اواجه مشكلتين في الجهاز ! / ارجو المساعدة للضرورة القصوى ..

ا

الامير الاحمر

زيزوومى فعال
إنضم
4 أبريل 2008
المشاركات
218
مستوى التفاعل
0
النقاط
280
غير متصل
السلام عليكم ورحمة الله وبركاته ..
الاخوة الكرام اواجه مشكلتين هنا ..

الاولى ..

هنالك ملف لا استطيع حذفه في الجهاز وهو عبارة عن فيديو تم تحويله عن طريق احد برامج التحويل ..
وهذه الصورة ..

16066562.jpg





________________


والمشكلة الثانية ان الجهاز كثير التعليق ..
حتى انني لا استطيع الوصول لسطح المكتب احيانا عندما اكون اعمل على الانترنت
فعند الخروج من صفحة الانترنت تبقى معلقة ولا يظهر لي سطح المكتب !!

وهذا تقرير هاي جاك !!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:13 PM, on 11/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TTMessenger\spool\PDFSaver.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avramovic Web Solutions\ImageShack Hotspot\ishs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TTMessengerPDF] "C:\Program Files\TTMessenger\spool\PDFSaver.exe"
O4 - HKCU\..\Run: [TTMessenger] "C:\Program Files\TTMessenger\ttmessenger2.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 5563 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام ورحمة الله ..

بالنسبة للمشكلة الاولى ::

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح التنصيب :

i10929_11.png


i10930_22.png


i10931_33.png


i10932_44.png


i10933_55.png


i10934_66.png




: شرح الأستخدام :



i10934_66.png


i10936_88.png


i10937_99.png




والمشكلة الثانية


عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : shaded
تأييد 0
اخي الكريم بالنسبة للاداة في اول الموضوع الرابط لا يعمل .. منتهي !
 
تأييد 0
تاكد يالغالي الان .. عدلت الرابط ..
 
توقيع : shaded
تأييد 0
اخي مش عارف احمل من الموقع !!
بدي اغلبك ارفعها على ميدفير او الزيد شير .. !
 
تأييد 0
توقيع : shaded
تأييد 0
تفضل يا طيب هي التقرير ..


ComboFix 09-08-04.03 - bsa 11/05/2009 17:30.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.446.113 [GMT 2:00]
Running from: c:\documents and settings\bsa\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\system
c:\windows\system32\system\msvcr80.dll
c:\windows\system32\system\msvcr80d.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 15:21 . 2009-11-05 15:21 -------- d-----w- c:\program files\Unlocker
2009-11-04 20:29 . 2009-11-04 20:29 -------- d-----w- c:\documents and settings\bsa\Local Settings\Application Data\IsolatedStorage
2009-11-04 20:24 . 2009-11-04 20:25 -------- d-----w- c:\documents and settings\bsa\Local Settings\Application Data\Nokia
2009-11-04 20:23 . 2009-11-04 20:23 -------- d-----w- c:\windows\Globalization
2009-11-04 20:23 . 2009-11-04 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-11-04 20:20 . 2009-11-04 20:21 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-04 20:20 . 2009-11-04 20:20 -------- d-----w- c:\windows\system32\LogFiles
2009-11-04 20:18 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-11-04 20:17 . 2009-11-04 20:17 -------- d-----w- c:\windows\system32\ar-SA
2009-11-04 20:16 . 2009-11-04 20:36 255496 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-04 20:15 . 2009-11-04 20:17 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-04 20:15 . 2009-11-04 20:15 -------- d-----w- c:\program files\MSBuild
2009-11-04 20:15 . 2009-11-04 20:15 -------- d-----w- c:\program files\Reference Assemblies
2009-11-04 20:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-04 20:14 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-04 20:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-04 20:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-04 20:14 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-04 20:14 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-04 20:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-04 18:39 . 2009-11-04 18:39 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-04 18:39 . 2009-11-04 20:23 -------- d-----w- c:\program files\Nokia
2009-11-04 18:38 . 2009-11-04 20:22 -------- d-----w- c:\program files\Common Files\Nokia
2009-10-28 15:20 . 2009-10-28 15:20 -------- d-----w- c:\documents and settings\bsa\Local Settings\Application Data\Identities
2009-10-27 17:38 . 2009-10-27 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-27 17:38 . 2009-10-27 17:38 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-25 22:08 . 2009-10-25 22:08 -------- d-----w- c:\program files\Avramovic Web Solutions
2009-10-25 20:57 . 2009-10-25 20:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-23 22:47 . 2004-08-03 21:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-10-23 22:47 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-10-23 20:55 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-10-22 20:02 . 2009-10-22 20:02 198064 ----a-w- c:\documents and settings\bsa\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-10-22 19:37 . 2009-10-22 19:40 2926768 ----a-w- c:\documents and settings\bsa\Application Data\IDM\idmupdt.exe
2009-10-22 17:11 . 2009-10-22 17:11 -------- d-----w- c:\documents and settings\bsa\Local Settings\Application Data\WMTools Downloaded Files
2009-10-22 17:04 . 2009-10-22 17:04 -------- d-----w- c:\program files\Trend Micro
2009-10-19 17:23 . 2009-10-19 17:23 -------- d-----w- c:\documents and settings\bsa\Local Settings\Application Data\ESET
2009-10-19 17:23 . 2009-10-19 17:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-10-18 17:36 . 2009-05-26 17:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-10-18 17:35 . 2009-10-18 17:36 -------- d-----w- c:\program files\Yahoo!
2009-10-17 23:22 . 2009-10-17 23:22 -------- d-----w- c:\documents and settings\bsa\Application Data\Paltalk
2009-10-17 23:22 . 2009-10-17 23:22 -------- d-----w- c:\windows\PaltalkScene
2009-10-17 23:22 . 2009-10-17 23:22 -------- d-----w- c:\program files\Paltalk Messenger
2009-10-17 14:44 . 2009-10-17 14:44 -------- d-----w- c:\documents and settings\bsa\Local Settings\Application Data\Real
2009-10-17 14:42 . 2009-10-17 14:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-17 14:42 . 2009-10-17 14:46 -------- d-----w- c:\documents and settings\bsa\Local Settings\Application Data\Google
2009-10-17 14:26 . 2009-10-17 14:26 390664 ----a-w- c:\documents and settings\bsa\Application Data\Real\RealPlayer\setup\AU_setup.exe
2009-10-17 13:06 . 2009-10-17 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-10-17 13:05 . 2009-10-17 13:05 -------- d-----w- c:\program files\MSXML 6.0
2009-10-17 10:18 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-17 10:18 . 2009-10-17 10:18 -------- d-----w- c:\program files\PC Connectivity Solution
2009-10-17 03:14 . 2009-11-04 20:25 -------- d-----w- c:\documents and settings\bsa\Application Data\Nokia
2009-10-17 03:13 . 2009-10-29 17:12 -------- d-----w- c:\documents and settings\bsa\Application Data\PC Suite
2009-10-17 03:13 . 2009-02-09 06:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-17 03:12 . 2009-10-17 03:11 27776592 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_ara_web.exe
2009-10-17 03:11 . 2009-10-17 03:11 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-17 03:11 . 2009-10-17 03:11 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-17 03:11 . 2009-10-17 03:11 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-17 03:11 . 2009-11-04 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-10-17 01:59 . 2008-06-08 21:58 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-10-17 01:59 . 2009-10-17 01:59 81920 ----a-w- c:\documents and settings\bsa\Application Data\ezpinst.exe
2009-10-17 01:59 . 2009-10-17 01:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-17 01:59 . 2009-10-17 01:59 47360 ----a-w- c:\documents and settings\bsa\Application Data\pcouffin.sys
2009-10-17 01:59 . 2009-10-17 01:59 -------- d-----w- c:\documents and settings\bsa\Application Data\Vso
2009-10-17 01:59 . 2004-02-21 23:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-10-17 01:59 . 2005-10-28 07:44 308224 ----a-w- c:\windows\system32\avisynth.dll
2009-10-17 01:09 . 2009-07-06 20:44 103424 ----a-w- c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-10-17 01:09 . 2009-07-06 20:44 937984 ----a-w- c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-10-17 01:09 . 2009-07-06 20:44 65536 ----a-w- c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-10-17 01:09 . 2009-07-06 20:44 4722688 ----a-w- c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-10-17 01:09 . 2009-07-06 20:44 344064 ----a-w- c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-10-17 01:09 . 2009-07-06 20:44 106496 ----a-w- c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-10-17 01:02 . 2008-12-03 23:25 120832 ----a-w- c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-10-16 23:54 . 2009-10-16 23:54 -------- d-----w- c:\documents and settings\bsa\Application Data\ESET
2009-10-16 23:52 . 2009-10-16 23:52 -------- d-----w- c:\program files\ESET
2009-10-16 23:52 . 2009-10-16 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-16 20:13 . 2009-11-05 15:30 -------- d-----w- c:\windows\system32\CatRoot2
2009-10-14 23:43 . 2003-02-05 19:06 45142 ----a-w- c:\windows\system32\PXC25s.dll
2009-10-14 23:43 . 2002-12-27 17:33 20569 ----a-w- c:\windows\system32\PXC25pm.dll
2009-10-14 23:43 . 2003-11-15 20:27 118872 ----a-w- c:\windows\system32\PXC25uis.dll
2009-10-14 23:43 . 2003-09-15 01:36 390656 ----a-w- c:\windows\system32\pdfxclib.dll
2009-10-14 23:43 . 2003-08-15 22:15 109568 ----a-w- c:\windows\system32\pdfxcpro.dll
2009-10-14 23:43 . 2003-08-15 22:12 144896 ----a-w- c:\windows\system32\xc_parse.dll
2009-10-14 23:43 . 2003-07-31 17:02 8704 ----a-w- c:\windows\system32\pdfxcds.dll
2009-10-14 23:43 . 2003-05-18 17:37 157184 ----a-w- c:\windows\system32\img_xchg.dll
2009-10-14 23:43 . 2003-04-13 23:08 185344 ----a-w- c:\windows\system32\Img_cdx.dll
2009-10-14 23:43 . 2002-01-05 05:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-10-14 23:43 . 2009-10-14 23:43 -------- d-----w- c:\program files\TTMessenger
2009-10-13 19:20 . 2009-10-27 17:47 -------- d-----w- c:\documents and settings\bsa\Local Settings\Application Data\Adobe
2009-10-13 01:21 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-13 01:21 . 2009-10-14 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-12 15:29 . 2008-02-07 15:10 -------- d--h--w- C:\ckis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 15:35 . 2009-07-06 18:50 -------- d-----w- c:\documents and settings\bsa\Application Data\DMCache
2009-11-04 23:59 . 2009-07-06 18:50 -------- d-----w- c:\documents and settings\bsa\Application Data\IDM
2009-11-04 20:27 . 2009-07-04 21:50 27264 ----a-w- c:\documents and settings\bsa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 18:29 . 2009-10-17 10:17 34008688 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ara.exe
2009-10-27 17:41 . 2009-07-05 10:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-25 20:57 . 2009-07-05 10:05 -------- d-----w- c:\program files\Common Files\Real
2009-10-25 20:57 . 2009-07-05 10:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-25 20:57 . 2009-07-05 10:05 -------- d-----w- c:\program files\Real
2009-10-23 20:55 . 2009-10-23 20:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-10-23 20:55 . 2009-10-23 20:55 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-10-22 19:41 . 2009-07-06 18:50 -------- d-----w- c:\program files\Internet Download Manager
2009-10-18 17:42 . 2009-07-06 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-17 14:43 . 2009-07-05 10:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-17 10:18 . 2009-10-17 03:14 -------- d-----w- c:\program files\DIFX
2009-10-17 10:17 . 2009-10-17 10:17 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-17 10:17 . 2009-10-17 10:17 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-17 10:17 . 2009-10-17 10:17 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-17 10:17 . 2009-10-17 10:17 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-17 03:15 . 2009-10-17 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-17 02:59 . 2009-07-11 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-10-14 18:21 . 2009-07-11 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"TTMessengerPDF"="c:\program files\TTMessenger\spool\PDFSaver.exe" [2004-03-22 61440]
"TTMessenger"="c:\program files\TTMessenger\ttmessenger2.exe" [2008-01-22 585728]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-25 185896]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-6-30 11536384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.323\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\TTMessenger\\ttmessenger2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 8:21 AM 468224]
R3 PAC207;SoC PC-Camera Beta3;c:\windows\system32\drivers\pfc027.sys [7/9/2009 9:24 PM 162176]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\
FF - component: c:\documents and settings\bsa\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\bsa\Application Data\Mozilla\Firefox\Profiles\cdpabeba.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\bsa\Application Data\Mozilla\plugins\npcoolirisplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-11-05 17:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):49,bc,d1,3f,10,10,f2,dc,f7,39,8c,90,01,f6,4e,b2,ca,1d,c4,3d,a2,
49,6b,5b,f8,b0,cb,49,3f,1c,a3,28,d0,a8,8c,11,42,1a,9e,60,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d057e77e-d53e-41d6-b345-9fd278f2c288}]
@Denied: (Full) (Everyone)
"Model"=dword:0000012b
"Therad"=dword:00000010
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,ee,ca,ef,62,85,a6,e1,e2,8f,66,eb,c2,cb,6d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\devldr32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-11-05 17:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 15:37

Pre-Run: 31,720,439,808 bytes free
Post-Run: 32,710,389,760 bytes free

289
 
تأييد 0
كيف الاوضاع الححين ... ؟؟

هل تم حذف الملف .. ؟

 
توقيع : shaded
تأييد 0
shaded قال:
كيف الاوضاع الححين ... ؟؟

هل تم حذف الملف .. ؟

أنقر للتوسيع...

الملف انحذف .. :)
والجهاز بطل يعلق .. شكلو التعليق من الملف كاين ؟!!

بارك الله فيك اخي .. لكن عندي كم سؤال ..

التقارير اللي حطيتها نظيفة ؟
وما رايك ببرنامج ESET Smart Security ؟ وهل يمنع عملية الاختراق للجهاز ؟ او هنالك برامج خاصة لمكافحة الاختراق والتجسس .؟ ام ان البرنامج الذي استعمله
ESET Smart Security كافي ؟؟
 
تأييد 0
الامير الاحمر قال:
الملف انحذف .. :)
والجهاز بطل يعلق .. شكلو التعليق من الملف كاين ؟!!

بارك الله فيك اخي .. لكن عندي كم سؤال ..

التقارير اللي حطيتها نظيفة ؟
وما رايك ببرنامج ESET Smart Security ؟ وهل يمنع عملية الاختراق للجهاز ؟ او هنالك برامج خاصة لمكافحة الاختراق والتجسس .؟ ام ان البرنامج الذي استعمله
ESET Smart Security كافي ؟؟
أنقر للتوسيع...

الحمد لله ..

جهازك كان فيه اصابات وحذفتها الاداة .. والحمد لله الان كل شي نظيف ..

انصحك بالكاسبر .. او افيرا :ok:
 
توقيع : shaded
تأييد 0
يعطيك الف عافية اخي ..
بارك الله فيك ..
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى