هذه الرساله جننتني

[بشار8636]

كلما اطفئ الحاسبه تخرج لي هذه الرساله اعينوني على

مشكلتي

 

[البارون]

اعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​

​

 

[بشار8636]

اعمل تقرير للهايجاك​

​

​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير اعمل تحديد الكل ==> انسخه والصقه بردك القادم​

وها التقرير ياخوي ولا تهون
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:42 ص, on 13/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
F:\اداة لرفع المشاكل\Zyzoom.org_Tool_V_1.0.exe
F:\اداة لرفع المشاكل\Zyzoom.org_Tool_V_1.0.exe
C:\DOCUME~1\bashar\LOCALS~1\Temp\zyaoom Tool\Hijack.exe
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-520] C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pareto_Update] C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: &إنزال الكل باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: &إنزال باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
--
End of file - 5889 bytes

 

[البارون]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

 

[بشار8636]

عطل برامج الحماية عن العمل

ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي

انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

وهذه النتيجهComboFix 09-06-12.02 - bashar 06/13/2009 1:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.964.1033.18.1983.1560 [GMT 3:00]
Running from: c:\documents and settings\bashar\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.
2009-06-12 22:07 . 2009-06-12 22:07 -------- d-----w- c:\windows\LastGood
2009-06-12 21:17 . 2009-06-12 21:17 -------- d-----w- c:\documents and settings\bashar\Local Settings\Application Data\Help
2009-06-12 21:10 . 2009-06-12 21:17 -------- d-----w- c:\program files\Mass Downloader
2009-06-12 21:10 . 2009-06-12 21:10 -------- d-----w- c:\documents and settings\bashar\Application Data\MetaProducts
2009-06-12 12:30 . 2009-06-12 12:47 2926768 ----a-w- c:\documents and settings\bashar\Application Data\IDM\idmupdt.exe
2009-06-12 10:37 . 2009-06-12 21:06 -------- d-----w- c:\documents and settings\bashar\Application Data\IDM
2009-06-12 10:37 . 2009-06-12 21:06 -------- d-----w- c:\documents and settings\bashar\Application Data\DMCache
2009-06-12 10:37 . 2009-06-12 21:07 -------- d-----w- c:\program files\Internet Download Manager
2009-06-12 10:04 . 2009-06-12 10:04 -------- d-----w- c:\documents and settings\bashar\Application Data\DriverCure
2009-06-12 10:04 . 2009-06-12 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-06-12 10:04 . 2009-06-12 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-06-10 13:50 . 2009-06-12 20:00 -------- d-----w- c:\program files\GVR
2009-06-09 11:55 . 2009-06-09 11:55 -------- d-sh--w- C:\found.000
2009-06-09 10:37 . 1998-06-18 11:58 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-06-09 10:37 . 2005-05-19 00:17 40960 ----a-w- c:\windows\system32\osenxpsuite2005.dll
2009-06-09 10:37 . 2002-01-05 08:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-09 10:37 . 1998-12-24 17:23 40960 ----a-w- c:\windows\system32\VBAME.DLL
2009-06-09 10:37 . 2002-01-05 03:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-09 10:37 . 2002-01-05 02:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-09 10:37 . 2009-06-09 10:37 -------- d-----w- c:\windows\system32\RMBin
2009-06-09 10:10 . 2005-04-06 20:27 237568 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-09 10:10 . 2005-04-06 20:24 1216512 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-09 10:10 . 2009-06-09 10:23 -------- d-----w- c:\program files\SuperAVConverter
2009-06-09 06:11 . 2008-06-12 14:16 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2009-06-09 06:11 . 2008-06-12 14:16 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2009-06-09 06:11 . 2008-06-12 14:16 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2009-06-09 06:11 . 2008-06-12 14:16 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2009-06-09 06:11 . 2008-06-12 14:16 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll
2009-06-09 06:11 . 2008-06-12 14:16 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-06-09 05:42 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-06-07 20:49 . 2009-06-07 21:00 -------- d-----w- c:\program files\Common Files\delet
2009-06-07 20:34 . 2009-06-07 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-06-07 20:32 . 2009-06-07 20:32 -------- d--h--w- c:\windows\PIF
2009-06-07 18:16 . 2009-06-07 18:16 -------- d-----w- c:\program files\NVIDIA Corporation
2009-06-07 18:15 . 2006-07-06 07:43 442368 ----a-w- c:\windows\system32\CapabilityTable.exe
2009-06-07 18:15 . 2006-06-07 11:49 208896 ------w- c:\windows\system32\nvuide.exe
2009-06-07 18:15 . 2006-06-28 09:38 363008 ----a-r- c:\windows\system32\idecoiins.dll
2009-06-07 18:15 . 2006-06-28 09:38 363008 ----a-r- c:\windows\system32\idecoi.dll
2009-06-07 18:15 . 2006-06-07 11:50 35840 ----a-r- c:\windows\system32\NVCOI.DLL
2009-06-07 18:15 . 2006-06-28 09:38 105088 ----a-r- c:\windows\system32\drivers\nvata.sys
2009-06-07 18:14 . 2006-07-11 13:38 57856 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-06-07 18:14 . 2006-07-11 13:36 201728 ----a-r- c:\windows\system32\fdco1ins.dll
2009-06-07 18:14 . 2006-07-11 13:36 201728 ----a-r- c:\windows\system32\fdco1.dll
2009-06-07 18:14 . 2006-07-11 13:38 110592 ----a-r- c:\windows\system32\drivers\nvtcp.sys
2009-06-07 18:14 . 2006-06-29 07:40 208896 ----a-w- c:\windows\system32\nvunrm.exe
2009-06-07 18:14 . 2006-07-11 13:37 261632 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2009-06-07 18:14 . 2006-07-11 13:36 11264 ----a-r- c:\windows\system32\bdco1ins.dll
2009-06-07 18:14 . 2006-07-11 13:36 11264 ----a-r- c:\windows\system32\bdco1.dll
2009-06-07 18:14 . 2006-06-29 07:40 35840 ----a-r- c:\windows\system32\nvconrm.dll
2009-06-07 18:14 . 2006-07-11 13:38 20480 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-06-07 18:14 . 2006-07-11 13:38 1160448 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-06-07 18:13 . 2009-06-07 18:18 -------- d-----w- c:\windows\NV12483080.TMP
2009-06-07 18:11 . 2009-06-07 18:11 -------- d-----w- c:\windows\Cache
2009-06-07 17:55 . 2008-08-14 09:51 138368 -c----w- c:\windows\system32\dllcache\afd.sys
2009-06-07 16:43 . 2009-06-07 16:43 -------- d-----w- c:\documents and settings\bashar\Local Settings\Application Data\Identities
2009-06-07 14:24 . 2009-06-07 20:32 -------- d-----w- c:\program files\ma-config.com
2009-06-07 14:24 . 2009-06-07 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-06-06 21:38 . 2009-06-06 21:38 -------- d-----w- c:\program files\MSXML 6.0
2009-06-06 20:53 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-06 17:00 . 2009-06-12 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-06 17:00 . 2009-06-12 21:53 939040 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-06 17:00 . 2009-06-12 21:53 237600 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-06 17:00 . 2009-06-06 17:00 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-06 16:39 . 2009-06-06 16:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-06 15:08 . 2008-10-16 10:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-06 12:36 . 2009-06-12 21:53 -------- d--h--w- c:\windows\$hf_mig$
2009-06-06 11:42 . 2008-10-16 10:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-06 11:36 . 2009-06-06 11:36 -------- d-----w- c:\windows\system32\xlive
2009-06-06 11:33 . 2009-06-06 11:33 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-06 11:29 . 2009-06-06 11:29 -------- d-----w- c:\program files\MSBuild
2009-06-06 11:29 . 2009-06-06 11:29 82168 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-06 11:27 . 2009-06-06 11:27 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-06 11:26 . 2009-06-06 11:26 -------- d-----w- c:\program files\Reference Assemblies
2009-06-06 11:26 . 2006-04-04 04:44 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-06 10:00 . 2009-06-06 10:00 -------- d-----w- c:\documents and settings\bashar\Local Settings\Application Data\Google
2009-06-06 09:40 . 2009-06-07 10:54 -------- d-----w- c:\program files\Google
2009-06-06 09:32 . 2009-06-06 09:50 -------- d-----w- c:\windows\system32\Adobe
2009-06-06 09:14 . 2009-06-06 09:14 -------- d-----w- c:\documents and settings\bashar\Local Settings\Application Data\Yahoo
2009-06-05 17:42 . 2009-06-05 17:42 -------- d-----w- c:\program files\LtUcx
2009-06-05 17:33 . 2009-06-05 17:33 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 21:55 . 2009-06-04 21:55 -------- d-----w- c:\program files\WinPoET Broadband Connection
2009-06-12 21:53 . 2009-06-06 17:00 3988 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-12 21:53 . 2009-06-06 17:00 12608 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-12 10:25 . 2009-06-04 21:52 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-09 10:38 . 2009-06-09 10:38 98304 ----a-w- c:\windows\system32\viscomtran.dll
2009-06-07 21:09 . 2009-06-07 21:09 -------- d-----w- c:\documents and settings\bashar\Application Data\CyberScrub
2009-06-07 21:09 . 2009-06-07 21:09 -------- d-----w- c:\documents and settings\bashar\Application Data\cleaner
2009-06-06 20:34 . 2008-01-29 13:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-06 20:34 . 2009-06-06 17:01 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-06 20:34 . 2009-06-06 17:01 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-06 20:33 . 2009-06-06 20:33 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-06 20:33 . 2009-06-06 20:33 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-06 20:33 . 2009-06-06 20:31 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-06 17:32 . 2009-06-06 17:32 -------- d-----w- c:\program files\Trend Micro
2009-06-06 15:50 . 2009-06-04 21:45 27264 ----a-w- c:\documents and settings\bashar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 22:40 . 2009-06-04 22:40 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-04 22:24 . 2009-06-04 22:24 -------- d-----w- c:\program files\Realtek AC97
2009-06-04 22:24 . 2009-06-04 21:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 22:19 . 2009-06-04 22:19 -------- d-----w- c:\program files\Realtek
2009-06-01 16:54 . 2009-06-04 22:24 147456 ------r- c:\windows\system32\RtlCPAPI.dll
2009-06-01 16:54 . 2009-06-04 22:24 4127488 ------r- c:\windows\system32\drivers\alcxwdm.sys
2009-06-01 16:54 . 2009-06-04 22:24 217088 ------r- c:\windows\alcrmv.exe
2009-06-01 16:54 . 2009-06-04 22:24 315392 ------r- c:\windows\alcupd.exe
2009-06-01 16:54 . 2009-06-04 22:20 49152 ------r- c:\windows\system32\ChCfg.exe
2009-05-07 15:44 . 2004-05-23 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2008-03-09 03:25 . 2009-06-04 22:10 236 ---ha-w- c:\program files\Common Files\dx.reg
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-05-23 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-06-06 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless 108G DWA-520"="c:\program files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe" [2007-05-04 1662976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-13 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-06-06 206088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-05-23 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 04:29 م 33808]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [05/06/2009 12:52 ص 472832]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 05:02 م 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 04:06 م 24592]
S3 WrKPoET2000;WrKPoET2000;c:\program files\WinPoET Broadband Connection\WrKPoET2000.sys [05/06/2009 12:55 ص 52354]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Pareto_Update - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://www.google.com/search?q=%s
IE: &إنزال الكل باستعمال ماس دونلوودر - c:\program files\Mass Downloader\Add_All.htm
IE: &إنزال باستعمال ماس دونلوودر - c:\program files\Mass Downloader\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\MASSDO~1\MDHAND~1.DLL
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\MASSDO~1\MDHAND~1.DLL
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\MASSDO~1\MDHAND~1.DLL
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://209.11.247.130/ReadUid.CAB
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-13 01:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-1292428093-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-06-12 1:19
ComboFix-quarantined-files.txt 2009-06-12 22:19
Pre-Run: 19,975,438,336 bytes free
Post-Run: 19,976,249,344 bytes free
219 --- E O F --- 2009-06-12 21:53

 

[البارون]

كيف الوضع الان

 

[بشار8636]

كيف الوضع الان

انا اشكرك يا خوي بس اكو بعد رساله غير هذي نفسهه بس الارقام تختلف عندما اطفئ الحاسبه ويضهر لي يتم الان تسجيل الخروج تضهر الرساله
الارقام ox7c8020 او 2080 ما اذكر بالضبط اكون ممنون

 

[volvo2008]

عزيزي
عادة يكون الامر explore.exe aplication erreur
ناجما عند فقدان الملف الحيوي له وهو
ntdll.dll

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

حمله من هنا وحطه في السيستام32 عن طريق لصق هذا الملف

ولو حللت العناوين او adderess
لوجدت انها كثيرة والعنوان ox7c911cd memory 0x00670065 والتي تدل على الحاسبة

مثال اخر في العناوين بنفس لقب explore exe.aplication erreur

Record : 0x0000000000000000
Adress : 0x000000007c94426d
لوجدت ارتباطه بالخطا ان الصورة تطلع مشوشة الخ

 

[المخفي 2000]

تحتاج برنامج من مايكرسوفت (NET Framework)