[تم حل المشكلة]مشكله في ملف msvcrt.dll ظهور رساله خطأ ..!

الحالة
مغلق و غير مفتوح للمزيد من الردود.
م

مالي غ ـيرك

زيزوومي جديد
إنضم
24 ديسمبر 2008
المشاركات
14
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم

كيفكم يالربع

انا عندي مشكله تواجهني لما اشغل ويندوز لايف ماسنجر وفوتشوب 11

تظهرلي رساله خطأ

هذي صوره للتوضيح
dfox953kdbfc5rj89vai.png


وانشالله القى الحل عندكم

انا جهازي

XP SP3 ARABIC
برنامج الحمايه K I S

منتظركم :q:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
توضيح ترا البرامج تشتغل زي الحلاوه يعني مافيها اي شي

بس هذي الرساله قعدت معي شهر كامل وازعجتني

ولا تراها ماتسوي اي شي ولاتلخبط اي شي

بس انا حبيت احل مشكلتها

لاهنتم
 
تأييد 0
حمل هذا الملف

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



فك الضغط عنه
وانقل محتواه الى مجلد system32
ثم اعد تشغيل الجهاز وبلغنا النتائج
 
تأييد 0
ما قدرت اجري عمليه التبديل يقول في ملف له نفس الاسم حاولت انهي عمل الملف ببرنامج

البروسيس

لكن مالقيت له اثر
 
تأييد 0
نفذ العملية بالوضع الامن
 
تأييد 0
اخوي نفذتها وبعدها ماشتغل الجهاز

وبالقوه لقيت سيدي النسخه ودخلت ع سطر الاوامر وكنت مسوي اعاده تسميه للملف القديم من خوفي ع التجربه

يعني يوم ركبت الملف الجديد الجهاز ما يشتغل

لكن يوم رجعت الملف القديم اشتغل

لاهنت
 
تأييد 0
طيب اخوي ايش باقي الان ؟
 
تأييد 0
الرساله لسه شغاله
 
تأييد 0
حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:51 م, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Snagit 9\Snagit32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Snagit 9\TSCHelp.exe
C:\Program Files\Snagit 9\SnagPriv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Snagit 9\snagiteditor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\Snagit 9\Snagit32.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7557 bytes
 
