صبح جهازي يتهيج كثيرا و المروحة تشتغل بقوة وهناك تعليق بالجهاز

محرز · 1 يونيو 2009

احبائي اعضاء منتدي زيزوم مساء الخير
لدي مشكلة
اصبح جهازي يتهيج كثيرا و المروحة تشتغل بقوة وهناك تعليق بالجهاز
ما المشكلة ياتري
تقرير هايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:50, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Babuki.lnk = C:\Program Files\Babuki\Babuki.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 5560 bytes

AbOdy · 1 يونيو 2009

هلا بك

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

اثناء الفحص ممكن يعاد تشغيل الجهاز

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى

وارفع تقرير هايجاك جديد مع هذا التقرير

محرز · 1 يونيو 2009

مساء الخير لقد قمت باستعمال هذه الاداة
وهذا التقرير

ComboFix 09-05-30.03 - user 01/06/2009 17:13.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.216.1036.18.478.146 [GMT 2:00]
Running from: D:\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 14:24 . 2008-04-14 02:33 26624 ----a-w c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-01 14:21 . 2009-06-01 14:21 -------- d-sh--w c:\documents and settings\user\IETldCache
2009-06-01 14:18 . 2009-06-01 14:18 -------- d-----w c:\windows\ie8updates
2009-06-01 14:18 . 2009-05-12 05:11 102912 ------w c:\windows\system32\dllcache\iecompat.dll
2009-06-01 14:17 . 2009-06-01 14:17 -------- dc-h--w c:\windows\ie8
2009-06-01 13:55 . 2009-06-01 13:55 -------- d-----w c:\program files\Windows Media Connect 2
2009-06-01 13:52 . 2009-06-01 13:54 -------- d-----w C:\c1147713f4de91250f3c
2009-06-01 13:52 . 2009-06-01 13:53 -------- d-----w c:\windows\system32\drivers\UMDF
2009-06-01 13:52 . 2009-06-01 13:52 -------- d-----w c:\windows\system32\LogFiles
2009-06-01 09:32 . 2009-06-01 14:20 -------- d-----w c:\windows\system32\fr-fr
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w c:\windows\l2schemas
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w c:\windows\system32\fr
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w c:\windows\system32\bits
2009-06-01 09:30 . 2009-06-01 09:32 -------- d-----w c:\windows\ServicePackFiles
2009-05-31 19:29 . 2007-10-23 07:27 110592 ----a-w c:\documents and settings\user\Application Data\U3\temp\cleanup.exe
2009-05-31 19:27 . 2008-05-02 08:41 3493888 ---ha-w c:\documents and settings\user\Application Data\U3\temp\Launchpad Removal.exe
2009-05-31 18:42 . 2009-05-31 18:42 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Adobe
2009-05-31 18:41 . 2009-05-31 18:41 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-05-31 18:33 . 2009-05-31 18:33 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-31 18:33 . 2009-03-03 12:53 17464 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg.exe
2009-05-31 18:33 . 2009-03-03 12:53 12792 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg_bootstrap.exe
2009-05-31 18:33 . 2009-03-03 12:53 109420 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
2009-05-31 18:31 . 2009-05-31 18:31 73216 ----a-w c:\windows\cadkasdeinst01f.exe
2009-05-29 19:01 . 2009-05-29 19:01 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-05-29 18:32 . 2009-05-29 18:32 -------- d-----w c:\documents and settings\user\Application Data\Big Fish Games
2009-05-29 18:32 . 2009-05-29 18:32 -------- d-----w c:\program files\Azada
2009-05-29 17:41 . 2009-06-01 14:20 -------- d-----w c:\windows\system32\dllcache
2009-05-29 17:37 . 2009-05-29 17:37 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-05-29 13:07 . 2009-05-29 14:59 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-29 13:02 . 2004-08-03 20:29 73216 ------w c:\windows\system32\drivers\atintuxx.sys
2009-05-28 20:31 . 2008-06-14 17:33 272768 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-28 20:31 . 2008-06-14 17:33 272768 ------w c:\windows\system32\drivers\bthport.sys
2009-05-28 20:29 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-05-28 20:29 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 20:28 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-05-28 20:28 . 2008-05-01 14:36 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-28 20:28 . 2008-04-11 19:05 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-28 20:27 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-05-28 20:27 . 2008-10-15 16:35 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-28 20:27 . 2008-09-04 17:16 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-05-28 20:26 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-28 18:00 . 2008-04-13 18:39 5504 ----a-w c:\windows\system32\drivers\mstee.sys
2009-05-28 18:00 . 2008-04-13 18:46 10880 ----a-w c:\windows\system32\drivers\ndisip.sys
2009-05-28 18:00 . 2008-04-13 18:46 15232 ----a-w c:\windows\system32\drivers\streamip.sys
2009-05-28 18:00 . 2008-04-13 18:46 11136 ----a-w c:\windows\system32\drivers\slip.sys
2009-05-28 18:00 . 2008-04-13 18:46 19200 ----a-w c:\windows\system32\drivers\wstcodec.sys
2009-05-28 18:00 . 2008-04-13 18:46 85248 ----a-w c:\windows\system32\drivers\nabtsfec.sys
2009-05-28 18:00 . 2008-04-13 18:46 17024 ----a-w c:\windows\system32\drivers\ccdecode.sys
2009-05-28 18:00 . 2008-04-14 02:33 54784 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-28 17:59 . 2007-11-02 09:07 6656 ----a-w c:\windows\system32\CoInst_071102.dll
2009-05-28 17:59 . 2007-10-25 16:31 616064 ----a-w c:\windows\system32\drivers\PFC027.SYS
2009-05-28 17:59 . 2007-10-04 15:42 48128 ----a-w c:\windows\system32\Remove.exe
2009-05-28 17:59 . 2009-05-28 17:59 -------- d-----w c:\program files\Fichiers communs\PAC207
2009-05-28 17:59 . 2009-05-28 17:59 -------- d-----w c:\windows\PixArt
2009-05-28 17:59 . 2006-10-12 09:57 14336 ----a-w c:\windows\system32\P207USD.dll
2009-05-28 12:38 . 2009-05-28 12:38 -------- d--h--w c:\windows\PIF
2009-05-27 19:53 . 2009-06-01 09:18 -------- d-----w c:\program files\Hotspot Shield
2009-05-27 18:42 . 2009-05-27 18:42 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-27 10:01 . 2009-05-27 10:01 -------- d-----w c:\documents and settings\majid\Application Data\ESET
2009-05-26 19:18 . 2009-05-26 19:18 -------- d-----w c:\program files\Nero
2009-05-26 18:55 . 2009-05-26 18:55 -------- d-----w c:\documents and settings\user\Application Data\Apple Computer
2009-05-26 18:52 . 2009-05-26 18:53 -------- d-----w c:\program files\QuickTime
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Apple
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\program files\Apple Software Update
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2009-05-26 17:40 . 2009-05-26 17:40 -------- d-----w c:\documents and settings\user\Application Data\Babuki.7FFE1EF3C0EAF397E48071BD36BB45EFAE41A826.1
2009-05-26 12:30 . 2009-05-31 19:29 -------- d-----w c:\documents and settings\user\Application Data\U3
2009-05-25 19:16 . 2009-05-25 19:17 -------- d-----w c:\program files\USB Disk Security
2009-05-25 10:36 . 2009-05-25 10:36 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-05-25 10:36 . 2009-05-25 10:36 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-25 10:36 . 2009-05-25 10:36 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-25 10:36 . 2009-05-25 10:36 -------- d-----w c:\program files\Real
2009-05-25 10:36 . 2009-05-25 10:36 -------- d-----w c:\program files\Fichiers communs\Real
2009-05-25 10:32 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-25 10:32 . 2009-05-25 10:32 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-24 19:41 . 2004-08-19 14:09 4096 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-05-24 19:23 . 2009-05-24 19:23 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-05-24 19:23 . 2009-05-24 19:23 -------- d-----w c:\program files\MSECache
2009-05-24 17:48 . 2009-05-24 17:48 -------- d-----w c:\program files\Trend Micro
2009-05-24 17:32 . 2009-05-24 17:32 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-24 16:39 . 2009-01-07 16:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-24 16:39 . 2009-06-01 14:18 -------- d--h--w c:\windows\$hf_mig$
2009-05-24 16:34 . 2009-05-24 16:34 0 ----a-w c:\windows\nsreg.dat
2009-05-24 16:34 . 2009-05-24 16:34 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-24 16:12 . 2009-05-24 19:33 89976 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 15:07 . 2008-04-14 02:32 76288 ----a-w c:\windows\system32\uniime.dll
2009-05-24 15:05 . 2001-09-28 12:00 6656 ----a-w c:\windows\system32\c_is2022.dll
2009-05-24 15:02 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-24 15:02 . 2008-04-14 02:33 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-24 15:02 . 2008-04-14 01:57 58752 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-24 15:01 . 2008-04-14 02:33 77312 ----a-w c:\windows\system32\usbui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 10:24 . 2001-09-28 12:00 49462 ----a-w c:\windows\system32\perfc00C.dat
2009-06-01 10:24 . 2001-09-28 12:00 370344 ----a-w c:\windows\system32\perfh00C.dat
2009-06-01 09:35 . 2009-05-24 13:38 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-31 19:56 . 2009-05-24 13:49 -------- d-----w c:\program files\Dell
2009-05-31 19:04 . 2009-05-24 13:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-30 22:14 . 2009-05-30 22:14 -------- d-----w c:\documents and settings\user\Application Data\CyberScrub
2009-05-30 22:14 . 2009-05-30 22:14 -------- d-----w c:\documents and settings\user\Application Data\cleaner
2009-05-28 20:12 . 2009-05-24 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-24 14:06 . 2009-05-24 14:06 -------- d-----w c:\program files\Microsoft Works
2009-05-24 14:06 . 2009-05-24 14:06 -------- d-----w c:\program files\MSBuild
2009-05-24 13:55 . 2009-05-24 13:55 1915520 ----a-w c:\documents and settings\user\Application Data\Macromedia\Flash Player\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-24 13:51 . 2009-05-24 13:51 -------- d-----w c:\program files\Analog Devices
2009-05-24 13:39 . 2009-05-24 13:39 -------- d-----w c:\program files\microsoft frontpage
2009-05-24 13:38 . 2009-05-24 13:38 -------- d-----w c:\program files\Services en ligne
2009-05-24 13:36 . 2009-05-24 13:36 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-24 13:23 . 2009-05-24 13:23 -------- d-----w c:\documents and settings\user\Application Data\ESET
2009-05-24 13:21 . 2009-05-24 13:21 -------- d-----w c:\program files\ESET
2009-05-24 13:21 . 2009-05-24 13:21 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-24 13:09 . 2009-05-24 13:09 -------- d-----w c:\program files\Lexmark 1200 Series
2009-05-24 13:01 . 2009-05-24 12:56 -------- d-----w c:\program files\ATI Technologies
2009-05-24 12:55 . 2009-05-24 13:49 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-05-24 12:53 . 2009-05-24 12:53 -------- d-----w c:\program files\Broadcom
2009-05-20 19:54 . 2009-05-20 19:54 33840 ----a-w c:\windows\system32\drivers\HssDrv.sys
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-08 02:34 . 2004-08-19 14:09 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-19 14:09 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-19 14:09 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-19 14:09 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-19 14:09 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-19 14:09 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-19 14:09 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-19 14:08 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-19 14:10 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2001-09-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-19 14:09 286720 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-27 19:53 204248 ----a-w c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-25 198160]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [24/05/2009 14:54 3456]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 15:47 731840]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [20/05/2009 21:53 331312]
R3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [28/05/2009 19:59 616064]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [21/05/2009 00:29 34352]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.elebda3.net
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-01 17:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\user\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3160)
c:\windows\system32\ieframe.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-06-01 17:16
ComboFix-quarantined-files.txt 2009-06-01 15:16

