[ تم حل المشكله ] مشكلة الشاشه الزرقا + وجود ملف تجسسي .. ارجوا المساعده

  • بادئ الموضوع بادئ الموضوع الدانه
  • تاريخ البدء تاريخ البدء
  • المشاهدات 2,546
الحالة
مغلق و غير مفتوح للمزيد من الردود.
ا

الدانه

زيزوومي جديد
إنضم
15 يوليو 2009
المشاركات
40
مستوى التفاعل
0
النقاط
40
غير متصل
اهلا بكل من دخل الموضوع وياليت تكملون الموضوع الى النهايه لاني بحاجه لمساعدتكم

عندي مشكله بجهازي

اول شي اعرفكم عليه هو hp compac 6720s

قبل شهر تقريبا وديته يتفرمت ورجع سليم وزين بعدين نزلت ملفاتي من الفلاش طبعا بعد مااسوي سكان للفلاش

واتفاجا بعدها بيوم بس :nonono: ان رساله التحذير من وجود ملف ضار مازالت موجوده
مثل هذه
get-6-2009-almlf_com_huxzb6re.bmp

وهذا اسم الملف
C:\WINDOWS\SYSTEM32\nmdfgds0.dl

وبعد مابحثت عنه لقيت lنه وعلى ذمه المنتدى اللي لقيت فيه المعلومه هذه انه ملف تجسس

طبعا الجهاز كان نظيف بس انصاب من الفلاش مع العلم اني سويت له سكان زي ماقلت بحثت عن الملف وحذفته
واعتقدت ان المشكله انتهت لكن

مازالت المشكله تجي يعني الملف ينحذف ويرجع يجي من نفسه شلون مدري واحيانا ابحث عنه ماالقاه واحيانا القاه

يعني بالله شسوي بهالملف مدري

واليوم الظهر طلعت لي مشكله ثانيه هي انه تطلع لي شاشه زرقاء مثل هذه
562862266.jpg


طبعا مايمديني اقرى الكلام الا هو طافي الجهاز ومسوي ريستارت بس الصوره هذه لقيتها في الاقلاع لما بحثت عن
سبب المشكله بس اللي سالت ولا احد رد عليها

يعني الحين صارت المشاكل هي :

1) الشاشه الزرقاء

2) وجود ملف التجسسس اللي جاني من الفلاش

ياليت اي احد عنده حل يقوله مشكورين مقدما


وهذا التقرير اللي سويته على جهازي

Spyware C:/windows/system32/iesetup.dll Spyware.IEMonster.d Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.
Spyware autorun Spyware.IMMonitor Program that can be used to monitor and record conversations in popular instant messaging applications.
Backdoor C:/windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions).
Dialer C:/windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
Spyware autorun Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
Trojan C:/windows/system32/explorer.exe Trojan.MailGrabber.s Trojan horse that gets access to e-mail accounts on the infected computer.
Trojan C:/windows/system32/alg.exe Trojan.Alg.t Trojan program that can compromise your private information stored on the hard drive.
Rogue C:/Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
Rogue C:/Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
Trojan C:/windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
Spyware C:/windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
Trojan C:/windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Dialer C:/windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Worm C:/windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC.
Worm C:/windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Trojan C:/windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user.
Worm C:/windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
Trojan C:/windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
Trojan C:/windows/system/drivers/etc/ Trojan.IRCBot.d A worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability.
Trojan C:/windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
Trojan C:/windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
Worm C:/windows/system/ Worm.Bagle.CP This is a "Bagle" mass-mailer which demonstrates typical "Bagle" behavior.
Worm C:/windows/ Win32.BlackMail.xx This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008.
Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
Trojan autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file.
Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حياكي خيتي

بالنسبه للمشكله الاولى تفضلي هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


اما المشكله الثانيه اعملي الاتي

حمل هذا البرنامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
 Do a system scan and save log
 لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

والمعذرة بتعديل العنوان لينم عن فحواه

وارجوا في المره القادمه الاطلاع على هذا الموضوع قبل وضع المشكله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



 
التعديل الأخير بواسطة المشرف:
توقيع : KoNaMi
تأييد 0
اخوي انا داخله الان من جهاز آخر

لان الجهاز المصاب تغيرت عندي شاشه سطح المكتب وصارت الخلفيه تحذير

وكلام اعتقد انه مخترق الجهاز
 
تأييد 0
طيب خيتي لازم اشوف تقرير الجهاز

انتي افصلي النت عنه وهاتي الي اطلبه منك
 
توقيع : KoNaMi
تأييد 0
طيب اخوي دقايق ويكون التقرير عندك
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:56:32 م, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\User\LOCALS~1\Temp\olhrwef.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Nod32 AV (EsetNod32Fix) - Unknown owner - C:\WINDOWS\
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7401 bytes
 
تأييد 0
التقرير هذا بعد ماسويت استعاده نظام لان قبل ماكنت اقدر اثبت ولا برنامج ولما سويت استعاده نظام

شاشه التحذير راحت لان قبل لقيت برنامج تثبت عندي تلقائيا هو System Security 2009

ماادري هل هذا برنامج او كيف


ياليت اخوي القى الحل سريع والان مشكلتي بالملفات الموجوده بالفلاش منها الاصابه وهي ملفات ضروريه مااقدر استغنى

عنها هل في طريقه ممكن اخلص الفلاش من الملفات التجسس بدون مااحذف ملفات الفلاش

بانتظار ردك سريعا جزاك الله كل خير
 
تأييد 0
جاري تحليل التقرير ...

بالنسبه للشاشه الزرقا للحين تطلع ؟؟
 
توقيع : KoNaMi
تأييد 0
الشاشه الزرقاء اختفت الحمد لله لانها طلعت اخر مره من 3 ايام تقريبا
 
تأييد 0
اخوي حملت البرنامج هذا SUPERAntiSpyware Free Edition


وقاعد يبحث
 
تأييد 0
الدانه قال:
اخوي حملت البرنامج هذا superantispyware free edition


وقاعد يبحث
أنقر للتوسيع...

خيتي احذفي ها البرنامج وخلينا لما نخلص من التقارير اقولك ايش تحملي من برامج
 
توقيع : KoNaMi
تأييد 0
ان شاء الله اخوي بحذفه بس ياليت بعد يكون في حل للفلاش لانه هو الاهم عندي ملفاتي ضروريه مااقدر احذفهم

والاصابه جت للجهاز من الفلاش
 
تأييد 0
اوكي خيتي اشبكي الفلاش بدون ماتفتحيه

واعملي الاتي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : KoNaMi
تأييد 0
جاري التحميل بس لو بغيت اعطل برنامج الحمايه تطلع لي عده خيارات

درع الند للند والشبكه واشياء كثيره اختار منها ايش ؟
 
تأييد 0
او اضغط على تعطيل انتاج قاعده بيانات معالجه الفيروسات ؟


مع العلم ان البرنامج للحمايه عندي هو افاست
 
تأييد 0
خيتي سوي خروج من البرنامج
 
توقيع : KoNaMi
تأييد 0
انا الان حذفت البرنامج لانه ماضبط يسوي لي تعطيل


لكن لما حملت البرنامج اللي قلت لي عليه ماطلع لي غير شاشه الدوس وفي النهايه

طلعت لي المفكره هذه

ComboFix 09-07-14.08 - User 07/15/2009 18:17.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1015.610 [GMT 3:00]
Running from: c:\documents and settings\User\My Documents\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\3j2h0tf.bat
C:\9kretct.exe
C:\aphqg.exe
C:\Autorun.inf
C:\cj1m.com
c:\documents and settings\User\قائمة ابدأ\البرامج\System Security
c:\documents and settings\User\قائمة ابدأ\البرامج\System Security\System Security
c:\documents and settings\User\Application Data\wiaserva.log
c:\documents and settings\User\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\hifdmgt.com
C:\ix8bmwx.bat
C:\n0euybx.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\res100.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0002C1CF
c:\program files\MyWebSearch\bar\Cache\0002C559
c:\program files\MyWebSearch\bar\Cache\003B228C
c:\program files\MyWebSearch\bar\Cache\049DDCD2
c:\program files\MyWebSearch\bar\Cache\049DE36A.bin
c:\program files\MyWebSearch\bar\Cache\049DEBC7.bin
c:\program files\MyWebSearch\bar\Cache\049DF711.bin
c:\program files\MyWebSearch\bar\Cache\049E0308.bin
c:\program files\MyWebSearch\bar\Cache\04C81655.bin
c:\program files\MyWebSearch\bar\Cache\04C8272D.bin
c:\program files\MyWebSearch\bar\Cache\04C83305.bin
c:\program files\MyWebSearch\bar\Cache\04C83CA9.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
C:\uo10sn.cmd
c:\windows\AhnRpta.exe
c:\windows\system32\f3PSSavr.scr
D:\2nuk.com
D:\3j2h0tf.bat
D:\9kretct.exe
D:\aphqg.exe
D:\autorun.inf
D:\cj1m.com
D:\hifdmgt.com
D:\ix8bmwx.bat
D:\n0euybx.exe
D:\q1alx.exe
D:\uo10sn.cmd
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_AVPsys
-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
2009-07-15 14:17 . 2009-07-15 14:41 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-15 14:15 . 2009-07-15 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-15 14:14 . 2009-07-15 14:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-15 14:14 . 2009-07-15 14:14 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2009-07-15 13:56 . 2009-07-15 13:56 -------- d-----w- c:\program files\Trend Micro
2009-07-15 13:53 . 2009-07-15 13:53 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-15 11:16 . 2009-07-15 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\17370624
2009-07-07 02:50 . 2009-07-07 02:51 -------- d-----w- c:\documents and settings\User\Application Data\Notepad++
2009-07-07 02:50 . 2009-07-07 02:50 -------- d-----w- c:\program files\Notepad++
2009-07-07 01:14 . 2009-07-07 01:14 29360 ----a-w- c:\windows\_SETUPD_.EXE
2009-07-05 02:56 . 2009-07-05 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-07-05 02:55 . 2009-07-05 02:55 -------- d-----w- c:\documents and settings\User\Application Data\Hewlett-Packard
2009-07-04 01:23 . 2009-07-04 01:23 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Identities
2009-07-03 18:38 . 2009-07-03 18:38 -------- d-----w- c:\program files\MSECache
2009-07-01 13:43 . 2009-07-01 13:43 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-01 01:29 . 2009-07-01 01:29 0 ----a-w- c:\windows\nsreg.dat
2009-07-01 01:29 . 2009-07-01 01:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2009-06-29 20:35 . 2009-07-01 13:43 -------- d-----w- c:\program files\Common Files\Real
2009-06-29 20:35 . 2009-06-29 20:35 -------- d-----w- c:\program files\Real
2009-06-27 13:08 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-27 13:08 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-06-27 13:08 . 2009-06-27 13:08 -------- d-----w- c:\program files\Alwil Software
2009-06-27 00:33 . 2009-06-27 00:33 -------- d-----w- c:\windows\Sun
2009-06-27 00:03 . 2009-07-02 21:06 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Adobe
2009-06-26 21:28 . 2006-12-07 07:45 110592 ----a-w- c:\documents and settings\User\Application Data\U3\temp\cleanup.exe
2009-06-26 21:19 . 2009-06-26 21:19 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ESET
2009-06-26 21:17 . 2004-08-03 20:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-26 21:17 . 2004-08-03 20:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-26 21:16 . 2004-08-03 19:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-26 21:16 . 2004-08-03 19:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-26 21:16 . 2004-08-03 20:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-26 21:16 . 2004-08-03 20:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-26 21:08 . 2006-12-07 07:45 3096576 ---ha-w- c:\documents and settings\User\Application Data\U3\temp\Launchpad Removal.exe
2009-06-26 21:08 . 2009-07-15 14:43 -------- d-----w- c:\documents and settings\User\Application Data\U3
2009-06-26 21:08 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-06-26 20:10 . 2009-06-26 20:10 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2009-06-26 20:09 . 2009-06-26 20:09 -------- d-s---w- c:\documents and settings\User\UserData
2009-06-26 20:08 . 2009-07-06 16:58 -------- d-----w- c:\documents and settings\User\Contacts
2009-06-26 20:07 . 2009-06-27 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-06-26 20:06 . 2009-06-26 20:06 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-06-26 20:04 . 2009-06-26 20:10 20475 ----a-w- c:\windows\hpoins01.dat
2009-06-26 20:04 . 2003-04-07 06:31 16622 ------w- c:\windows\hpomdl01.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 14:45 . 2004-08-04 12:00 76562 ----a-w- c:\windows\system32\perfc001.dat
2009-07-15 14:45 . 2004-08-04 12:00 375398 ----a-w- c:\windows\system32\perfh001.dat
2009-07-07 02:47 . 2009-06-26 18:03 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-03 19:16 . 2009-06-26 17:13 98960 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 19:09 . 2009-06-26 18:04 -------- d-----w- c:\program files\Circle Developement
2009-06-26 20:10 . 2009-06-26 17:19 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-26 18:38 . 2009-06-26 18:35 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-26 18:34 . 2009-06-26 18:34 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-06-26 18:34 . 2009-06-26 18:34 -------- d-----w- c:\program files\Microsoft SQL Server 2005 Mobile Edition
2009-06-26 18:32 . 2009-06-26 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-26 18:28 . 2009-06-26 18:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-26 18:28 . 2009-06-26 18:28 -------- d-----w- c:\program files\MSBuild
2009-06-26 18:27 . 2009-06-26 18:21 -------- d-----w- c:\program files\HTML Help Workshop
2009-06-26 18:26 . 2009-06-26 18:21 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-06-26 18:23 . 2009-06-26 18:21 -------- d-----w- c:\program files\Common Files\Business Objects
2009-06-26 18:22 . 2009-06-26 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-06-26 18:21 . 2009-06-26 18:21 -------- d-----w- c:\program files\CE Remote Tools
2009-06-26 18:07 . 2009-06-26 18:06 -------- d-----w- c:\program files\ESET
2009-06-26 18:07 . 2009-06-26 18:07 -------- d-----w- c:\documents and settings\User\Application Data\ESET
2009-06-26 18:06 . 2009-06-26 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-26 18:05 . 2009-06-26 18:05 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-26 18:05 . 2009-06-26 18:05 -------- d-----w- c:\program files\The KMPlayer
2009-06-26 18:04 . 2009-06-26 18:04 -------- d-----w- c:\program files\XP Codec Pack
2009-06-26 18:04 . 2009-06-26 18:04 -------- d-----w- c:\program files\FLV Player
2009-06-26 18:03 . 2009-06-26 18:03 -------- d-----w- c:\program files\Windows Live
2009-06-26 18:02 . 2009-06-26 18:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-26 18:02 . 2009-06-26 18:02 -------- d-----w- c:\program files\Java
2009-06-26 18:02 . 2009-06-26 18:02 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-26 18:00 . 2009-06-26 18:00 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-26 17:59 . 2009-06-26 17:58 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-26 17:58 . 2009-06-26 17:58 -------- d-----w- c:\program files\Nero
2009-06-26 17:58 . 2009-06-26 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-26 17:54 . 2009-06-26 17:54 -------- d-----w- c:\program files\CyberLink
2009-06-26 17:54 . 2009-06-26 17:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 17:54 . 2009-06-26 17:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-26 17:52 . 2009-06-26 17:52 -------- d-----w- c:\program files\WIDCOMM
2009-06-26 17:39 . 2009-06-26 17:02 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-26 17:20 . 2009-06-26 17:20 -------- d-----w- c:\program files\Analog Devices
2009-06-26 17:15 . 2009-06-26 17:15 -------- d-----w- c:\program files\Microsoft.NET
2009-06-26 17:14 . 2009-06-26 17:14 -------- d-----w- c:\program files\Microsoft Works
2009-06-26 17:03 . 2009-06-26 17:03 -------- d-----w- c:\program files\microsoft frontpage
2009-06-26 16:59 . 2009-06-26 16:59 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-02 04:12 . 2009-07-01 01:29 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-26 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-29 198160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S2 EsetNod32Fix;Nod32 AV;%WINDIR%\regedit.exe /s %Windir%\Fix.reg --> %WINDIR%\regedit.exe [?]
S3 PPDrv;Protector Plus Driver (UnRegistered);\??\c:\protector plus\PPDrv.sys --> c:\protector plus\PPDrv.sys [?]
S3 PPEMSCAN;Protector Plus Email Scan Driver;\??\c:\protector plus\PPEMSCAN.sys --> c:\protector plus\PPEMSCAN.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 ص 2799808]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &Search -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\4duz3nyo.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCman000&fl=0&ptb=0HoMVQhN1luBmNiq7OPdtg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-15 18:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EsetNod32Fix]
"ImagePath"=hex:25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,72,00,65,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EsetNod32Fix]
"ImagePath"=hex:25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,72,00,65,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\program files\WIDCOMM\Bluetooth Software\btkeyind.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-07-15 18:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 15:27
Pre-Run: 28,678,184,960 bytes free
Post-Run: 31,992,590,336 bytes free
314
 
تأييد 0
مع العلم اخوي ان الفلاش مازال بالجهاز وبرنامج الافاست حذفته وهو موجود داخل الفلاش

فهل اذا بغيت انصبه مره ثانيه بيكون مسوى له سكان وجاهز صح ؟


او ايش تنصحني احط برنامج مكافح ممتاز للفيروسات والتروجونات
 
تأييد 0
اوكي خيتي الحين هاجيك جديد
 
توقيع : KoNaMi
تأييد 0
انا انصحك بالكاسبر
 
توقيع : KoNaMi
تأييد 0
الحالة
مغلق و غير مفتوح للمزيد من الردود.
عودة
أعلى