فايروسات بجهازي.

الحالة
مغلق و غير مفتوح للمزيد من الردود.
مزكم وحزين

مزكم وحزين

زيزوومى مبدع
إنضم
10 أكتوبر 2008
المشاركات
1,358
مستوى التفاعل
72
النقاط
640
الإقامة
Dell 1525
غير متصل
السلام عليكم ورحمة الله وبركاته .:: تم فتح الموضوع بطلب من ماكس:q::q: .

تقرير الهاي جاك .:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:51:37 م, on 09/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hotspot Shield\bin\openvpn.exe
C:\Program Files\Uniblue\DriverScanner\DriverScanner.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Admin\My Documents\Downloads\Programs\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7237 bytes
 

توقيع : مزكم وحزين
ترتيب حسب التاريخ ترتيب حسب الأصوات
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
باااااااااااااااك كنت بمعركه انا والجهاز والحمد لله قدرت ادخل منه ...... ابشررررر ياماكس ثواني

دخلت سيدي اكس بي sp3 ولقيت مكتوب تثبيت اكس بي وثبته وسويت شي ثاني الا وهو من خلال تشغيل امر رن وكتبت سكان ناو ورجعت ملفات النظاااام واشتغل الجهاز اففففففففففففففففففففففففففففففففففففففففففففففففففففففففففففففف منه...
 
توقيع : مزكم وحزين
تأييد 0
المعذره على التاخير هو تاخر علي.

ComboFix 09-04-04.01 - Admin 04/10/2009 0:40:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1014.675 [GMT 3:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 21:40 --------- d-----w c:\documents and settings\Admin\Application Data\DMCache
2009-04-09 21:36 843 ----a-w C:\ChangeWinXPKey.vbs
2009-04-09 20:28 --------- d-----w c:\program files\Hotspot Shield
2009-04-09 20:18 --------- d-----w c:\documents and settings\Admin\Application Data\mIRC
2009-04-09 18:11 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-09 18:11 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-09 18:11 221,216 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-09 18:11 1,836 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-09 18:06 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-09 18:06 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-09 18:05 --------- d-----w c:\program files\Kaspersky Lab
2009-04-09 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-09 17:33 --------- d-----w c:\program files\Google
2009-04-09 17:23 --------- d-----w c:\program files\Java
2009-04-09 17:20 --------- d-----w c:\program files\Common Files\Java
2009-04-09 17:08 --------- d-----w c:\program files\Webroot(2)
2009-04-09 17:08 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot(2)
2009-04-09 17:08 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-04-09 17:08 --------- d-----w c:\documents and settings\Admin\Application Data\Webroot
2009-04-09 15:12 --------- d-----w c:\program files\Windows Live Safety Center
2009-04-09 02:05 --------- d-----w c:\program files\MSSOAP
2009-04-09 02:05 --------- d-----w c:\program files\Ask.com
2009-04-08 23:33 --------- d-----w c:\documents and settings\Admin\Application Data\Skype
2009-04-08 22:57 --------- d-----w c:\program files\SUPERAntiSpyware
2009-04-08 22:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-08 22:57 --------- d-----w c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2009-04-08 22:31 --------- d-----w c:\program files\Circle Develpement
2009-04-08 20:34 --------- d-----w c:\program files\Real_SC
2009-04-08 20:19 --------- d-----w c:\documents and settings\Admin\Application Data\ESET
2009-04-08 20:18 --------- d-----w c:\program files\ESET
2009-04-08 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-04-08 19:54 --------- d-----w c:\documents and settings\Admin\Application Data\CyberScrub
2009-04-08 19:54 --------- d-----w c:\documents and settings\Admin\Application Data\cleaner
2009-04-08 19:38 --------- d-----w c:\program files\RegCure
2009-04-08 17:08 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-08 16:59 5,740,000 ----a-w c:\windows\java\Packages\N93NPJHJ.ZIP
2009-04-08 16:59 4,301,838 ----a-w c:\windows\java\Packages\YJ9FDBJT.ZIP
2009-04-08 16:46 --------- d-----w c:\documents and settings\Admin\Application Data\IDM
2009-04-08 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-04-08 16:07 --------- d-----w c:\program files\Windows Live
2009-04-08 16:06 --------- d-----w c:\program files\Windows Live SkyDrive
2009-04-08 16:06 --------- d-----w c:\program files\Microsoft
2009-04-08 15:01 --------- d-----w c:\program files\Blackstar Dictionary
2009-04-08 14:50 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-08 14:21 --------- dc-h--w c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-04-08 14:20 --------- d-----w c:\program files\Uniblue
2009-04-08 14:20 --------- d-----w c:\documents and settings\Admin\Application Data\Uniblue
2009-04-08 13:29 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-04-08 13:14 --------- d-----w c:\program files\CCleaner
2009-04-08 12:50 --------- d-----w c:\program files\Common Files\Windows Live
2009-04-08 12:34 --------- d-----w c:\program files\Nero
2009-04-08 12:33 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-08 12:32 --------- d-----w c:\program files\Common Files\Adobe
2009-04-08 12:31 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-04-08 12:31 --------- d-----w c:\documents and settings\Admin\Application Data\GRETECH
2009-04-08 12:28 --------- d-----w c:\program files\HiYo
2009-04-08 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\HiYo
2009-04-08 12:28 --------- d-----w c:\documents and settings\Admin\Application Data\HiYo
2009-04-08 12:23 --------- d-----w c:\program files\Common Files\xing shared
2009-04-08 12:23 --------- d-----w c:\program files\Common Files\Real
2009-04-08 12:22 --------- d-----w c:\program files\Bodrag
2009-04-08 12:21 --------- d-----w c:\program files\VS Revo Group
2009-04-08 12:18 6,285 ----a-w c:\program files\un_Internet Download Manager_16575.txt
2009-04-08 12:18 --------- d-----w c:\program files\Internet Download Manager
2009-04-07 20:01 --------- d-----w c:\documents and settings\Admin\Application Data\Media Player Classic
2009-04-07 20:00 --------- d-----w c:\program files\The KMPlayer
2009-04-07 20:00 --------- d-----w c:\documents and settings\Admin\Application Data\vlc
2009-04-07 18:03 21,035 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-04-07 18:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 18:03 --------- d-----w c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility
2009-04-07 18:03 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-07 13:32 --------- d-----w c:\program files\Microsoft.NET
2009-04-07 13:32 --------- d-----w c:\program files\Microsoft Works
2009-04-07 13:27 --------- d-----w c:\program files\CONEXANT
2009-04-07 13:26 --------- d-----w c:\program files\Marvell
2009-04-07 13:25 --------- d-----w c:\documents and settings\Admin\Application Data\TMP
2009-04-07 13:23 --------- d-----w c:\program files\SigmaTel
2009-04-07 13:21 --------- d-----w c:\program files\Dell
2009-04-07 13:19 --------- d-----w c:\program files\Intel
2009-04-07 09:00 --------- d-----w c:\program files\WIDCOMM
2009-04-07 08:59 --------- d-----w c:\documents and settings\Admin\Application Data\InstallShield
2009-04-07 08:53 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-07 08:53 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-07 08:53 --------- d-----w c:\program files\VideoLAN
2009-04-07 08:53 --------- d-----w c:\program files\Real
2009-04-07 08:53 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-07 08:52 47,104 ------w c:\windows\AKDeInstall.exe
2009-04-07 08:52 --------- d-----w c:\program files\mpegable
2009-04-07 08:51 --------- d-----w c:\program files\Paltalk Messenger
2009-04-07 08:51 --------- d-----w c:\program files\GRETECH
2009-04-07 08:50 --------- d-----w c:\program files\Skype
2009-04-07 08:50 --------- d-----w c:\documents and settings\Admin\Application Data\Paltalk
2009-04-07 08:49 90,112 ----a-w c:\windows\system32\agsaami.dll
2009-04-07 08:49 610,304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-07 08:49 372,736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-07 08:49 2,535,424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-07 08:49 196,608 ----a-w c:\windows\system32\maag.dll
2009-04-07 08:49 155,995 ----a-w c:\windows\java\Packages\JPZ7TBRH.ZIP
2009-04-07 08:49 1,986,560 ----a-w c:\windows\system32\akll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/08/2009 03:36 PM 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [04/15/2008 03:00 PM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [02/06/2009 06:53 PM 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [04/03/2009 07:23 PM 2794928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [09/11/2008 10:17 AM 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [09/11/2008 10:17 AM 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [09/11/2008 10:16 AM 143360]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [04/08/2009 03:23 PM 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/15/2008 03:00 PM 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [08/03/2004 11:59 PM 44544]
"nltide_3"="advpack.dll" [08/13/2007 06:39 PM 123904 c:\windows\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
12/22/2008 12:05 PM 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.3iv2"= c:\progra~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= c:\progra~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= c:\progra~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= c:\progra~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= c:\progra~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= c:\progra~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= c:\progra~1\K-LITE~1\codecs\l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMouse.SYS [2009-04-08 17408]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-04-08 110080]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-04-07 194304]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2009-04-08 9728]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-04-07 13532]
.
Contents of the 'Scheduled Tasks' folder
2009-04-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [04/08/2009 10:36 PM]
2009-04-08 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [04/08/2009 10:36 PM]
2009-04-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [02/09/2009 03:06 PM]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-10 00:41:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 04/10/2009 0:42:29
ComboFix-quarantined-files.txt 2009-04-09 21:42:27
Pre-Run: 43,575,017,472 bytes free
Post-Run: 43,744,047,104 bytes free
219 --- E O F --- 2009-04-09 15:08:20
 
توقيع : مزكم وحزين
تأييد 0
طيب التقارير الان سليمة
عطيني ملاحظاتك على الجهاز الان
 
تأييد 0
لا الحمد لله كويس ...مظبوووووووووووط فيه اشياء غريبه فيه .. مثلا القى برنامج في قائمة كل البرامج ولما احاول افتحه ماينفتح لكن لازم اسوي له فورمااااات لازم.... وانت مشكور على تعبك
وانا اسف على مجهودك معي:u::hh:
 
توقيع : مزكم وحزين
تأييد 0
الله يوفقك اخوي
بما انك بتفرمته فيعتبر الموضوع منتهي

موفق
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى