فيرووس جنني الرجاء المساعدة

[rateb2009]

السلام عليكم انا عندي فيروس مجنني كل ما ثبت مكافح فايروس بيحذفو او بيضرب اقلاعو وبادارة الاجهزة بيطلع رمز الفلوبي مثبت وانا ماعندي فلوبي وبيضل ضوء المعالج شغال باستمرار اذا عنكم حل غير الفرمتة افيدونا جزاكم الله خيرا

 

[xXxzaidxXx]

اخي نزل هذه الاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وفعلها واحذف الفيروسات يلي عندك وبعدين حمل برنامج الحماية بانتضار رررردك موفق...​

 

[techno]

المعذرة بنقله للقسم المناسب بالتوفيق
​

 

[MAAX]

الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم​

 

[rateb2009]

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:11:03 ص, on 06/06/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\WINDOWS\System32\TUProgSt.exeC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeF:\Skype v3.8\Skype.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra button: PDF Suite - {EE8D6672-6616-43E6-B42D-2EEBE3A090A7} - C:\Program Files\PDF Suite\IE_Plugin.dll (HKCU)O9 - Extra 'Tools' menuitem: Convert with PDF Suite - {EE8D6672-6616-43E6-B42D-2EEBE3A090A7} - C:\Program Files\PDF Suite\IE_Plugin.dll (HKCU)O17 - HKLM\System\CCS\Services\Tcpip\..\{C59AAC90-EE7B-4BCB-9B7E-CE57F827DF4F}: NameServer = 82.137.216.11 82.137.216.10O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exeO23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exeO23 - Service: Virtual CD v9 Management Service (VC9SecS) - Unknown owner - C:\Program Files\Virtual CD v9\System\VC9SecS.exe (file missing)--End of file - 5020 bytes

 

[MAAX]

اعد لصق التقرير بشكل صحيح

 

[rateb2009]

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:05:34 ص, on 08/06/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\WINDOWS\System32\TUProgSt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = speed.cec.cy:3128R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dllO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htmO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra button: PDF Suite - {EE8D6672-6616-43E6-B42D-2EEBE3A090A7} - C:\Program Files\PDF Suite\IE_Plugin.dll (HKCU)O9 - Extra 'Tools' menuitem: Convert with PDF Suite - {EE8D6672-6616-43E6-B42D-2EEBE3A090A7} - C:\Program Files\PDF Suite\IE_Plugin.dll (HKCU)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exeO23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exeO23 - Service: Virtual CD v9 Management Service (VC9SecS) - Unknown owner - C:\Program Files\Virtual CD v9\System\VC9SecS.exe (file missing)--End of file - 5115 bytes

 

[MAAX]

اخي ارفع المفكرة كملة هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[rateb2009]

تم رفعها بعد تغيير الصيغة ل txt

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[MAAX]

طيب اخي وين رابط التحميل ؟

 

[rateb2009]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[rateb2009]

طيب اخي وين رابط التحميل ؟

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

 

[rateb2009]

ComboFix 09-06-09.06 - rateb2009 06/10/2009 1:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1015.560 [GMT -7:00]
Running from: c:\documents and settings\rateb2009\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\kakle.dll
c:\windows\system32\NTVBSvcW.tlb
c:\windows\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.
2009-06-06 07:09 . 2009-06-06 07:09 -------- d-----w- c:\program files\Trend Micro
2009-06-05 21:16 . 2009-06-05 21:16 -------- d-----w- c:\documents and settings\rateb2009\Local Settings\Application Data\Adobe
2009-06-05 20:07 . 2009-06-05 20:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-05 19:16 . 2009-06-05 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-06-05 19:16 . 2009-06-05 19:16 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-06-05 19:12 . 2009-06-05 19:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 17:55 . 2009-06-05 17:55 -------- d-----w- c:\documents and settings\rateb2009\Local Settings\Application Data\ESET
2009-06-05 17:46 . 2009-06-05 17:46 -------- d-----w- c:\documents and settings\rateb2009\Application Data\ESET
2009-06-05 17:44 . 2009-06-05 17:44 -------- d-----w- c:\program files\ESET
2009-06-05 17:44 . 2009-06-05 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-01 23:42 . 2009-06-01 23:42 -------- d-----w- c:\documents and settings\rateb2009\Application Data\Nokia Multimedia Player
2009-06-01 23:18 . 2009-06-01 23:18 -------- d-----w- c:\documents and settings\rateb2009\Phone Browser
2009-06-01 23:12 . 2009-06-01 23:12 -------- d-----w- c:\program files\DIFX
2009-06-01 23:11 . 2009-06-01 23:11 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-01 23:11 . 2009-06-01 23:12 -------- d-----w- c:\documents and settings\rateb2009\Application Data\PC Suite
2009-06-01 23:11 . 2009-06-01 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-06-01 23:11 . 2009-06-01 23:11 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-01 23:10 . 2006-05-29 15:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-01 23:10 . 2009-06-01 23:11 -------- d-----w- c:\program files\Nokia
2009-06-01 22:47 . 2009-06-01 22:47 8704 ----a-w- c:\documents and settings\rateb2009\Application Data\Thinstall\Window Washer\400000a9700002h\wwDisp.exe
2009-06-01 22:42 . 2009-06-01 22:42 7168 ----a-w- c:\documents and settings\rateb2009\Application Data\Thinstall\Advanced Uninstaller PRO - Version 9\4000008100002i\realplay.exe
2009-06-01 22:42 . 2009-06-01 22:42 7168 ----a-w- c:\documents and settings\rateb2009\Application Data\Thinstall\Advanced Uninstaller PRO - Version 9\4000001900002i\iexplore.exe
2009-06-01 22:39 . 2009-06-01 22:39 7168 ----a-w- c:\documents and settings\rateb2009\Application Data\Thinstall\Advanced Uninstaller PRO - Version 9\4ad000006400003i\cmd.exe
2009-06-01 22:39 . 2009-06-01 22:39 7168 ----a-w- c:\documents and settings\rateb2009\Application Data\Thinstall\Advanced Uninstaller PRO - Version 9\4000004d100002i\monitor.exe
2009-06-01 22:37 . 2009-06-01 22:37 7168 ----a-w- c:\documents and settings\rateb2009\Application Data\Thinstall\Advanced Uninstaller PRO - Version 9\4000004b00002i\iun506.exe
2009-06-01 22:36 . 2009-06-01 22:36 -------- d-----w- c:\documents and settings\rateb2009\Local Settings\Application Data\Innovative Solutions
2009-06-01 22:36 . 2009-06-01 22:36 7168 ----a-w- c:\documents and settings\rateb2009\Application Data\Thinstall\Advanced Uninstaller PRO - Version 9\400000fc000002i\uninstaller.exe
2009-05-30 05:43 . 2009-06-10 08:25 -------- d-----w- c:\documents and settings\rateb2009\Application Data\Skype
2009-05-30 05:42 . 2009-05-30 05:42 32768 ----a-w- c:\documents and settings\rateb2009\Application Data\Thinstall\Google Talk (remove only)\4000003a000002h\googletalk.exe
2009-05-29 01:57 . 2009-05-29 01:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\myBabylon_English
2009-05-29 01:57 . 2009-05-29 01:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-21 07:59 . 2007-04-05 01:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-05-21 07:58 . 2009-05-21 07:58 -------- d-----w- c:\windows\Logs
2009-05-21 05:20 . 2009-05-21 05:20 8854 ----a-r- c:\documents and settings\rateb2009\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-21 05:20 . 2009-05-21 05:20 40960 ----a-r- c:\documents and settings\rateb2009\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-21 05:20 . 2009-05-21 05:20 40960 ----a-r- c:\documents and settings\rateb2009\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-05-21 05:20 . 2009-05-21 05:21 -------- d-----w- c:\program files\Project64 1.6
2009-05-19 01:25 . 2009-05-19 01:25 16 ----a-w- c:\windows\popcinfo.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 06:56 . 2009-05-11 02:51 -------- d-----w- c:\program files\Zen Puzzle Garden
2009-06-07 09:28 . 2009-04-19 10:02 -------- d-----w- c:\program files\Yahoo!
2009-06-07 07:45 . 2009-04-19 10:03 -------- d-----w- c:\documents and settings\rateb2009\Application Data\Yahoo!
2009-06-07 02:40 . 2009-05-11 02:44 -------- d-----w- c:\program files\TeamUp
2009-06-06 07:14 . 2009-04-20 05:04 34616 ----a-w- c:\documents and settings\rateb2009\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 17:55 . 2009-05-07 09:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-05 17:42 . 2009-06-05 17:42 -------- d-----w- c:\documents and settings\rateb2009\Application Data\ESET_Smart_Security_3.0.669
2009-06-04 06:28 . 2009-05-11 02:37 -------- d-----w- c:\program files\Puzzle Express
2009-06-04 04:45 . 2009-05-08 21:28 -------- d-----w- c:\program files\Fishing Trip
2009-06-02 00:35 . 2009-05-11 01:42 -------- d-----w- c:\program files\Avalanche
2009-06-01 22:47 . 2009-04-30 17:59 -------- d-----w- c:\documents and settings\rateb2009\Application Data\Thinstall
2009-06-01 04:18 . 2009-05-11 02:46 -------- d-----w- c:\program files\Tiny Worlds
2009-05-26 08:08 . 2009-05-11 02:04 -------- d-----w- c:\program files\Circulate
2009-05-25 09:31 . 2009-04-20 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-05-23 03:12 . 2009-05-11 02:49 -------- d-----w- c:\program files\Wonderland Secret Worlds
2009-05-23 02:02 . 2009-04-19 09:38 -------- d-----w- c:\program files\Google
2009-05-22 06:15 . 2009-04-19 09:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-05-19 01:25 . 2009-05-11 02:00 -------- d-----w- c:\program files\Bejeweled 2 Deluxe
2009-05-18 22:29 . 2009-05-11 02:03 -------- d-----w- c:\program files\Chainz
2009-05-18 09:26 . 2009-05-11 02:09 -------- d-----w- c:\program files\Drop! 2
2009-05-14 02:25 . 2009-04-26 10:23 -------- d-----w- c:\program files\Registry Clean Expert
2009-05-12 10:30 . 2009-05-11 02:10 -------- d-----w- c:\program files\Electra
2009-05-12 06:53 . 2009-05-11 02:33 -------- d-----w- c:\program files\Peggle Deluxe
2009-05-11 22:52 . 2009-05-11 02:39 -------- d-----w- c:\program files\Shopping Marathon
2009-05-11 07:55 . 2009-05-11 02:41 -------- d-----w- c:\program files\Spin & Play
2009-05-11 04:11 . 2009-05-11 04:11 -------- d-----w- c:\documents and settings\rateb2009\Application Data\Alawar
2009-05-11 04:11 . 2009-05-11 02:48 -------- d-----w- c:\program files\Tube Twist
2009-05-11 02:53 . 2009-05-11 02:53 -------- d-----w- c:\documents and settings\rateb2009\Application Data\Zen Puzzle Garden
2009-05-11 02:42 . 2009-05-11 02:42 -------- d-----w- c:\program files\Spring Sprang Sprung
2009-05-11 02:40 . 2009-05-11 02:40 -------- d-----w- c:\program files\Snowy Space Trip
2009-05-11 02:35 . 2009-05-11 02:35 -------- d-----w- c:\program files\Pipeline
2009-05-11 02:08 . 2009-05-11 02:07 -------- d-----w- c:\program files\Docker Sokoban
2009-05-11 01:54 . 2009-05-11 01:53 -------- d-----w- c:\program files\Beads
2009-05-11 01:42 . 2009-05-11 01:42 -------- d-----w- c:\program files\ReflexiveArcade
2009-05-09 04:47 . 2009-04-19 18:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-08 21:44 . 2009-05-08 21:43 -------- d-----w- c:\documents and settings\rateb2009\Application Data\Wildfire
2009-05-08 21:43 . 2009-05-08 21:43 4096 ----a-w- c:\windows\d3dx.dat
2009-05-08 21:23 . 2009-05-08 21:23 -------- d-----w- c:\program files\Fireman
2009-05-08 21:09 . 2009-05-08 21:07 -------- d-----w- c:\program files\BFG
2009-05-08 21:07 . 2009-05-08 21:07 -------- d-----w- c:\program files\Qua Qua
2009-05-08 21:06 . 2009-05-08 21:02 -------- d-----w- c:\program files\netGangsters
2009-05-08 20:54 . 2009-05-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-05-08 20:54 . 2009-05-08 20:54 -------- d-----w- c:\program files\MumboJumbo
2009-05-08 20:53 . 2009-05-08 20:43 -------- d-----w- c:\program files\iWin.com
2009-05-08 20:43 . 2009-05-08 20:43 -------- d-----w- c:\documents and settings\rateb2009\Application Data\iWin
2009-05-08 07:59 . 2009-04-20 09:21 -------- d-----w- c:\program files\PC 2 Answering Machine Pro
2009-05-07 23:22 . 2009-05-07 23:20 170794 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-05-07 23:22 . 2009-05-07 23:20 159420 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1025.dat
2009-05-07 23:12 . 2009-05-07 23:10 -------- d-----w- c:\program files\AAAScreenCaptureV2.1
2009-05-07 23:06 . 2009-05-07 23:06 -------- d-----w- c:\program files\برنامج البرامج المخفية العربي
2009-05-07 22:39 . 2009-05-07 22:39 720896 ----a-w- c:\windows\iun6002.exe
2009-05-07 22:37 . 2009-05-07 22:37 -------- d-----w- c:\program files\Macromedia
2009-05-07 22:36 . 2009-04-19 18:36 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-07 22:31 . 2009-05-07 22:31 -------- d-----w- c:\program files\Flash2X
2009-05-07 09:29 . 2009-05-07 09:29 286720 ----a-w- c:\windows\iun506.exe
2009-05-07 09:25 . 2009-05-07 09:25 -------- d-----w- c:\program files\الموسوعة القرآنية الشاملة
2009-05-07 09:25 . 2009-05-07 09:25 720896 ----a-w- c:\windows\iun6002ev.exe
2009-05-07 09:13 . 2009-05-07 09:13 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-07 09:13 . 2009-05-07 09:13 -------- d-----w- c:\documents and settings\rateb2009\Application Data\DAEMON Tools
2009-05-07 08:39 . 2009-05-07 08:29 -------- d-----w- c:\program files\IncrediMail
2009-05-07 08:35 . 2009-05-07 08:27 -------- d-----w- c:\program files\3D Real Boxshot
2009-05-06 20:57 . 2009-05-06 20:57 -------- d-----w- c:\documents and settings\rateb2009\Application Data\Apple Computer
2009-05-05 21:18 . 2009-04-20 09:22 -------- d-----w- c:\documents and settings\rateb2009\Application Data\Babylon
2009-04-30 21:20 . 2009-04-21 05:29 -------- d-----w- c:\program files\Windows Live
2009-04-30 19:40 . 2009-04-30 19:40 -------- d-----w- c:\program files\Common Files\Windows Live
2009-04-30 17:59 . 2009-04-30 17:59 8704 ----a-w- c:\documents and settings\rateb2009\Application Data\Thinstall\Camtasia Studio 5\400000d00002i\TSCHelp.exe
2009-04-29 03:44 . 2009-04-20 09:00 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-04-26 10:17 . 2009-04-26 10:17 -------- d-----w- c:\program files\The Dictionary
2009-04-25 06:07 . 2009-04-25 06:07 675328 ----a-w- c:\windows\is-SI66Q.exe
2009-04-25 06:07 . 2009-04-25 06:07 -------- d-----w- c:\program files\Ozone
2009-04-25 05:59 . 2009-04-25 05:59 -------- d-----w- c:\program files\DietMP3
2009-04-24 20:35 . 2009-04-20 08:52 -------- d-----w- c:\program files\Startup Faster
2009-04-24 19:00 . 2009-04-24 19:00 -------- d-----w- c:\program files\Common Files\xing shared
2009-04-24 19:00 . 2009-04-24 18:58 -------- d-----w- c:\program files\Real
2009-04-24 18:59 . 2009-04-24 18:59 -------- d-----w- c:\program files\Common Files\Real
2009-04-23 09:32 . 2009-04-23 09:32 -------- d-----w- c:\program files\PhotoZoom Professional
2009-04-22 00:28 . 2009-04-22 00:28 -------- d-----w- c:\documents and settings\rateb2009\Application Data\7Wonders
2009-04-21 05:23 . 2009-04-21 05:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-04-20 09:33 . 2009-04-20 09:32 -------- d-----w- c:\program files\Wise InstallMaster 8.1
2009-04-20 09:32 . 2009-04-20 09:32 -------- d-----w- c:\program files\Seagate Software
2009-04-20 09:25 . 2009-04-20 09:25 -------- d-----w- c:\program files\Text to Speech Maker
2009-04-20 09:23 . 2009-04-20 09:23 -------- d-----w- c:\program files\Conduit
2009-04-20 09:23 . 2009-04-20 09:23 -------- d-----w- c:\program files\myBabylon_English
2009-04-20 09:23 . 2009-04-20 09:23 -------- d-----w- c:\program files\Babylon
2009-04-20 09:14 . 2009-04-20 09:14 -------- d-----w- c:\program files\PDF Suite
2009-04-20 09:11 . 2009-04-20 09:08 -------- d-----w- c:\program files\WinZip Self-Extractor
2009-04-20 09:00 . 2009-04-20 09:00 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-04-20 09:00 . 2009-04-20 09:00 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-04-20 09:00 . 2009-04-20 09:00 -------- d-----w- c:\documents and settings\rateb2009\Application Data\TuneUp Software
2009-04-20 09:00 . 2009-04-20 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-04-20 08:59 . 2009-04-20 08:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-20 08:58 . 2009-04-20 08:58 -------- d-----w- c:\program files\SuperSpeed
2009-04-20 08:56 . 2009-04-20 08:56 -------- d-----w- c:\program files\Acesoft
2009-04-20 08:53 . 2009-04-20 08:53 -------- d-----w- c:\documents and settings\rateb2009\Application Data\URSoft
2009-04-20 08:50 . 2009-04-20 08:50 -------- d-----w- c:\program files\Magellass
2009-04-20 08:40 . 2009-04-20 08:40 -------- d-----w- c:\program files\R-Studio
2009-04-20 08:38 . 2009-04-20 08:38 -------- d-----w- c:\program files\Recuva
2009-04-20 08:21 . 2009-04-20 08:21 -------- d-----w- c:\program files\GetData
2009-04-20 08:16 . 2009-04-20 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-04-20 07:45 . 2009-04-20 07:45 -------- d-----w- c:\program files\Alwil Software
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2008-08-21 06:03 1780248 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-06-20 4538368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-24 185896]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-02-27 1430784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\rateb2009\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\Skype v3.8\\Skype.exe"=
R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [16/11/2007 02:56 م 50944]
R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [16/11/2007 02:58 م 37504]
R1 vdrv9000;vdrv9000;c:\windows\system32\drivers\vdrv9000.sys [08/05/2009 09:48 م 113168]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15/05/2008 12:07 م 61424]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [01/07/2008 09:02 ص 468224]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [20/04/2009 02:00 ص 603904]
S2 VC9SecS;Virtual CD v9 Management Service;c:\program files\Virtual CD v9\System\VC9SecS.exe --> c:\program files\Virtual CD v9\System\VC9SecS.exe [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys [08/05/2009 09:48 م 11392]
S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\MSI\DualCoreCenter\RushTop.sys --> c:\program files\MSI\DualCoreCenter\RushTop.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-06-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 23:28]
2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com.sa/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-10 01:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1390067357-1645522239-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\  B1'!) *.7 *'DEH/E *#*0*\Attributes]
"Vendor"="Microsoft"
"Technology"="MMSys"
[HKEY_USERS\S-1-5-21-1390067357-1645522239-725345543-1003\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\  B1'!) *.7 *'DEH/E *#*0*\UI\AudioVolume]
"CLSID"="{364D8E0B-67CB-4547-9948-9E7F1B1743ED}"
.
Completion time: 2009-06-10 1:33
ComboFix-quarantined-files.txt 2009-06-10 08:33
Pre-Run: 33,353,740,288 bytes free
Post-Run: 33,399,193,600 bytes free
238​

 

[rateb2009]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهاد رابط المفكرة عزبتك معي الله يعطيك العافية بانتظار ردك

 

[MAAX]

اعمل تقرير هايجاك جديد نفس الاول
وياليت تحدد ايش باقي من مشكلتك