Pre-Run: 63 710 408 704 octets libres
Post-Run: 66 806 022 144 octets libres

244 --- E O F --- 2009-06-01 09:41

محرز · 1 يونيو 2009

ما المشكل اذا

AbOdy · 1 يونيو 2009

احذف هذه القيم

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - Startup: Babuki.lnk = C:\Program Files\Babuki\Babuki.exe

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

واعد استخدام اداة الكمبوفيكس في الوضع الأمن

وعطني تقرير الأداة في الوضع الأمن مع تقرير هايجاك جديد من الوضع العادي

mehrez01 · 1 يونيو 2009

هذا تقرير هايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:35, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\user\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\user\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 5753 bytes

و هذا التقرير الثاني بالوضع الامن

ComboFix 09-05-30.03 - Administrateur 01/06/2009 18:07.4 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1256.216.1036.18.478.307 [GMT 2:00]
Running from: D:\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 16:05 . 2009-06-01 16:05 -------- d-sh--w c:\documents and settings\Administrateur\IETldCache
2009-06-01 15:46 . 2009-06-01 15:46 -------- d-----w c:\program files\Wanadoo Edition
2009-06-01 15:40 . 2009-06-01 15:40 304160 ----a-w C:\PA207.DAT
2009-06-01 15:38 . 2009-06-01 15:38 -------- d-----w C:\Hotspot Shield
2009-06-01 15:18 . 2009-06-01 15:18 -------- d-sh--w c:\documents and settings\user\IECompatCache
2009-06-01 15:18 . 2009-06-01 15:18 -------- d-sh--w c:\documents and settings\user\PrivacIE
2009-06-01 14:24 . 2008-04-14 02:33 26624 ----a-w c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-01 14:21 . 2009-06-01 14:21 -------- d-sh--w c:\documents and settings\user\IETldCache
2009-06-01 14:18 . 2009-06-01 14:18 -------- d-----w c:\windows\ie8updates
2009-06-01 14:18 . 2009-05-12 05:11 102912 ------w c:\windows\system32\dllcache\iecompat.dll
2009-06-01 14:17 . 2009-06-01 14:17 -------- dc-h--w c:\windows\ie8
2009-06-01 13:55 . 2009-06-01 13:55 -------- d-----w c:\program files\Windows Media Connect 2
2009-06-01 13:52 . 2009-06-01 13:54 -------- d-----w C:\c1147713f4de91250f3c
2009-06-01 13:52 . 2009-06-01 13:53 -------- d-----w c:\windows\system32\drivers\UMDF
2009-06-01 13:52 . 2009-06-01 13:52 -------- d-----w c:\windows\system32\LogFiles
2009-06-01 09:32 . 2009-06-01 14:20 -------- d-----w c:\windows\system32\fr-fr
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w c:\windows\l2schemas
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w c:\windows\system32\fr
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w c:\windows\system32\bits
2009-06-01 09:30 . 2009-06-01 09:32 -------- d-----w c:\windows\ServicePackFiles
2009-05-31 19:29 . 2007-10-23 07:27 110592 ----a-w c:\documents and settings\user\Application Data\U3\temp\cleanup.exe
2009-05-31 19:27 . 2008-05-02 08:41 3493888 ---ha-w c:\documents and settings\user\Application Data\U3\temp\Launchpad Removal.exe
2009-05-31 18:42 . 2009-05-31 18:42 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Adobe
2009-05-31 18:41 . 2009-05-31 18:41 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-05-31 18:33 . 2009-05-31 18:33 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-31 18:33 . 2009-03-03 12:53 17464 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg.exe
2009-05-31 18:33 . 2009-03-03 12:53 12792 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg_bootstrap.exe
2009-05-31 18:33 . 2009-03-03 12:53 109420 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
2009-05-31 18:31 . 2009-05-31 18:31 73216 ----a-w c:\windows\cadkasdeinst01f.exe
2009-05-29 19:01 . 2009-05-29 19:01 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-05-29 18:32 . 2009-05-29 18:32 -------- d-----w c:\documents and settings\user\Application Data\Big Fish Games
2009-05-29 18:32 . 2009-05-29 18:32 -------- d-----w c:\program files\Azada
2009-05-29 17:41 . 2009-06-01 14:20 -------- d-----w c:\windows\system32\dllcache
2009-05-29 17:37 . 2009-05-29 17:37 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-05-29 13:07 . 2009-05-29 14:59 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-29 13:02 . 2004-08-03 20:29 73216 ------w c:\windows\system32\drivers\atintuxx.sys
2009-05-28 20:31 . 2008-06-14 17:33 272768 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-28 20:31 . 2008-06-14 17:33 272768 ------w c:\windows\system32\drivers\bthport.sys
2009-05-28 20:29 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-05-28 20:29 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 20:28 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-05-28 20:28 . 2008-05-01 14:36 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-28 20:28 . 2008-04-11 19:05 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-28 20:27 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-05-28 20:27 . 2008-10-15 16:35 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-28 20:27 . 2008-09-04 17:16 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-05-28 20:26 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-28 18:00 . 2008-04-13 18:39 5504 ----a-w c:\windows\system32\drivers\mstee.sys
2009-05-28 18:00 . 2008-04-13 18:46 10880 ----a-w c:\windows\system32\drivers\ndisip.sys
2009-05-28 18:00 . 2008-04-13 18:46 15232 ----a-w c:\windows\system32\drivers\streamip.sys
2009-05-28 18:00 . 2008-04-13 18:46 11136 ----a-w c:\windows\system32\drivers\slip.sys
2009-05-28 18:00 . 2008-04-13 18:46 19200 ----a-w c:\windows\system32\drivers\wstcodec.sys
2009-05-28 18:00 . 2008-04-13 18:46 85248 ----a-w c:\windows\system32\drivers\nabtsfec.sys
2009-05-28 18:00 . 2008-04-13 18:46 17024 ----a-w c:\windows\system32\drivers\ccdecode.sys
2009-05-28 18:00 . 2008-04-14 02:33 54784 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-28 17:59 . 2007-11-02 09:07 6656 ----a-w c:\windows\system32\CoInst_071102.dll
2009-05-28 17:59 . 2007-10-25 16:31 616064 ----a-w c:\windows\system32\drivers\PFC027.SYS
2009-05-28 17:59 . 2007-10-04 15:42 48128 ----a-w c:\windows\system32\Remove.exe
2009-05-28 17:59 . 2009-05-28 17:59 -------- d-----w c:\program files\Fichiers communs\PAC207
2009-05-28 17:59 . 2009-05-28 17:59 -------- d-----w c:\windows\PixArt
2009-05-28 17:59 . 2006-10-12 09:57 14336 ----a-w c:\windows\system32\P207USD.dll
2009-05-28 12:38 . 2009-05-28 12:38 -------- d--h--w c:\windows\PIF
2009-05-27 19:53 . 2009-06-01 09:18 -------- d-----w c:\program files\Hotspot Shield
2009-05-27 18:42 . 2009-05-27 18:42 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-27 10:01 . 2009-05-27 10:01 -------- d-----w c:\documents and settings\majid\Application Data\ESET
2009-05-26 19:18 . 2009-05-26 19:18 -------- d-----w c:\program files\Nero
2009-05-26 18:55 . 2009-05-26 18:55 -------- d-----w c:\documents and settings\user\Application Data\Apple Computer
2009-05-26 18:52 . 2009-05-26 18:53 -------- d-----w c:\program files\QuickTime
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Apple
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\program files\Apple Software Update
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2009-05-26 17:40 . 2009-05-26 17:40 -------- d-----w c:\documents and settings\user\Application Data\Babuki.7FFE1EF3C0EAF397E48071BD36BB45EFAE41A826.1
2009-05-26 12:30 . 2009-05-31 19:29 -------- d-----w c:\documents and settings\user\Application Data\U3
2009-05-25 19:16 . 2009-05-25 19:17 -------- d-----w c:\program files\USB Disk Security
2009-05-25 10:36 . 2009-05-25 10:36 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-05-25 10:36 . 2009-05-25 10:36 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-25 10:36 . 2009-05-25 10:36 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-25 10:36 . 2009-05-25 10:36 -------- d-----w c:\program files\Real
2009-05-25 10:36 . 2009-05-25 10:36 -------- d-----w c:\program files\Fichiers communs\Real
2009-05-25 10:32 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-25 10:32 . 2009-05-25 10:32 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-24 19:41 . 2004-08-19 14:09 4096 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-05-24 19:23 . 2009-05-24 19:23 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-05-24 19:23 . 2009-05-24 19:23 -------- d-----w c:\program files\MSECache
2009-05-24 17:48 . 2009-05-24 17:48 -------- d-----w c:\program files\Trend Micro
2009-05-24 17:32 . 2009-05-24 17:32 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-24 16:39 . 2009-01-07 16:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-24 16:39 . 2009-06-01 14:18 -------- d--h--w c:\windows\$hf_mig$
2009-05-24 16:34 . 2009-05-24 16:34 0 ----a-w c:\windows\nsreg.dat
2009-05-24 16:34 . 2009-05-24 16:34 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-24 16:12 . 2009-05-24 19:33 89976 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 15:07 . 2008-04-14 02:32 76288 ----a-w c:\windows\system32\uniime.dll
2009-05-24 15:05 . 2001-09-28 12:00 6656 ----a-w c:\windows\system32\c_is2022.dll
2009-05-24 15:02 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-24 15:02 . 2008-04-14 02:33 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-24 15:02 . 2008-04-14 01:57 58752 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-24 15:01 . 2008-04-14 02:33 77312 ----a-w c:\windows\system32\usbui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 16:03 . 2009-05-30 22:14 -------- d-----w c:\documents and settings\user\Application Data\cleaner
2009-06-01 10:24 . 2001-09-28 12:00 49462 ----a-w c:\windows\system32\perfc00C.dat
2009-06-01 10:24 . 2001-09-28 12:00 370344 ----a-w c:\windows\system32\perfh00C.dat
2009-06-01 09:35 . 2009-05-24 13:38 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-31 19:56 . 2009-05-24 13:49 -------- d-----w c:\program files\Dell
2009-05-31 19:04 . 2009-05-24 13:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-30 22:14 . 2009-05-30 22:14 -------- d-----w c:\documents and settings\user\Application Data\CyberScrub
2009-05-28 20:12 . 2009-05-24 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-24 14:06 . 2009-05-24 14:06 -------- d-----w c:\program files\Microsoft Works
2009-05-24 14:06 . 2009-05-24 14:06 -------- d-----w c:\program files\MSBuild
2009-05-24 13:55 . 2009-05-24 13:55 1915520 ----a-w c:\documents and settings\user\Application Data\Macromedia\Flash Player\

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-24 13:51 . 2009-05-24 13:51 -------- d-----w c:\program files\Analog Devices
2009-05-24 13:39 . 2009-05-24 13:39 -------- d-----w c:\program files\microsoft frontpage
2009-05-24 13:38 . 2009-05-24 13:38 -------- d-----w c:\program files\Services en ligne
2009-05-24 13:36 . 2009-05-24 13:36 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-24 13:23 . 2009-05-24 13:23 -------- d-----w c:\documents and settings\user\Application Data\ESET
2009-05-24 13:21 . 2009-05-24 13:21 -------- d-----w c:\program files\ESET
2009-05-24 13:21 . 2009-05-24 13:21 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-24 13:09 . 2009-05-24 13:09 -------- d-----w c:\program files\Lexmark 1200 Series
2009-05-24 13:01 . 2009-05-24 12:56 -------- d-----w c:\program files\ATI Technologies
2009-05-24 12:55 . 2009-05-24 13:49 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-05-24 12:53 . 2009-05-24 12:53 -------- d-----w c:\program files\Broadcom
2009-05-20 19:54 . 2009-05-20 19:54 33840 ----a-w c:\windows\system32\drivers\HssDrv.sys
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-08 02:34 . 2004-08-19 14:09 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-19 14:09 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-19 14:09 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-19 14:09 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-19 14:09 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-19 14:09 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-19 14:09 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-19 14:08 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-19 14:10 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2001-09-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-19 14:09 286720 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-27 19:53 204248 ----a-w c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-25 198160]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [24/05/2009 14:54 3456]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 15:47 731840]
S2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [20/05/2009 21:53 331312]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [21/05/2009 00:29 34352]
S3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [28/05/2009 19:59 616064]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-06-01 c:\windows\Tasks\User_Feed_Synchronization-{F16FB740-72B4-4D2A-99E7-B55881EFBB2D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.sergiwa.com/
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n0cf4mpi.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-01 18:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(604)
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
Completion time: 2009-06-01 18:11
ComboFix-quarantined-files.txt 2009-06-01 16:11
ComboFix2.txt 2009-06-01 15:16

Pre-Run: 67 926 446 080 octets libres
Post-Run: 67 912 192 000 octets libres

240 --- E O F --- 2009-06-01 09:41

mehrez01 · 1 يونيو 2009

هذا التقرير من تبعي لانني لدي عضويتين

AbOdy · 1 يونيو 2009

mehrez01 قال:
هذا التقرير من تبعي لانني لدي عضويتين

لاهنت تابع معي بنفس عضويه كاتب الموضوع

محرز · 1 يونيو 2009

اسف
هذا تقرير هايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:35, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\user\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\user\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 5753 bytes

و هذا التقرير الثاني بالوضع الامن

ComboFix 09-05-30.03 - Administrateur 01/06/2009 18:07.4 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1256.216.1036.18.478.307 [GMT 2:00]
Running from: D:\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 16:05 . 2009-06-01 16:05 -------- d-sh--w c:\documents and settings\Administrateur\IETldCache
2009-06-01 15:46 . 2009-06-01 15:46 -------- d-----w c:\program files\Wanadoo Edition
2009-06-01 15:40 . 2009-06-01 15:40 304160 ----a-w C:\PA207.DAT
2009-06-01 15:38 . 2009-06-01 15:38 -------- d-----w C:\Hotspot Shield
2009-06-01 15:18 . 2009-06-01 15:18 -------- d-sh--w c:\documents and settings\user\IECompatCache
2009-06-01 15:18 . 2009-06-01 15:18 -------- d-sh--w c:\documents and settings\user\PrivacIE
2009-06-01 14:24 . 2008-04-14 02:33 26624 ----a-w c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-01 14:21 . 2009-06-01 14:21 -------- d-sh--w c:\documents and settings\user\IETldCache
2009-06-01 14:18 . 2009-06-01 14:18 -------- d-----w c:\windows\ie8updates
2009-06-01 14:18 . 2009-05-12 05:11 102912 ------w c:\windows\system32\dllcache\iecompat.dll
2009-06-01 14:17 . 2009-06-01 14:17 -------- dc-h--w c:\windows\ie8
2009-06-01 13:55 . 2009-06-01 13:55 -------- d-----w c:\program files\Windows Media Connect 2
2009-06-01 13:52 . 2009-06-01 13:54 -------- d-----w C:\c1147713f4de91250f3c
2009-06-01 13:52 . 2009-06-01 13:53 -------- d-----w c:\windows\system32\drivers\UMDF
2009-06-01 13:52 . 2009-06-01 13:52 -------- d-----w c:\windows\system32\LogFiles
2009-06-01 09:32 . 2009-06-01 14:20 -------- d-----w c:\windows\system32\fr-fr
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w c:\windows\l2schemas
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w c:\windows\system32\fr
2009-06-01 09:32 . 2009-06-01 09:32 -------- d-----w c:\windows\system32\bits
2009-06-01 09:30 . 2009-06-01 09:32 -------- d-----w c:\windows\ServicePackFiles
2009-05-31 19:29 . 2007-10-23 07:27 110592 ----a-w c:\documents and settings\user\Application Data\U3\temp\cleanup.exe
2009-05-31 19:27 . 2008-05-02 08:41 3493888 ---ha-w c:\documents and settings\user\Application Data\U3\temp\Launchpad Removal.exe
2009-05-31 18:42 . 2009-05-31 18:42 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Adobe
2009-05-31 18:41 . 2009-05-31 18:41 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-05-31 18:33 . 2009-05-31 18:33 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-31 18:33 . 2009-03-03 12:53 17464 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\ext ensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg.exe
2009-05-31 18:33 . 2009-03-03 12:53 12792 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\ext ensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg_boo tstrap.exe
2009-05-31 18:33 . 2009-03-03 12:53 109420 ----a-w c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\eqnigg3n.default\ext ensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
2009-05-31 18:31 . 2009-05-31 18:31 73216 ----a-w c:\windows\cadkasdeinst01f.exe
2009-05-29 19:01 . 2009-05-29 19:01 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-05-29 18:32 . 2009-05-29 18:32 -------- d-----w c:\documents and settings\user\Application Data\Big Fish Games
2009-05-29 18:32 . 2009-05-29 18:32 -------- d-----w c:\program files\Azada
2009-05-29 17:41 . 2009-06-01 14:20 -------- d-----w c:\windows\system32\dllcache
2009-05-29 17:37 . 2009-05-29 17:37 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-05-29 13:07 . 2009-05-29 14:59 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-29 13:02 . 2004-08-03 20:29 73216 ------w c:\windows\system32\drivers\atintuxx.sys
2009-05-28 20:31 . 2008-06-14 17:33 272768 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-28 20:31 . 2008-06-14 17:33 272768 ------w c:\windows\system32\drivers\bthport.sys
2009-05-28 20:29 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-05-28 20:29 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-28 20:28 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-05-28 20:28 . 2008-05-01 14:36 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-28 20:28 . 2008-04-11 19:05 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-28 20:27 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-05-28 20:27 . 2008-10-15 16:35 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-28 20:27 . 2008-09-04 17:16 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-05-28 20:26 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-28 18:00 . 2008-04-13 18:39 5504 ----a-w c:\windows\system32\drivers\mstee.sys
2009-05-28 18:00 . 2008-04-13 18:46 10880 ----a-w c:\windows\system32\drivers\ndisip.sys
2009-05-28 18:00 . 2008-04-13 18:46 15232 ----a-w c:\windows\system32\drivers\streamip.sys
2009-05-28 18:00 . 2008-04-13 18:46 11136 ----a-w c:\windows\system32\drivers\slip.sys
2009-05-28 18:00 . 2008-04-13 18:46 19200 ----a-w c:\windows\system32\drivers\wstcodec.sys
2009-05-28 18:00 . 2008-04-13 18:46 85248 ----a-w c:\windows\system32\drivers\nabtsfec.sys
2009-05-28 18:00 . 2008-04-13 18:46 17024 ----a-w c:\windows\system32\drivers\ccdecode.sys
2009-05-28 18:00 . 2008-04-14 02:33 54784 ----a-w c:\windows\system32\vfwwdm32.dll
2009-05-28 17:59 . 2007-11-02 09:07 6656 ----a-w c:\windows\system32\CoInst_071102.dll
2009-05-28 17:59 . 2007-10-25 16:31 616064 ----a-w c:\windows\system32\drivers\PFC027.SYS
2009-05-28 17:59 . 2007-10-04 15:42 48128 ----a-w c:\windows\system32\Remove.exe
2009-05-28 17:59 . 2009-05-28 17:59 -------- d-----w c:\program files\Fichiers communs\PAC207
2009-05-28 17:59 . 2009-05-28 17:59 -------- d-----w c:\windows\PixArt
2009-05-28 17:59 . 2006-10-12 09:57 14336 ----a-w c:\windows\system32\P207USD.dll
2009-05-28 12:38 . 2009-05-28 12:38 -------- d--h--w c:\windows\PIF
2009-05-27 19:53 . 2009-06-01 09:18 -------- d-----w c:\program files\Hotspot Shield
2009-05-27 18:42 . 2009-05-27 18:42 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-27 10:01 . 2009-05-27 10:01 -------- d-----w c:\documents and settings\majid\Application Data\ESET
2009-05-26 19:18 . 2009-05-26 19:18 -------- d-----w c:\program files\Nero
2009-05-26 18:55 . 2009-05-26 18:55 -------- d-----w c:\documents and settings\user\Application Data\Apple Computer
2009-05-26 18:52 . 2009-05-26 18:53 -------- d-----w c:\program files\QuickTime
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Apple
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\program files\Apple Software Update
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-26 18:52 . 2009-05-26 18:52 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Apple Computer
2009-05-26 17:40 . 2009-05-26 17:40 -------- d-----w c:\documents and settings\user\Application Data\Babuki.7FFE1EF3C0EAF397E48071BD36BB45EFAE41A8 26.1
2009-05-26 12:30 . 2009-05-31 19:29 -------- d-----w c:\documents and settings\user\Application Data\U3
2009-05-25 19:16 . 2009-05-25 19:17 -------- d-----w c:\program files\USB Disk Security
2009-05-25 10:36 . 2009-05-25 10:36 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-05-25 10:36 . 2009-05-25 10:36 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-25 10:36 . 2009-05-25 10:36 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-25 10:36 . 2009-05-25 10:36 -------- d-----w c:\program files\Real
2009-05-25 10:36 . 2009-05-25 10:36 -------- d-----w c:\program files\Fichiers communs\Real
2009-05-25 10:32 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-25 10:32 . 2009-05-25 10:32 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-24 19:41 . 2004-08-19 14:09 4096 ----a-w c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-05-24 19:23 . 2009-05-24 19:23 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-05-24 19:23 . 2009-05-24 19:23 -------- d-----w c:\program files\MSECache
2009-05-24 17:48 . 2009-05-24 17:48 -------- d-----w c:\program files\Trend Micro
2009-05-24 17:32 . 2009-05-24 17:32 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-24 16:39 . 2009-01-07 16:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-24 16:39 . 2009-06-01 14:18 -------- d--h--w c:\windows\$hf_mig$
2009-05-24 16:34 . 2009-05-24 16:34 0 ----a-w c:\windows\nsreg.dat
2009-05-24 16:34 . 2009-05-24 16:34 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-24 16:12 . 2009-05-24 19:33 89976 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 15:07 . 2008-04-14 02:32 76288 ----a-w c:\windows\system32\uniime.dll
2009-05-24 15:05 . 2001-09-28 12:00 6656 ----a-w c:\windows\system32\c_is2022.dll
2009-05-24 15:02 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-24 15:02 . 2008-04-14 02:33 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-24 15:02 . 2008-04-14 01:57 58752 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-24 15:01 . 2008-04-14 02:33 77312 ----a-w c:\windows\system32\usbui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-01 16:03 . 2009-05-30 22:14 -------- d-----w c:\documents and settings\user\Application Data\cleaner
2009-06-01 10:24 . 2001-09-28 12:00 49462 ----a-w c:\windows\system32\perfc00C.dat
2009-06-01 10:24 . 2001-09-28 12:00 370344 ----a-w c:\windows\system32\perfh00C.dat
2009-06-01 09:35 . 2009-05-24 13:38 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-31 19:56 . 2009-05-24 13:49 -------- d-----w c:\program files\Dell
2009-05-31 19:04 . 2009-05-24 13:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-30 22:14 . 2009-05-30 22:14 -------- d-----w c:\documents and settings\user\Application Data\CyberScrub
2009-05-28 20:12 . 2009-05-24 14:01 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-24 14:06 . 2009-05-24 14:06 -------- d-----w c:\program files\Microsoft Works
2009-05-24 14:06 . 2009-05-24 14:06 -------- d-----w c:\program files\MSBuild
2009-05-24 13:55 . 2009-05-24 13:55 1915520 ----a-w c:\documents and settings\user\Application Data\Macromedia\Flash Player\
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2009-05-24 13:51 . 2009-05-24 13:51 -------- d-----w c:\program files\Analog Devices
2009-05-24 13:39 . 2009-05-24 13:39 -------- d-----w c:\program files\microsoft frontpage
2009-05-24 13:38 . 2009-05-24 13:38 -------- d-----w c:\program files\Services en ligne
2009-05-24 13:36 . 2009-05-24 13:36 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-24 13:23 . 2009-05-24 13:23 -------- d-----w c:\documents and settings\user\Application Data\ESET
2009-05-24 13:21 . 2009-05-24 13:21 -------- d-----w c:\program files\ESET
2009-05-24 13:21 . 2009-05-24 13:21 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-24 13:09 . 2009-05-24 13:09 -------- d-----w c:\program files\Lexmark 1200 Series
2009-05-24 13:01 . 2009-05-24 12:56 -------- d-----w c:\program files\ATI Technologies
2009-05-24 12:55 . 2009-05-24 13:49 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-05-24 12:53 . 2009-05-24 12:53 -------- d-----w c:\program files\Broadcom
2009-05-20 19:54 . 2009-05-20 19:54 33840 ----a-w c:\windows\system32\drivers\HssDrv.sys
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-08 02:34 . 2004-08-19 14:09 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-19 14:09 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-19 14:09 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-19 14:09 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-19 14:09 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-19 14:09 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-19 14:09 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-19 14:08 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-19 14:10 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2001-09-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-19 14:09 286720 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-05-27 19:53 204248 ----a-w c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-03 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-25 198160]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor .exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.s ys [24/05/2009 14:54 3456]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 15:47 731840]
S2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [20/05/2009 21:53 331312]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [21/05/2009 00:29 34352]
S3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [28/05/2009 19:59 616064]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.s ys --> c:\windows\system32\DRIVERS\scrcap.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-06-01 c:\windows\Tasks\User_Feed_Synchronization-{F16FB740-72B4-4D2A-99E7-B55881EFBB2D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.sergiwa.com/
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\n0cf4mpi.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-01 18:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(604)
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
Completion time: 2009-06-01 18:11
ComboFix-quarantined-files.txt 2009-06-01 16:11
ComboFix2.txt 2009-06-01 15:16

Pre-Run: 67 926 446 080 octets libres
Post-Run: 67 912 192 000 octets libres

240 --- E O F --- 2009-06-01 09:41

AbOdy · 1 يونيو 2009

باقي عندك هالقيمه احذفها

O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\user\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\user\Application Data\CyberScrub\Privacy Suite"

وكيف وضع الجهاز عندك ؟؟

محرز · 1 يونيو 2009

نفس المشكل المروحة تعمل بقوة

محرز · 1 يونيو 2009

وتصدر ضجيجا مع انني انظفها باستمرار

AbOdy · 1 يونيو 2009

يا الغلا المروحه تتنظف بين كل 6 شهور

وتنظيفها بستمرار يسبب بعطلها

وعلى فكرة صوت المروحه ماله علاقه في الجهاز والفيروسات ومن هالكلام

صوت المروحه مشكلة خارجيه

وإذا حاب تتأكد شوف وده فني صيانه خله يغير لك المروحه او يشيك لك عليها

مع اني على ثقه بأن اكثر الأجهزه تصدر صوت من المروحه مزعج بعض الشيء

موفق يارب

محرز · 1 يونيو 2009

يا غالي لم اقل انني انظف المروحة كل يوم بل قلت باستمرار يعني كل فترة من 4 اشهر بمعني انني اقوم بصيانة الجهاز و كل القطع باستمرار و بالنسبة لصوت المروحة منذ ان اشتريت جهازي منذ سنتين لم تصدلر اي ضجيج قوي ولكن اليوم تهيج جهازي واصبحت المروحة تدور بقوة

AbOdy · 1 يونيو 2009

والله يا الغالي مشكلتك لا انا ولا بقية الأعضاء رح يفيدوك فيها

مشكلتك لازم فني يشيك على المروحه

محرز · 1 يونيو 2009

مشكور اخي الكريم علي تعبك معيا ارجو الا اكون اتعبتك

AbOdy · 1 يونيو 2009

العفو يا الغالي

مافي تعب وانا اخوك

محرز · 1 يونيو 2009

مشكور اخي

زيزوومي جديد

عضو شرف

توقيع : AbOdy

زيزوومي جديد

زيزوومي جديد

عضو شرف

توقيع : AbOdy

زيزوومي نشيط

زيزوومي نشيط

عضو شرف

توقيع : AbOdy

زيزوومي جديد

عضو شرف

توقيع : AbOdy

زيزوومي جديد

زيزوومي جديد

عضو شرف

توقيع : AbOdy

زيزوومي جديد

عضو شرف

توقيع : AbOdy

زيزوومي جديد

عضو شرف

توقيع : AbOdy

زيزوومي جديد