ممكن تحليل تقرير ComboFix

[abdelmalak]

السلام عليكم ورحمة الله وبركاته

اخواني في زيزوم
بعد ماجنني فيروس
worm.32

وتم الحذف من الكاسبر والحمد لله

قمت بوض سكان ببرنامج ComboFix

التقرير


ComboFix 09-05-05.04 - mourad 12/05/2009 19:07.2 - NTFSx86
Microsoft® Windows Vista™ Edition Intégrale 6.0.6001.1.1256.213.1036.18.2046.1247 [GMT 2:00]
Running from: c:\users\mourad\Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-11 06:36 . 2009-05-11 06:36 -------- d-----w c:\users\mourad\AppData\Local\GlobalSCAPE
2009-05-11 06:36 . 2009-05-11 06:36 -------- d-----w c:\programdata\GlobalSCAPE
2009-05-11 06:36 . 2009-05-11 06:36 -------- d-----w c:\users\All Users\GlobalSCAPE
2009-05-11 06:35 . 2009-05-11 06:35 -------- d-----w c:\users\mourad\AppData\Roaming\GlobalSCAPE
2009-05-11 06:26 . 2009-05-11 06:26 240128 ----a-w c:\windows\system32\drivers\royal.sys
2009-05-10 17:40 . 2009-05-10 19:09 -------- dc----w c:\program files\nLite
2009-05-10 16:45 . 2006-05-16 06:25 77824 ----a-w c:\windows\system32\hpzids01.dll
2009-05-10 16:45 . 2006-06-03 19:29 48640 ----a-w c:\windows\system32\hpzll4pi.dll
2009-05-09 17:11 . 2009-05-09 17:13 -------- dc----w c:\program files\DCETools
2009-05-09 07:26 . 2009-05-09 07:26 -------- d-----w c:\programdata\Adobe Systems
2009-05-09 07:26 . 2009-05-09 07:26 -------- d-----w c:\users\All Users\Adobe Systems
2009-05-09 07:22 . 2009-05-09 07:22 -------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-05-09 07:19 . 2009-05-09 07:23 -------- d-----w c:\program files\Common Files\Adobe
2009-05-05 13:39 . 2009-05-05 13:39 -------- d-----w c:\program files\Internet Download Manager
2009-05-04 18:05 . 2009-05-09 17:17 -------- d-----w c:\users\mourad\AppData\Roaming\IDM
2009-05-04 15:14 . 2009-05-04 17:34 -------- d-----w c:\users\mourad\AppData\Roaming\GlarySoft
2009-05-04 15:12 . 2009-05-04 15:12 -------- d-----w c:\program files\Glary Utilities
2009-05-04 13:55 . 2005-07-15 08:48 40960 ----a-w c:\windows\system32\ChCfg.exe
2009-05-04 13:55 . 2005-10-31 10:17 135168 ----a-w c:\windows\system32\RtlCPAPI.dll
2009-05-04 13:54 . 2009-05-04 13:55 -------- d-----w c:\windows\system32\RTCOM
2009-05-04 13:52 . 2004-06-14 12:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-05-04 13:36 . 2009-05-04 17:22 -------- d-----w c:\program files\Windows Updates Downloader
2009-05-04 09:44 . 2009-05-04 09:44 -------- d-----w c:\users\mourad\AppData\Local\Apps
2009-05-04 05:02 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-04 05:02 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-05-04 05:02 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-05-04 05:02 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-05-04 05:02 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-05-04 05:02 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-05-04 05:02 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-05-04 05:02 . 2008-10-16 12:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-05-04 05:02 . 2008-10-16 11:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-05-02 13:27 . 2009-05-02 13:27 -------- d-----w c:\users\mourad\AppData\Roaming\Media Player Classic
2009-05-02 13:26 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-02 13:26 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-02 13:26 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-05-02 13:26 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-02 13:26 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-02 13:26 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-05-02 13:26 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-05-02 13:26 . 2009-04-02 13:21 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-02 13:26 . 2009-05-10 18:25 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-30 10:10 . 1999-12-17 08:13 86016 ----a-w c:\windows\unvise32.exe
2009-04-30 10:03 . 2009-04-30 10:03 -------- dc----w c:\program files\Codemasters
2009-04-29 14:19 . 2009-04-29 18:33 -------- d-----w c:\users\mourad\AppData\Local\Adobe
2009-04-29 14:14 . 2009-04-29 14:14 -------- d-----w c:\users\All Users\Adobe
2009-04-29 12:04 . 2009-04-29 12:04 -------- d-----w c:\users\mourad\AppData\Local\Mozilla
2009-04-29 11:12 . 2009-05-11 19:30 -------- d-----w c:\users\mourad\AppData\Local\Google
2009-04-29 11:12 . 2009-04-29 11:12 -------- d-----w c:\users\All Users\Google
2009-04-28 20:12 . 1995-12-16 16:39 721168 ----a-w c:\windows\system32\VB40032.DLL
2009-04-28 20:12 . 1995-05-22 14:30 172032 ----a-w c:\windows\system32\CW3215.DLL
2009-04-28 20:12 . 1995-05-22 14:31 211488 ----a-w c:\windows\system32\BWCC32.DLL
2009-04-28 20:12 . 1995-04-21 03:51 319696 ----a-w c:\windows\system32\BOCOF.DLL
2009-04-28 20:12 . 1995-04-21 03:51 49152 ----a-w c:\windows\system32\BIDS45F.DLL
2009-04-28 20:12 . 1997-01-22 19:26 565760 ----a-w c:\windows\system32\msvcp50.dll
2009-04-28 15:17 . 2009-05-03 16:15 332 ----a-w c:\windows\EReg072.dat
2009-04-28 15:13 . 1998-05-01 11:39 299008 ----a-w c:\windows\uninst.exe
2009-04-28 15:00 . 2009-05-01 08:04 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-28 15:00 . 2009-05-01 08:04 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-28 14:59 . 2009-05-11 18:47 2322464 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-28 14:59 . 2009-05-11 18:47 360480 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-28 14:59 . 2009-04-28 14:59 -------- d-----w c:\program files\Kaspersky Lab
2009-04-28 14:45 . 2009-04-28 14:45 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-28 14:45 . 2009-05-11 19:29 -------- d-----w c:\program files\Google
2009-04-27 17:55 . 2009-04-27 17:55 -------- d-----w c:\windows\system32\Macromed
2009-04-27 17:55 . 2009-04-27 17:55 -------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-27 17:55 . 2009-04-27 17:55 -------- d-sh--w c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-27 17:36 . 2003-07-03 18:58 63488 ----a-r c:\windows\system32\drivers\wssbtr1f.sys
2009-04-27 17:36 . 2004-03-23 02:26 48556 ----a-r c:\windows\system32\drivers\SktBt2k.sys
2009-04-27 17:36 . 2002-09-17 23:11 77824 ----a-r c:\windows\system32\drivers\SioUi2k.dll
2009-04-27 17:36 . 2004-02-11 05:29 48076 ----a-r c:\windows\system32\drivers\Sio9502k.sys
2009-04-27 17:36 . 2002-09-22 23:30 40960 ----a-r c:\windows\system32\drivers\SCTray.exe
2009-04-27 17:36 . 2003-04-28 17:31 51169 ----a-r c:\windows\system32\drivers\OXSER.SYS
2009-04-27 15:30 . 2009-04-27 15:30 -------- d-----w c:\program files\Foxit Software
2009-04-27 15:23 . 2009-04-28 14:42 -------- d-----w c:\programdata\Kaspersky Lab Setup Files
2009-04-27 15:23 . 2009-04-28 14:42 -------- d-----w c:\users\All Users\Kaspersky Lab Setup Files
2009-04-27 13:19 . 2009-04-27 12:24 -------- d-----w c:\windows\Panther
2009-04-27 12:59 . 2009-04-27 12:59 -------- d-----w c:\users\mourad\AppData\Roaming\TuneUp Software
2009-04-27 12:59 . 2009-04-27 17:56 -------- d-----w c:\programdata\TuneUp Software
2009-04-27 12:59 . 2009-04-27 17:56 -------- d-----w c:\users\All Users\TuneUp Software
2009-04-27 12:59 . 2009-04-27 12:59 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 12:48 . 2009-04-27 12:48 -------- d-----w c:\users\mourad\AppData\Local\Apple Computer
2009-04-27 12:48 . 2009-04-27 12:48 -------- d-----w c:\users\mourad\AppData\Roaming\Apple Computer
2009-04-27 12:47 . 2009-04-27 12:47 -------- d-----w c:\users\mourad\AppData\Local\Apple
2009-04-27 12:47 . 2009-04-27 12:47 -------- d-----w c:\programdata\Apple
2009-04-27 12:47 . 2009-04-27 12:47 -------- d-----w c:\users\All Users\Apple
2009-04-27 12:46 . 2009-05-10 20:32 -------- dc----w c:\program files\CCleaner
2009-04-27 12:44 . 2009-04-27 12:44 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-27 12:44 . 2009-04-27 12:44 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-27 12:44 . 2009-04-27 12:45 -------- d-----w c:\program files\Common Files\Real
2009-04-27 12:44 . 2009-04-27 12:44 -------- d-----w c:\program files\Real
2009-04-27 12:43 . 2009-05-12 15:55 -------- d-----w c:\programdata\Kaspersky Lab
2009-04-27 12:43 . 2009-05-12 15:55 -------- d-----w c:\users\All Users\Kaspersky Lab
2009-04-27 12:43 . 2009-05-12 17:10 -------- d-----w c:\users\mourad\AppData\Roaming\DMCache
2009-04-27 12:42 . 2009-05-11 19:29 -------- d-sh--w c:\windows\Installer
2009-04-27 12:41 . 2009-04-27 12:41 -------- d-----w c:\programdata\NVIDIA
2009-04-27 12:41 . 2009-04-27 12:41 -------- d-----w c:\users\All Users\NVIDIA
2009-04-27 12:39 . 2008-07-26 17:18 797216 ----a-w c:\windows\system32\nvcplui.exe
2009-04-27 12:39 . 2008-07-26 17:18 1108512 ----a-w c:\windows\system32\nvcpluir.dll
2009-04-27 12:38 . 2008-07-26 17:18 446464 ----a-w c:\windows\system32\nvudisp.exe
2009-04-27 12:37 . 2006-02-16 11:16 245632 ----a-w c:\windows\system32\drivers\zteusbser.sys
2009-04-27 12:37 . 2009-04-27 12:37 -------- d-----w c:\program files\ZTEConnector
2009-04-27 12:30 . 2009-02-26 05:11 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-27 12:30 . 2009-05-11 06:31 79544 ----a-w c:\users\mourad\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-27 12:30 . 2009-04-27 12:30 -------- d-----r c:\users\mourad\Searches
2009-04-27 12:28 . 2009-04-27 12:28 -------- d-sh--w c:\program files\Fichiers communs
2009-04-27 12:27 . 2009-04-27 12:27 -------- d-----r c:\windows\system32\config\systemprofile\Contacts
2009-04-27 12:27 . 2009-04-27 12:47 -------- d-----w c:\windows\Debug

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 17:07 . 2008-01-21 02:22 168509 ----a-w c:\users\mourad\AppData\Roaming\xjidasv.dll
2009-05-12 16:01 . 2008-01-21 08:04 658994 ----a-w c:\windows\system32\perfh00C.dat
2009-05-12 16:01 . 2008-01-21 08:04 122778 ----a-w c:\windows\system32\perfc00C.dat
2009-05-11 18:47 . 2009-04-28 14:59 3360 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-11 18:47 . 2009-04-28 14:59 20272 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-11 07:20 . 2009-05-04 13:53 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-11 07:20 . 2009-05-04 13:53 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-10 16:46 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-10 16:46 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-05-10 16:46 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-04 13:53 . 2009-05-04 13:53 -------- d-----w c:\program files\Realtek
2009-05-04 13:53 . 2009-05-04 13:53 -------- d-----w c:\program files\Intel
2009-05-01 08:04 . 2008-01-29 15:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-27 12:36 . 2009-04-27 12:29 680 ----a-w c:\users\mourad\AppData\Local\d3d9caps.dat
2009-04-27 12:23 . 2009-04-27 12:23 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-01-21 02:41 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-05-07 1561840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [2009-04-29 165304]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-29 2610608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"fofamia"="c:\users\mourad\AppData\Roaming\xjidasv.dll" [2009-05-12 168509]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-01 206088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2006-05-04 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2006-05-04 2808832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 17:29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 17:28 20496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\System32\drivers\zteusbser.sys [27/04/2009 14:37 245632]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [11/05/2009 08:26 240128]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc438f48-3325-11de-8c03-e92f505ca860}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
Contents of the 'Scheduled Tasks' folder

2009-05-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-05-04 07:49]
.
.
------- Supplementary Scan -------
.
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {F47E02E1-F0E7-4D80-827A-41A4190B1EE4} = 194.2.0.50 193.251.169.83
FF - ProfilePath - c:\users\mourad\AppData\Roaming\Mozilla\Firefox\Profiles\xjlokze2.default\
FF - component: c:\users\mourad\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-12 19:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Completion time: 2009-05-12 19:11
ComboFix-quarantined-files.txt 2009-05-12 17:11

Pre-Run: 138*176*909*312 octets libres
Post-Run: 138*230*816*768 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
224

 

[format]

و عليكمالسلامو رحمةالله وبركته ...

حياك الله ...

أعملالتالي ...

حمل هذهالأداة ...

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلهاو روح على [ Do a system scan and save log ] ...

شوي و يعطيك تقريرداخل مفكرة ...

أنسخه كاملاً ... و بشكل صحيح ...

و لصقه في ردكالقادم ...​

التوقيع:

تم التحرير من الادارة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[abdelmalak]

اليك اخي فورمات تقرير الهايجيك


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:04, on 12/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ZTEConnector\ZTEConnector\ZTEConnector.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\جميع اصدارات الكاسبر سكي من الموقع الرسمي\hajik\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\program files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\program files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CC3D96-FA82-4D52-95FE-6FBDBF68D49D}: NameServer = 194.2.0.50 193.251.169.83
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 4573 bytes

 

[format]

جهازك 100% فيزتا

Internet Explorer v7.00 الاصدار السابع


والمكافح مشاء الله

\Kaspersky Internet Security 2009

اش بدك احسن من هيك لا سليم جهازك اذا تشكو من اشئ تاني قوووول ​

 

[abdelmalak]

جهازك 100% فيزتا

Internet Explorer v7.00 الاصدار السابع


والمكافح مشاء الله

\Kaspersky Internet Security 2009

اش بدك احسن من هيك لا سليم جهازك اذا تشكو من اشئ تاني قوووول ​

شكراااااااا
في الحقيقة اعرف احلل تقارير الهايجيك
وليس لدي معرفة في تحليل تقارير combofix
والحاسوب لدي رائع

وشكرا اخي فورمات لاني عذبتك معاي

 

[AbOdy]

من بعد اذنك اخوي فورمات

اخوي abdelmalak ارجع شغل اداة الكمبوفكيس في الوضع الأمن وعطني التقرير من جديد للتأكد منه