تأييد 0
عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
تأييد 0
ComboFix 09-05-31.06 - MaTrEx 06/02/2009 20:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2047.1357 [GMT 3:00]
Running from: c:\documents and settings\MaTrEx\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\11.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-01 19:24 . 2009-06-01 19:24 -------- d-----w- c:\program files\Trend Micro
2009-06-01 18:33 . 2009-06-01 18:33 -------- d-----w- c:\documents and settings\LocalService\سطح المكتب
2009-06-01 17:30 . 2009-06-01 17:32 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-01 17:30 . 2008-11-12 13:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-01 17:30 . 2009-06-01 17:32 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-01 17:30 . 2009-06-01 17:30 -------- d-----w- c:\documents and settings\MaTrEx\Application Data\TuneUp Software
2009-06-01 17:30 . 2009-06-01 17:33 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-01 17:30 . 2009-06-01 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-01 17:28 . 2009-06-01 17:32 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-01 15:40 . 2009-06-01 15:41 -------- dc----w- C:\$WIN_NT$.~BT
2009-05-31 16:33 . 2009-05-31 16:33 -------- d-----w- c:\documents and settings\MaTrEx\Application Data\ESET
2009-05-31 16:32 . 2009-05-31 16:32 -------- d-----w- c:\program files\ESET
2009-05-31 16:32 . 2009-05-31 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-31 12:10 . 2009-05-31 12:13 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2009-05-30 20:55 . 2009-05-30 20:55 -------- d-----w- c:\program files\Windows Doctor
2009-05-29 17:12 . 2009-05-29 17:12 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-05-29 17:11 . 2009-05-29 17:11 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-05-29 11:53 . 2009-05-29 11:59 -------- d-----w- c:\program files\RegCure
2009-05-28 10:12 . 2009-05-28 10:12 198064 ----a-w- c:\documents and settings\MaTrEx\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-28 10:08 . 2009-05-28 10:08 2926768 ----a-w- c:\documents and settings\MaTrEx\Application Data\IDM\idmupdt.exe
2009-05-28 10:04 . 2009-05-28 10:04 -------- d-----w- c:\program files\MSXML 6.0
2009-05-27 21:01 . 2009-05-27 21:01 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-27 12:32 . 2009-05-27 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-27 12:28 . 2008-04-15 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-27 12:26 . 2009-05-27 12:26 -------- d-----w- c:\program files\Adobe Media Player
2009-05-27 10:40 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-27 10:39 . 2009-05-27 10:39 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-27 10:39 . 2009-05-27 10:39 -------- dc----w- C:\4e7b0c6a98ff07b0d2d2bde32c83ce
2009-05-27 10:38 . 2009-05-27 10:39 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-27 10:22 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-05-26 15:15 . 2009-05-26 15:15 -------- d-sh--w- c:\windows\ftpcache
2009-05-26 13:01 . 2009-05-27 10:00 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-26 13:01 . 2009-05-26 13:01 22328 ----a-w- c:\documents and settings\MaTrEx\Application Data\PnkBstrK.sys
2009-05-26 13:01 . 2009-05-27 10:00 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-26 13:01 . 2009-05-26 15:58 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-26 12:42 . 2009-05-27 10:38 -------- d-----w- c:\windows\system32\LogFiles
2009-05-26 10:00 . 2009-05-26 10:00 -------- dc----w- C:\nc
2009-05-26 09:39 . 2009-05-26 09:46 -------- d-----w- c:\program files\LeapFTP 3.0
2009-05-25 12:13 . 2009-05-25 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-05-25 11:14 . 2009-05-25 11:14 -------- d-----w- c:\documents and settings\MaTrEx\Local Settings\Application Data\Identities
2009-05-24 21:25 . 2009-05-24 21:25 -------- d-sh--w- c:\documents and settings\MaTrEx\IECompatCache
2009-05-24 21:24 . 2009-05-24 21:24 -------- d-sh--w- c:\documents and settings\MaTrEx\PrivacIE
2009-05-24 21:23 . 2009-05-24 21:23 -------- d-sh--w- c:\documents and settings\MaTrEx\IETldCache
2009-05-24 20:44 . 2009-05-24 20:44 -------- d-----w- c:\windows\ie8updates
2009-05-24 20:44 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-24 20:42 . 2009-05-24 20:43 -------- dc-h--w- c:\windows\ie8
2009-05-23 09:56 . 2009-05-23 09:56 -------- d-sh--w- c:\documents and settings\MaTrEx\UserData
2009-05-23 09:15 . 2009-05-23 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-23 00:06 . 2009-05-31 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-22 21:41 . 2009-05-27 12:02 -------- d-----w- c:\program files\Hotspot Shield
2009-05-22 20:38 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-22 20:38 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-15 17:45 . 2009-05-27 21:45 -------- d-----w- c:\documents and settings\MaTrEx\Local Settings\Application Data\Adobe
2009-05-15 17:45 . 2009-05-15 17:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-15 17:44 . 2009-05-27 21:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-15 17:28 . 2009-05-15 17:28 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-15 17:27 . 2009-06-02 09:51 -------- d-----w- c:\documents and settings\MaTrEx\Tracing
2009-05-15 17:25 . 2009-05-15 17:25 -------- d-----w- c:\program files\Microsoft
2009-05-15 17:25 . 2009-05-15 17:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-15 17:25 . 2009-05-15 17:26 -------- d-----w- c:\program files\Windows Live
2009-05-15 17:22 . 2009-05-15 17:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-15 15:51 . 2009-05-15 15:51 -------- d-----w- c:\documents and settings\MaTrEx\Local Settings\Application Data\TechSmith
2009-05-15 15:49 . 2009-05-15 15:49 -------- d-----w- c:\program files\OsamaALenezi
2009-05-15 15:49 . 2009-05-15 15:49 -------- d-----w- c:\program files\Snagit 9
2009-05-15 15:21 . 2007-10-12 12:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-05-15 15:17 . 2009-06-02 03:08 -------- d-----w- c:\program files\Kalypso
2009-05-15 14:28 . 2009-05-15 14:38 -------- d-----w- c:\documents and settings\MaTrEx\Application Data\Red Alert 3 Uprising
2009-05-15 14:27 . 2009-05-15 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-05-15 12:38 . 2008-04-15 12:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2009-05-15 12:26 . 2001-08-17 19:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-05-15 12:26 . 2001-08-17 19:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-05-15 12:26 . 2001-08-17 19:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-05-15 12:26 . 2001-08-17 19:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-05-15 12:26 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-05-15 12:26 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-05-15 12:26 . 2001-08-17 11:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-05-15 12:26 . 2001-08-17 11:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-05-15 12:26 . 2001-08-17 11:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-05-15 12:26 . 2001-08-17 11:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-05-15 12:26 . 2008-04-14 18:28 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-05-15 12:26 . 2008-04-14 18:28 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-05-15 11:59 . 2009-05-15 11:59 -------- d-----w- c:\program files\Electronic Arts
2009-05-15 11:59 . 2008-10-10 01:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-05-15 11:59 . 2008-10-10 01:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-05-15 11:59 . 2008-10-10 01:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-05-15 11:59 . 2007-07-19 15:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2009-05-15 11:58 . 2009-05-15 11:58 -------- d-----w- c:\windows\Logs
2009-05-14 19:14 . 2009-05-14 19:23 -------- d-----w- c:\documents and settings\MaTrEx\Application Data\phpDesigner
2009-05-14 19:14 . 2009-05-15 13:14 -------- d-----w- c:\program files\phpDesigner
2009-05-14 17:36 . 2009-05-14 17:36 -------- d-----w- c:\documents and settings\MaTrEx\Application Data\Notepad++
2009-05-14 17:36 . 2009-05-14 17:36 -------- d-----w- c:\program files\Notepad++
2009-05-14 17:27 . 2009-05-14 17:27 -------- dc----w- C:\AppServ
2009-05-14 17:17 . 2009-05-14 17:17 -------- d-----w- c:\windows\Sun
2009-05-14 17:16 . 2009-05-14 17:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-14 17:15 . 2009-05-14 17:15 -------- d-----w- c:\program files\Java
2009-05-14 17:15 . 2009-05-14 17:15 152576 ----a-w- c:\documents and settings\MaTrEx\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-14 14:24 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-14 14:16 . 2009-05-14 14:21 -------- d-----w- C:\My Documents
2009-05-14 14:12 . 2009-05-14 14:15 -------- d-----w- c:\documents and settings\MaTrEx\Application Data\Any Video Converter
2009-05-14 14:12 . 2009-05-14 14:12 -------- d-----w- c:\program files\Any Video Converter
2009-05-14 13:13 . 2009-05-15 13:56 -------- d-----w- c:\program files\Pcsx2_0.9.4
2009-05-14 12:58 . 2009-05-14 13:07 -------- d-----w- c:\program files\Pcsx2
2009-05-14 12:49 . 2009-05-14 12:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 12:49 . 2009-05-14 12:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 12:49 . 2009-05-14 12:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 12:47 . 2009-05-14 12:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 12:41 . 2009-05-14 12:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-14 11:21 . 2009-05-29 12:03 -------- d-----w- c:\documents and settings\MaTrEx\Local Settings\Application Data\Ares
2009-05-14 11:21 . 2009-05-14 11:21 -------- d-----w- c:\program files\Ares
2009-05-14 10:42 . 2009-05-14 10:42 -------- d-----w- c:\program files\Alcohol Soft
2009-05-14 10:40 . 2009-05-14 10:40 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-14 09:51 . 2009-05-26 12:37 -------- d-----w- c:\program files\PowerISO
2009-05-14 05:36 . 2009-05-14 05:36 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-05-14 04:58 . 2009-05-14 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-05-14 04:57 . 2009-05-14 10:28 -------- d-----w- c:\program files\GameSpy Arcade
2009-05-14 04:53 . 2009-05-14 04:53 -------- d-----w- c:\program files\Sierra
2009-05-14 00:15 . 2009-05-14 04:52 3125449 ----a-w- c:\documents and settings\MaTrEx\Application Data\IDM\DwnlData\MaTrEx\Midway_riseandfall_14\Midway_riseandfall.exe
2009-05-13 23:49 . 2009-05-13 23:49 83160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-13 23:49 . 2009-05-13 23:49 -------- d-----w- c:\program files\MSBuild
2009-05-13 23:49 . 2009-05-13 23:50 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-13 23:49 . 2009-05-13 23:49 -------- d-----w- c:\program files\Reference Assemblies
2009-05-13 23:48 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-05-13 21:48 . 2009-05-13 21:48 -------- d-----w- c:\documents and settings\MaTrEx\Application Data\Media Player Classic
2009-05-13 21:47 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-13 21:47 . 2009-05-27 22:15 -------- d-----w- c:\program files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 17:28 . 2008-04-15 12:00 67686 ----a-w- c:\windows\system32\perfc001.dat
2009-06-01 17:28 . 2008-04-15 12:00 367298 ----a-w- c:\windows\system32\perfh001.dat
2009-05-31 12:10 . 2008-04-15 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-05-26 13:01 . 2009-05-13 13:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-14 17:02 . 2009-05-14 17:02 2232 ----a-w- c:\windows\java\Packages\Data\LBDBZTRV.DAT
2009-05-14 17:02 . 2009-05-14 17:02 155995 ----a-w- c:\windows\java\Packages\WQFNFRZR.ZIP
2009-05-14 17:02 . 2009-05-14 17:02 2678 ----a-w- c:\windows\java\Packages\Data\AV9NFD7D.DAT
2009-05-14 17:02 . 2009-05-14 17:02 2678 ----a-w- c:\windows\java\Packages\Data\VBB37LZT.DAT
2009-05-14 17:02 . 2009-05-14 17:02 2678 ----a-w- c:\windows\java\Packages\Data\OEETVFBP.DAT
2009-05-14 17:02 . 2009-05-14 17:02 2678 ----a-w- c:\windows\java\Packages\Data\BJ13LBBB.DAT
2009-05-14 17:02 . 2009-05-14 17:02 2678 ----a-w- c:\windows\java\Packages\Data\7HB1ZVPR.DAT
2009-05-14 15:29 . 2009-05-13 13:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-14 14:04 . 2009-05-14 14:03 -------- d-----w- c:\documents and settings\MaTrEx\Application Data\Gold Wave Editor
2009-05-14 14:03 . 2009-05-14 14:03 -------- d-----w- c:\program files\Gold Wave Editor
2009-05-14 05:05 . 2009-05-14 05:05 2908 ----a-w- c:\windows\system32\unins000.dat
2009-05-14 05:05 . 2009-05-14 05:05 716153 ----a-w- c:\windows\system32\unins000.exe
2009-05-13 23:12 . 2008-04-15 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-13 17:03 . 2009-05-13 17:03 361344 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-05-13 16:57 . 2009-05-13 16:57 6327 ----a-w- c:\program files\un_Internet Download Manager_16575.txt
2009-05-13 16:37 . 2009-05-13 13:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-13 13:11 . 2009-05-13 13:09 -------- d-----w- c:\program files\Realtek
2009-05-13 13:11 . 2009-05-13 13:11 -------- d-----w- c:\documents and settings\MaTrEx\Application Data\InstallShield
2009-05-13 13:09 . 2009-05-13 13:09 315392 ----a-w- c:\windows\HideWin.exe
2009-05-13 13:06 . 2009-05-13 13:06 -------- d-----w- c:\program files\Intel
2009-05-13 13:00 . 2009-05-13 13:00 -------- d-----w- c:\program files\microsoft frontpage
2009-05-13 12:57 . 2009-05-13 12:57 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-02 13:21 . 2009-05-27 22:15 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-08 01:34 . 2008-04-15 12:00 981504 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 01:34 . 2008-04-15 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2008-04-15 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2008-04-15 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2008-04-15 12:00 107008 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2008-04-15 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2008-04-15 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2008-04-15 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 01:31 . 2008-04-15 12:00 94720 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 01:22 . 2008-04-15 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2008-04-15 12:00 283136 ----a-w- c:\windows\system32\pdh.dll
2008-03-09 04:25 . 2009-05-14 05:05 236 ----a-w- c:\program files\Common Files\dx.reg
.

