[ تم حل المشكلة ] الله يخليكــــــــم الحقوووني برنامج الحمايه عندي مدري شفيه ؟؟؟؟

  • بادئ الموضوع بادئ الموضوع مسكـ
  • تاريخ البدء تاريخ البدء
  • المشاهدات 769
الحالة
مغلق و غير مفتوح للمزيد من الردود.
م

مسكـ

زيزوومي جديد
إنضم
20 مارس 2009
المشاركات
59
مستوى التفاعل
0
النقاط
50
الإقامة
_
غير متصل
:er::er:السلام عليكم ورحمه الله وبركاته ..
اخووتي مشكلتي تكمن ببرنامج الحمايه ..عندما ثبتت برنامج gom playr طلع صوت انذار بعدها يكول اكتشف الخطآآ ومدري ايش ...

ارجوكم بعد الله مساعدتي بسسسرعه لا ن الى الان ونا اكتب لكم تطلع عندي التحذيرااات:er::er::er:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
:er:
 
تأييد 0
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
جزاك الله الجنه اخي ماكس لتجاوبك معي..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:52 م, on 26/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 7502 bytes
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
اخووي ماكس ماعرف اعطل برنامج الحمايه مع انه ما يشتغل ...وسويت الي قلت لي ..


ComboFix 09-04-25.A3 - شخصي 04/27/2009 0:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1014.598 [GMT 3:00]
Running from: c:\documents and settings\شخصي\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning enabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.
2009-04-26 20:56 . 2009-04-26 20:56 -------- d-----w c:\program files\Trend Micro
2009-04-26 20:13 . 2009-04-26 20:13 -------- d-----w c:\windows\system32\KB905474
2009-04-26 19:24 . 2009-04-26 19:24 -------- d-----w c:\program files\GRETECH
2009-04-24 09:00 . 2009-04-26 20:47 6291456 ----a-w c:\documents and settings\شخصي\ntuser.dat
2009-04-24 09:00 . 2009-04-26 20:47 6291456 ----a-w c:\documents and settings\شخصي\ntuser.dat
2009-04-23 22:08 . 2009-04-23 22:08 -------- d-----w c:\program files\Ask Search Assistant
2009-04-22 22:04 . 2009-03-10 19:26 1430400 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-22 22:04 . 2009-03-10 19:18 453000 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-16 19:11 . 2003-12-12 13:06 1693696 ----a-w c:\windows\system32\ltclr13n.dll
2009-04-16 19:11 . 2003-11-04 12:11 155648 ----a-w c:\windows\system32\lftif13n.dll
2009-04-16 19:11 . 2003-11-04 12:10 98304 ----a-w c:\windows\system32\lffax13n.dll
2009-04-16 13:03 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 13:03 . 2009-03-06 14:20 283136 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 13:03 . 2009-02-09 11:21 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 13:03 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 13:03 . 2009-02-09 10:51 723456 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 13:03 . 2009-02-09 10:51 681472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 13:03 . 2009-02-09 10:51 693760 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 13:03 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 13:03 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 13:03 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 12:17 . 2009-03-27 06:48 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 12:17 . 2008-04-21 21:14 215040 ------w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 21:29 . 2009-03-19 16:20 -------- d-----w c:\documents and settings\شخصي\Application Data\Skype
2009-04-26 21:29 . 2008-09-11 21:39 -------- d-----w c:\documents and settings\شخصي\Application Data\DMCache
2009-04-26 21:09 . 2009-03-20 11:33 -------- d-----w c:\documents and settings\شخصي\Application Data\skypePM
2009-04-26 20:57 . 2001-09-19 17:00 72590 ----a-w c:\windows\system32\perfc001.dat
2009-04-26 20:57 . 2001-09-19 17:00 379018 ----a-w c:\windows\system32\perfh001.dat
2009-04-23 22:08 . 2008-09-10 14:01 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-22 21:51 . 2008-09-10 13:57 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-04-16 18:17 . 2008-09-10 13:38 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-11 21:40 . 2009-02-21 20:08 -------- d-----w c:\documents and settings\شخصي\Application Data\uTorrent
2009-03-27 20:14 . 2009-03-27 20:14 -------- d-----w c:\program files\URUSoft
2009-03-24 11:56 . 2008-09-10 14:02 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 14:08 . 2009-03-21 14:08 1357824 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:19 . 2009-03-19 16:19 -------- d-----w c:\program files\Common Files\Skype
2009-03-19 16:19 . 2009-03-19 16:19 -------- d-----r c:\program files\Skype
2009-03-19 16:19 . 2009-03-19 16:19 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-18 13:55 . 2009-02-28 04:18 -------- d-----w c:\documents and settings\شخصي\Application Data\cleaner
2009-03-09 21:24 . 2008-09-10 13:51 -------- d-----w c:\program files\JetAudio
2009-03-09 21:24 . 2008-09-10 14:06 -------- d-----w c:\program files\أحكام التجويد
2009-03-09 21:24 . 2008-09-10 12:53 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-09 21:24 . 2009-01-24 14:49 -------- d-----w c:\program files\DivX
2009-03-09 21:24 . 2008-09-10 13:55 -------- d-----w c:\program files\Flash Slideshow Maker Professional
2009-03-09 21:24 . 2009-03-09 21:24 6144 --sha-w C:\Thumbs.db
2009-03-08 18:08 . 2009-03-08 18:07 -------- d-----w c:\program files\iVocalize Web Conference 4
2009-03-06 14:20 . 2008-04-14 20:29 283136 ----a-w c:\windows\system32\pdh.dll
2009-03-03 01:01 . 2008-09-10 14:28 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-03 00:06 . 2009-03-03 00:06 -------- d-----w c:\program files\Yahoo!
2009-03-03 00:06 . 2009-03-03 00:06 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:06 . 2008-05-07 04:08 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 23:11 . 2008-09-10 13:57 -------- d-----w c:\documents and settings\شخصي\Application Data\Babylon
2009-03-01 19:36 . 2009-03-01 19:36 -------- d-----w c:\program files\TuneUp Utilities 2007
2009-03-01 19:36 . 2009-03-01 19:36 -------- d-----w c:\documents and settings\شخصي\Application Data\TuneUp Software
2009-03-01 19:35 . 2009-03-01 19:35 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-01 19:35 . 2009-03-01 19:35 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-01 17:00 . 2008-09-10 13:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 15:55 . 2009-03-01 15:55 -------- d-----w c:\program files\Common Files\Download Manager
2009-02-28 17:08 . 2009-02-28 17:08 -------- d-----w c:\documents and settings\شخصي\Application Data\TeamViewer
2009-02-28 17:07 . 2009-02-28 17:07 -------- d-----w c:\program files\TeamViewer
2009-02-28 04:54 . 2009-02-28 04:54 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-28 04:18 . 2009-02-28 04:18 -------- d-----w c:\documents and settings\شخصي\Application Data\CyberScrub
2009-02-20 10:20 . 2009-02-20 10:20 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 10:20 . 2009-02-20 10:20 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 05:14 . 2009-02-20 05:14 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-17 19:06 . 2008-09-10 13:14 156792 ----a-w c:\documents and settings\شخصي\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:47 . 2008-09-10 13:22 247320 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-10 16:03 . 2008-10-18 04:52 2067584 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:04 . 2008-10-18 04:53 1846656 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2008-04-14 20:07 1846656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:22 . 2008-10-18 04:52 2190592 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:22 . 2008-10-18 04:52 2025472 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:22 . 2008-04-14 21:12 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2008-10-18 04:52 2146816 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:22 . 2008-04-14 20:12 2146816 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2008-04-14 20:30 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-14 20:29 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-14 20:29 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-14 20:29 681472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-14 20:29 693760 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2001-09-19 17:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2009-02-03 19:57 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2008-04-14 20:29 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-30 00:19 . 2009-01-30 00:20 720896 ----a-w c:\windows\iun6002.exe
2008-09-10 13:12 . 2008-09-10 13:12 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-10 13:12 . 2008-09-10 13:12 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-09-10 13:12 . 2008-09-10 13:12 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
2008-09-10 13:12 . 2008-09-10 13:12 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-15 2606512]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-16 24095528]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\DRIVERS\tap0901.sys [2008-01-29 25216]
S0 ulsata2;ulsata2; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-11 15504]
S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\Drivers\OEM02Afx.sys [2007-06-07 141376]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91615e07-7f45-11dd-b29b-a7ad26be8757}]
\Shell\AutoRun\command - r.bat
\Shell\explore\Command - r.bat
\Shell\open\Command - r.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a81f61e8-7f53-11dd-b29c-001e4cdce3a9}]
\Shell\AutoRun\command - a2h2.com
\Shell\open\Command - a2h2.com
.
Contents of the 'Scheduled Tasks' folder
2009-04-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 18:51]
2009-04-17 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plusnetwork.com
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.18/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.19.23/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-27 00:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-26 0:30
ComboFix-quarantined-files.txt 2009-04-26 21:30
ComboFix2.txt 2009-03-20 00:47
ComboFix3.txt 2009-02-28 01:40
ComboFix4.txt 2008-10-31 17:04
ComboFix5.txt 2009-04-26 21:27
Pre-Run: 34,150,735,872 bytes free
Post-Run: 34,223,902,720 bytes free
213 --- E O F --- 2009-04-22 22:04
 
تأييد 0
اعملي فحص بالافاست عن طريق الوضع الامن
 
تأييد 0
سويت فحص بالوضع الامن ..
وعملت تقرير...

ComboFix 09-04-25.A3 - شخصي 04/27/2009 0:46.3 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.1014.782 [GMT 3:00]
Running from: c:\documents and settings\شخصي\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning enabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.
2009-04-26 20:56 . 2009-04-26 20:56 -------- d-----w c:\program files\Trend Micro
2009-04-26 20:13 . 2009-04-26 20:13 -------- d-----w c:\windows\system32\KB905474
2009-04-26 19:24 . 2009-04-26 19:24 -------- d-----w c:\program files\GRETECH
2009-04-24 09:00 . 2009-04-26 21:40 6291456 ----a-w c:\documents and settings\شخصي\ntuser.dat
2009-04-24 09:00 . 2009-04-26 21:40 6291456 ----a-w c:\documents and settings\شخصي\ntuser.dat
2009-04-23 22:08 . 2009-04-23 22:08 -------- d-----w c:\program files\Ask Search Assistant
2009-04-22 22:04 . 2009-03-10 19:26 1430400 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-22 22:04 . 2009-03-10 19:18 453000 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-16 19:11 . 2003-12-12 13:06 1693696 ----a-w c:\windows\system32\ltclr13n.dll
2009-04-16 19:11 . 2003-11-04 12:11 155648 ----a-w c:\windows\system32\lftif13n.dll
2009-04-16 19:11 . 2003-11-04 12:10 98304 ----a-w c:\windows\system32\lffax13n.dll
2009-04-16 13:03 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 13:03 . 2009-03-06 14:20 283136 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 13:03 . 2009-02-09 11:21 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 13:03 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 13:03 . 2009-02-09 10:51 723456 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 13:03 . 2009-02-09 10:51 681472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 13:03 . 2009-02-09 10:51 693760 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 13:03 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 13:03 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 13:03 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 12:17 . 2009-03-27 06:48 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 12:17 . 2008-04-21 21:14 215040 ------w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 21:47 . 2001-09-19 17:00 379018 ----a-w c:\windows\system32\perfh001.dat
2009-04-26 21:47 . 2001-09-19 17:00 72590 ----a-w c:\windows\system32\perfc001.dat
2009-04-26 21:30 . 2009-03-19 16:20 -------- d-----w c:\documents and settings\شخصي\Application Data\Skype
2009-04-26 21:29 . 2008-09-11 21:39 -------- d-----w c:\documents and settings\شخصي\Application Data\DMCache
2009-04-26 21:09 . 2009-03-20 11:33 -------- d-----w c:\documents and settings\شخصي\Application Data\skypePM
2009-04-23 22:08 . 2008-09-10 14:01 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-22 21:51 . 2008-09-10 13:57 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-04-16 18:17 . 2008-09-10 13:38 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-11 21:40 . 2009-02-21 20:08 -------- d-----w c:\documents and settings\شخصي\Application Data\uTorrent
2009-03-27 20:14 . 2009-03-27 20:14 -------- d-----w c:\program files\URUSoft
2009-03-24 11:56 . 2008-09-10 14:02 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 14:08 . 2009-03-21 14:08 1357824 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:19 . 2009-03-19 16:19 -------- d-----w c:\program files\Common Files\Skype
2009-03-19 16:19 . 2009-03-19 16:19 -------- d-----r c:\program files\Skype
2009-03-19 16:19 . 2009-03-19 16:19 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-18 13:55 . 2009-02-28 04:18 -------- d-----w c:\documents and settings\شخصي\Application Data\cleaner
2009-03-09 21:24 . 2008-09-10 13:51 -------- d-----w c:\program files\JetAudio
2009-03-09 21:24 . 2008-09-10 14:06 -------- d-----w c:\program files\أحكام التجويد
2009-03-09 21:24 . 2008-09-10 12:53 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-09 21:24 . 2009-01-24 14:49 -------- d-----w c:\program files\DivX
2009-03-09 21:24 . 2008-09-10 13:55 -------- d-----w c:\program files\Flash Slideshow Maker Professional
2009-03-09 21:24 . 2009-03-09 21:24 6144 --sha-w C:\Thumbs.db
2009-03-08 18:08 . 2009-03-08 18:07 -------- d-----w c:\program files\iVocalize Web Conference 4
2009-03-06 14:20 . 2008-04-14 20:29 283136 ----a-w c:\windows\system32\pdh.dll
2009-03-03 01:01 . 2008-09-10 14:28 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-03 00:06 . 2009-03-03 00:06 -------- d-----w c:\program files\Yahoo!
2009-03-03 00:06 . 2009-03-03 00:06 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:06 . 2008-05-07 04:08 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 23:11 . 2008-09-10 13:57 -------- d-----w c:\documents and settings\شخصي\Application Data\Babylon
2009-03-01 19:36 . 2009-03-01 19:36 -------- d-----w c:\program files\TuneUp Utilities 2007
2009-03-01 19:36 . 2009-03-01 19:36 -------- d-----w c:\documents and settings\شخصي\Application Data\TuneUp Software
2009-03-01 19:35 . 2009-03-01 19:35 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-01 19:35 . 2009-03-01 19:35 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-01 17:00 . 2008-09-10 13:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 15:55 . 2009-03-01 15:55 -------- d-----w c:\program files\Common Files\Download Manager
2009-02-28 17:08 . 2009-02-28 17:08 -------- d-----w c:\documents and settings\شخصي\Application Data\TeamViewer
2009-02-28 17:07 . 2009-02-28 17:07 -------- d-----w c:\program files\TeamViewer
2009-02-28 04:54 . 2009-02-28 04:54 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-28 04:18 . 2009-02-28 04:18 -------- d-----w c:\documents and settings\شخصي\Application Data\CyberScrub
2009-02-20 10:20 . 2009-02-20 10:20 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 10:20 . 2009-02-20 10:20 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 05:14 . 2009-02-20 05:14 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-17 19:06 . 2008-09-10 13:14 156792 ----a-w c:\documents and settings\شخصي\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:47 . 2008-09-10 13:22 247320 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-10 16:03 . 2008-10-18 04:52 2067584 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 14:04 . 2008-10-18 04:53 1846656 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:04 . 2008-04-14 20:07 1846656 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:22 . 2008-10-18 04:52 2190592 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:22 . 2008-10-18 04:52 2025472 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:22 . 2008-04-14 21:12 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2008-10-18 04:52 2146816 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:22 . 2008-04-14 20:12 2146816 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2008-04-14 20:30 110592 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2008-04-14 20:29 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2008-04-14 20:29 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2008-04-14 20:29 681472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2008-04-14 20:29 693760 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 10:39 . 2001-09-19 17:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2009-02-03 19:57 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:57 . 2008-04-14 20:29 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-30 00:19 . 2009-01-30 00:20 720896 ----a-w c:\windows\iun6002.exe
2008-09-10 13:12 . 2008-09-10 13:12 16384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-10 13:12 . 2008-09-10 13:12 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-09-10 13:12 . 2008-09-10 13:12 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
2008-09-10 13:12 . 2008-09-10 13:12 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-26_21.29.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-19 17:00 . 2009-04-26 20:57 72486 c:\windows\system32\perfc009.dat
+ 2001-09-19 17:00 . 2009-04-26 21:47 72486 c:\windows\system32\perfc009.dat
+ 2001-09-19 17:00 . 2009-04-26 21:47 444862 c:\windows\system32\perfh009.dat
- 2001-09-19 17:00 . 2009-04-26 20:57 444862 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-15 2606512]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-16 24095528]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection; [x]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-11 179856]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-11 15504]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\Drivers\OEM02Afx.sys [2007-06-07 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\DRIVERS\tap0901.sys [2008-01-29 25216]
S0 ulsata2;ulsata2; [x]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - PARPORT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91615e07-7f45-11dd-b29b-a7ad26be8757}]
\Shell\AutoRun\command - r.bat
\Shell\explore\Command - r.bat
\Shell\open\Command - r.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a81f61e8-7f53-11dd-b29c-001e4cdce3a9}]
\Shell\AutoRun\command - a2h2.com
\Shell\open\Command - a2h2.com
.
Contents of the 'Scheduled Tasks' folder
2009-04-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 18:51]
2009-04-17 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-04-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plusnetwork.com
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://67.198.203.18/ReadUid.CAB
DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.19.23/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-27 00:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(272)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-04-26 0:50
ComboFix-quarantined-files.txt 2009-04-26 21:50
ComboFix2.txt 2009-04-26 21:30
ComboFix3.txt 2009-03-20 00:47
ComboFix4.txt 2009-02-28 01:40
ComboFix5.txt 2009-04-26 21:45
Pre-Run: 34,226,487,296 bytes free
Post-Run: 34,220,150,784 bytes free
216 --- E O F --- 2009-04-22 22:04
 
تأييد 0
كيف الاوضاع الان ؟
 
تأييد 0
والله ياخووي نفس الحاله ... ماتغير شي .. للاسف ..
 
تأييد 0
اضغطي على >>> اقرأ المزيد حول هذه المشكلة
واعملي صورة لما تريه مهم
 
تأييد 0
تأييد 0
اختي طبقي هذه الخطوة

i9175_20090427013849.png
 
تأييد 0
تأييد 0
ربي يعطيك العافيه ويجزاك كل خير..
الحمدلله انحلت المشكله دخلت موقع تحديثات وحملته للويندوز ..
ماقصرت الله يوفقك ..​
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى