:00] Running from: h:\برامج رائعة\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-04 12:36 --------- d-----w c:\documents and settings\ws4s.com\Application Data\DMCache 2009-04-04 10:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-04 10:28 --------- d-----w c:\documents and settings\ws4s.com\Application Data\IDM 2009-04-04 08:56 --------- d-----w c:\documents and settings\ws4s.com\Application Data\cleaner 2009-04-04 08:42 --------- d-----w c:\documents and settings\ws4s.com\Application Data\CyberScrub 2009-04-03 15:02 --------- d-----w c:\program files\Video Convert Master 2009-04-03 15:01 81,920 ----a-w c:\documents and settings\ws4s.com\Application Data\ezpinst.exe 2009-04-03 15:01 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-04-03 15:01 47,360 ----a-w c:\documents and settings\ws4s.com\Application Data\pcouffin.sys 2009-04-03 15:01 --------- d-----w c:\documents and settings\ws4s.com\Application Data\Vso 2009-03-31 23:32 --------- d-----w c:\documents and settings\ws4s.com\Application Data\Winamp 2009-03-31 18:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-31 10:41 992 ----a-w c:\documents and settings\ws4s.com\active_setup.dat 2009-03-31 10:41 13 ----a-w c:\documents and settings\ws4s.com\sys_enum.dat 2009-03-31 10:41 0 ----a-w c:\documents and settings\ws4s.com\CregC.dat 2009-03-26 15:31 --------- d-----w c:\documents and settings\All Users\Application Data\SWiSHMax2WorkFolder 2009-03-26 15:27 --------- d-----w c:\program files\SWiSH Max2 2009-03-26 15:11 --------- d-----w c:\program files\Common Files\SWiSHzone.com 2009-03-26 14:49 --------- d-----w c:\program files\vSoft 2009-03-25 22:55 --------- d-----w c:\program files\Common Files\Business Objects 2009-03-25 11:30 --------- d-----w c:\program files\Trojan Remover 2009-03-25 11:30 --------- d-----w c:\documents and settings\ws4s.com\Application Data\Simply Super Software 2009-03-25 11:30 --------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software 2009-03-22 19:10 --------- d-----w c:\program files\iVocalize Web Conference 4 2009-03-21 16:15 --------- d-----w c:\program files\All2Chat 2009-03-20 21:29 --------- d-----w c:\program files\Everstrike Software 2009-03-20 21:29 --------- d-----w c:\program files\Common Files\Everstrike Software 2009-03-20 14:29 --------- d-----w c:\program files\Common Files\Adobe 2009-03-20 14:27 --------- d-----w c:\program files\Common Files\Adobe Systems Shared 2009-03-20 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems 2009-03-19 20:50 --------- d-----w c:\program files\Flash Movie Player 2009-03-19 16:07 82,898 ----a-w c:\windows\uninstall.exe 2009-03-19 06:57 --------- d-----w c:\program files\Common Files\Ahead 2009-03-19 06:57 --------- d-----w c:\program files\Ahead 2009-03-19 06:55 --------- d-----w c:\program files\Nero 2009-03-19 05:08 --------- d--h--w c:\program files\Zenographics 2009-03-19 05:08 --------- d-----w c:\program files\Hewlett-Packard 2009-03-19 05:06 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-19 05:05 --------- d-----w c:\program files\ScanDrv6 2009-03-19 04:54 --------- d-----w c:\program files\Microsoft.NET 2009-03-19 03:02 8,059 ----a-w c:\windows\gdrv.sys 2009-03-19 02:56 315,392 ----a-w c:\windows\HideWin.exe 2009-03-19 02:56 --------- d-----w c:\program files\Realtek 2009-03-19 02:56 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-19 02:49 --------- d-----w c:\program files\Intel 2009-03-19 02:19 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-03-19 01:58 --------- d-----w c:\documents and settings\ws4s.com\Application Data\FlashFXP 2009-03-19 01:54 --------- d-----w c:\program files\internet download manager 2009-03-19 01:30 603,904 ----a-w c:\windows\system32\TUProgSt.exe 2009-03-19 01:30 362,240 ----a-w c:\windows\system32\TuneUpDefragService.exe 2009-03-19 01:30 --------- d-----w c:\program files\TuneUp Utilities 2009 2009-03-19 01:29 --------- d-----w c:\documents and settings\ws4s.com\Application Data\TuneUp Software 2009-03-19 01:28 --------- d-----w c:\documents and settings\ws4s.com\Application Data\MEMOAMENPOKE 2009-03-19 01:28 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2009-03-19 01:24 --------- d-----w c:\documents and settings\All Users\Application Data\Lies shim upload curb 2009-03-19 01:20 --------- d-----w c:\program files\MEMOAMENPOKE 2009-03-19 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-03-19 01:19 --------- d-----w c:\program files\Windows Live 2009-03-19 01:19 --------- d-----w c:\program files\MSN Messenger 2009-03-19 01:19 --------- d-----w c:\program files\Messenger Plus! Live 2009-03-19 01:19 --------- d-----w c:\program files\Circle Developemet 2009-03-19 01:12 --------- d-----w c:\documents and settings\ws4s.com\Application Data\InstallShield 2009-03-19 01:11 --------- d-----w c:\program files\Foxit Pdf Tools 2009-03-19 01:11 --------- d-----w c:\program files\flashfxp 2009-03-19 01:11 --------- d-----w c:\program files\flash player 2009-03-19 01:10 --------- d-----w c:\program files\Yahoo! 2009-03-19 01:10 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-03-19 01:10 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-03-19 01:05 --------- d-----w c:\program files\Winamp 2009-03-19 00:57 --------- d-----w c:\program files\microsoft frontpage 2009-03-02 16:50 393,728 ----a-w c:\windows\system32\swupdater.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [08/04/2004 03:07 AM 15360] "IDMan"="c:\program files\internet download manager\IDMan.exe" [10/11/2007 03:15 AM 802816] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [03/19/2009 03:19 AM 5674352] "Livepile"="c:\docume~1\ws4s.com\APPLIC~1\MEMOAM~1\move user.exe" [03/19/2009 03:20 AM 638976] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [10/27/2007 07:51 AM 3810544] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [08/04/2004 03:07 AM 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:07 AM 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [08/04/2004 03:07 AM 455168] "upload curb default new"="c:\documents and settings\All Users\Application Data\Lies shim upload curb\Stupid Plan.exe" [04/04/2009 11:59 AM 781312] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [02/15/2009 04:53 PM 1214856] "IgfxTray"="c:\windows\system32\igfxtray.exe" [02/28/2008 03:00 PM 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [02/28/2008 03:00 PM 166424] "MsmqIntCert"="mqrt.dll" [08/04/2004 03:07 AM 177152 c:\windows\system32\mqrt.dll] "RTHDCPL"="RTHDCPL.EXE" [02/13/2008 08:31 AM 16857600 c:\windows\RTHDCPL.exe] "Resume copy"="copyfstq.exe" [06/10/2003 04:35 PM 57344 c:\windows\copyfstq.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 03:07 AM 15360] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoConfigPage"= 0 (0x0) "NoDevMgrPage"= 0 (0x0) "NoFileSysPage"= 0 (0x0) "NoVirtMemPage"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-19 603904] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-04-04 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [11/20/2008 04:28 PM] 2009-04-04 c:\windows\Tasks\الصيانة بنقرة واحدة.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [11/20/2008 04:28 PM] . - - - - ORPHANS REMOVED - - - - HKLM-Run-LFAgent - (no file) HKLM-Run-SystemInit - (no file) HKLM-Run-raVe - (no file) HKLM-Run-Win32BaseServiceMOD - (no file) HKLM-Run-startIE - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: IDM بواسطة FLV تحميل محتوى فيديو - c:\program files\internet download manager\IEGetVL.htm IE: IDM تحميل بواسطة - c:\program files\internet download manager\IEExt.htm IE: IDM تحميل جميع الروابط بواسطة - c:\program files\internet download manager\IEGetAll.htm DPF: {BAEE131D-290A-4541-A50A-8936F159563A} - hxxp://support.businessobjects.com/CRforVS2005/PrintControl.cab FF - ProfilePath - c:\documents and settings\ws4s.com\Application Data\Mozilla\Firefox\Profiles\8cpnqdy8.default\ FF - component: c:\documents and settings\ws4s.com\Application Data\IDM\idmmzcc2\components\idmmzcc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . . ------- File Associations ------- . txtfile=NOTEPAD %1 vbefile\shell\edit\command=c:\windows\Notepad.exe %1 vbsfile\shell\edit\command=c:\windows\Notepad.exe %1 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-04 14:37:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2025429265-1177238915-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*+*'*Y%\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-2025429265-1177238915-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%x**] @Class="Shell" [HKEY_USERS\S-1-5-21-2025429265-1177238915-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%x**\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-2025429265-1177238915-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. P% N ] @Class="Shell" [HKEY_USERS\S-1-5-21-2025429265-1177238915-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. P% N \OpenWithList] @Class="Shell" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24b86c0b-2e15-40ff-85fa-507c7478e5e1}] @Denied: (Full) (Everyone) "Model"=dword:0000005d "Therad"=dword:00000011 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):d7,30,2f,5c,db,0e,1b,ea,cf,f5,38,18,1d,dd,19,04,3e,7a,37,37,d9, 4f,d0,a5,aa,a1,b3,40,f4,f2,21,03,a8,63,e3,a9,80,e9,4f,b0,00,00,00,00,00,00,\ . Completion time: 04/04/2009 14:38:35 ComboFix-quarantined-files.txt 2009-04-04 12:38:33 Pre-Run: 7,539,195,904 bytes free Post-Run: 7,532,146,688 bytes free 264

 

[ابـــو عــبــد الــلــه]

انسخ التقرير مرة اخري .... ولا تعدل فيه​

 

[ابـــو عــبــد الــلــه]

وين التقرير ::: :y::::​

 

[tedatasoft]

combofix 09-04-03.01 - ws4s.com 04/04/2009 14:36:08.2 - ntfsx86
microsoft windows xp professional 5.1.2600.2.1256.1.1033.18.1015.650 [gmt 2:00]
running from: H:\برامج رائعة\combofix.exe

warning -this machine does not have the recovery console installed !!
.

((((((((((((((((((((((((((((((((((((((( other deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- previous run -------
.
C:\windows\system32\404fix.exe
c:\windows\system32\agent.omz.fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\iedfix.c.exe
c:\windows\system32\iedfix.exe
c:\windows\system32\o4patch.exe
c:\windows\system32\process.exe
c:\windows\system32\srchsts.exe
c:\windows\system32\vacfix.exe
c:\windows\system32\vcclsid.exe
c:\windows\system32\ws2fix.exe

.
((((((((((((((((((((((((( files created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 12:36 --------- d-----w c:\documents and settings\ws4s.com\application data\dmcache
2009-04-04 10:29 --------- d-----w c:\program files\common files\wise installation wizard
2009-04-04 10:28 --------- d-----w c:\documents and settings\ws4s.com\application data\idm
2009-04-04 08:56 --------- d-----w c:\documents and settings\ws4s.com\application data\cleaner
2009-04-04 08:42 --------- d-----w c:\documents and settings\ws4s.com\application data\cyberscrub
2009-04-03 15:02 --------- d-----w c:\program files\video convert master
2009-04-03 15:01 81,920 ----a-w c:\documents and settings\ws4s.com\application data\ezpinst.exe
2009-04-03 15:01 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-03 15:01 47,360 ----a-w c:\documents and settings\ws4s.com\application data\pcouffin.sys
2009-04-03 15:01 --------- d-----w c:\documents and settings\ws4s.com\application data\vso
2009-03-31 23:32 --------- d-----w c:\documents and settings\ws4s.com\application data\winamp
2009-03-31 18:37 --------- d---a-w c:\documents and settings\all users\application data\temp
2009-03-31 10:41 992 ----a-w c:\documents and settings\ws4s.com\active_setup.dat
2009-03-31 10:41 13 ----a-w c:\documents and settings\ws4s.com\sys_enum.dat
2009-03-31 10:41 0 ----a-w c:\documents and settings\ws4s.com\cregc.dat
2009-03-26 15:31 --------- d-----w c:\documents and settings\all users\application data\swishmax2workfolder
2009-03-26 15:27 --------- d-----w c:\program files\swish max2
2009-03-26 15:11 --------- d-----w c:\program files\common files\swishzone.com
2009-03-26 14:49 --------- d-----w c:\program files\vsoft
2009-03-25 22:55 --------- d-----w c:\program files\common files\business objects
2009-03-25 11:30 --------- d-----w c:\program files\trojan remover
2009-03-25 11:30 --------- d-----w c:\documents and settings\ws4s.com\application data\simply super software
2009-03-25 11:30 --------- d-----w c:\documents and settings\all users\application data\simply super software
2009-03-22 19:10 --------- d-----w c:\program files\ivocalize web conference 4
2009-03-21 16:15 --------- d-----w c:\program files\all2chat
2009-03-20 21:29 --------- d-----w c:\program files\everstrike software
2009-03-20 21:29 --------- d-----w c:\program files\common files\everstrike software
2009-03-20 14:29 --------- d-----w c:\program files\common files\adobe
2009-03-20 14:27 --------- d-----w c:\program files\common files\adobe systems shared
2009-03-20 14:27 --------- d-----w c:\documents and settings\all users\application data\adobe systems
2009-03-19 20:50 --------- d-----w c:\program files\flash movie player
2009-03-19 16:07 82,898 ----a-w c:\windows\uninstall.exe
2009-03-19 06:57 --------- d-----w c:\program files\common files\ahead
2009-03-19 06:57 --------- d-----w c:\program files\ahead
2009-03-19 06:55 --------- d-----w c:\program files\nero
2009-03-19 05:08 --------- d--h--w c:\program files\zenographics
2009-03-19 05:08 --------- d-----w c:\program files\hewlett-packard
2009-03-19 05:06 --------- d--h--w c:\program files\installshield installation information
2009-03-19 05:05 --------- d-----w c:\program files\scandrv6
2009-03-19 04:54 --------- d-----w c:\program files\microsoft.net
2009-03-19 03:02 8,059 ----a-w c:\windows\gdrv.sys
2009-03-19 02:56 315,392 ----a-w c:\windows\hidewin.exe
2009-03-19 02:56 --------- d-----w c:\program files\realtek
2009-03-19 02:56 --------- d-----w c:\program files\common files\installshield
2009-03-19 02:49 --------- d-----w c:\program files\intel
2009-03-19 02:19 --------- d-----w c:\documents and settings\all users\application data\office genuine advantage
2009-03-19 01:58 --------- d-----w c:\documents and settings\ws4s.com\application data\flashfxp
2009-03-19 01:54 --------- d-----w c:\program files\internet download manager
2009-03-19 01:30 603,904 ----a-w c:\windows\system32\tuprogst.exe
2009-03-19 01:30 362,240 ----a-w c:\windows\system32\tuneupdefragservice.exe
2009-03-19 01:30 --------- d-----w c:\program files\tuneup utilities 2009
2009-03-19 01:29 --------- d-----w c:\documents and settings\ws4s.com\application data\tuneup software
2009-03-19 01:28 --------- d-----w c:\documents and settings\ws4s.com\application data\memoamenpoke
2009-03-19 01:28 --------- d-----w c:\documents and settings\all users\application data\tuneup software
2009-03-19 01:24 --------- d-----w c:\documents and settings\all users\application data\lies shim upload curb
2009-03-19 01:20 --------- d-----w c:\program files\memoamenpoke
2009-03-19 01:20 --------- d-----w c:\documents and settings\all users\application data\messenger plus!
2009-03-19 01:19 --------- d-----w c:\program files\windows live
2009-03-19 01:19 --------- d-----w c:\program files\msn messenger
2009-03-19 01:19 --------- d-----w c:\program files\messenger plus! Live
2009-03-19 01:19 --------- d-----w c:\program files\circle developemet
2009-03-19 01:12 --------- d-----w c:\documents and settings\ws4s.com\application data\installshield
2009-03-19 01:11 --------- d-----w c:\program files\foxit pdf tools
2009-03-19 01:11 --------- d-----w c:\program files\flashfxp
2009-03-19 01:11 --------- d-----w c:\program files\flash player
2009-03-19 01:10 --------- d-----w c:\program files\yahoo!
2009-03-19 01:10 --------- d-----w c:\documents and settings\all users\application data\yahoo!
2009-03-19 01:10 --------- d-----w c:\documents and settings\all users\application data\kaspersky lab setup files
2009-03-19 01:05 --------- d-----w c:\program files\winamp
2009-03-19 00:57 --------- d-----w c:\program files\microsoft frontpage
2009-03-02 16:50 393,728 ----a-w c:\windows\system32\swupdater.exe
.

((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4

[hkey_current_user\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 03:07 am 15360]
"idman"="c:\program files\internet download manager\idman.exe" [10/11/2007 03:15 am 802816]
"msnmsgr"="c:\program files\msn messenger\msnmsgr.exe" [03/19/2009 03:19 am 5674352]
"livepile"="c:\docume~1\ws4s.com\applic~1\memoam~1\move user.exe" [03/19/2009 03:20 am 638976]
"yahoo! Pager"="c:\program files\yahoo!\messenger\yahoomessenger.exe" [10/27/2007 07:51 am 3810544]
"msmsgs"="c:\program files\messenger\msmsgs.exe" [08/04/2004 01:06 am 1667584]

[hkey_local_machine\software\microsoft\windows\currentversion\run]
"imjpmig8.1"="c:\windows\ime\imjp8_1\imjpmig.exe" [08/04/2004 03:07 am 208952]
"phime2002async"="c:\windows\system32\ime\tintlgnt\tintsetp.exe" [08/04/2004 03:07 am 455168]
"phime2002a"="c:\windows\system32\ime\tintlgnt\tintsetp.exe" [08/04/2004 03:07 am 455168]
"upload curb default new"="c:\documents and settings\all users\application data\lies shim upload curb\stupid plan.exe" [04/04/2009 11:59 am 781312]
"nerofiltercheck"="c:\windows\system32\nerocheck.exe" [07/09/2001 11:50 am 155648]
"trojanscanner"="c:\program files\trojan remover\trjscan.exe" [02/15/2009 04:53 pm 1214856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [02/28/2008 03:00 pm 141848]
"hotkeyscmds"="c:\windows\system32\hkcmd.exe" [02/28/2008 03:00 pm 166424]
"msmqintcert"="mqrt.dll" [08/04/2004 03:07 am 177152 c:\windows\system32\mqrt.dll]
"rthdcpl"="rthdcpl.exe" [02/13/2008 08:31 am 16857600 c:\windows\rthdcpl.exe]
"resume copy"="copyfstq.exe" [06/10/2003 04:35 pm 57344 c:\windows\copyfstq.exe]

[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 03:07 am 15360]

[hkey_users\.default\software\microsoft\windows\currentversion\policies\system]
"noconfigpage"= 0 (0x0)
"nodevmgrpage"= 0 (0x0)
"nofilesyspage"= 0 (0x0)
"novirtmempage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer]
"memcheckboxinrundlg"= 1 (0x1)

[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer]
"nosmconfigureprograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\security center]
"antivirusdisablenotify"=dword:00000001
"updatesdisablenotify"=dword:00000001
"antivirusoverride"=dword:00000001
"firewalloverride"=dword:00000001

[hkey_local_machine\software\microsoft\security center\monitoring\kasperskyantivirus]
"disablemonitoring"=dword:00000001

[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)

[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"=
"c:\\program files\\msn messenger\\msnmsgr.exe"=
"c:\\program files\\msn messenger\\livecall.exe"=
"c:\\windows\\system32\\mqsvc.exe"=

r2 lf30fs;lf30fs;c:\program files\everstrike software\lock folder xp 3.6\lf30xp.sys [2004-11-19 101488]
r2 tuneup.programstatisticssvc;tuneup program statistics service;c:\windows\system32\tuprogst.exe [2009-03-19 603904]

hkey_local_machine\software\microsoft\windows nt\currentversion\svchost - netsvcs
uxtuneup
.
Contents of the 'scheduled tasks' folder

2009-04-04 c:\windows\tasks\1-click maintenance.job
- c:\program files\tuneup utilities 2009\oneclickstarter.exe [11/20/2008 04:28 pm]

2009-04-04 c:\windows\tasks\الصيانة بنقرة واحدة.job
- c:\program files\tuneup utilities 2009\oneclickstarter.exe [11/20/2008 04:28 pm]
.
- - - - orphans removed - - - -

hklm-run-lfagent - (no file)
hklm-run-systeminit - (no file)
hklm-run-rave - (no file)
hklm-run-win32baseservicemod - (no file)
hklm-run-startie - (no file)


.
------- supplementary scan -------
.
Ustart page = hxxp://www.google.com/
usearchurl,(default) = hxxp://www.google.com/keyword/%s
ie: &تصدير إلى microsoft excel - c:\progra~1\micros~2\office11\excel.exe/3000
ie: Idm بواسطة flv تحميل محتوى فيديو - c:\program files\internet download manager\iegetvl.htm
ie: Idm تحميل بواسطة - c:\program files\internet download manager\ieext.htm
ie: Idm تحميل جميع الروابط بواسطة - c:\program files\internet download manager\iegetall.htm
dpf: {baee131d-290a-4541-a50a-8936f159563a} - hxxp://support.businessobjects.com/crforvs2005/printcontrol.cab
ff - profilepath - c:\documents and settings\ws4s.com\application data\mozilla\firefox\profiles\8cpnqdy8.default\
ff - component: C:\documents and settings\ws4s.com\application data\idm\idmmzcc2\components\idmmzcc.dll
ff - plugin: C:\program files\mozilla firefox\plugins\np-mswmp.dll
.
.
------- file associations -------
.
Txtfile=notepad %1
vbefile\shell\edit\command=c:\windows\notepad.exe %1
vbsfile\shell\edit\command=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1375 w2k/xp/vista - rootkit/stealth malware detector by gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

rootkit scan 2009-04-04 14:37:34
windows 5.1.2600 service pack 2 ntfs

scanning hidden processes ...

Scanning hidden autostart entries ...

Scanning hidden files ...

Scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- locked registry keys ---------------------

[hkey_users\s-1-5-21-2025429265-1177238915-725345543-1003\software\microsoft\windows\currentversion\explorer\fileexts\.*+*'*y%\openwithlist]
@class="shell"

[hkey_users\s-1-5-21-2025429265-1177238915-725345543-1003\software\microsoft\windows\currentversion\explorer\fileexts\.*%x**]
@class="shell"

[hkey_users\s-1-5-21-2025429265-1177238915-725345543-1003\software\microsoft\windows\currentversion\explorer\fileexts\.*%x**\openwithlist]
@class="shell"

[hkey_users\s-1-5-21-2025429265-1177238915-725345543-1003\software\microsoft\windows\currentversion\explorer\fileexts\. P%
n ]
@class="shell"

[hkey_users\s-1-5-21-2025429265-1177238915-725345543-1003\software\microsoft\windows\currentversion\explorer\fileexts\. P%
n \openwithlist]
@class="shell"

[hkey_local_machine\software\classes\clsid\{24b86c0b-2e15-40ff-85fa-507c7478e5e1}]
@denied: (full) (everyone)
"model"=dword:0000005d
"therad"=dword:00000011

[hkey_local_machine\software\classes\clsid\{5ed60779-4de2-4e07-b862-974ca4ff2e9c}]
@denied: (full) (everyone)
"scansk"=hex(0):d7,30,2f,5c,db,0e,1b,ea,cf,f5,38,18,1d,dd,19,04,3e,7a,37,37,d9,
4f,d0,a5,aa,a1,b3,40,f4,f2,21,03,a8,63,e3,a9,80,e9,4f,b0,00,00,00,00,00,00,\
.
Completion time: 04/04/2009 14:38:35
combofix-quarantined-files.txt 2009-04-04 12:38:33

pre-run: 7,539,195,904 bytes free
post-run: 7,532,146,688 bytes free

264

هذا هو التقرير كامل

 

[Demo-dashDemo-dash is verified member.]

أبو ريما .... جزاك الله خير

انا اشهد انك ذيب

​

 

[ابـــو عــبــد الــلــه]

أبو ريما .... جزاك الله خير​

انا اشهد انك ذيب ​

..

..

واياك وجميع المسلمين ... اسأل الله ان يرزقك بر والديك​

 

[ابـــو عــبــد الــلــه]

قم بتثبيت الكاسبر الحين ...​

 

[tedatasoft]

قمت بالتثبيت وكل شئ بس جعمل مشاكل كتير
مبيجيش بشكله الطبيعى بيبقى ابيض كدة ومش بشكله يعنى وبيجيب الرساءل الى كانت بتتطلع في الاول

 

[ابـــو عــبــد الــلــه]

قمت بالتثبيت وكل شئ بس جعمل مشاكل كتير
مبيجيش بشكله الطبيعى بيبقى ابيض كدة ومش بشكله يعنى وبيجيب الرساءل الى كانت بتتطلع في الاول

دنا احوليت يارجاله ...

​

ارجو منك ارفاق صور من المشاكل ... :bleh:​

 

[tedatasoft]

اعمل ريستارت وارسل لك المشاكل

 

[tedatasoft]

دلوقتى نزل وشغال تمام بس يخلص الابديت واعمله ريستارت وبعد كدة اشوف في مشاكل ولا لا
بس في حاجة تانية بسيطة لما نزلت الهوت ميل الماسنجر الجديد طلب تحديث للاكسي بي الى عندى اعمله تحديث ازاي ومنين
منتظر ردك ؟؟

 

[tedatasoft]

وفي مشكلة اخرى بسيطة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الرابط ده رابط لغرفة تعليمية حملت الجافا وكل حاجة وكانت بتدخل في الاول دلوقتى تعدى ال3 مرات ومش بيدخل بيقول الاتصال فشل او حاجة زى كدة
يا ريت حلها وشكرا

 

[ابـــو عــبــد الــلــه]

دلوقتى نزل وشغال تمام بس يخلص الابديت واعمله ريستارت وبعد كدة اشوف في مشاكل ولا لا
بس في حاجة تانية بسيطة لما نزلت الهوت ميل الماسنجر الجديد طلب تحديث للاكسي بي الى عندى اعمله تحديث ازاي ومنين
منتظر ردك ؟؟

تحتاج تحويل الويندوز الى اصلي ... تابع الموضيع التالية ... ولا تنس اثناء تحديث الويندوز ازل علامة الصح من امام خيار الاعلام عن ميزة النسخة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أو
​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

:king:​

 

[ابـــو عــبــد الــلــه]

وفي مشكلة اخرى بسيطة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الرابط ده رابط لغرفة تعليمية حملت الجافا وكل حاجة وكانت بتدخل في الاول دلوقتى تعدى ال3 مرات ومش بيدخل بيقول الاتصال فشل او حاجة زى كدة
يا ريت حلها وشكرا

قم بتثبيت برنامج الفلاش ... وتاكد من الاتصال عندك ... :u:​

 

[tedatasoft]

قم بتثبيت برنامج الفلاش ... وتاكد من الاتصال عندك ... :u:​

يا ريت رابط لبرنامج الفلاش مع الغلم انها كانت تعمل عادى خالص والاتصال برده عادى

 

[ابـــو عــبــد الــلــه]

تفضل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد الدخول ازل علامة الصح من امام خيار Free Google Toolbar (optional)


ثم اضغط على الايقونه اللي باللون الاصفر .. بعد ذلك هو راح يعمل تثبيت ...​

 

[tedatasoft]

ده رابط صورة وليس رابط موقع

 

[ابـــو عــبــد الــلــه]

تفضل​

:: التحميل ::

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

...​