مشكلة في تثبيت الكاسبر

تينــ داي ــشي · 17 يوليو 2009

السلام عليكم ورحمة الله وبركاته

عندي جهاز تعطل فيه الكاسبر وحذفته

فلما جيت أثبته من جديد رفض وعطاني هالرسالة

وش الحل معاها ؟؟؟

وهل هي بقايا ملفات أو ماذا؟؟؟؟؟؟؟؟؟؟؟؟

في انتظار الرد

مع شكري الجزيل مقدما

البارون · 17 يوليو 2009

حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم

تينــ داي ــشي · 17 يوليو 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:18:24 م, on 16/03/11
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Windows\system32\WgaTray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\MOBILY~1\modem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Hajer\Desktop\كاسبر\برنامج البارون.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll (file missing)
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [svchost] I:\system.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FreshDownload - {10093FCE-C091-485E-964B-0D3A91D33DF4} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} (Java Plug-in 1.4.2_13) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA93352F-0CE0-4D68-AFA4-CDC7F8C20510}: NameServer = 84.23.101.84 84.23.101.85
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
--
End of file - 7773 bytes

البارون · 17 يوليو 2009

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

تينــ داي ــشي · 17 يوليو 2009

برنامج الحماية (الكاسبر ) محذوف!!!
و defender متعطل !!!

يعني الجهاز مافيه برنامج حماية شغال

البارون · 17 يوليو 2009

طيب شغل الاداة

تينــ داي ــشي · 17 يوليو 2009

ان شاء الله ..

جاري التشغيل

تينــ داي ــشي · 17 يوليو 2009

التقرير ...

ComboFix 09-07-14.08 - Hajer 03/16/2011 20:45.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1256.966.1025.18.2046.1242 [GMT 3:00]
Running from: c:\users\Hajer\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\FunWebProducts
c:\program files\INSTALL.LOG
c:\windows\Installer\c536a95.msp
.
((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))
.
2011-03-16 17:51 . 2011-03-16 17:51 -------- d-----w- c:\users\هاجر\AppData\Local\temp
2011-03-11 00:50 . 2011-03-11 00:50 -------- d-----w- c:\program files\VistaCodecPack
2011-03-11 00:49 . 2011-03-11 00:49 -------- d-----w- c:\progra~2\VistaCodecs
2011-03-02 22:57 . 2011-03-02 22:57 -------- d-----w- c:\program files\Adverts
2011-03-02 22:57 . 2011-03-02 22:57 -------- d-----w- c:\program files\MessengerPlus! 3
2011-03-02 21:47 . 2011-03-02 23:08 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-03-02 21:45 . 2011-03-02 21:45 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2011-02-28 20:44 . 2011-02-28 20:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-28 18:22 . 2011-02-28 18:22 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-02-27 21:01 . 2008-09-18 08:36 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-02-27 21:01 . 2008-09-18 08:36 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-02-27 21:01 . 2008-09-18 08:36 110080 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2011-02-27 21:01 . 2008-09-18 08:35 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-02-27 21:01 . 2011-02-27 21:04 -------- d-----w- c:\windows\system32\SupportAppXL
2011-02-27 07:45 . 2011-02-27 07:50 -------- d-----w- c:\users\هاجر\AppData\Roaming\Orbit
2011-02-27 07:44 . 2011-03-16 17:41 -------- d-----w- C:\downloads
2011-02-27 07:44 . 2011-02-27 07:44 -------- d-----w- c:\users\Hajer\AppData\Roaming\GrabPro
2011-02-27 07:44 . 2011-03-16 17:35 -------- d-----w- c:\users\Hajer\AppData\Roaming\Orbit
2011-02-27 07:44 . 2011-02-28 18:10 -------- d-----w- c:\program files\Orbitdownloader
2011-02-22 05:51 . 2011-02-22 05:54 16750448 ----a-w- c:\users\Hajer\Install_Messenger.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 17:21 . 2008-08-02 18:42 680 ----a-w- c:\users\Hajer\AppData\Local\d3d9caps.dat
2011-03-16 16:25 . 2006-12-05 05:25 78068 ----a-w- c:\windows\system32\perfc001.dat
2011-03-16 16:25 . 2006-12-05 05:25 438438 ----a-w- c:\windows\system32\perfh001.dat
2011-03-13 15:27 . 2010-06-06 23:04 -------- d-----w- c:\program files\Mobily Connect Card
2011-03-11 00:51 . 2009-03-11 06:40 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-06 19:37 . 2008-09-01 22:19 680 ----a-w- c:\users\هاجر\AppData\Local\d3d9caps.dat
2011-03-05 12:41 . 2011-03-05 12:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2011-03-02 23:07 . 2008-08-02 18:32 12 ----a-w- c:\windows\bthservsdp.dat
2011-02-28 20:44 . 2008-09-04 04:43 -------- d-----w- c:\program files\Windows Live
2011-02-28 19:43 . 2010-06-01 21:08 -------- d-----w- c:\program files\Your Uninstaller 2008
2011-02-28 17:47 . 2008-10-03 15:53 -------- d-----w- c:\users\هاجر\AppData\Roaming\DMCache
2011-02-28 17:47 . 2008-10-03 15:36 -------- d-----w- c:\users\Hajer\AppData\Roaming\DMCache
2011-02-28 03:45 . 2008-09-04 04:43 -------- d-----w- c:\progra~2\WLInstaller
2011-02-27 21:01 . 2008-08-02 20:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2001-12-11 20:34 . 2001-12-11 20:34 151552 ----a-w- c:\program files\MouseAround.exe
2001-12-07 10:54 . 2001-12-07 10:54 53248 ----a-w- c:\program files\mousefx.dll
2001-12-07 07:55 . 2001-12-07 07:55 77824 ----a-w- c:\program files\PixieDust.dll
2001-12-06 22:03 . 2009-02-19 12:04 95232 ----a-w- c:\program files\Uninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2011-03-02 190024]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-04 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-10 148888]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2011-03-02 190024]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-08 4423680]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-08 1822720]
c:\users\ىں¤©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6F32505A-2578-413F-B0BF-D1BBCE44F2EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0D431F20-5C17-416D-9222-567C2C89A53D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0C5C137B-A9CC-43F3-B629-8F2F298F0017}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{441340EB-8C31-4194-AA2C-A84B1D943346}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{774A3B28-4E4A-4E8B-BD4C-9ABC819B775E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E81801A7-B876-467B-8452-36982633D6A8}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{AFF6825A-6F3C-4561-AD41-C570C7436D26}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"TCP Query User{B2830ED9-011B-4698-A4DA-321599A55858}c:\\users\\هاجر\\desktop\\utorrent.exe"= UDP:c:\users\هاجر\desktop\utorrent.exe:utorrent.exe
"UDP Query User{A9377BCF-7202-4AD5-8CBE-341293258570}c:\\users\\هاجر\\desktop\\utorrent.exe"= TCP:c:\users\هاجر\desktop\utorrent.exe:utorrent.exe
"TCP Query User{E0C77827-62EB-464B-94C3-82519ACE3E5F}c:\\program files\\java\\jdk1.6.0_14\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_14\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{CFEAAF69-0ADD-4513-9EE0-6FC0321EB9BF}c:\\program files\\java\\jdk1.6.0_14\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_14\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{3A86C1DA-F8D9-4CDE-8443-9E6D696C8166}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{B1E80BE5-7254-4B1A-BAD8-C4FC50F8F497}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{CDC507FA-CCC7-4151-BC77-CE5C89F02AFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{92D4B102-AFF8-40C3-8FA9-A9B6BC6DF64E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8856E870-2FF4-47A1-A596-B56A9C180295}"= UDP:c:\users\Hajer\Desktop\مثبت Windows Live.exe:مثبت Windows Live
"{2B9E7077-FE09-429D-B8C5-B9599B47654B}"= TCP:c:\users\Hajer\Desktop\مثبت Windows Live.exe:مثبت Windows Live
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
"i:\\WMIPRVSE.EXE"= I:\WMIPRVSE.EXE:*:Enabled:ipsec
"c:\\Windows\\system32\\Dwm.exe"= c:\windows\system32\Dwm.exe:*:enabled

shell32.dll,-1
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= c:\program files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [02/08/08 11:55 م 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [02/08/08 11:56 م 818688]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [02/08/08 11:22 م 240128]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [02/08/08 11:05 م 28464]
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [12/08/08 02:41 م 205312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2011-03-16 c:\windows\Tasks\User_Feed_Synchronization-{448DB87C-FAA6-4C81-B3A3-F7F7C5EBE2C2}.job
- c:\windows\system32\msfeedssync.exe [2010-06-02 11:31]
2011-03-16 c:\windows\Tasks\User_Feed_Synchronization-{C3348225-7A18-43F6-8298-665F18262030}.job
- c:\windows\system32\msfeedssync.exe [2010-06-02 11:31]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with Star Downloader - c:\progra~1\STARDO~1\sdie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{10093FCE-C091-485E-964B-0D3A91D33DF4} - c:\program files\FreshDevices\FreshDownload\fd.exe
TCP: {CA93352F-0CE0-4D68-AFA4-CDC7F8C20510} = 84.23.101.84 84.23.101.85
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2011-03-16 20:51
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
? [54956]
? [7732]
? [22212]
? [31144]
? [53816]
? [20604]
? [41776]
? [32596]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-461247832-788442564-638281490-1000_Classes\CLSID\{5c77e16a-8aee-4ff9-b6bf-ec130aa1462e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013b
"Therad"=dword:00000028
[HKEY_USERS\S-1-5-21-461247832-788442564-638281490-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9d,1a,91,0c,47,58,a9,c4,fe,74,c5,63,9b,5b,90,a6,76,a0,57,b0,c9,
9e,f1,73,72,ba,52,07,6c,dd,a1,52,38,35,c2,af,f1,7f,8f,ff,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-461247832-788442564-638281490-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):be,26,a2,c1,c5,8c,22,e3,c6,40,63,b0,8e,31,2a,d6,54,f2,c9,47,2d,
cb,10,3e,84,c4,a5,d7,13,b4,87,aa,e7,a3,5b,a2,9f,ab,a7,70,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-461247832-788442564-638281490-1001_Classes\CLSID\{e70f1949-4d1b-4648-ac01-0fec4bf3a1ec}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000133
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,3e,8d,f8,c0,36,13,bd,8d,9e,40,0e,7b,d4,1a,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-16 20:54
ComboFix-quarantined-files.txt 2011-03-16 17:54
Pre-Run: 143,805,952,000 bytes free
Post-Run: 143,930,634,240 bytes free
235 --- E O F --- 2010-06-03 00:26

البارون · 17 يوليو 2009

طيب ركب الكاسبر ذحين

تينــ داي ــشي · 17 يوليو 2009

ان شاء الله

تينــ داي ــشي · 17 يوليو 2009

لا فائدة !!

تينــ داي ــشي · 17 يوليو 2009

أرجو الرد ياإخوان

MMA_LORD_735 · 17 يوليو 2009

مرحباً ...

هل حاولت تغير الملف الأساس للتنصيب أخي ؟

تينــ داي ــشي · 17 يوليو 2009

مافهمت!!

المعذرة

MMA_LORD_735 · 17 يوليو 2009

يعني عزيزي أنت من وين تحمل البرنامج ؟

تينــ داي ــشي · 17 يوليو 2009

زيزوم!!!

MMA_LORD_735 · 17 يوليو 2009

عطيني تقرير هايجك ...

تينــ داي ــشي · 17 يوليو 2009

ComboFix 09-07-14.08 - Hajer 03/16/2011 20:45.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1256.966.1025.18.2046.1242 [GMT 3:00]
Running from: c:\users\Hajer\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\FunWebProducts
c:\program files\INSTALL.LOG
c:\windows\Installer\c536a95.msp
.
((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))
.
2011-03-16 17:51 . 2011-03-16 17:51 -------- d-----w- c:\users\هاجر\AppData\Local\temp
2011-03-11 00:50 . 2011-03-11 00:50 -------- d-----w- c:\program files\VistaCodecPack
2011-03-11 00:49 . 2011-03-11 00:49 -------- d-----w- c:\progra~2\VistaCodecs
2011-03-02 22:57 . 2011-03-02 22:57 -------- d-----w- c:\program files\Adverts
2011-03-02 22:57 . 2011-03-02 22:57 -------- d-----w- c:\program files\MessengerPlus! 3
2011-03-02 21:47 . 2011-03-02 23:08 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-03-02 21:45 . 2011-03-02 21:45 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2011-02-28 20:44 . 2011-02-28 20:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-28 18:22 . 2011-02-28 18:22 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-02-27 21:01 . 2008-09-18 08:36 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-02-27 21:01 . 2008-09-18 08:36 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-02-27 21:01 . 2008-09-18 08:36 110080 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2011-02-27 21:01 . 2008-09-18 08:35 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-02-27 21:01 . 2011-02-27 21:04 -------- d-----w- c:\windows\system32\SupportAppXL
2011-02-27 07:45 . 2011-02-27 07:50 -------- d-----w- c:\users\هاجر\AppData\Roaming\Orbit
2011-02-27 07:44 . 2011-03-16 17:41 -------- d-----w- C:\downloads
2011-02-27 07:44 . 2011-02-27 07:44 -------- d-----w- c:\users\Hajer\AppData\Roaming\GrabPro
2011-02-27 07:44 . 2011-03-16 17:35 -------- d-----w- c:\users\Hajer\AppData\Roaming\Orbit
2011-02-27 07:44 . 2011-02-28 18:10 -------- d-----w- c:\program files\Orbitdownloader
2011-02-22 05:51 . 2011-02-22 05:54 16750448 ----a-w- c:\users\Hajer\Install_Messenger.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 17:21 . 2008-08-02 18:42 680 ----a-w- c:\users\Hajer\AppData\Local\d3d9caps.dat
2011-03-16 16:25 . 2006-12-05 05:25 78068 ----a-w- c:\windows\system32\perfc001.dat
2011-03-16 16:25 . 2006-12-05 05:25 438438 ----a-w- c:\windows\system32\perfh001.dat
2011-03-13 15:27 . 2010-06-06 23:04 -------- d-----w- c:\program files\Mobily Connect Card
2011-03-11 00:51 . 2009-03-11 06:40 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-06 19:37 . 2008-09-01 22:19 680 ----a-w- c:\users\هاجر\AppData\Local\d3d9caps.dat
2011-03-05 12:41 . 2011-03-05 12:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2011-03-02 23:07 . 2008-08-02 18:32 12 ----a-w- c:\windows\bthservsdp.dat
2011-02-28 20:44 . 2008-09-04 04:43 -------- d-----w- c:\program files\Windows Live
2011-02-28 19:43 . 2010-06-01 21:08 -------- d-----w- c:\program files\Your Uninstaller 2008
2011-02-28 17:47 . 2008-10-03 15:53 -------- d-----w- c:\users\هاجر\AppData\Roaming\DMCache
2011-02-28 17:47 . 2008-10-03 15:36 -------- d-----w- c:\users\Hajer\AppData\Roaming\DMCache
2011-02-28 03:45 . 2008-09-04 04:43 -------- d-----w- c:\progra~2\WLInstaller
2011-02-27 21:01 . 2008-08-02 20:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2001-12-11 20:34 . 2001-12-11 20:34 151552 ----a-w- c:\program files\MouseAround.exe
2001-12-07 10:54 . 2001-12-07 10:54 53248 ----a-w- c:\program files\mousefx.dll
2001-12-07 07:55 . 2001-12-07 07:55 77824 ----a-w- c:\program files\PixieDust.dll
2001-12-06 22:03 . 2009-02-19 12:04 95232 ----a-w- c:\program files\Uninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2011-03-02 190024]
"msnmsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-04 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-10 148888]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2011-03-02 190024]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-08 4423680]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-08 1822720]
c:\users\ىں¤©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6F32505A-2578-413F-B0BF-D1BBCE44F2EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0D431F20-5C17-416D-9222-567C2C89A53D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0C5C137B-A9CC-43F3-B629-8F2F298F0017}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{441340EB-8C31-4194-AA2C-A84B1D943346}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{774A3B28-4E4A-4E8B-BD4C-9ABC819B775E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E81801A7-B876-467B-8452-36982633D6A8}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{AFF6825A-6F3C-4561-AD41-C570C7436D26}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"TCP Query User{B2830ED9-011B-4698-A4DA-321599A55858}c:\\users\\هاجر\\desktop\\utorrent.exe"= UDP:c:\users\هاجر\desktop\utorrent.exe:utorrent.exe
"UDP Query User{A9377BCF-7202-4AD5-8CBE-341293258570}c:\\users\\هاجر\\desktop\\utorrent.exe"= TCP:c:\users\هاجر\desktop\utorrent.exe:utorrent.exe
"TCP Query User{E0C77827-62EB-464B-94C3-82519ACE3E5F}c:\\program files\\java\\jdk1.6.0_14\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_14\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{CFEAAF69-0ADD-4513-9EE0-6FC0321EB9BF}c:\\program files\\java\\jdk1.6.0_14\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_14\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{3A86C1DA-F8D9-4CDE-8443-9E6D696C8166}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{B1E80BE5-7254-4B1A-BAD8-C4FC50F8F497}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{CDC507FA-CCC7-4151-BC77-CE5C89F02AFC}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{92D4B102-AFF8-40C3-8FA9-A9B6BC6DF64E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8856E870-2FF4-47A1-A596-B56A9C180295}"= UDP:c:\users\Hajer\Desktop\مثبت Windows Live.exe:مثبت Windows Live
"{2B9E7077-FE09-429D-B8C5-B9599B47654B}"= TCP:c:\users\Hajer\Desktop\مثبت Windows Live.exe:مثبت Windows Live
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
"i:\\WMIPRVSE.EXE"= I:\WMIPRVSE.EXE:*:Enabled:ipsec
"c:\\Windows\\system32\\Dwm.exe"= c:\windows\system32\Dwm.exe:*:enabled

shell32.dll,-1
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= c:\program files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [02/08/08 11:55 م 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [02/08/08 11:56 م 818688]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [02/08/08 11:22 م 240128]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [02/08/08 11:05 م 28464]
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [12/08/08 02:41 م 205312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2011-03-16 c:\windows\Tasks\User_Feed_Synchronization-{448DB87C-FAA6-4C81-B3A3-F7F7C5EBE2C2}.job
- c:\windows\system32\msfeedssync.exe [2010-06-02 11:31]
2011-03-16 c:\windows\Tasks\User_Feed_Synchronization-{C3348225-7A18-43F6-8298-665F18262030}.job
- c:\windows\system32\msfeedssync.exe [2010-06-02 11:31]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with Star Downloader - c:\progra~1\STARDO~1\sdie.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{10093FCE-C091-485E-964B-0D3A91D33DF4} - c:\program files\FreshDevices\FreshDownload\fd.exe
TCP: {CA93352F-0CE0-4D68-AFA4-CDC7F8C20510} = 84.23.101.84 84.23.101.85
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2011-03-16 20:51
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
? [54956]
? [7732]
? [22212]
? [31144]
? [53816]
? [20604]
? [41776]
? [32596]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-461247832-788442564-638281490-1000_Classes\CLSID\{5c77e16a-8aee-4ff9-b6bf-ec130aa1462e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013b
"Therad"=dword:00000028
[HKEY_USERS\S-1-5-21-461247832-788442564-638281490-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9d,1a,91,0c,47,58,a9,c4,fe,74,c5,63,9b,5b,90,a6,76,a0,57,b0,c9,
9e,f1,73,72,ba,52,07,6c,dd,a1,52,38,35,c2,af,f1,7f,8f,ff,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-461247832-788442564-638281490-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):be,26,a2,c1,c5,8c,22,e3,c6,40,63,b0,8e,31,2a,d6,54,f2,c9,47,2d,
cb,10,3e,84,c4,a5,d7,13,b4,87,aa,e7,a3,5b,a2,9f,ab,a7,70,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-461247832-788442564-638281490-1001_Classes\CLSID\{e70f1949-4d1b-4648-ac01-0fec4bf3a1ec}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000133
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,3e,8d,f8,c0,36,13,bd,8d,9e,40,0e,7b,d4,1a,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-16 20:54
ComboFix-quarantined-files.txt 2011-03-16 17:54
Pre-Run: 143,805,952,000 bytes free
Post-Run: 143,930,634,240 bytes free
235 --- E O F --- 2010-06-03 00:26

MMA_LORD_735 · 17 يوليو 2009

حبيبي ... الله لا يهينك تقرير هايجك ...

يعني >>

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

>> وتقرير جديد لا هنت ...

تينــ داي ــشي · 17 يوليو 2009

سمايل<<<هذا آخر تقرير نسخته

ولايهمك أشوف لك غيره

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم​

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومي جديد

زيزوومي جديد

زيزوومي جديد

توقيع : MMA_LORD_735

زيزوومي جديد

زيزوومي جديد

توقيع : MMA_LORD_735

زيزوومي جديد

زيزوومي جديد

توقيع : MMA_LORD_735

زيزوومي جديد

زيزوومي جديد

توقيع : MMA_LORD_735

زيزوومي جديد

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم