بعد الأنتهاء من الأقلاع للويندوز يظهر لي الفاحص بوجود فايروس

د

دنيـا كئيبة

زيزوومي نشيط
إنضم
9 مايو 2008
المشاركات
189
مستوى التفاعل
0
النقاط
230
غير متصل
السلام عليكم
.
.
أخواني بعد ما ينتهي ويندوز من الأقلاه يظهر لي الفاحص أنه فيه ملف ضار في الجهاز
وإذا عملت له حذف أو تجاهل يرجع من جديد الأشارهـ
وإذا عملت عدم عمل اي أجراء يختفي
وهذي هي الصورة لتوضيخ
zyzoom-85ff34ee8a.png

.
.

ولما أجي أثبت المسن بالجهاز تطلع لي هذي الرسالة
zyzoom-73fc20d154.png

.
.
وهذا تقرير الهايجك إلي أخذته من لحظات
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:37:27 م, on 02/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\camel\camelserver.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\camel\apache\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\camel\apache\apache.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\AC\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: خادم الجمل.lnk = C:\camel\camelserver.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CamelApache - Unknown owner - C:\camel\apache\apache.exe
O23 - Service: CamelMysql - Unknown owner - C:\camel\mysql\bin\mysqld-nt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
--
End of file - 7658 bytes
.
.
أنتظر مساعدتكم أخواني ..
 

توقيع : دنيـا كئيبة
ترتيب حسب التاريخ ترتيب حسب الأصوات
في إنتظاركم
 
توقيع : دنيـا كئيبة
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
أشكرك على المساعدة و جاري التجربة أخي
لي رجعه بعد الأنتهاء
موفق
 
توقيع : دنيـا كئيبة
تأييد 0
تفضل اخي هذا التقرير بعد ما تم الفحص بالأداة
.
.
ComboFix 09-03-30.02 - AC 04/02/2009 19:14:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.1980.1411 [GMT 3:00]
Running from: c:\documents and settings\AC\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090401-0] *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 16:15 --------- d-----w c:\documents and settings\AC\Application Data\DMCache
2009-04-02 16:14 --------- d-----w c:\documents and settings\AC\Application Data\uTorrent
2009-04-02 14:42 --------- d-----w c:\program files\SWiSH Max2
2009-04-02 13:19 --------- d-----w c:\program files\FlashFXP
2009-04-01 21:19 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-04-01 21:18 --------- d-----w c:\documents and settings\AC\Application Data\Vso
2009-04-01 17:13 --------- d-----w c:\documents and settings\AC\Application Data\IDM
2009-04-01 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-01 13:21 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-31 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2009-03-31 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-03-31 15:20 108,693 --sh--r C:\0bcobed.exe
2009-03-31 15:14 --------- d-----w c:\program files\Internet Download Manager
2009-03-30 22:21 --------- d-----w c:\program files\Alwil Software
2009-03-30 19:33 --------- d-----w c:\program files\Google
2009-03-30 18:16 --------- d-----w c:\program files\MSN Messenger
2009-03-30 18:15 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-30 18:15 --------- d-----w c:\program files\Windows Live
2009-03-30 18:15 --------- d-----w c:\program files\Microsoft
2009-03-30 18:13 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-30 12:46 --------- d-----w c:\documents and settings\All Users\Application Data\SWiSHMax2WorkFolder
2009-03-30 12:42 --------- d-----w c:\program files\Macromedia
2009-03-30 12:42 --------- d-----w c:\program files\Common Files\Macromedia
2009-03-30 12:41 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-29 16:22 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-03-29 16:22 --------- d-----w c:\documents and settings\AC\Application Data\HP
2009-03-29 16:21 --------- d-----w c:\program files\HP
2009-03-29 16:21 --------- d-----w c:\program files\Common Files\HP
2009-03-29 16:20 --------- d-----w c:\program files\Hewlett-Packard
2009-03-29 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-03-29 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-03-29 16:19 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-29 16:17 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-03-29 15:44 --------- d-----w c:\program files\Common Files\SWiSHzone.com
2009-03-26 15:35 210,352 ----a-w c:\windows\system32\idmmbc.dll
2009-03-26 14:00 --------- d-----w c:\documents and settings\AC\Application Data\CyberLink
2009-03-24 14:45 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-24 14:45 47,360 ----a-w c:\documents and settings\AC\Application Data\pcouffin.sys
2009-03-24 14:45 --------- d-----w c:\program files\VSO
2009-03-23 19:05 --------- d-----w c:\program files\SCP
2009-03-23 17:24 --------- d-----w c:\program files\Common Files\Adobe
2009-03-23 17:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 13:29 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-23 12:58 --------- d-----w c:\documents and settings\AC\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-23 09:12 --------- d-----w c:\documents and settings\AC\Application Data\FlashFXP
2009-03-23 08:33 --------- d-----w c:\program files\Ozone
2009-03-23 08:31 --------- d-----w c:\program files\PHP Expert Editor 4.3
2009-03-23 08:26 --------- d-----w c:\program files\TechSmith
2009-03-23 08:26 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-03-23 08:25 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-23 08:22 --------- d-----w c:\program files\uTorrent
2009-03-23 08:15 --------- d-----w c:\documents and settings\AC\Application Data\Media Player Classic
2009-03-23 08:13 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-23 08:12 --------- d-----w c:\program files\Common Files\Real
2009-03-23 08:09 --------- d-----w c:\program files\CCleaner
2009-03-18 13:50 --------- d-----w c:\program files\Nero
2009-03-18 13:50 --------- d-----w c:\program files\Common Files\Ahead
2009-03-18 13:48 --------- d-----w c:\program files\QuickTime
2009-03-18 13:48 --------- d-----w c:\program files\iTunes
2009-03-18 13:48 --------- d-----w c:\program files\iPod
2009-03-18 13:48 --------- d-----w c:\program files\Bonjour
2009-03-18 13:48 --------- d-----w c:\program files\Apple Software Update
2009-03-18 13:48 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-18 13:48 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-18 13:48 --------- d-----w c:\documents and settings\AC\Application Data\Apple Computer
2009-03-18 13:47 --------- d-----w c:\program files\Common Files\Apple
2009-03-18 13:47 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-03-18 13:46 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-18 08:31 155,995 ----a-w c:\windows\java\Packages\GAVHRNFV.ZIP
2009-03-18 08:31 --------- d-----w c:\program files\Real
2009-03-18 08:30 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-18 08:30 --------- d-----w c:\program files\CyberLink
2009-03-18 08:30 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-18 08:28 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-18 08:20 --------- d-----w c:\program files\Microsoft Works
2009-03-18 08:20 --------- d-----w c:\program files\Microsoft ActiveSync
2009-03-18 08:20 --------- d-----w c:\program files\Common Files\L&H
2009-03-18 08:18 --------- d-----w c:\program files\Microsoft.NET
2009-03-18 08:15 --------- d-----w c:\program files\Intel
2009-03-18 08:15 --------- d-----w c:\program files\Common Files\postureAgent
2009-03-18 08:15 --------- d-----w c:\program files\Common Files\Intel
2009-03-18 08:14 --------- d-----w c:\program files\DIFX
2009-03-18 08:14 --------- d-----w c:\program files\Dell
2009-03-18 08:12 --------- d-----w c:\documents and settings\AC\Application Data\InstallShield
2009-03-18 08:05 --------- d-----w c:\program files\Analog Devices
2009-03-18 07:52 --------- d-----w c:\program files\microsoft frontpage
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-06 15:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((( SnapShot@Tue 03-31-2009_10.36.47.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-02-25 03:35:05 14,048 ----a-w c:\windows\$hf_mig$\KB898461\spmsg.dll
+ 2005-02-25 03:35:05 209,632 ----a-w c:\windows\$hf_mig$\KB898461\spuninst.exe
+ 2005-02-25 03:35:05 22,752 ----a-w c:\windows\$hf_mig$\KB898461\spupdsvc.exe
+ 2005-02-25 03:35:05 22,240 ----a-w c:\windows\$hf_mig$\KB898461\update\spcustom.dll
+ 2005-02-25 03:35:05 718,048 ----a-w c:\windows\$hf_mig$\KB898461\update\update.exe
+ 2005-02-25 03:35:06 371,936 ----a-w c:\windows\$hf_mig$\KB898461\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-10-15 16:53:28 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2009-03-31 17:50:50 632,320 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}\IconCD95F66110.exe
+ 2009-03-31 17:50:50 29,184 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}\IconCD95F6617.exe
- 2009-03-18 07:53:45 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-01 11:12:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-18 07:53:45 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-01 11:12:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-18 07:53:45 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-01 11:12:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-03 21:56:46 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2009-03-30 19:33:38 2,937,760 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-04-01 03:10:12 2,952,880 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-16 11:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 11:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2004-08-03 21:56:46 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2009-03-31 07:04:47 59,916 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-02 08:56:51 59,916 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-31 07:04:47 397,696 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-02 08:56:51 397,696 ----a-w c:\windows\system32\perfh009.dat
- 2006-09-25 14:58:48 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-03-31 16:44:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5ac.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [12/16/2005 01:57 PM 94208]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [01/17/2008 12:40 PM 816368]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [02/06/2009 06:53 PM 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [03/31/2009 02:07 PM 2790832]
"cdoosoft"="c:\windows\system32\olhrwef.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [08/29/2008 03:34 PM 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [08/29/2008 03:34 PM 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [08/29/2008 03:34 PM 150040]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [07/24/2008 03:27 PM 1044480]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [07/23/2008 09:56 AM 773144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 09:52 PM 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [02/06/2009 12:08 AM 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
c:\documents and settings\AC\Start Menu\Programs\Startup\
¦ں§ê ںé¤êé.lnk - c:\camel\camelserver.exe [2003-10-17 1189888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-03-23 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2008-11-06 7217480]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-08 525664]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:Arabic /KBD:2
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 06/12/2008 02:38 AM 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 10/01/2008 06:57 PM 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 12/05/2006 10:55 PM 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 09/06/2008 03:09 PM 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 11/23/2006 03:10 PM 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-03-18 24064]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-31 20560]
R2 CamelApache;CamelApache;c:\camel\Apache\Apache.exe [2004-10-28 20545]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-03-18 2054680]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-03-18 144480]
S2 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi32.sys --> c:\windows\system32\drivers\acpi32.sys [?]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 ksi32sk;ksi32sk;\??\c:\windows\system32\drivers\ksi32sk.sys --> c:\windows\system32\drivers\ksi32sk.sys [?]
S2 nicsk32;nicsk32;\??\c:\windows\system32\drivers\nicsk32.sys --> c:\windows\system32\drivers\nicsk32.sys [?]
S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
S2 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?]
S3 CamelMysql;CamelMysql;c:\camel\mysql\bin\mysqld-nt.exe --defaults-file="c:\camel\mysql\ini\my.ini" CamelMysql --> c:\camel\mysql\bin\mysqld-nt.exe --defaults-file=c:\camel\mysql\ini\my.ini [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08179e5b-1aac-11de-be40-0023ae665e9f}]
\Shell\AutoRun\command - H:\0bcobed.exe
\Shell\open\Command - H:\0bcobed.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d1ae3f-1785-11de-be2d-9dba0a4e787c}]
\Shell\AutoRun\command - G:\0bcobed.exe
\Shell\open\Command - G:\0bcobed.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [07/30/2008 12:34 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\AC\Application Data\Mozilla\Firefox\Profiles\eepj3ln1.default\
FF - component: c:\documents and settings\AC\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-02 19:15:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 04/02/2009 19:15:59
ComboFix-quarantined-files.txt 2009-04-02 16:15:57
ComboFix2.txt 2009-03-31 07:37:13
Pre-Run: 114,265,042,944 bytes free
Post-Run: 114,286,686,208 bytes free
260 --- E O F --- 2009-04-02 07:55:41
.
.
بالتوفيق
 
توقيع : دنيـا كئيبة
تأييد 0
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة
 
تأييد 0
جاري العمل أخي
وبعد الأنتهاء سيتم طرح التقرير
موفق
 
توقيع : دنيـا كئيبة
تأييد 0
تفضل أخوي
هذا بعد ما عملت فحص بالبرنامح وهذا هو آخر شيء ظهر عندي
.
.
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2
02/04/2009 08:49:38 م
mbam-log-2009-04-02 (20-49-38).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 121320
Time elapsed: 11 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
.
 
توقيع : دنيـا كئيبة
تأييد 0
اخي اعمل بحث عن هذا الملف في الجهاز

nmdfgds0.dll

وعندما تجده قم بحذفه
اذا لم تستطع حذفه ،، قم بحذفه بالوضع الامن
 
تأييد 0
ما حصلت الملف أخي
بحثت عنه كذا مرهـ وما هو موجود ؟؟
.
.
 
توقيع : دنيـا كئيبة
تأييد 0
اعمل اظهار للملفات المخفية
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى