مشكلة exe جديدة

ahmedva · 31 مايو 2009

السلام عليكم يا أصدقائي
أنا عندي مشكلة تم عرضها من قبل في المواضيع و هي مشكلة exe
أنا قرأت ذلك الموضوع و نزلت البرامج المطلوبة ناقص بس حد يقرأ التقرير بتاع البرنامج ويقولي أعمل إيه و التقرير أه:

ComboFix 09-05-30.03 - Ahmed 31/05/2009 15:08.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.44.1033.18.766.403 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 09:23 . 2009-05-31 09:23 -------- d-sh--w C:\FOUND.003
2009-05-30 10:32 . 2009-05-30 10:32 -------- d-sh--w C:\FOUND.002
2009-05-28 11:52 . 2009-05-28 11:52 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-28 11:42 . 2009-05-28 11:42 -------- d-----w c:\documents and settings\Ahmed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-28 11:42 . 2009-05-28 11:52 38208 ----a-w c:\documents and settings\Ahmed\Application Data\Macromedia\Flash Player\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-23 11:21 . 2009-05-23 11:21 -------- d-sh--w C:\FOUND.001
2009-05-23 07:24 . 2009-05-23 07:24 -------- d-sh--w C:\FOUND.000
2009-05-19 08:54 . 2009-05-19 08:54 604416 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-19 08:54 . 2009-04-27 12:21 28928 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-19 08:54 . 2009-05-19 08:54 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 11:44 . 2009-02-18 12:34 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-31 11:44 . 2009-02-18 12:34 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-31 11:44 . 2009-02-18 12:34 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-31 11:44 . 2009-02-18 12:34 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-31 11:44 . 2009-01-06 08:19 12 ----a-w c:\windows\bthservsdp.dat
2009-05-31 11:32 . 2009-05-31 11:32 -------- d-----w c:\documents and settings\Ahmed\Application Data\CyberScrub
2009-05-31 11:32 . 2009-05-31 11:32 -------- d-----w c:\documents and settings\Ahmed\Application Data\cleaner
2009-05-26 14:00 . 2007-10-23 22:47 96760 ----a-w c:\windows\system32\dfshim.dll
2009-05-26 09:26 . 2008-04-20 09:48 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-05-26 09:26 . 2005-09-23 04:01 153800 ----a-w c:\windows\system32\vsjitdebugger.exe
2009-05-26 09:21 . 2008-06-03 14:22 110592 ----a-w c:\documents and settings\Ahmed\Application Data\U3\temp\cleanup.exe
2009-05-26 09:21 . 2008-06-03 14:21 3072000 ---ha-w c:\documents and settings\Ahmed\Application Data\U3\temp\Launchpad Removal.exe
2009-05-26 09:19 . 2009-02-18 12:34 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-26 09:19 . 2009-02-18 12:34 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-26 09:02 . 2008-03-01 07:45 45056 ----a-r c:\documents and settings\Ahmed\Application Data\Microsoft\Installer\{90B5E602-1867-449D-86FD-FC9DEA4434BF}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2009-05-26 08:44 . 2008-04-25 13:46 70992 ----a-w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe
2009-05-24 12:55 . 2008-04-09 08:05 77312 ----a-w c:\windows\ua2.dll
2009-04-05 08:57 . 2009-04-05 08:57 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-05 08:57 . 2009-04-05 08:57 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-06 13:44 . 2004-08-03 21:56 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 23:18 . 2004-08-03 21:56 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-03-28 21712680]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2009-05-26 2035712]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-14 486856]
"X'nBeep"="c:\program files\X'nBeep 1.1\XnBeep.exe" [2007-01-08 1067520]
"Google Update"="c:\documents and settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-23 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2009-05-26 266240]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2009-05-26 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-26 259624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-18 201992]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CryptSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26151:TCP"= 26151:TCP:BitComet 26151 TCP
"26151:UDP"= 26151:UDP:BitComet 26151 UDP
"18422:TCP"= 18422:TCP:BitComet 18422 TCP
"18422:UDP"= 18422:UDP:BitComet 18422 UDP
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18:29 33808]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [19/05/2009 11:54 604416]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20:07 24592]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\hlnnin.sys --> c:\windows\system32\drivers\hlnnin.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-2077806209-682003330-1003.job
- c:\documents and settings\Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 07:47]

2009-05-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 126.100.100.103:8080
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - {89E551A3-C402-4F52-AD12-FD6D3BC69CC2} - c:\program files\IEToolbar\شريط أدوات الدرر السنية\ltr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-31 15:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
Completion time: 2009-05-31 15:12
ComboFix-quarantined-files.txt 2009-05-31 12:12
ComboFix2.txt 2009-05-31 11:20

Pre-Run: 3,271,704,576 bytes free
Post-Run: 3,260,612,608 bytes free

153 --- E O F --- 2009-05-06 14:31

و جزاكم الله خيراً و في إنتظار ردكم سريعا لأن جهازي خربان و هناك الكثير من البرامج غير شغال.

ahmedva · 3 يونيو 2009

مشكور أخي بس المشكلة إني انا بستخدم كاسبر 2009 مما يترتب عليه تغير خصائص البرنامج

format · 3 يونيو 2009

ok man شوف التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واستخدم برنامج المكافي

Corporation · 3 يونيو 2009

وياليت لو ترفق لنا الصورة نشوفها

ahmedva · 3 يونيو 2009

تكرم حبيبي على هذا الجهد بس أنا مش هينفع أنزل المكافي و أشيل الكاسبر أنا هوريك صورة الكاسبر و إنت تقولي أعمل إيه

format · 3 يونيو 2009

ياخوي مابتعرض المكافي مع الكاسبر لانها اداه فحص ليس الا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واذا كان كبير المكافي قم بتنزيل الافيرا

مشكلة exe جديدة

ahmedva

زيزوومي جديد

ahmedva

زيزوومي جديد

format

زيزوومي ماسى

توقيع : format

Corporation

زيزوومى فضى

توقيع : Corporation

ahmedva

زيزوومي جديد

format

زيزوومي ماسى

توقيع : format

NTLite Business 2025.8.10552 X64