------- Sigcheck -------

[7] 2008-04-15 12:00 578048 F95655E872967AE2CD4C19D8914BABB7 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-15 12:00 578048 7A592520BEB716870CC4916DFF7F5DC4 c:\windows\system32\user32.dll
[-] 2008-04-15 12:00 578048 7A592520BEB716870CC4916DFF7F5DC4 c:\windows\system32\dllcache\user32.dll

[7] 2009-02-20 07:51 666112 C2538A0FCF4642462D40E3216791E6CB c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2008-04-15 12:00 664576 699B4DBFBA7D4201D67C521E5DF0670D c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:09 664576 4CCA22CDD450C498A634E8759D12A493 c:\windows\ie8\wininet.dll
[7] 2009-03-08 01:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-03-08 01:34 981504 A1BB8A70F954ED3CDCCECA7CADD412B4 c:\windows\system32\wininet.dll
[-] 2009-03-08 01:34 981504 A1BB8A70F954ED3CDCCECA7CADD412B4 c:\windows\system32\dllcache\wininet.dll

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2009-05-13 18:20 361344 B0870DC4AE8A0A40C45EC66BCDE3E523 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2009-05-13 23:12 361600 CD00787894008369F56153B91FC28847 c:\windows\system32\dllcache\tcpip.sys
[-] 2009-05-13 23:12 361600 CD00787894008369F56153B91FC28847 c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-15 12:00 506880 BCEDF9DCCBC807108CE34C9834074C34 c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-15 12:00 546304 D0C650E78BC92AFDCAB03CC6457BCF6F c:\windows\system32\winlogon.exe
[-] 2008-04-15 12:00 546304 D0C650E78BC92AFDCAB03CC6457BCF6F c:\windows\system32\dllcache\winlogon.exe

[7] 2009-02-09 11:14 2067712 BF87F187CEBD49FA80AEF07431295048 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-15 12:00 2025472 732887E7FDC05BED5A79A5EC49FD7E8D c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-10 16:03 2067584 A4C3645FF33495D60C9210EF94113DEA c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-09 11:22 2025472 9D84A21462B496BB67BC62D8FD114F28 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-02-09 11:22 2186752 0B222453796B5A97A53DEBF0384263B7 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-09 11:22 2186752 0B222453796B5A97A53DEBF0384263B7 c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-10 16:13 2190720 6140520CDCCE0CCC733DD19262411952 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-15 12:00 2146816 1D8896827AAF26D44F6FEA9498F296CF c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-09 11:22 2190592 BAC3C70CE9AAE5129516FEBFE001C873 c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-09 11:22 2146816 9EF5D9CF58C535140CEE6B7C94B22A44 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-02-09 11:22 2308096 FBFB302A873DC4F678DA34D7B5679DC2 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-09 11:22 2308096 FBFB302A873DC4F678DA34D7B5679DC2 c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-15 12:00 1539584 9FA8B73D08FF79D86756126D5856B3C4 c:\windows\explorer.exe
[7] 2008-04-15 12:00 1031168 CA3445DCE9EB70A2CA2504E0AF5C543F c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-15 12:00 1539584 9FA8B73D08FF79D86756126D5856B3C4 c:\windows\system32\dllcache\explorer.exe

[7] 2008-04-15 12:00 15360 252F972131EB23596C20B82CA190DC5C c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-15 12:00 40448 372853620778B679C89CA4FEAF4C7753 c:\windows\system32\ctfmon.exe
[-] 2008-04-15 12:00 40448 372853620778B679C89CA4FEAF4C7753 c:\windows\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 40448]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 40448]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
SnagIt 9.lnk - c:\program files\Snagit 9\Snagit32.exe [2009-1-22 7225672]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\AppServ\\Apache2.2\\bin\\httpd.exe"=
"c:\\Program Files\\phpDesigner\\phpDesigner.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LeapFTP 3.0\\LeapFTP.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:BitComet 13617 TCP
"443:UDP"= 443:UDP:BitComet 13617 UDP
"6882:TCP"= 6882:TCP:Ares
"6882:UDP"= 6882:UDP:Ares
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 03:47 م 107256]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [17/01/2008 08:37 م 24635]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 03:47 م 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [01/06/2009 08:30 م 603904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 13:28]

2009-06-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 11:58]

2009-05-31 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 11:58]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=13928&l=dis
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\MaTrEx\Application Data\Mozilla\Firefox\Profiles\dnsyy1lc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - component: c:\documents and settings\MaTrEx\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\MaTrEx\Application Data\Mozilla\Firefox\Profiles\dnsyy1lc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-06-02 20:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1396)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1452)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(1128)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\appserv\MySQL\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Snagit 9\TscHelp.exe
c:\program files\Snagit 9\SnagPriv.exe
c:\program files\Snagit 9\SnagitEditor.exe
.
**************************************************************************
.
Completion time: 2009-06-02 20:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 17:57

Pre-Run: 48,665,128,960 bytes free
Post-Run: 48,604,966,912 bytes free

362 --- E O F --- 2009-05-28 00:01
 
تأييد 0
كيف الوضع الان ؟
وهذا الملف msvcrtnew.dll
انت معدل مسماه ؟
 
تأييد 0
لا والله

بس بجرب اغير اسمه
 
تأييد 0
لا هذا الملف الان محذوف
طبق هذه المشاركة من جديد
وعند التطبيق اغلق الاكسبلورر وجميع البرامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
تأييد 0
برضه نفس المشكله
 
تأييد 0
جرب اعمل اصلاح للوندوز
 
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى