مشكله في الفوتو شوب وبعض البرامج

زهرة النسرين · 2 يونيو 2009

السلام عليكم ورحمة الله وبركاته

لدي مشكله بالجهاز اريد لها حل في بعض البرامج لما افتحه تطلع معي هالرساله :?:

انشاءالله الاقي الحل عندكم ابي حل ضروري :er:

algnral · 2 يونيو 2009

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

OR

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة ==> انسخه والصقه بردك القادم

زهرة النسرين · 3 يونيو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:44:13 م, on 03/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Registry Fast\RegFast.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RegFast.exe] C:\Program Files\Registry Fast\RegFast.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\XPPRESP3\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter hijack: text/html - (no CLSID) - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: خدمة تحديث Google (gupdate1c9bc22c4939acc) (gupdate1c9bc22c4939acc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe
--
End of file - 9737 bytes

O_SHABE · 4 يونيو 2009

قومى بحذف هذه القيم

C:\Documents and Settings\tazebama.dl_

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O4 - HKLM\..\Run: [RegFast.exe] C:\Program Files\Registry Fast\RegFast.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

طريقة الحذف

صمت السكوت · 4 يونيو 2009

يفضل عدم حذف اي شي لان الجهاز مصاب بدودة Worm.win32.mabezat.b

طبق التالي

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وأغلق جميع البرامج

قم بتعطيل استعادة النظام كما في الشرح

شغلها فتظهر لك واجهة الاداة

اختر خيار التنظيف فتظهر شاشة الدوس للفحص

اتركها حتى تنتهي ويظهر التقريرارفقه بردك القادم + تقرير هايجاك جديد

زهرة النسرين · 4 يونيو 2009

حذفت بعض القيم قبل لا اشوف رد خلود :no:

الرابط مابفتح عندي لانه لدي مشكله في الأكسبلورر ممكن تنزله على مركز تحميل بحيث يكون على شكل رابط :b:

صمت السكوت · 4 يونيو 2009

قم بتعطيل استعادة النظام كما في الشرح

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعد الانتهاء ارفق تقرير اداة الكاسبر + تقرير هايجاك جديد

زهرة النسرين · 4 يونيو 2009

كل ما اجي اعمل له سكان يعيد التشغيل:?:

rd-19 · 4 يونيو 2009

سوي له اسكان عن طريق الوضع الامن ( السيف مود)

طريقة اعد تشغيل الجهاز ثم f8 كم مره بيجيك خيارات كثيره من ضمنها سيف مود اول واحد فوق

زهرة النسرين · 5 يونيو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:29 ص, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: is-JSBDQ.lnk = C:\Documents and Settings\XPPRESP3\Desktop\Virus Removal Tool\is-JSBDQ\startup.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\XPPRESP3\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter hijack: text/html - (no CLSID) - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: خدمة تحديث Google (gupdate1c9bc22c4939acc) (gupdate1c9bc22c4939acc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe
--
End of file - 9385 bytes

rd-19 · 5 يونيو 2009

وبعد الانتهاء ارفق تقرير اداة الكاسبر .؟.؟.؟

وينها

زهرة النسرين · 5 يونيو 2009

تقرير أداة الكاسبر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

زهرة النسرين · 5 يونيو 2009

وينكم ماحد رد علي ؟؟

rd-19 · 5 يونيو 2009

اسمعيني الله يعافيك

وقفي برنامج الحمايه ثم تحميل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

اثناء الفحص ممكن يعاد تشغيل الجهاز

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى

+ تقرير هاكات جديد

صمت السكوت · 5 يونيو 2009

اعيدي تشغيل الجهاز لتأكيد حذف الفايروسات ثم اعملي تقرير هايجاك جديد

زهرة النسرين · 5 يونيو 2009

الرابط مايعمل عندي لانه عندي مشكله في الاكسبلورر ممكن ترفع الأداه على رابط ثاني :b:

rd-19 · 5 يونيو 2009

استخدمي هذا المتصفح

جربي على برنامج الري بلير اذا كان موجود عندك 11

زهرة النسرين · 5 يونيو 2009

ComboFix 09-06-04.A1 - XPPRESP3 06/05/2009 19:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.495.148 [GMT 3:00]
Running from: c:\documents and settings\XPPRESP3\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\XPPRESP3\Application Data\tazebama
c:\documents and settings\XPPRESP3\Application Data\tazebama\tazebama.log
c:\documents and settings\XPPRESP3\Application Data\tazebama\zPharaoh.dat
c:\windows\autorun.inf
c:\windows\IE4 Error Log.txt
c:\windows\mainms.vpi
c:\windows\system32\_003097_.tmp.dll
c:\windows\system32\_003099_.tmp.dll
c:\windows\system32\_003104_.tmp.dll
c:\windows\system32\_003106_.tmp.dll
c:\windows\system32\_003107_.tmp.dll
c:\windows\system32\_003108_.tmp.dll
c:\windows\system32\_003109_.tmp.dll
c:\windows\system32\_003111_.tmp.dll
c:\windows\system32\_003112_.tmp.dll
c:\windows\system32\_003114_.tmp.dll
c:\windows\system32\_003115_.tmp.dll
c:\windows\system32\_003116_.tmp.dll
c:\windows\system32\_003118_.tmp.dll
c:\windows\system32\_003119_.tmp.dll
c:\windows\system32\_003120_.tmp.dll
c:\windows\system32\_003121_.tmp.dll
c:\windows\system32\_003122_.tmp.dll
c:\windows\system32\_003125_.tmp.dll
c:\windows\system32\_003126_.tmp.dll
c:\windows\system32\_003127_.tmp.dll
c:\windows\system32\_003128_.tmp.dll
c:\windows\system32\_003130_.tmp.dll
c:\windows\system32\_003131_.tmp.dll
c:\windows\system32\_003132_.tmp.dll
c:\windows\system32\_003133_.tmp.dll
c:\windows\system32\_003134_.tmp.dll
c:\windows\system32\_003135_.tmp.dll
c:\windows\system32\_003137_.tmp.dll
c:\windows\system32\_003138_.tmp.dll
c:\windows\system32\_003139_.tmp.dll
c:\windows\system32\_003140_.tmp.dll
c:\windows\system32\_003141_.tmp.dll
c:\windows\system32\_003143_.tmp.dll
c:\windows\system32\_003144_.tmp.dll
c:\windows\system32\_003145_.tmp.dll
c:\windows\system32\_003146_.tmp.dll
c:\windows\system32\_003147_.tmp.dll
c:\windows\system32\_003148_.tmp.dll
c:\windows\system32\_003149_.tmp.dll
c:\windows\system32\_003150_.tmp.dll
c:\windows\system32\_003151_.tmp.dll
c:\windows\system32\_003152_.tmp.dll
c:\windows\system32\_003153_.tmp.dll
c:\windows\system32\_003154_.tmp.dll
c:\windows\system32\_003155_.tmp.dll
c:\windows\system32\_003157_.tmp.dll
c:\windows\system32\_003158_.tmp.dll
c:\windows\system32\_003159_.tmp.dll
c:\windows\system32\_003160_.tmp.dll
c:\windows\system32\_003161_.tmp.dll
c:\windows\system32\_003162_.tmp.dll
c:\windows\system32\_003163_.tmp.dll
c:\windows\system32\_003164_.tmp.dll
c:\windows\system32\_003165_.tmp.dll
c:\windows\system32\_003166_.tmp.dll
c:\windows\system32\_003168_.tmp.dll
c:\windows\system32\_003170_.tmp.dll
c:\windows\system32\_003171_.tmp.dll
c:\windows\system32\_003172_.tmp.dll
c:\windows\system32\_003173_.tmp.dll
c:\windows\system32\_003174_.tmp.dll
c:\windows\system32\_003175_.tmp.dll
c:\windows\system32\_003176_.tmp.dll
c:\windows\system32\_003178_.tmp.dll
c:\windows\system32\_003179_.tmp.dll
c:\windows\system32\_003180_.tmp.dll
c:\windows\system32\_003181_.tmp.dll
c:\windows\system32\_003182_.tmp.dll
c:\windows\system32\_003183_.tmp.dll
c:\windows\system32\_003184_.tmp.dll
c:\windows\system32\_003185_.tmp.dll
c:\windows\system32\_003187_.tmp.dll
c:\windows\system32\_003188_.tmp.dll
c:\windows\system32\_003189_.tmp.dll
c:\windows\system32\_003190_.tmp.dll
c:\windows\system32\_003193_.tmp.dll
c:\windows\system32\_003194_.tmp.dll
c:\windows\system32\_003196_.tmp.dll
c:\windows\system32\_003197_.tmp.dll
c:\windows\system32\_003198_.tmp.dll
c:\windows\system32\_003199_.tmp.dll
c:\windows\system32\_003201_.tmp.dll
c:\windows\system32\_003202_.tmp.dll
c:\windows\system32\_003203_.tmp.dll
c:\windows\system32\_003204_.tmp.dll
c:\windows\system32\_003205_.tmp.dll
c:\windows\system32\_003206_.tmp.dll
c:\windows\system32\_003207_.tmp.dll
c:\windows\system32\_003208_.tmp.dll
c:\windows\system32\_003211_.tmp.dll
c:\windows\system32\_003212_.tmp.dll
c:\windows\system32\_003213_.tmp.dll
c:\windows\system32\_003214_.tmp.dll
c:\windows\system32\_003215_.tmp.dll
c:\windows\system32\_003216_.tmp.dll
c:\windows\system32\_003217_.tmp.dll
c:\windows\system32\_003219_.tmp.dll
c:\windows\system32\_003220_.tmp.dll
c:\windows\system32\_003221_.tmp.dll
c:\windows\system32\_003222_.tmp.dll
c:\windows\system32\_003223_.tmp.dll
c:\windows\system32\_003225_.tmp.dll
c:\windows\system32\_003228_.tmp.dll
c:\windows\system32\_003229_.tmp.dll
c:\windows\system32\_003233_.tmp.dll
c:\windows\system32\_003234_.tmp.dll
c:\windows\system32\_003236_.tmp.dll
c:\windows\system32\_003238_.tmp.dll
c:\windows\system32\_003240_.tmp.dll
c:\windows\system32\_003241_.tmp.dll
c:\windows\system32\_003242_.tmp.dll
c:\windows\system32\_003243_.tmp.dll
c:\windows\system32\_003246_.tmp.dll
c:\windows\system32\_003247_.tmp.dll
c:\windows\system32\_003248_.tmp.dll
c:\windows\system32\_003249_.tmp.dll
c:\windows\system32\_003250_.tmp.dll
c:\windows\system32\_003255_.tmp.dll
c:\windows\system32\_003257_.tmp.dll
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
c:\windows\system32\mfc45.dll
c:\windows\system32\msconfig.exe
C:\zPharaoh.exe
D:\Autorun.inf
D:\zPharaoh.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4

((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 16:24 . 2009-06-05 16:25 155533 --sh--r- C:\zPharaoh.exe
2009-06-05 16:24 . 2009-06-05 16:25 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\tazebama
2009-06-05 16:24 . 2009-06-05 16:24 -------- d-----w- c:\windows\system32\xircom
2009-06-05 16:24 . 2009-06-05 16:24 -------- d-----w- c:\windows\system32\wbem\snmp
2009-06-05 16:24 . 2009-06-05 16:24 -------- d-----w- c:\program files\microsoft frontpage
2009-05-29 09:39 . 2009-05-29 09:42 32919 ----a-w- c:\documents and settings\XPPRESP3\Application Data\IDM\DwnlData\XPPRESP3\IE8-WindowsXP-x86-ENU_3363\IE8-WindowsXP-x86-ENU.exe
2009-05-28 22:29 . 2009-05-28 22:29 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-24 15:58 . 2009-06-05 16:24 32768 ----a-w- c:\documents and settings\tazebama.dll
2009-05-22 10:30 . 2009-05-22 10:37 45056 ----a-w- c:\documents and settings\XPPRESP3\Application Data\IDM\DwnlData\XPPRESP3\WindowsXP-KB946627-x86-ARA_3330\WindowsXP-KB946627-x86-ARA.exe
2009-05-22 09:56 . 2009-05-22 09:56 -------- d-----w- c:\documents and settings\SYSTEM
2009-05-22 09:31 . 2009-05-22 09:36 -------- d-----w- c:\program files\SWiSHmax
2009-05-19 19:04 . 2009-02-20 18:09 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-05-19 19:04 . 2009-02-20 18:09 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-05-19 19:04 . 2009-02-20 18:09 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-05-19 19:04 . 2009-02-20 18:09 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-05-19 19:04 . 2009-02-20 10:20 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-05-19 19:04 . 2009-02-20 18:09 383488 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-05-19 19:04 . 2008-07-09 14:25 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-05-19 19:04 . 2009-02-20 18:09 6066176 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-05-19 18:59 . 2006-06-03 11:40 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll
2009-05-12 16:21 . 2009-05-12 16:21 -------- d-----w- c:\program files\Alwil Software
2009-05-09 10:33 . 2009-05-09 10:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-07 12:01 . 2009-05-07 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-05-07 11:36 . 2009-06-04 18:40 34130647 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ara_web.exe
2009-05-07 11:36 . 2009-02-09 04:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-07 11:36 . 2009-02-09 04:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-07 11:36 . 2009-02-09 04:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-05-07 11:36 . 2009-02-09 04:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-05-07 11:36 . 2009-02-09 04:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-05-07 11:36 . 2009-02-09 04:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-05-07 11:34 . 2009-05-06 22:15 24368104 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\NokiaSoftwareUpdaterSetup_ar.exe
2009-05-07 11:34 . 2009-05-07 11:34 -------- d-----w- c:\program files\MSXML 6.0
2009-05-07 11:34 . 2009-05-07 11:34 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\Sleep.exe
2009-05-07 11:34 . 2009-05-07 11:34 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\msxml6Exec.exe
2009-05-07 11:34 . 2009-05-07 11:34 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\vcredistExec.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 16:27 . 2009-06-04 15:38 62238752 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-05 16:25 . 2007-12-28 22:47 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\DMCache
2009-06-05 16:25 . 2007-12-26 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-05 16:24 . 2009-06-04 15:38 727688 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-05 13:40 . 2009-02-23 21:20 184687 ----a-w- c:\windows\Setup_ck.exe
2009-06-05 13:40 . 2008-12-16 17:14 234863 -c--a-w- c:\windows\SmCfg.exe
2009-06-05 13:40 . 2008-02-16 15:53 277900 -c--a-w- c:\windows\ugndhvf.exe
2009-06-05 13:40 . 2007-12-24 08:16 734575 -c--a-w- c:\windows\SOUNDMAN.EXE
2009-06-05 13:40 . 2007-12-23 19:31 264171 -c--a-w- c:\windows\UninstallFirefox.exe
2009-06-05 13:40 . 2005-09-12 14:13 390511 -c--a-w- c:\windows\UNRecode.exe
2009-06-05 13:40 . 2005-09-12 14:13 390511 -c--a-w- c:\windows\UNNeroVision.exe
2009-06-05 13:40 . 2005-09-12 14:13 390511 -c--a-w- c:\windows\UNNeroShowTime.exe
2009-06-05 13:40 . 2005-09-12 14:13 390511 -c--a-w- c:\windows\UNNeroMediaHome.exe
2009-06-05 13:40 . 2005-02-23 08:30 193903 -c--a-w- c:\windows\slrundll.exe
2009-06-05 13:40 . 2004-08-04 09:56 440687 -c--a-w- c:\windows\winhlp32.exe
2009-06-05 13:40 . 2001-08-23 14:00 182639 -c--a-w- c:\windows\twunk_32.exe
2009-06-05 13:39 . 2007-12-24 08:16 9867631 -c--a-w- c:\windows\RTLCPL.exe
2009-06-05 13:39 . 2007-12-24 08:16 513391 -c--a-w- c:\windows\RtlUpd.exe
2009-06-05 13:39 . 2007-12-24 08:16 15021423 -c--a-w- c:\windows\RTHDCPL.exe
2009-06-05 13:39 . 2007-12-24 07:19 203391 -c--a-w- c:\windows\setdebug.exe
2009-06-05 13:39 . 2004-08-04 09:56 303471 -c--a-w- c:\windows\regedit.exe
2009-06-05 13:39 . 2007-12-24 08:16 2299247 -c--a-w- c:\windows\MicCal.exe
2009-06-05 13:39 . 2009-02-23 21:20 322927 ----a-w- c:\windows\Ckconfig.exe
2009-06-05 13:39 . 2007-12-24 14:31 374127 -c--a-w- c:\windows\Alcrmv.exe
2009-06-05 13:39 . 2007-12-24 08:16 2964847 -c--a-w- c:\windows\alcwzrd.exe
2009-06-05 13:39 . 2007-12-24 08:16 226671 -c--a-w- c:\windows\Alcmtr.exe
2009-06-05 13:25 . 2009-03-15 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-05 09:30 . 2007-12-24 07:26 230255 -c--a-w- c:\windows\ST6UNST.EXE
2009-06-05 07:32 . 2008-11-18 01:38 545647 -c--a-w- c:\windows\system32\cmd.exe
2009-06-05 07:32 . 2004-08-04 09:56 300399 -c--a-w- c:\windows\system32\mobsync.exe
2009-06-05 07:32 . 2009-04-08 16:36 243055 ----a-w- c:\windows\unvise32.exe
2009-06-05 07:32 . 2009-01-27 15:45 463727 -c--a-w- c:\windows\IsUninst.exe
2009-06-05 07:32 . 2008-12-29 20:10 443759 -c--a-w- c:\windows\iun506.exe
2009-06-05 07:32 . 2007-12-24 07:24 202607 -c--a-w- c:\windows\AKDeInstall.exe
2009-06-05 07:32 . 2007-12-23 19:22 284015 -c--a-w- c:\windows\system32\mshearts.exe
2009-06-05 07:32 . 2007-12-23 19:22 276847 -c--a-w- c:\windows\system32\winmine.exe
2009-06-05 07:32 . 2007-12-23 19:22 213871 -c--a-w- c:\windows\system32\sol.exe
2009-06-05 07:32 . 2007-12-23 19:22 212335 -c--a-w- c:\windows\system32\freecell.exe
2009-06-05 07:32 . 2007-12-23 19:21 695663 -c--a-w- c:\windows\system32\spider.exe
2009-06-05 07:32 . 2004-08-04 09:56 189807 -c--a-w- c:\windows\system32\odbcad32.exe
2009-06-05 07:27 . 2007-12-23 19:22 237423 -c--a-w- c:\windows\system32\charmap.exe
2009-06-05 07:27 . 2007-12-23 19:21 288623 -c--a-w- c:\windows\system32\sndrec32.exe
2009-06-05 07:27 . 2004-08-04 09:56 1357167 -c--a-w- c:\windows\system32\ntbackup.exe
2009-06-05 07:27 . 2001-08-23 14:00 295791 -c--a-w- c:\windows\system32\sndvol32.exe
2009-06-05 07:27 . 2007-12-23 19:22 271727 -c--a-w- c:\windows\system32\calc.exe
2009-06-05 07:27 . 2007-12-23 19:21 500079 -c--a-w- c:\windows\system32\mspaint.exe
2009-06-05 07:27 . 2007-12-23 19:21 564591 -c--a-w- c:\windows\system32\mstsc.exe
2009-06-05 02:59 . 2008-01-06 23:06 47624 -c--a-w- c:\windows\system32\wuwuninst.exe
2009-06-05 02:59 . 2007-12-23 19:23 165888 -c--a-w- c:\windows\system32\wuauclt1.exe
2009-06-05 02:59 . 2004-08-04 09:56 114688 -c--a-w- c:\windows\system32\wscript.exe
2009-06-05 02:59 . 2007-12-24 07:19 171792 -c--a-w- c:\windows\system32\wjview.exe
2009-06-05 02:59 . 2006-10-26 10:45 293376 -c--a-w- c:\windows\system32\WISPTIS.EXE
2009-06-05 02:59 . 2007-12-23 19:22 35328 -c--a-w- c:\windows\system32\winchat.exe
2009-06-05 02:58 . 2004-08-04 09:56 65536 -c--a-w- c:\windows\system32\wextract.exe
2009-06-05 02:58 . 2006-03-17 00:38 28672 -c--a-w- c:\windows\system32\verclsid.exe
2009-06-05 02:58 . 2001-08-17 22:37 69700 -c--a-w- c:\windows\system32\usrshuta.exe
2009-06-05 02:58 . 2001-08-17 22:37 77891 -c--a-w- c:\windows\system32\usrmlnka.exe
2009-06-05 02:58 . 2001-08-17 22:37 61508 -c--a-w- c:\windows\system32\usrprbda.exe
2009-06-05 02:58 . 2008-02-16 15:48 63488 -c--a-w- c:\windows\system32\unam4ie.exe
2009-06-05 02:58 . 2001-08-23 14:00 31744 -c--a-w- c:\windows\system32\tracert6.exe
2009-06-05 02:52 . 2004-08-04 09:56 77312 -c--a-w- c:\windows\system32\sdbinst.exe
2009-06-05 02:52 . 2004-08-04 09:56 9216 -c--a-w- c:\windows\system32\scrnsave.scr
2009-06-05 02:52 . 2007-12-24 14:31 10518528 -c--a-w- c:\windows\system32\RTLCPL.EXE
2009-06-05 02:52 . 2004-08-04 09:56 77312 -c--a-w- c:\windows\system32\rtcshare.exe
2009-06-05 02:52 . 2001-08-23 14:00 25600 -c--a-w- c:\windows\system32\routemon.exe
2009-06-05 02:52 . 2007-12-23 19:21 62464 -c--a-w- c:\windows\system32\rdpclip.exe
2009-06-05 02:52 . 2004-08-04 09:56 50176 -c--a-w- c:\windows\system32\proquota.exe
2009-06-05 02:52 . 2004-08-04 09:56 49152 -c--a-w- c:\windows\system32\powercfg.exe
2009-06-05 02:52 . 2001-08-23 14:00 33280 -c--a-w- c:\windows\system32\ping6.exe
2009-06-05 02:52 . 2004-08-04 09:56 69632 -c--a-w- c:\windows\system32\odbcconf.exe
2009-06-05 02:52 . 2001-08-23 14:00 126464 -c--a-w- c:\windows\system32\nwscript.exe
2009-06-05 02:52 . 2008-11-18 01:38 419840 -c--a-w- c:\windows\system32\ntvdm.exe
2009-06-05 02:51 . 2004-08-04 09:56 36864 -c--a-w- c:\windows\system32\netstat.exe
2009-06-05 02:51 . 2004-08-04 10:02 329728 -c--a-w- c:\windows\system32\netsetup.exe
2009-06-05 02:51 . 2004-08-04 09:56 42496 -c--a-w- c:\windows\system32\net.exe
2009-06-05 02:51 . 2004-08-04 09:56 29184 ----a-w- c:\windows\system32\mshta.exe
2009-06-05 02:50 . 2001-08-23 14:00 22016 -c--a-w- c:\windows\system32\mpnotify.exe
2009-06-05 02:50 . 2007-12-23 19:21 123392 -c--a-w- c:\windows\system32\mplay32.exe
2009-06-05 02:50 . 1999-12-11 00:45 8636 -c--a-w- c:\windows\system32\modifyPE.exe
2009-06-05 02:50 . 2008-12-16 17:14 180224 -c--a-w- c:\windows\system32\minirec.exe
2009-06-05 02:50 . 2009-01-08 13:56 750984 -c--a-w- c:\windows\system32\Magentic Screensaver.scr
2009-06-05 02:50 . 2004-08-04 09:56 514560 -c--a-w- c:\windows\system32\logonui.exe
2009-06-05 02:50 . 2005-08-15 15:17 96768 -c--a-w- c:\windows\system32\logagent.exe
2009-06-05 02:50 . 2007-12-24 07:19 172304 -c--a-w- c:\windows\system32\jview.exe
2009-06-05 02:50 . 2004-08-04 09:56 53248 -c--a-w- c:\windows\system32\ipv6.exe
2009-06-05 02:50 . 2001-08-23 14:00 44032 -c--a-w- c:\windows\system32\ipsec6.exe
2009-06-05 02:50 . 2008-12-17 06:34 155648 -c--a-w- c:\windows\system32\igfxtray.exe
2009-06-05 02:48 . 2004-08-04 09:56 163840 -c--a-w- c:\windows\system32\diskpart.exe
2009-06-05 02:48 . 2008-03-25 20:02 5206016 -c--a-w- c:\windows\system32\Desktop Butterflies 3D Screensaver.scr
2009-06-05 02:48 . 2004-08-04 09:56 30208 -c--a-w- c:\windows\system32\ddeshare.exe
2009-06-05 02:48 . 2004-08-04 09:56 98304 -c--a-w- c:\windows\system32\cscript.exe
2009-06-05 02:48 . 2007-12-24 07:19 49424 -c--a-w- c:\windows\system32\clspack.exe
2009-06-05 02:48 . 2004-08-04 09:56 56320 -c--a-w- c:\windows\system32\cipher.exe
2009-06-05 02:48 . 2007-12-24 08:16 40960 -c--a-w- c:\windows\system32\ChCfg.exe
2009-06-05 02:48 . 2008-12-27 18:15 4839719 -c--a-w- c:\windows\system32\Butterflies.scr
2009-06-05 02:47 . 2004-08-04 09:56 32768 -c--a-w- c:\windows\system32\asr_pfu.exe
2009-06-05 02:47 . 2001-08-23 14:00 19456 -c--a-w- c:\windows\system32\arp.exe
2009-06-05 02:47 . 2004-08-04 09:56 98304 -c--a-w- c:\windows\system32\ahui.exe
2009-06-05 02:05 . 2007-12-23 19:43 3374640 -c--a-w- c:\windows\help\Tours\mmTour\mui\0401\tour.exe
2009-06-04 19:11 . 2009-04-13 04:40 547703 ----a-w- c:\documents and settings\XPPRESP3\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2008-07-02 18:36 . 2008-12-12 00:13 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-02 18:36 . 2008-12-12 00:13 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-02 18:36 . 2008-12-12 00:13 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-07-02 18:36 . 2008-12-12 00:13 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-02 18:36 . 2008-12-12 00:13 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-13 02:30 . 2008-01-13 02:30 88 -csh--r- c:\windows\system32\0440AACFB9.sys
2008-01-13 02:30 . 2008-01-13 02:30 952 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2009-05-22 09:56 1190255 64E363DB3A598095AA7EE2DA5C40DBA2 c:\windows\explorer.exe
[-] 2009-06-05 01:40 1033216 CBFD4A7CA28248CA7DDA514B59FD2C31 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2009-06-05 01:48 1032192 F6958F4071D403BF66BCAABC6470A23F c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2009-06-05 02:34 1033728 D0806AED134EA4E93321789A2437CC1E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2009-06-05 02:43 26112 D6252082BD78DFFFA5F15EFC63D18A81 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2009-06-04 15:44 24576 1FD6849973F52DA996D17F766EA9B4DC c:\windows\system32\userinit.exe
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2005-12-19 17:49 1580544 784DDC1F40C4F729284D5A73930F0C9D c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-09 938496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-13 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-06-04 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2004-08-04 99840]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2009-06-04 44544]
c:\documents and settings\XPPRESP3\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-24 270703]
is-JSBDQ.lnk - c:\documents and settings\XPPRESP3\Desktop\Virus Removal Tool\is-JSBDQ\startup.exe [2009-6-4 65536]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon LBP-810-Statusfenster.LNK]
backup=c:\windows\pss\Canon LBP-810-Statusfenster.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Key.lnk]
backup=c:\windows\pss\Media Key.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dumb Meet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Grey pop cake audio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Online TV Player 4\\TVPlayer.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\XPPRESP3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\XPPRESP3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*

isabled

xpsp2res.dll,-22009
R1 is-JSBDQdrv;is-JSBDQdrv;c:\windows\system32\drivers\74792578.sys [04/06/2009 06:38 م 148496]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [27/01/2009 06:45 م 12856]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [27/01/2009 06:45 م 8576]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [23/12/2008 06:29 م 22912]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [15/10/2007 06:32 م 237784]
S2 gupdate1c9bc22c4939acc;خدمة تحديث Google (gupdate1c9bc22c4939acc);c:\program files\Google\Update\GoogleUpdate.exe [13/04/2009 01:29 م 133104]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [07/08/2003 04:42 م 6528]
S3 GNDHVF;Genius VideoCAM Smart300 V2;c:\windows\system32\drivers\gndhvf.sys [16/02/2008 06:53 م 225152]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - HELPSVC
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
WmdmPmSN
wuauserv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2009-06-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 10:29]
2009-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-343818398-682003330-1001.job
- c:\documents and settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 19:27]
2009-06-05 c:\windows\Tasks\Norton Security Scan for XPPRESP3.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 12:54]
.
- - - - ORPHANS REMOVED - - - -
Notify-dimsntfy - (no file)
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local
IE: Compare Prices with &Dealio - c:\documents and settings\XPPRESP3\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath -
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
txtfile=NOTEPAD %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-05 19:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0c063e16-9741-4916-bcef-3dcb0f45c4da}]
@Denied: (Full) (Everyone)
"Model"=dword:00000067
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c2,d7,24,82,45,3b,c3,3e,6f,82,14,ae,44,c2,42,c6,4f,4e,7b,4a,f1,
86,87,ed,b8,a4,0b,e8,48,bd,52,c4,e6,a7,ac,ff,eb,73,7f,ea,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6d,15,1f,5e,1d,74,b8,e4,26,88,b9,eb,0d,3f,e0,16,d3,fb,c4,11,f5,
90,5c,0c,38,96,4c,1f,df,17,19,dd,ed,e5,d3,4a,8a,8e,62,77,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a5746d5f-59dd-4cc9-9c65-a6188d5c643f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000062
"Therad"=dword:00000001
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,ab,81,70,e5,ff,6d,c8,6d,13,34,d4,ec,91,6f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F90BA618-B174-5930-86F7-BD23749F1E4C}\InProcServer32*]
"kajngccjabphghdbhecjeg"=hex:62,61,6a,67,00,8e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(468)
c:\windows\system32\GTGina.dll
- - - - - - - > 'explorer.exe'(3848)
c:\documents and settings\tazebama.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\WdfMgr.exe
c:\documents and settings\tazebama.dl_
c:\windows\system32\CAPRPCSK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
.
**************************************************************************
.
Completion time: 2009-06-05 19:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 16:30
Pre-Run: 16,304,680,960 bytes free
Post-Run: 16,548,937,728 bytes free
537 --- E O F --- 2009-05-31 21:40

زهرة النسرين · 5 يونيو 2009

تقرير هكات جديد

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:34:28 م, on 05/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: is-JSBDQ.lnk = C:\Documents and Settings\XPPRESP3\Desktop\Virus Removal Tool\is-JSBDQ\startup.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\XPPRESP3\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: cisvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: خدمة تحديث Google (gupdate1c9bc22c4939acc) (gupdate1c9bc22c4939acc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe
--
End of file - 8497 bytes

صمت السكوت · 5 يونيو 2009

اختي اعمل فحص مره اخرى باداة الكاسبر الي عطيتك في بداية الموضوع بعد تعطيل نقطة استعادة النظام وبعد الانتهاء من الفحص اعيدي تشغيل الجهاز ثم ارفقي تقرير اداة الكاسبر + تقريرالهايجاك الفيروس لم يحذف الى الان

زيزوومي جديد

زيزوومى مميز

توقيع : algnral

زيزوومي جديد

زيزوومي جديد

زيزوومى محترف

توقيع : صمت السكوت

زيزوومي جديد

زيزوومى محترف

توقيع : صمت السكوت

زيزوومي جديد

زيزوومى فضى

زيزوومي جديد

زيزوومى فضى

زيزوومي جديد

زيزوومي جديد

زيزوومى فضى

زيزوومى محترف

توقيع : صمت السكوت

زيزوومي جديد

زيزوومى فضى

زيزوومي جديد

زيزوومي جديد

زيزوومى محترف

توقيع : صمت السكوت