مشكلة ( تم استرداد النظام من خطأ حاد )

  • بادئ الموضوع بادئ الموضوع semo
  • تاريخ البدء تاريخ البدء
  • المشاهدات 767
S

semo

زيزوومي جديد
إنضم
1 نوفمبر 2007
المشاركات
24
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم ورحمة الله

النظام XP

SP2

وظهور المشكلة من بضعة أيام
d2eb6b9622e3830c61ba053e6fed18c95g.jpg


؛؛


وهذا التقرير:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:03:41 ص, on 29/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Installer\MSI10.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Autorun Cleaner\Autorun Cleaner 1.0.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AutorunCleaner] C:\Program Files\Autorun Cleaner\Autorun Cleaner 1.0.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save &image with Flash and Media Capture - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/saveimg.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sorry, your 30-day trial period has expired. - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/savemedia.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI10.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8678 bytes


دمتم بألف خير
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام

تاابع هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ومن التقرير أحذف التالي

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

طريقة الحذف

i9139_1.png

i9140_2.png


ثم نزل هذه الاداة واتبع الشرح التالي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

i9141_11.png

i9142_22.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

i9143_33.png



وبعد ما تطبق الملطوب تابع الرد التالي ,,,
 
توقيع : أعتز بك
تأييد 0
عطل برامج الحماية لديك

نزل هذه الاداة


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بردك الاول

ثانيا


حمل هذا البرنامج



يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك الثاني





بالآآنتظآآر ...​
 
التعديل الأخير بواسطة المشرف:
توقيع : أعتز بك
تأييد 0
هذا التقرير الأول

ComboFix 09-05-28.07 - semo 05/29/2009 20:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.502.171 [GMT 3:00]
Running from: c:\documents and settings\semo\My Documents\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
c:\windows\youtubex.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.
2009-05-29 01:03 . 2009-05-29 01:03 -------- d-----w c:\program files\Trend Micro
2009-05-26 10:56 . 2009-05-26 10:56 198064 ----a-w c:\documents and settings\semo\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-26 10:56 . 2009-05-29 17:03 -------- d-----w c:\documents and settings\semo\Application Data\DMCache
2009-05-26 10:56 . 2009-05-29 12:31 -------- d-----w c:\documents and settings\semo\Application Data\IDM
2009-05-26 10:56 . 2009-05-26 11:10 -------- d-----w c:\program files\Internet Download Manager
2009-05-25 19:23 . 2009-05-25 19:23 -------- d-----w c:\windows\Autorun Cleaner
2009-05-25 19:23 . 2009-05-25 19:24 -------- d-----w c:\program files\Autorun Cleaner
2009-05-19 10:35 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-05-19 02:11 . 2009-05-19 02:11 390664 ----a-w c:\documents and settings\semo\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-16 20:19 . 2009-05-16 20:19 -------- d-----w c:\documents and settings\semo\Application Data\Ashampoo
2009-05-16 20:19 . 2009-05-16 20:19 -------- d-----w c:\documents and settings\semo\Local Settings\Application Data\ashampoo
2009-05-16 20:19 . 2009-05-16 20:19 -------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-05-16 20:18 . 2009-05-16 20:18 -------- d-----w c:\program files\Ashampoo
2009-05-16 20:01 . 2009-05-16 20:17 -------- d-----w c:\program files\Nero
2009-05-13 22:26 . 2009-05-13 22:34 -------- d-----w c:\documents and settings\semo\Application Data\SolidDocuments
2009-05-13 22:22 . 2008-12-09 16:17 13568 ----a-w c:\windows\system32\solidlocalui.dll
2009-05-13 22:22 . 2008-12-09 16:17 21248 ----a-w c:\windows\system32\solidlocalmon.dll
2009-05-13 22:21 . 2009-05-13 22:21 -------- d-----w c:\program files\SolidDocuments
2009-05-13 22:20 . 2009-05-13 22:20 -------- d-----w c:\documents and settings\All Users\Application Data\SolidDocuments
2009-05-08 14:03 . 2001-03-22 09:52 1305192 ----a-w c:\windows\Living Waterfalls.scr
2009-05-08 14:03 . 2009-05-08 14:03 -------- d-----w c:\program files\Living Waterfalls Screensaver
2009-05-07 12:58 . 2009-05-07 12:58 -------- d-----w c:\documents and settings\semo\Application Data\Media Player Classic
2009-05-07 12:55 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-07 12:55 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-07 12:55 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-05-07 12:55 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-07 12:55 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-05-07 12:55 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-07 12:55 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-05-07 12:54 . 2009-04-02 13:21 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-07 12:54 . 2009-05-07 12:55 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-06 22:27 . 2009-05-27 23:35 -------- d-----w c:\documents and settings\semo\Local Settings\Application Data\WMTools Downloaded Files
2009-05-04 19:14 . 2009-05-04 19:14 7168 ----a-w c:\documents and settings\semo\Application Data\Thinstall\Microsoft Text-to-Speech Engine 4.0 (English)\4000005e00002i\vcmd.exe
2009-05-02 18:32 . 2009-05-02 18:33 -------- d-----w c:\program files\Hotspot Shield
2009-04-30 18:02 . 2009-04-30 18:02 -------- d-----w c:\windows\system32\RMBin
2009-04-30 18:02 . 2009-04-30 18:02 -------- d-----w c:\program files\Ozone
2009-04-30 14:02 . 2009-03-10 19:18 453000 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-30 14:02 . 2009-04-30 14:02 -------- d-----w c:\windows\system32\KB905474
2009-04-30 14:02 . 2009-03-10 19:26 1430400 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 02:04 . 2009-03-22 15:00 -------- d-----w c:\documents and settings\semo\Application Data\cleaner
2009-05-25 19:20 . 2009-03-26 22:57 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-24 17:28 . 2001-09-19 12:00 60104 ----a-w c:\windows\system32\perfc001.dat
2009-05-24 17:28 . 2001-09-19 12:00 334166 ----a-w c:\windows\system32\perfh001.dat
2009-05-22 16:49 . 2009-03-20 15:09 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-22 16:49 . 2009-03-20 15:03 -------- d-----w c:\program files\MSN Messenger
2009-05-14 20:30 . 2009-03-21 16:29 -------- d-----w c:\program files\Java
2009-05-14 20:17 . 2009-04-13 18:10 152576 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-04 19:14 . 2009-03-22 18:51 -------- d-----w c:\documents and settings\semo\Application Data\Thinstall
2009-04-28 23:26 . 2009-04-28 23:19 -------- d-----w c:\program files\Audio Editor Gold
2009-04-27 10:33 . 2009-04-09 22:20 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-04-27 10:33 . 2009-04-09 22:20 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-20 18:43 . 2009-03-20 14:28 -------- d-----w c:\documents and settings\semo\Application Data\Blueberry
2009-04-19 19:16 . 2009-04-19 19:16 -------- d-----w c:\program files\MSXML 4.0
2009-04-15 14:05 . 2009-03-20 16:21 -------- d-----w c:\documents and settings\semo\Application Data\HP
2009-04-13 12:29 . 2009-04-13 12:29 -------- d-----w c:\program files\ESET
2009-04-09 22:21 . 2009-04-09 22:20 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-09 22:20 . 2009-04-09 22:20 -------- d-----w c:\program files\Avira
2009-04-09 16:15 . 2009-04-09 16:15 -------- d-----w c:\program files\AxBx
2009-04-08 21:33 . 2009-03-30 20:08 -------- d-----w c:\documents and settings\semo\Application Data\Nokia
2009-04-08 14:59 . 2009-03-30 20:16 -------- d-----w c:\documents and settings\semo\Application Data\PC Suite
2009-03-31 18:53 . 2009-03-31 18:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-31 18:53 . 2009-03-31 18:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-31 18:52 . 2009-03-31 18:52 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-31 18:52 . 2009-03-31 18:52 -------- d-----w c:\program files\Common Files\Nokia
2009-03-31 18:52 . 2009-03-30 20:10 -------- d-----w c:\program files\Nokia
2009-03-31 18:51 . 2009-03-31 18:51 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-31 18:50 . 2009-03-21 18:30 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-31 18:50 . 2009-03-31 18:50 8192 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-03-31 18:50 . 2009-03-31 18:50 61440 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-03-31 18:50 . 2009-03-31 18:50 10240 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-03-31 18:49 . 2009-03-31 18:50 33973608 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ara_web.exe
2009-03-31 10:14 . 2009-03-20 15:08 374512 ----a-w c:\documents and settings\semo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 20:26 . 2009-03-30 20:26 -------- d-----w c:\documents and settings\semo\Application Data\Nseries
2009-03-30 20:22 . 2009-03-30 20:16 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-30 20:22 . 2009-03-30 20:22 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-30 20:22 . 2009-03-30 20:22 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-30 20:11 . 2009-03-30 20:11 -------- d-----w c:\program files\DIFX
2009-03-28 19:50 . 2009-03-28 19:50 252 ----a-w C:\q25374w.exe
2009-03-27 16:43 . 2009-03-27 16:43 252 ----a-w C:\q15349w.exe
2009-03-27 14:15 . 2009-03-27 14:15 7680 ----a-w c:\documents and settings\semo\Application Data\Thinstall\Reshade\400000b300002i\ACDSeeQV10.exe
2009-03-24 18:56 . 2009-03-24 18:56 0 ----a-w c:\windows\nsreg.dat
2009-03-21 19:04 . 2009-03-21 19:04 57344 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-5fdc5767-n\Decora-SSE.dll
2009-03-21 19:04 . 2009-03-21 19:04 24064 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-6530be56-n\Decora-D3D.dll
2009-03-21 19:04 . 2009-03-21 19:04 499712 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-6d9bc903-n\msvcp71.dll
2009-03-21 19:04 . 2009-03-21 19:04 499712 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-6d9bc903-n\jmc.dll
2009-03-21 19:04 . 2009-03-21 19:04 348160 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-6d9bc903-n\msvcr71.dll
2009-03-21 19:02 . 2009-03-21 19:02 57344 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-611d48ce-n\Decora-SSE.dll
2009-03-21 19:02 . 2009-03-21 19:02 24064 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-6445fa1a-n\Decora-D3D.dll
2009-03-21 19:02 . 2009-03-21 19:02 315392 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3d40af9f-n\jogl.dll
2009-03-21 19:02 . 2009-03-21 19:02 20480 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3d40af9f-n\jogl_awt.dll
2009-03-21 19:02 . 2009-03-21 19:02 114688 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3d40af9f-n\jogl_cg.dll
2009-03-21 19:02 . 2009-03-21 19:02 20480 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12ac6944-n\gluegen-rt.dll
2009-03-21 19:02 . 2009-03-21 19:02 503808 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1ebcd690-n\msvcp71.dll
2009-03-21 19:02 . 2009-03-21 19:02 499712 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1ebcd690-n\jmc.dll
2009-03-21 19:02 . 2009-03-21 19:02 348160 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1ebcd690-n\msvcr71.dll
2009-03-21 18:59 . 2009-03-21 18:59 152576 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-21 17:46 . 2009-03-20 11:38 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-20 16:35 . 2009-03-20 16:21 112799 ----a-w c:\windows\hpoins07.dat
2009-03-20 14:28 . 2009-03-20 14:28 4608 ----a-w c:\windows\system32\bbchlp.dll
2009-03-20 14:28 . 2009-03-20 14:28 2944 ----a-w c:\windows\system32\drivers\bbcap.sys
2009-03-20 14:28 . 2009-03-20 14:28 27776 ----a-w c:\windows\system32\bbcap.dll
2009-03-20 12:25 . 2009-03-20 12:09 17801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-20 11:34 . 2009-03-20 11:34 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-09 02:19 . 2009-03-21 19:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2004-08-03 22:55 282624 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:06 . 2004-08-03 22:55 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"AutorunCleaner"="c:\program files\Autorun Cleaner\Autorun Cleaner 1.0.exe" [2009-02-12 1167360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-26 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2003-10-20 385024]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-5-25 565309]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [20/03/2009 05:28 م 2944]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [10/04/2009 01:20 ص 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/04/2009 01:20 ص 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/04/2009 01:20 ص 432897]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI10.tmp [14/05/2009 01:22 ص 189696]
.
Contents of the 'Scheduled Tasks' folder
2009-05-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 19:18]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save &image with Flash and Media Capture - c:\program files\Common Files\MetaProducts\FMCapt.dll/saveimg.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sorry, your 30-day trial period has expired. - c:\program files\Common Files\MetaProducts\FMCapt.dll/savemedia.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - {B3DA38C9-7C7B-4C32-8A65-8745B3B6085E} - c:\program files\Common Files\MetaProducts\FMCapt.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\semo\Application Data\Mozilla\Firefox\Profiles\gvzs66da.default\
FF - component: c:\documents and settings\semo\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-29 20:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI10.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1024)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-05-29 20:14
ComboFix-quarantined-files.txt 2009-05-29 17:13
Pre-Run: 9,846,730,752 bytes free
Post-Run: 10,067,542,016 bytes free
205 --- E O F --- 2009-05-21 11:01
 
تأييد 0
وهذا التقرير الثاني

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:16:08 م, on 29/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Installer\MSI10.tmp
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AutorunCleaner] C:\Program Files\Autorun Cleaner\Autorun Cleaner 1.0.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save &image with Flash and Media Capture - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/saveimg.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Sorry, your 30-day trial period has expired. - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/savemedia.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI10.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8099 bytes
 
تأييد 0
قم بحدف التالي

O4 - HKCU\..\Run: [AutorunCleaner] C:\Program Files\Autorun Cleaner\Autorun Cleaner 1.0.exe


O8 - Extra context menu item: Sorry, your 30-day trial period has expired. - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/savemedia.htm


O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll​
 
توقيع : format
تأييد 0






يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
التحميل من هنا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
التوافق : ويندوز اكسبي فقط
شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )
وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))


وبعدين اعمل الاتي

عطل جميع برامج الحمايه ,,

نزل هذه الاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة
 
توقيع : format
تأييد 0
اعتذر عن التأخير لظروف خارجه عن الإرادة

وهذا التقرير:

ComboFix 09-05-28.07 - semo 05/31/2009 20:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.502.318 [GMT 3:00]
Running from: c:\documents and settings\semo\My Documents\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.
2009-05-30 17:18 . 2009-05-30 17:18 390664 ----a-w c:\documents and settings\semo\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-29 18:03 . 2009-05-29 18:03 -------- d-----w c:\program files\Wiseval
2009-05-29 01:03 . 2009-05-29 01:03 -------- d-----w c:\program files\Trend Micro
2009-05-26 10:56 . 2009-05-26 10:56 198064 ----a-w c:\documents and settings\semo\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-26 10:56 . 2009-05-31 17:44 -------- d-----w c:\documents and settings\semo\Application Data\DMCache
2009-05-26 10:56 . 2009-05-29 12:31 -------- d-----w c:\documents and settings\semo\Application Data\IDM
2009-05-26 10:56 . 2009-05-26 11:10 -------- d-----w c:\program files\Internet Download Manager
2009-05-25 19:23 . 2009-05-25 19:23 -------- d-----w c:\windows\Autorun Cleaner
2009-05-25 19:23 . 2009-05-25 19:24 -------- d-----w c:\program files\Autorun Cleaner
2009-05-19 10:35 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll
2009-05-16 20:19 . 2009-05-16 20:19 -------- d-----w c:\documents and settings\semo\Application Data\Ashampoo
2009-05-16 20:19 . 2009-05-16 20:19 -------- d-----w c:\documents and settings\semo\Local Settings\Application Data\ashampoo
2009-05-16 20:19 . 2009-05-16 20:19 -------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-05-16 20:18 . 2009-05-16 20:18 -------- d-----w c:\program files\Ashampoo
2009-05-16 20:01 . 2009-05-16 20:17 -------- d-----w c:\program files\Nero
2009-05-13 22:26 . 2009-05-13 22:34 -------- d-----w c:\documents and settings\semo\Application Data\SolidDocuments
2009-05-13 22:22 . 2008-12-09 16:17 13568 ----a-w c:\windows\system32\solidlocalui.dll
2009-05-13 22:22 . 2008-12-09 16:17 21248 ----a-w c:\windows\system32\solidlocalmon.dll
2009-05-13 22:21 . 2009-05-13 22:21 -------- d-----w c:\program files\SolidDocuments
2009-05-13 22:20 . 2009-05-13 22:20 -------- d-----w c:\documents and settings\All Users\Application Data\SolidDocuments
2009-05-08 14:03 . 2001-03-22 09:52 1305192 ----a-w c:\windows\Living Waterfalls.scr
2009-05-08 14:03 . 2009-05-08 14:03 -------- d-----w c:\program files\Living Waterfalls Screensaver
2009-05-07 12:58 . 2009-05-07 12:58 -------- d-----w c:\documents and settings\semo\Application Data\Media Player Classic
2009-05-07 12:55 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-07 12:55 . 2004-01-25 16:18 217088 ----a-w c:\windows\system32\yv12vfw.dll
2009-05-07 12:55 . 2008-12-07 18:08 795648 ----a-w c:\windows\system32\xvidcore.dll
2009-05-07 12:55 . 2008-12-07 18:08 130048 ----a-w c:\windows\system32\xvidvfw.dll
2009-05-07 12:55 . 2008-12-11 00:33 86016 ----a-w c:\windows\system32\dpl100.dll
2009-05-07 12:55 . 2008-11-06 16:37 3596288 ----a-w c:\windows\system32\qt-dx331.dll
2009-05-07 12:55 . 2008-11-06 16:33 684032 ----a-w c:\windows\system32\divx.dll
2009-05-07 12:54 . 2009-04-02 13:21 84480 ----a-w c:\windows\system32\ff_vfw.dll
2009-05-07 12:54 . 2009-05-07 12:55 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-06 22:27 . 2009-05-27 23:35 -------- d-----w c:\documents and settings\semo\Local Settings\Application Data\WMTools Downloaded Files
2009-05-04 19:14 . 2009-05-04 19:14 7168 ----a-w c:\documents and settings\semo\Application Data\Thinstall\Microsoft Text-to-Speech Engine 4.0 (English)\4000005e00002i\vcmd.exe
2009-05-02 18:32 . 2009-05-02 18:33 -------- d-----w c:\program files\Hotspot Shield
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 17:17 . 2009-03-22 18:51 -------- d-----w c:\documents and settings\semo\Application Data\Thinstall
2009-05-31 16:52 . 2009-03-26 22:57 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 20:01 . 2009-03-22 15:00 -------- d-----w c:\documents and settings\semo\Application Data\cleaner
2009-05-29 17:18 . 2001-09-19 12:00 60104 ----a-w c:\windows\system32\perfc001.dat
2009-05-29 17:18 . 2001-09-19 12:00 334166 ----a-w c:\windows\system32\perfh001.dat
2009-05-22 16:49 . 2009-03-20 15:09 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-22 16:49 . 2009-03-20 15:03 -------- d-----w c:\program files\MSN Messenger
2009-05-14 20:30 . 2009-03-21 16:29 -------- d-----w c:\program files\Java
2009-05-14 20:17 . 2009-04-13 18:10 152576 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-30 18:02 . 2009-04-30 18:02 -------- d-----w c:\program files\Ozone
2009-04-28 23:26 . 2009-04-28 23:19 -------- d-----w c:\program files\Audio Editor Gold
2009-04-27 10:33 . 2009-04-09 22:20 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-04-27 10:33 . 2009-04-09 22:20 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-20 18:43 . 2009-03-20 14:28 -------- d-----w c:\documents and settings\semo\Application Data\Blueberry
2009-04-19 19:16 . 2009-04-19 19:16 -------- d-----w c:\program files\MSXML 4.0
2009-04-15 14:05 . 2009-03-20 16:21 -------- d-----w c:\documents and settings\semo\Application Data\HP
2009-04-13 12:29 . 2009-04-13 12:29 -------- d-----w c:\program files\ESET
2009-04-09 22:21 . 2009-04-09 22:20 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-09 22:20 . 2009-04-09 22:20 -------- d-----w c:\program files\Avira
2009-04-09 16:15 . 2009-04-09 16:15 -------- d-----w c:\program files\AxBx
2009-04-08 21:33 . 2009-03-30 20:08 -------- d-----w c:\documents and settings\semo\Application Data\Nokia
2009-04-08 14:59 . 2009-03-30 20:16 -------- d-----w c:\documents and settings\semo\Application Data\PC Suite
2009-03-31 18:50 . 2009-03-31 18:50 8192 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-03-31 18:50 . 2009-03-31 18:50 61440 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-03-31 18:50 . 2009-03-31 18:50 10240 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-03-31 18:49 . 2009-03-31 18:50 33973608 ----a-w c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ara_web.exe
2009-03-31 10:14 . 2009-03-20 15:08 374512 ----a-w c:\documents and settings\semo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 19:50 . 2009-03-28 19:50 252 ----a-w C:\q25374w.exe
2009-03-27 16:43 . 2009-03-27 16:43 252 ----a-w C:\q15349w.exe
2009-03-27 14:15 . 2009-03-27 14:15 7680 ----a-w c:\documents and settings\semo\Application Data\Thinstall\Reshade\400000b300002i\ACDSeeQV10.exe
2009-03-24 18:56 . 2009-03-24 18:56 0 ----a-w c:\windows\nsreg.dat
2009-03-21 19:04 . 2009-03-21 19:04 57344 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-5fdc5767-n\Decora-SSE.dll
2009-03-21 19:04 . 2009-03-21 19:04 24064 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-6530be56-n\Decora-D3D.dll
2009-03-21 19:04 . 2009-03-21 19:04 499712 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-6d9bc903-n\msvcp71.dll
2009-03-21 19:04 . 2009-03-21 19:04 499712 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-6d9bc903-n\jmc.dll
2009-03-21 19:04 . 2009-03-21 19:04 348160 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-6d9bc903-n\msvcr71.dll
2009-03-21 19:02 . 2009-03-21 19:02 57344 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-611d48ce-n\Decora-SSE.dll
2009-03-21 19:02 . 2009-03-21 19:02 24064 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-6445fa1a-n\Decora-D3D.dll
2009-03-21 19:02 . 2009-03-21 19:02 315392 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3d40af9f-n\jogl.dll
2009-03-21 19:02 . 2009-03-21 19:02 20480 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3d40af9f-n\jogl_awt.dll
2009-03-21 19:02 . 2009-03-21 19:02 114688 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-3d40af9f-n\jogl_cg.dll
2009-03-21 19:02 . 2009-03-21 19:02 20480 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12ac6944-n\gluegen-rt.dll
2009-03-21 19:02 . 2009-03-21 19:02 503808 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1ebcd690-n\msvcp71.dll
2009-03-21 19:02 . 2009-03-21 19:02 499712 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1ebcd690-n\jmc.dll
2009-03-21 19:02 . 2009-03-21 19:02 348160 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1ebcd690-n\msvcr71.dll
2009-03-21 18:59 . 2009-03-21 18:59 152576 ----a-w c:\documents and settings\semo\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-21 17:46 . 2009-03-20 11:38 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-20 16:35 . 2009-03-20 16:21 112799 ----a-w c:\windows\hpoins07.dat
2009-03-20 14:28 . 2009-03-20 14:28 4608 ----a-w c:\windows\system32\bbchlp.dll
2009-03-20 14:28 . 2009-03-20 14:28 2944 ----a-w c:\windows\system32\drivers\bbcap.sys
2009-03-20 14:28 . 2009-03-20 14:28 27776 ----a-w c:\windows\system32\bbcap.dll
2009-03-20 12:25 . 2009-03-20 12:09 17801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-20 11:34 . 2009-03-20 11:34 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-09 02:19 . 2009-03-21 19:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2004-08-03 22:55 282624 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:06 . 2004-08-03 22:55 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-29_17.12.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-31 16:50 . 2009-05-31 16:50 16384 c:\windows\Temp\Perflib_Perfdata_5c0.dat
- 2001-09-19 12:00 . 2009-05-24 17:28 60114 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2009-05-29 17:18 60114 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2009-05-29 17:18 397894 c:\windows\system32\perfh009.dat
- 2001-09-19 12:00 . 2009-05-24 17:28 397894 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-26 2815408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2003-10-20 385024]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-5-25 565309]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [20/03/2009 05:28 م 2944]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [10/04/2009 01:20 ص 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/04/2009 01:20 ص 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/04/2009 01:20 ص 432897]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI10.tmp [14/05/2009 01:22 ص 189696]
.
Contents of the 'Scheduled Tasks' folder
2009-05-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save &image with Flash and Media Capture - c:\program files\Common Files\MetaProducts\FMCapt.dll/saveimg.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\semo\Application Data\Mozilla\Firefox\Profiles\gvzs66da.default\
FF - component: c:\documents and settings\semo\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-31 20:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI10.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1024)
c:\program files\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(580)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-31 20:51
ComboFix-quarantined-files.txt 2009-05-31 17:50
ComboFix2.txt 2009-05-29 17:14
Pre-Run: 9,986,531,328 bytes free
Post-Run: 9,991,929,856 bytes free
191 --- E O F --- 2009-05-21 11:01
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى