مشكلة فى احد البارتشينات

  • بادئ الموضوع بادئ الموضوع faris gohany
  • تاريخ البدء تاريخ البدء
  • المشاهدات 714
F

faris gohany

زيزوومي نشيط
إنضم
28 مايو 2008
المشاركات
157
مستوى التفاعل
1
النقاط
200
غير متصل
السلام عليكم ورحمة الله وبركاته
حدثت لى مشكلة فجأة فى احد البارتيشنات فعندما افتحه وابدا فى تصفح محتوياته وتشغيل اى شئ به يعنى لو ضغطت دبل كليك او حاولت نسخ اى شئ يغلق البارتشن ويغيب سطح المكتب لثوان ثم يعود بالتدريج فحصت هذا البارتشن بكاسبر 7 ولم يجد فيروسات به
مالحل يا اخوان هل طار البارتشن
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
الله يحييك اخوي
حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
مشكور اخوى maax وها هو التقرير:
Logfile of HijackThis v1.99.1
Scan saved at 06:58:08 ص, on 21/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrueTransparency\TrueTransparency.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
E:\برامج منوعة\programs\programs\System\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Internet Download Manager.lnk = C:\Program Files\Internet Download Manager\IDMan.exe
O4 - Global Startup: TrueTransparency.lnk = C:\Program Files\TrueTransparency\TrueTransparency.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Hard Disk Tune-Up - Sammsoft - C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
 
تأييد 0
وعليكم السلام

بعد اذن أخي ماكس


عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
تم التحرير ...

يعطيك العافية حبيبي أبو ريما :) ...
 
توقيع : MMA_LORD_735
تأييد 0
MMA_LORD_735 قال:
تم التحرير ...

يعطيك العافية حبيبي أبو ريما :) ...
أنقر للتوسيع...


بارك الله فيك وفي عمرك وفي جهدك الطيب واسأل الله الكريم أن يوفقك في حياتك العلمية والعمليه ..:cool:
 
توقيع : ابـــو عــبــد الــلــه
تأييد 0
thanx my brothers after scanning wth combofix the keyboard doesn't support arabic, this is the report: combofix report
ComboFix 09-05-20.A0 - Administrator 05/21/2009 13:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.191.31 [GMT 3:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msconfig.exe
E:\WinRAR.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 04:11 . 2009-05-21 04:11 -------- d-----w c:\program files\Common Files\EZB Systems
2009-05-21 04:11 . 2009-05-21 04:11 -------- d-----w c:\program files\UltraISO
2009-05-19 17:16 . 2007-05-22 08:02 163840 ----a-w c:\windows\system32\unrar.dll
2009-05-19 17:16 . 2004-01-25 15:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-19 17:16 . 2007-06-28 15:52 765952 ----a-w c:\windows\system32\xvidcore.dll
2009-05-19 17:16 . 2007-06-28 15:54 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-19 17:16 . 2007-04-22 23:15 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-19 17:16 . 2007-04-22 23:02 73728 ----a-w c:\windows\system32\dpl100.dll
2009-05-19 17:16 . 2007-05-31 05:44 740442 ----a-w c:\windows\system32\divx.dll
2009-05-19 17:16 . 2007-07-10 15:55 7680 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-19 17:15 . 2009-05-19 17:16 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-19 13:15 . 2009-05-19 13:15 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-05-19 09:04 . 2009-05-19 09:04 -------- d-----w c:\program files\Golden Bow
2009-05-19 08:13 . 2009-05-19 08:13 -------- d-----w c:\documents and settings\Administrator\Application Data\Symantec
2009-05-19 07:43 . 2007-02-13 15:20 109360 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-19 07:43 . 2007-02-13 15:20 15664 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-19 07:43 . 2007-02-13 16:06 128104 ----a-w c:\windows\system32\drivers\WimFltr.sys
2009-05-19 07:43 . 2007-02-13 15:30 14072 ----a-w c:\windows\system32\drivers\vproeventmonitor.sys
2009-05-19 07:43 . 2007-02-13 15:33 37864 ----a-w c:\windows\system32\drivers\v2imount.sys
2009-05-19 07:43 . 2007-02-13 15:33 131944 ----a-w c:\windows\system32\drivers\symsnap.sys
2009-05-18 17:28 . 2009-05-18 17:28 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-05-17 17:45 . 2009-05-17 17:52 -------- d-----w c:\documents and settings\Administrator\Application Data\ErrorSweeper
2009-05-17 17:42 . 2009-05-17 17:42 -------- d-----w c:\program files\ErrorSweeper
2009-05-17 17:37 . 2009-05-17 17:44 -------- d-----w c:\program files\RegCure
2009-05-16 11:19 . 2009-05-16 11:19 -------- d-----w c:\documents and settings\Administrator\Application Data\Boost Windows
2009-05-16 11:19 . 2009-05-16 11:19 -------- d-----w c:\program files\Boost Windows
2009-05-14 09:11 . 2009-05-14 09:13 -------- d-----w c:\program files\Muslim Bag
2009-05-13 16:20 . 2009-04-06 18:46 161816 ----a-w c:\windows\RegGenieOnUninstall.exe
2009-05-13 16:19 . 2009-05-15 08:20 -------- d-----w c:\program files\RegGenie
2009-05-12 09:05 . 2009-05-14 17:08 -------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-05-11 11:24 . 2009-05-11 11:24 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\MariusSoft_LLC
2009-05-11 11:23 . 2009-05-11 11:23 -------- d-----w c:\program files\MariusSoft
2009-05-11 09:20 . 2009-05-19 07:40 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-11 09:09 . 2009-05-11 09:09 -------- d-----w c:\documents and settings\Administrator\Application Data\Sammsoft
2009-05-11 09:09 . 2009-05-11 09:09 -------- d-----w c:\program files\Hard Disk Tune-Up
2009-05-11 09:02 . 2009-05-11 09:02 -------- d-----w c:\program files\PTDD Group
2009-05-11 09:02 . 2009-05-11 09:02 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 09:00 . 2009-05-18 17:38 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-09 17:27 . 2009-05-09 17:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-05-09 17:18 . 2009-05-09 17:18 -------- d-----w c:\documents and settings\All Users\Application Data\DeskSoft
2009-05-09 17:16 . 2009-05-09 17:16 26920 ----a-w c:\windows\system32\drivers\dsnpfd.sys
2009-05-09 17:16 . 2009-05-09 17:16 -------- d-----w c:\documents and settings\Administrator\Application Data\DeskSoft
2009-05-09 17:16 . 2009-05-09 17:23 -------- d-----w c:\program files\BWMeter
2009-05-09 17:12 . 2009-05-09 17:12 -------- d-----w c:\documents and settings\Administrator\Application Data\VitySoft
2009-05-09 17:08 . 2009-05-15 16:06 -------- d-----w c:\program files\RoboSetup
2009-05-09 16:15 . 2009-05-09 16:17 -------- d-----w C:\pebuilder3110a
2009-05-09 16:10 . 2009-05-09 16:10 -------- d-----w c:\windows\Muslim Bag
2009-05-06 21:57 . 2009-05-06 21:58 -------- d-----w c:\program files\MOBILedit!
2009-05-06 16:57 . 2009-05-06 16:57 -------- d-----w c:\program files\Extension Changer
2009-05-05 17:40 . 2009-05-15 16:06 -------- d-----w c:\program files\WideStep Software
2009-05-05 17:39 . 2009-05-05 17:39 -------- d-----w c:\documents and settings\Administrator\Application Data\BeautyGuide
2009-05-05 17:37 . 2009-05-05 17:37 -------- d-----w c:\program files\Two Pilots
2009-05-05 17:37 . 2009-05-05 17:37 -------- d-----w c:\program files\Beauty Guide
2009-05-05 17:32 . 2009-05-05 17:33 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\ACD Systems
2009-05-05 17:32 . 2009-05-05 17:32 -------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems
2009-05-05 11:04 . 2009-05-05 11:04 256 ----a-w c:\windows\system32\CablexDSL.dat
2009-05-05 07:47 . 2009-05-05 07:48 -------- d-----w c:\program files\USB Disk Security
2009-05-04 21:38 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-05-04 21:37 . 2008-09-28 19:00 439440 ----a-w c:\program files\un_Internet Download Manager_16575.exe
2009-05-04 09:35 . 2009-05-04 09:35 -------- d-----w c:\program files\Dict
2009-05-04 09:09 . 2009-05-04 09:09 -------- d-----w c:\program files\XP TCPIP Repair
2009-05-04 09:06 . 2009-05-04 09:12 -------- d-----w c:\program files\XP Repair Pro 2007
2009-05-04 08:55 . 2009-05-04 08:55 -------- d-----w c:\windows\system32\LogFiles
2009-05-03 21:21 . 2009-05-10 11:25 -------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2009-05-03 21:21 . 2009-05-21 10:32 -------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-05-03 20:55 . 2001-08-17 10:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-03 20:54 . 2004-08-03 19:59 57472 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-03 20:54 . 2004-08-03 20:07 44672 ----a-w c:\windows\system32\drivers\UAGP35.SYS
2009-05-03 20:54 . 2004-08-03 19:31 32768 ----a-w c:\windows\system32\drivers\sisnic.sys
2009-05-03 20:53 . 2004-08-03 21:56 74240 ----a-w c:\windows\system32\usbui.dll
2009-05-03 20:50 . 2009-05-21 10:22 -------- d-----w c:\windows\system32\CatRoot2
2009-05-03 20:50 . 2009-05-03 20:50 -------- d-----w c:\windows\system32\CatRoot
2009-05-03 20:50 . 2009-05-03 18:01 -------- d-----w c:\documents and settings\All Users
2009-05-03 20:50 . 2009-05-03 18:03 -------- d--h--w c:\documents and settings\Default User
2009-05-03 20:50 . 2009-05-03 18:25 -------- d-----w C:\Documents and Settings
2009-05-03 20:47 . 2006-06-14 07:50 6272 ----a-w c:\windows\system32\drivers\splitter.sys
2009-05-03 20:46 . 2006-06-14 08:17 82944 ----a-w c:\windows\system32\drivers\wdmaud.sys
2009-05-03 20:46 . 2004-08-03 20:07 52864 ----a-w c:\windows\system32\drivers\DMusic.sys
2009-05-03 20:46 . 2001-08-17 11:00 54272 ----a-w c:\windows\system32\drivers\swmidi.sys
2009-05-03 20:46 . 2005-05-27 22:14 142464 ----a-w c:\windows\system32\drivers\aec.sys
2009-05-03 20:46 . 2006-06-14 07:50 172416 ----a-w c:\windows\system32\drivers\kmixer.sys
2009-05-03 20:46 . 2004-08-03 20:07 2944 ----a-w c:\windows\system32\drivers\drmkaud.sys
2009-05-03 20:45 . 2004-08-03 20:15 60800 ----a-w c:\windows\system32\drivers\sysaudio.sys
2009-05-03 20:45 . 2004-08-03 19:58 7552 ----a-w c:\windows\system32\drivers\MSKSSRV.sys
2009-05-03 20:45 . 2004-08-03 19:58 4992 ----a-w c:\windows\system32\drivers\MSPQM.sys
2009-05-03 20:45 . 2004-08-03 19:58 5376 ----a-w c:\windows\system32\drivers\MSPCLOCK.sys
2009-05-03 20:28 . 2008-02-27 10:15 28416 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-03 20:28 . 2009-05-03 20:28 307968 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-03 20:28 . 2009-05-03 20:28 -------- d-----w c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-05-03 20:27 . 2009-05-03 20:27 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-03 20:25 . 2009-05-03 20:28 -------- d-----w c:\program files\TuneUp Utilities 2008
2009-05-03 20:23 . 2009-05-03 20:23 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-03 18:42 . 2009-05-05 17:17 22032 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 18:41 . 2004-08-03 22:56 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-03 18:41 . 2009-05-04 08:41 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-03 18:41 . 2009-05-04 08:41 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-03 18:39 . 2009-05-03 18:39 -------- d-----w c:\program files\Kaspersky Lab
2009-05-03 18:39 . 2009-05-21 09:10 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-03 18:39 . 2009-05-21 10:37 2965792 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-03 18:39 . 2009-05-21 10:38 60960 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-03 18:38 . 2009-05-03 18:38 -------- d-----w c:\program files\Windows Live
2009-05-03 18:38 . 2009-05-03 18:38 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-03 18:37 . 2009-05-03 18:37 -------- d-----w c:\program files\Yahoo!
2009-05-03 18:37 . 2009-05-04 21:37 -------- d-----w c:\program files\Internet Download Manager
2009-05-03 18:36 . 2009-05-03 18:37 -------- d-----w c:\program files\SLD Codec Pack
2009-05-03 18:36 . 2004-01-11 20:00 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-03 18:36 . 2009-05-03 18:36 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-03 18:34 . 2009-05-03 18:34 -------- d-----w c:\program files\Common Files\Java
2009-05-03 18:33 . 2007-10-26 05:05 33576 ----a-w c:\windows\system32\BCGPOleAcc.dll
2009-05-03 18:33 . 2007-10-26 05:05 3036456 ----a-w c:\windows\system32\BCGCBPRO860u80.dll
2009-05-03 18:33 . 2006-03-17 11:49 368640 ----a-w c:\windows\system32\TwnLib4.dll
2009-05-03 18:33 . 2006-03-17 08:45 802816 ----a-w c:\windows\system32\imagXRA7.dll
2009-05-03 18:33 . 2006-03-17 08:45 258048 ----a-w c:\windows\system32\imagXR7.dll
2009-05-03 18:33 . 2006-03-17 08:45 497296 ----a-w c:\windows\system32\imagXpr7.dll
2009-05-03 18:33 . 2006-03-17 08:45 1757184 ----a-w c:\windows\system32\imagX7.dll
2009-05-03 18:33 . 2009-05-03 18:33 -------- d-----w c:\program files\Common Files\Nero
2009-05-03 18:33 . 2009-05-03 18:33 -------- d-----w c:\program files\Nero
2009-05-03 18:33 . 2009-05-03 18:33 -------- d-----w c:\program files\My Company Name
2009-05-03 18:32 . 2009-05-03 18:37 -------- d-----w c:\program files\Opera
2009-05-03 18:32 . 2004-06-14 11:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-05-03 18:32 . 2009-05-03 18:32 -------- d-----w c:\program files\Driver-Soft
2009-05-03 18:27 . 2009-05-03 18:27 -------- d-----w c:\program files\Microsoft ActiveSync
2009-05-03 18:27 . 2009-05-03 18:27 -------- d-----w c:\windows\SHELLNEW
2009-05-03 18:27 . 2009-05-03 18:27 -------- d-----w c:\windows\PCHEALTH
2009-05-03 18:02 . 2008-03-27 14:32 -------- d-----w c:\program files\TrueTransparency

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 04:29 . 2009-05-03 18:39 6476 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-21 04:29 . 2009-05-03 18:39 39836 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-19 07:42 . 2009-05-19 07:42 -------- d-----w c:\program files\Norton Save and Restore
2009-05-19 07:42 . 2009-05-18 17:43 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-19 07:41 . 2009-05-19 07:41 -------- d-----w c:\program files\Symantec
2009-05-18 19:35 . 2009-05-18 19:35 -------- d-----w c:\program files\DownUp Utilities 2009
2009-05-10 04:45 . 2009-05-03 18:35 -------- d-----w c:\program files\Winamp
2009-05-04 21:37 . 2009-05-04 21:37 6374 ----a-w c:\program files\un_Internet Download Manager_16575.txt
2009-05-04 08:41 . 2007-04-28 13:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-05-03 18:36 . 2009-05-03 18:35 -------- d-----w c:\program files\Common Files\ACD Systems
2009-05-03 18:35 . 2009-05-03 18:35 -------- d-----w c:\program files\ACD Systems
2009-05-03 18:35 . 2009-05-03 18:35 10368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-05-03 18:35 . 2009-05-03 18:35 -------- d-----w c:\program files\ADSoft
2009-05-03 18:35 . 2009-05-03 18:35 -------- d-----w c:\program files\Foxit Software
2009-05-03 18:35 . 2009-05-03 18:34 -------- d-----w c:\program files\Java
2009-05-03 18:03 . 2009-05-03 18:03 -------- d-----w c:\program files\STYLER
2009-05-03 18:01 . 2001-08-23 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-03 17:58 . 2009-05-03 17:58 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-03 17:57 . 2009-05-03 17:57 -------- d-----w c:\program files\Windows Media Connect 2
.

------- Sigcheck -------

[-] 2008-03-20 07:12 2225792 2F37894AEB0F167B556E0A9A37AD491E c:\windows\system32\ntkrnlpa.exe
[-] 2008-04-02 09:07 2225792 2F37894AEB0F167B556E0A9A37AD491E c:\windows\system32\ReinstallBackups\0055\DriverFiles\i386\ntkrnlpa.exe

[-] 2008-03-20 07:09 2344960 497B9F0053BECB485D0F6D57BC792156 c:\windows\system32\ntoskrnl.exe
[-] 2008-03-20 08:16 2344960 497B9F0053BECB485D0F6D57BC792156 c:\windows\system32\ReinstallBackups\0055\DriverFiles\i386\ntoskrnl.exe

[-] 2008-03-29 09:12 1514496 2FC27528FAB09949D37CFBA7A1FB85B0 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-03-30 2790832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 2020968]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Internet Download Manager.lnk - c:\program files\Internet Download Manager\IDMan.exe [2009-5-5 2790832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TrueTransparency.lnk - c:\program files\TrueTransparency\TrueTransparency.exe [2009-5-3 133120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

R2 Hard Disk Tune-Up;Hard Disk Tune-Up;c:\program files\Hard Disk Tune-Up\HDTuneUpSrv.exe [11/05/2009 12:09 م 448272]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [09/05/2009 08:16 م 26920]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 02:58 م 24344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 11:24]

2009-05-17 c:\windows\Tasks\ErrorSweeper Scheduled Scan.job
- c:\program files\ErrorSweeper\ErrorSweeper.exe [2007-09-13 14:16]

2009-05-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 17:38]

2009-05-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 17:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-21 13:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1128)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1184)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\idmmbc.dll
.
Completion time: 2009-05-21 13:42
ComboFix-quarantined-files.txt 2009-05-21 10:42

Pre-Run: 7,311,028,224 bytes free
Post-Run: 7,403,126,784 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
273
 
تأييد 0
الله يعطيكم العافية
كيف الوضع الان ؟
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى