اميلاتي سرقت والجهاز شكل فيه باتش ارجو المساعدة

[you4you]

شباب السلام عليكم
الاميلات سرقت وكل ما سويت اميل سرق
علما ان الكاسبر كان المفتاح منتهي الصلاحية وقتها
انا بالامس شريت انترنت سكرتي من جرير وفحصت الجهاز هل الاجراء كافي لجماية الجهاز وحذف الباتش
ارجو افادتي ومساعدتي في حذف الباتش

 

[ابـــو عــبــد الــلــه]

وعليكم السلام

حمل هذا الآداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
أتمنى منك الصبر حتى يتم تحليل التقرير​

 

[you4you]

Logfile of HijackThis v1.99.1
Scan saved at 01:40:22 م, on 31/05/09
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\conime.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\FAHESS\McciTrayApp.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\ALJAWAL 3.5G HSDPA\ALJAWAL 3.5G HSDPA.exe
C:\Users\anodi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7I2FCPW\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [FAHESS_McciTrayApp] C:\Program Files\FAHESS\McciTrayApp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B044839-02B7-4F27-B766-73BB1A1541A7}: NameServer = 84.235.7.58 84.235.6.58
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O20 - Winlogon Notify: psfus - C:\Windows\system32\psqlpwd.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

[you4you]

رفع الموضوع من اجل المساعدة

 

[ابـــو عــبــد الــلــه]

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes



اثناء الفحص ممكن يعاد تشغيل الجهاز



وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى​

 

[you4you]

شكرا ابو ريما على ردك السريع
سوالي هل التقرير السابق سليم؟
وهل تريد ان ارفع تقرير الاداة الاخيرة اللي عطيتني؟

 

[ابـــو عــبــد الــلــه]

نعم ارفع تقرير الاداة الاخيرة ​

 

[you4you]

ComboFix 09-05-30.04 - anodi 05/31/2009 16:30.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1033.18.3069.2104 [GMT 3:00]
Running from: c:\users\anodi\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\anodi\AppData\Local\Temp\catchme.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.
2009-05-31 13:35 . 2009-05-31 13:35 -------- d-----w- c:\users\anodi\AppData\Local\temp
2009-05-30 20:53 . 2009-05-31 13:26 2953248 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 13:29 . 2009-05-30 20:53 344096 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-31 13:28 . 2009-05-30 20:53 2256 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-05-31 13:27 . 2009-02-25 21:53 -------- d-----w- c:\programdata\Kaspersky Lab
2009-05-31 13:26 . 2009-05-30 20:53 25200 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-31 13:26 . 2009-01-27 14:23 12 ----a-w- c:\windows\bthservsdp.dat
2009-05-31 10:08 . 2009-02-26 09:14 -------- d-----w- c:\programdata\Microsoft Help
2009-05-30 21:59 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-30 21:59 . 2009-05-30 20:54 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-30 21:59 . 2009-05-30 20:54 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-30 21:59 . 2009-05-30 21:59 44808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-05-30 21:58 . 2009-05-30 21:58 206088 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-05-30 21:58 . 2009-05-30 21:58 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-05-30 21:58 . 2009-05-30 21:58 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys
2009-05-30 20:53 . 2009-02-26 11:07 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-30 20:52 . 2009-02-25 21:52 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-05-30 20:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-30 20:41 . 2009-03-09 15:45 680 ----a-w- c:\users\anodi\AppData\Local\d3d9caps.dat
2009-04-26 18:20 . 2009-02-26 13:33 -------- d-----w- c:\program files\Mobily Connect Card
2009-04-26 14:20 . 2009-04-26 13:59 -------- d-----w- c:\programdata\Motive
2009-04-26 14:17 . 2009-04-26 14:02 -------- d-----w- c:\users\anodi\AppData\Roaming\Motive
2009-04-26 14:13 . 2009-04-26 14:12 -------- d-----w- c:\program files\FAHESS
2009-04-26 14:13 . 2009-04-26 14:00 -------- d-----w- c:\program files\Common Files\Motive
2009-04-26 14:01 . 2009-04-26 14:01 -------- d-----w- c:\program files\Fahess_Activation
2009-04-05 11:13 . 2009-04-05 11:13 -------- d-----w- c:\program files\CCleaner
2009-04-05 11:05 . 2009-03-14 21:01 -------- d-----w- c:\program files\ALJAWAL 3.5G HSDPA
2009-03-17 03:38 . 2009-04-22 21:02 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-22 21:02 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-03 04:40 . 2009-04-22 21:03 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-03-03 04:40 . 2009-04-22 21:03 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-03-03 04:40 . 2009-04-22 21:02 827392 ----a-w- c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-22 21:03 183296 ----a-w- c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-22 21:03 551424 ----a-w- c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-22 21:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-22 21:03 3600880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:37 . 2009-04-22 21:03 3548656 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-03-03 04:37 . 2009-04-22 21:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-22 21:03 98304 ----a-w- c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-22 21:03 54784 ----a-w- c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-22 21:03 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2009-03-03 04:36 . 2009-04-22 21:03 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-03-03 03:04 . 2009-04-22 21:03 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-22 21:03 17408 ----a-w- c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-22 21:02 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-03 02:16 . 2009-04-22 21:03 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-01-27 13:42 . 2009-01-27 13:42 75 --sh--r- c:\windows\CT4CET.bin
2009-01-27 21:59 . 2009-01-27 21:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"FAHESS_McciTrayApp"="c:\program files\FAHESS\McciTrayApp.exe" [2008-04-16 1459200]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-30 206088]
c:\users\anodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-6 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-27 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-27 14:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 22:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll c:\progra~1\KASPER~1\KASPER~2\kloehk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F6156F81-977D-41BD-A81A-23DA1E3B26FD}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{A763FD0B-0EFD-4349-B4C9-7EDF6DF6DA99}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{EF4756B9-8F88-4A89-BDCF-CF70DB612B10}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{04AEF47E-DEBD-4069-9732-5E3E976BC806}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{7E8964E5-8A32-49DB-938D-21B9DC9FA70A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CBCD324E-5FB3-4F17-929A-428541BA63E2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8169E271-4C0F-4214-BE83-17C5B7703FA0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E30D90B8-C200-4566-942E-AAEFFBCFAF96}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25FD246F-4929-4A34-AD11-7CC0B0D881FA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4396D8B3-E7ED-4892-866B-0FBAE6E6242D}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{C9182457-1878-475E-9D89-6FE04F0AB612}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{7E6BE9FA-B221-41C5-B4DC-E96A9540CA09}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/08 06:29 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/08 06:28 م 20496]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [27/01/09 05:22 م 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/08 12:09 ص 155648]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/01/09 01:16 ص 179712]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [13/03/08 07:02 م 26640]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [28/01/09 01:16 ص 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [28/01/09 01:16 ص 7424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{AFDA4F49-16E2-4028-807F-810673FDC7CF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.m3com.com.sa
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-31 16:35
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-05-31 16:37
ComboFix-quarantined-files.txt 2009-05-31 13:37
Pre-Run: 177,512,194,048 bytes free
Post-Run: 177,674,498,048 bytes free
214 --- E O F --- 2009-05-31 10:08

 

[ابـــو عــبــد الــلــه]

عطل استعادة النظام حسب الشرح التالي​

كلك يمين على جهاز الكمبيوتر من سطح المكتب ثم اختر خصائص​

​

2- ادخل هذه الصفحة​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التقرير noor_mcafee
وارفعه على هذا الموقع​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

وارفق رابط التحميل بمشاركتك القادمة ​

​