جهازي مهكر الحقوني

ز

زهرة النسرين

زيزوومي جديد
إنضم
10 مايو 2008
المشاركات
63
مستوى التفاعل
0
النقاط
80
غير متصل
مرحبا
الأمس وانا جالسه على الجهاز حصل شي غريب في جهازي ان شخص يتحكم فيه وسرق ايميلي ودخل على جهازي وصار يكلمني ويقولي انا مخترق جهازك عن طريق برنامج :er: ابي حل كيف اتخلص منه
ساعدوني رحم الله والديكم
شو الحل برايكم كان يراقبني وحتى دخل المنتدى الي مشاركه فيه وغير كلمة المرور ونزل موضوع باسمي ناوي يخرب المنتدى :er:
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
حمل هذا البرنامج


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك
 
التعديل الأخير بواسطة المشرف:
تأييد 0
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:46:21 م, on 09/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\XPPRESP3\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Grey pop cake audio] C:\Documents and Settings\All Users\Application Data\Part Hide Grey Pop\bias move.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Dumb Meet] C:\DOCUME~1\XPPRESP3\APPLIC~1\FIRSTD~1\cdrom bold option.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\XPPRESP3\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\XPPRESP3\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: cisvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: خدمة تحديث Google (gupdate1c9bc22c4939acc) (gupdate1c9bc22c4939acc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe
--
End of file - 8824 bytes
 
تأييد 0
احذفي القيم التالية:
[?] - O4 - HKLM\..\Run: [Grey pop cake audio] C:\Documents and Settings\All Users\Application Data\Part Hide Grey Pop\bias move.exe

[?] - O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe

طريقة الحذف:حطي صح على القيم اللي بدك تحذفيها
اضغطي fix checked
بتطلع رسالة وافقي عليها

جهازك لا يحوي اي مضاد فيروسات او جدار نار على ما يبدو
نزلي الافيرا من هنا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد تحميل الصفحة اضغطي Download now المكتوبة بالأزرق
ونزلي البرنامج على جهازك​
 
توقيع : expert87
تأييد 0
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
 
توقيع : AbOdy
تأييد 0
اختي احذفي هالقيم

O4 - HKLM\..\Run: [Grey pop cake audio] C:\Documents and Settings\All Users\Application Data\Part Hide Grey Pop\bias move.exe

O4 - HKCU\..\Run: [Dumb Meet] C:\DOCUME~1\XPPRESP3\APPLIC~1\FIRSTD~1\cdrom bold option.exe


طريقة الحذف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



mg%20%284%29.png


=================================​

استخدم هذه الاداة للتنظيف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


i16162_140630054953.png


وبعدين روح على لوحة التحكم ثم اضافة وازالة البرامج

واحذفي اي برنامج اسمه toolbar




بعدين افحصي جهازك بهذا البرنامج




حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

 
توقيع : فارس الملاك
تأييد 0
AbOdy قال:
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة
أنقر للتوسيع...


:b: مانتبهت لمشاركتك حبيبي
 
توقيع : فارس الملاك
تأييد 0
ComboFix 09-10-08.04 - XPPRESP3 10/09/2009 17:57.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.495.211 [GMT 3:00]
Running from: c:\documents and settings\XPPRESP3\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\XPPRESP3\Application Data\addons.dat
c:\documents and settings\XPPRESP3\Application Data\tazebama
c:\documents and settings\XPPRESP3\Application Data\tazebama\tazebama.log
c:\documents and settings\XPPRESP3\Application Data\tazebama\zPharaoh.dat
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\Installer\10246f5.msp
c:\windows\Installer\1024704.msp
c:\windows\Installer\1024712.msp
c:\windows\Installer\106190b.msp
c:\windows\Installer\106191a.msp
c:\windows\Installer\1061928.msp
c:\windows\Installer\1101e5a.msp
c:\windows\Installer\1101e69.msp
c:\windows\Installer\1101e78.msp
c:\windows\Installer\1101e87.msp
c:\windows\Installer\16f77d6.msp
c:\windows\Installer\16f77e5.msp
c:\windows\Installer\16f77f3.msp
c:\windows\Installer\19aaec.msp
c:\windows\Installer\19aafb.msp
c:\windows\Installer\19ab09.msp
c:\windows\Installer\1a081.msp
c:\windows\Installer\1a090.msp
c:\windows\Installer\1a09e.msp
c:\windows\Installer\1a46c1c.msp
c:\windows\Installer\1a46c2b.msp
c:\windows\Installer\1a46c39.msp
c:\windows\Installer\1a87f.msp
c:\windows\Installer\1a88e.msp
c:\windows\Installer\1a89c.msp
c:\windows\Installer\1bd11.msp
c:\windows\Installer\1bd20.msp
c:\windows\Installer\1c3b8.msp
c:\windows\Installer\1c3c7.msp
c:\windows\Installer\1c3d5.msp
c:\windows\Installer\1c5fa.msp
c:\windows\Installer\1c609.msp
c:\windows\Installer\1c619.msp
c:\windows\Installer\1c628.msp
c:\windows\Installer\1ce76.msp
c:\windows\Installer\1d0f7.msp
c:\windows\Installer\1d106.msp
c:\windows\Installer\1d11f.msp
c:\windows\Installer\1d973.msp
c:\windows\Installer\1d982.msp
c:\windows\Installer\1d992.msp
c:\windows\Installer\1d9a1.msp
c:\windows\Installer\1daca.msp
c:\windows\Installer\1dace.msp
c:\windows\Installer\1dad2.msp
c:\windows\Installer\1dc51.msp
c:\windows\Installer\1dc60.msp
c:\windows\Installer\1dc6e.msp
c:\windows\Installer\1e0d5.msp
c:\windows\Installer\1e0e4.msp
c:\windows\Installer\1e0f4.msp
c:\windows\Installer\1e103.msp
c:\windows\Installer\1e51e.msi
c:\windows\Installer\1f0e3.msp
c:\windows\Installer\1fa42d8.msp
c:\windows\Installer\1fa42e7.msp
c:\windows\Installer\1fa42f5.msp
c:\windows\Installer\1fab6.msp
c:\windows\Installer\1fac5.msp
c:\windows\Installer\1fad3.msp
c:\windows\Installer\2041f48.msp
c:\windows\Installer\2041f57.msp
c:\windows\Installer\2041f65.msp
c:\windows\Installer\22c6e88.msp
c:\windows\Installer\22c6e97.msp
c:\windows\Installer\22c6ea7.msp
c:\windows\Installer\22c6eb6.msp
c:\windows\Installer\2306c.msp
c:\windows\Installer\23946.msp
c:\windows\Installer\23955.msp
c:\windows\Installer\23963.msp
c:\windows\Installer\23d0200.msp
c:\windows\Installer\23d0211.msp
c:\windows\Installer\24fac.msp
c:\windows\Installer\255cc2.msp
c:\windows\Installer\255cd1.msp
c:\windows\Installer\255ce1.msp
c:\windows\Installer\255cf0.msp
c:\windows\Installer\2566c98.msp
c:\windows\Installer\2566ca7.msp
c:\windows\Installer\2566cb7.msp
c:\windows\Installer\2566cc6.msp
c:\windows\Installer\289d7.msp
c:\windows\Installer\289e6.msp
c:\windows\Installer\289f6.msp
c:\windows\Installer\28a05.msp
c:\windows\Installer\29e59.msp
c:\windows\Installer\29e68.msp
c:\windows\Installer\2a68ad9.msi
c:\windows\Installer\2b8684.msp
c:\windows\Installer\2b8693.msp
c:\windows\Installer\2b86a1.msp
c:\windows\Installer\2ba585.msp
c:\windows\Installer\2ba594.msp
c:\windows\Installer\2ba5a4.msp
c:\windows\Installer\2ba5b3.msp
c:\windows\Installer\2bfdb.msp
c:\windows\Installer\2bfea.msp
c:\windows\Installer\2bff050.msp
c:\windows\Installer\2bff05f.msp
c:\windows\Installer\2bff06e.msp
c:\windows\Installer\2bff07d.msp
c:\windows\Installer\2bff8.msp
c:\windows\Installer\2e1ab.msp
c:\windows\Installer\2e1bc.msp
c:\windows\Installer\32d9344.msp
c:\windows\Installer\32d9353.msp
c:\windows\Installer\32d9361.msp
c:\windows\Installer\33a5a.msp
c:\windows\Installer\33a69.msp
c:\windows\Installer\33a79.msp
c:\windows\Installer\33a88.msp
c:\windows\Installer\39dc8.msp
c:\windows\Installer\39dd7.msp
c:\windows\Installer\39de5.msp
c:\windows\Installer\422c25b.msp
c:\windows\Installer\422c26a.msp
c:\windows\Installer\422c27a.msp
c:\windows\Installer\422c289.msp
c:\windows\Installer\49576.msp
c:\windows\Installer\49585.msp
c:\windows\Installer\49595.msp
c:\windows\Installer\495a4.msp
c:\windows\Installer\4eaf8.msp
c:\windows\Installer\4eb09.msp
c:\windows\Installer\4f88f6.msp
c:\windows\Installer\4f8905.msp
c:\windows\Installer\4f8915.msp
c:\windows\Installer\4f8924.msp
c:\windows\Installer\554558.msp
c:\windows\Installer\858d7.msp
c:\windows\Installer\858e6.msp
c:\windows\Installer\858f4.msp
c:\windows\Installer\969a81.msp
c:\windows\Installer\969a90.msp
c:\windows\Installer\969aa0.msp
c:\windows\Installer\969aaf.msp
c:\windows\Installer\9b0a5.msp
c:\windows\Installer\9e6c36.msp
c:\windows\Installer\9e6c47.msp
c:\windows\Installer\a0237b.msp
c:\windows\Installer\a0238c.msp
c:\windows\Installer\a45cec8.msp
c:\windows\Installer\a45cf4f.msp
c:\windows\Installer\a7a905.msp
c:\windows\Installer\a7a914.msp
c:\windows\Installer\a7a924.msp
c:\windows\Installer\a7a933.msp
c:\windows\Installer\aca25.msp
c:\windows\Installer\aca34.msp
c:\windows\Installer\aca42.msp
c:\windows\Installer\b4184f.msp
c:\windows\Installer\c45589.msp
c:\windows\Installer\c45598.msp
c:\windows\Installer\c455a8.msp
c:\windows\Installer\c455b7.msp
c:\windows\Installer\e7276a.msp
c:\windows\Installer\e72779.msp
c:\windows\Installer\e72787.msp
c:\windows\Installer\f5645.msp
c:\windows\Installer\f5654.msp
c:\windows\Installer\f5664.msp
c:\windows\Installer\f5673.msp
c:\windows\Installer\f823fc.msp
c:\windows\Installer\f8240b.msp
c:\windows\Installer\f8241a.msp
c:\windows\Installer\f82429.msp
c:\windows\Installer\f898a0.msp
c:\windows\Installer\f898af.msp
c:\windows\Installer\f898bf.msp
c:\windows\Installer\f898ce.msp
c:\windows\Installer\fbac58.msp
c:\windows\Installer\fbac67.msp
c:\windows\Installer\fbac75.msp
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\Bifrost
c:\windows\system32\Bifrost\logg.dat
c:\windows\system32\Bifrost\server.exe
c:\windows\regedit.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
c:\windows\hh.exe . . . is infected!!
c:\windows\twunk_32.exe . . . is infected!!
Infected copy of c:\windows\winhlp32.exe was found and disinfected
Restored copy from - c:\windows\system32\winhlp32.exe
c:\windows\system32\ahui.exe . . . is infected!!
c:\windows\system32\arp.exe . . . is infected!!
c:\windows\system32\asr_pfu.exe . . . is infected!!
c:\windows\system32\calc.exe . . . is infected!!
c:\windows\system32\charmap.exe . . . is infected!!
c:\windows\system32\cipher.exe . . . is infected!!
c:\windows\system32\cmd.exe . . . is infected!!
c:\windows\system32\cscript.exe . . . is infected!!
c:\windows\system32\ddeshare.exe . . . is infected!!
c:\windows\system32\diskpart.exe . . . is infected!!
c:\windows\system32\dmadmin.exe . . . is infected!!
c:\windows\system32\dplaysvr.exe . . . is infected!!
c:\windows\system32\dpvsetup.exe . . . is infected!!
c:\windows\system32\dwwin.exe . . . is infected!!
c:\windows\system32\dxdiag.exe . . . is infected!!
c:\windows\system32\esentutl.exe . . . is infected!!
c:\windows\system32\eudcedit.exe . . . is infected!!
c:\windows\system32\freecell.exe . . . is infected!!
c:\windows\system32\fsquirt.exe . . . is infected!!
c:\windows\system32\gpupdate.exe . . . is infected!!
c:\windows\system32\iexpress.exe . . . is infected!!
c:\windows\system32\ipsec6.exe . . . is infected!!
c:\windows\system32\ipv6.exe . . . is infected!!
c:\windows\system32\logagent.exe . . . is infected!!
c:\windows\system32\logonui.exe . . . is infected!!
c:\windows\system32\mmc.exe . . . is infected!!
c:\windows\system32\mobsync.exe . . . is infected!!
c:\windows\system32\mplay32.exe . . . is infected!!
c:\windows\system32\mpnotify.exe . . . is infected!!
c:\windows\system32\mshearts.exe . . . is infected!!
c:\windows\system32\mspaint.exe . . . is infected!!
c:\windows\system32\mstsc.exe . . . is infected!!
c:\windows\system32\net.exe . . . is infected!!
c:\windows\system32\netdde.exe . . . is infected!!
c:\windows\system32\netsetup.exe . . . is infected!!
c:\windows\system32\netstat.exe . . . is infected!!
c:\windows\system32\ntbackup.exe . . . is infected!!
c:\windows\system32\ntsd.exe . . . is infected!!
c:\windows\system32\ntvdm.exe . . . is infected!!
c:\windows\system32\nwscript.exe . . . is infected!!
c:\windows\system32\odbcad32.exe . . . is infected!!
c:\windows\system32\odbcconf.exe . . . is infected!!
c:\windows\system32\ping6.exe . . . is infected!!
c:\windows\system32\powercfg.exe . . . is infected!!
c:\windows\system32\proquota.exe . . . is infected!!
c:\windows\system32\rdpclip.exe . . . is infected!!
c:\windows\system32\routemon.exe . . . is infected!!
c:\windows\system32\rtcshare.exe . . . is infected!!
c:\windows\system32\scardsvr.exe . . . is infected!!
c:\windows\system32\sdbinst.exe . . . is infected!!
c:\windows\system32\sessmgr.exe . . . is infected!!
Infected copy of c:\windows\system32\setup.exe was found and disinfected
Restored copy from - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
c:\windows\system32\shrpubw.exe . . . is infected!!
c:\windows\system32\smbinst.exe . . . is infected!!
c:\windows\system32\smlogsvc.exe . . . is infected!!
c:\windows\system32\sndrec32.exe . . . is infected!!
c:\windows\system32\sndvol32.exe . . . is infected!!
c:\windows\system32\sol.exe . . . is infected!!
c:\windows\system32\spider.exe . . . is infected!!
c:\windows\system32\syncapp.exe . . . is infected!!
c:\windows\system32\sysocmgr.exe . . . is infected!!
c:\windows\system32\taskmgr.exe . . . is infected!!
c:\windows\system32\tcpsvcs.exe . . . is infected!!
c:\windows\system32\tlntsvr.exe . . . is infected!!
c:\windows\system32\tracerpt.exe . . . is infected!!
c:\windows\system32\tracert6.exe . . . is infected!!
c:\windows\system32\tscupgrd.exe . . . is infected!!
c:\windows\system32\userinit.exe . . . is infected!!
c:\windows\system32\usrmlnka.exe . . . is infected!!
c:\windows\system32\usrprbda.exe . . . is infected!!
c:\windows\system32\usrshuta.exe . . . is infected!!
c:\windows\system32\wextract.exe . . . is infected!!
c:\windows\system32\winchat.exe . . . is infected!!
c:\windows\system32\winmine.exe . . . is infected!!
c:\windows\system32\wscript.exe . . . is infected!!
c:\windows\system32\wuauclt1.exe . . . is infected!!
c:\windows\system32\Restore\rstrui.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.
2009-10-09 14:04 . 2008-12-11 05:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-09 14:03 . 2009-08-24 11:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-09 14:03 . 2009-08-19 08:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-09 14:03 . 2009-10-09 14:13 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-09 14:03 . 2008-12-10 08:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-09 14:03 . 2009-10-09 14:59 -------- d-----w- c:\program files\Spyware Doctor
2009-10-09 14:03 . 2009-10-09 14:03 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\PC Tools
2009-10-09 14:03 . 2009-10-09 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-08 03:47 . 2009-10-08 03:47 8192 ----a-w- c:\windows\Rpoint.exe
2009-10-08 03:36 . 2009-10-08 03:36 737280 ----a-w- c:\windows\iun6002.exe
2009-10-08 03:36 . 2009-10-09 14:49 -------- d-----w- C:\spywarebegone
2009-10-07 15:32 . 2009-10-07 15:32 -------- d-----w- c:\program files\SuperCleaner
2009-10-07 15:32 . 2009-10-07 15:32 7680 ----a-w- C:\DmarMessengerPass.exe
2009-10-07 15:23 . 2009-10-07 15:23 -------- d-----w- c:\program files\XoftSpySE
2009-10-06 11:14 . 2009-10-06 14:07 -------- d-----w- c:\documents and settings\XPPRESP3\PassTools
2009-09-30 16:16 . 2009-04-28 20:20 129520 ------w- c:\windows\system32\pxafs.dll
2009-09-24 07:49 . 2009-09-24 07:50 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Octoshape
2009-09-16 12:12 . 2009-08-05 19:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-16 12:09 . 2009-09-16 12:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-09 21:51 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 17:43 . 2009-09-09 17:43 -------- d-----w- c:\program files\First dog deaf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 16:24 . 2008-04-08 01:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-09 16:24 . 2007-12-28 22:47 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\DMCache
2009-10-07 15:16 . 2008-04-07 22:23 -------- d-----w- c:\program files\Registry Fast
2009-10-03 00:01 . 2008-11-11 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-30 21:45 . 2007-12-24 07:33 506488 -c--a-w- c:\documents and settings\XPPRESP3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-30 18:06 . 2009-01-25 15:52 -------- d-----w- c:\program files\Uninstall Tool
2009-09-26 21:46 . 2009-04-15 13:38 -------- d-----w- c:\program files\Common Files\NSV
2009-09-23 00:01 . 2009-06-07 18:33 -------- d-----w- c:\program files\SWiSH Max2
2009-09-16 12:12 . 2009-01-26 12:15 -------- d-----w- c:\program files\Windows Live
2009-09-16 12:10 . 2009-01-26 12:11 -------- d-----w- c:\program files\MSN Messenger
2009-09-09 17:50 . 2007-12-30 16:44 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\First dog deaf
2009-09-09 17:45 . 2008-05-13 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Part Hide Grey Pop
2009-09-06 03:48 . 2009-09-06 03:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 00:10 . 2009-08-29 00:10 -------- d-----w- c:\program files\MSBuild
2009-08-29 00:10 . 2009-08-29 00:10 -------- d-----w- c:\program files\Reference Assemblies
2009-08-14 03:58 . 2009-10-09 14:03 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-05 09:11 . 2004-08-04 09:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 13:44 . 2009-07-26 13:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-23 21:42 . 2009-07-23 21:42 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-23 21:42 . 2009-07-23 21:42 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-23 21:42 . 2005-03-11 15:28 44944 -c----w- c:\windows\system32\drivers\PxHelp20.sys
2009-07-17 18:55 . 2004-08-04 09:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 07:08 . 2005-08-15 15:18 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2008-07-02 18:36 . 2008-12-12 00:13 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-07-02 18:36 . 2008-12-12 00:13 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-02 18:36 . 2008-12-12 00:13 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-07-02 18:36 . 2008-12-12 00:13 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-07-02 18:36 . 2008-12-12 00:13 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-13 02:30 . 2008-01-13 02:30 88 -csh--r- c:\windows\system32\0440AACFB9.sys
2008-01-13 02:30 . 2008-01-13 02:30 952 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-05 20:43 . 2009-06-04 15:38 98644000 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
------- Sigcheck -------
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\beep.sys
[-] 2009-06-05 . D6252082BD78DFFFA5F15EFC63D18A81 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2009-06-04 . 1FD6849973F52DA996D17F766EA9B4DC . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2009-06-09 . 1C551E077E62B7ADDB6F4E6D79ACC774 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2009-06-05 . D0806AED134EA4E93321789A2437CC1E . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2009-06-05 . F6958F4071D403BF66BCAABC6470A23F . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2009-06-05 . CBFD4A7CA28248CA7DDA514B59FD2C31 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2005-12-19 . 784DDC1F40C4F729284D5A73930F0C9D . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\wscntfy.exe ... is missing !!
c:\windows\system32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-09 938496]
"Google Update"="c:\documents and settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 68856]
"Octoshape Streaming Services"="c:\documents and settings\XPPRESP3\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Dumb Meet"="c:\docume~1\XPPRESP3\APPLIC~1\FIRSTD~1\cdrom bold option.exe" [2009-09-09 536576]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-06-04 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-14 198160]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-22 1181064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2009-06-04 44544]
c:\documents and settings\XPPRESP3\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon LBP-810-Statusfenster.LNK]
backup=c:\windows\pss\Canon LBP-810-Statusfenster.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Key.lnk]
backup=c:\windows\pss\Media Key.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"="0"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Online TV Player 4\\TVPlayer.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\XPPRESP3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\XPPRESP3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\XPPRESP3\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [09/10/2009 05:03 م 206256]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [27/01/2009 06:45 م 12856]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [27/01/2009 06:45 م 8576]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16/09/2009 03:12 م 54752]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [23/12/2008 06:29 م 22912]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [09/10/2009 05:03 م 348824]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [15/10/2007 06:32 م 237784]
S2 gupdate1c9bc22c4939acc;خدمة تحديث Google (gupdate1c9bc22c4939acc);c:\program files\Google\Update\GoogleUpdate.exe [13/04/2009 01:29 م 133104]
S3 fsssvc;خدمة أمان العائلة في Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 م 704864]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [07/08/2003 04:42 م 6528]
S3 GNDHVF;Genius VideoCAM Smart300 V2;c:\windows\system32\drivers\gndhvf.sys [16/02/2008 06:53 م 225152]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
WmdmPmSN
wuauserv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2009-10-09 c:\windows\Tasks\A4D1F67991D26779.job
- c:\docume~1\xppresp3\applic~1\firstd~1\FlawKnobSurf.exe [2009-07-13 17:50]
2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 10:29]
2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 10:29]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-343818398-682003330-1001Core.job
- c:\documents and settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 20:11]
2009-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-343818398-682003330-1001UA.job
- c:\documents and settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 20:11]
2009-07-10 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-06-05 20:38]
2009-10-09 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 15:43]
2009-10-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 15:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = local
IE: Compare Prices with &Dealio - c:\documents and settings\XPPRESP3\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\documents and settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\5tuv9daf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\XPPRESP3\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
txtfile=NOTEPAD %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-10-09 19:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0c063e16-9741-4916-bcef-3dcb0f45c4da}]
@Denied: (Full) (Everyone)
"Model"=dword:00000067
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c2,d7,24,82,45,3b,c3,3e,6f,82,14,ae,44,c2,42,c6,4f,4e,7b,4a,f1,
86,87,ed,b8,a4,0b,e8,48,bd,52,c4,e6,a7,ac,ff,eb,73,7f,ea,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6d,15,1f,5e,1d,74,b8,e4,26,88,b9,eb,0d,3f,e0,16,d3,fb,c4,11,f5,
90,5c,0c,38,96,4c,1f,df,17,19,dd,ed,e5,d3,4a,8a,8e,62,77,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a5746d5f-59dd-4cc9-9c65-a6188d5c643f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000062
"Therad"=dword:00000001
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,ab,81,70,e5,ff,6d,c8,6d,13,34,d4,ec,91,6f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F90BA618-B174-5930-86F7-BD23749F1E4C}\InProcServer32*]
"kajngccjabphghdbhecjeg"=hex:62,61,6a,67,00,8e
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\GTGina.dll
- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\WdfMgr.exe
c:\windows\system32\CAPRPCSK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-10-09 19:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 16:30
Pre-Run: 14,267,744,256 bytes free
Post-Run: 14,273,114,112 bytes free
616 --- E O F --- 2009-10-03 00:01
 
تأييد 0
جهازك يحتاج فحص مكثف

نزلي الافيرا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد تحميل الصفحة اضغطي Download now المكتوبة بالأزرق
نزليه على جهازك وافحصيه​
 
توقيع : expert87
تأييد 0
expert87 قال:
جهازك يحتاج فحص مكثف

نزلي الافيرا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد تحميل الصفحة اضغطي download now المكتوبة بالأزرق
نزليه على جهازك وافحصيه​
أنقر للتوسيع...

بارك الله فيك

الافيرا مايصلح لها الان

لانه راح يخرب عليها النظام
 
توقيع : فارس الملاك
تأييد 0
توجد مشاكل كثيرة في جهازك
وقبل كل شيء
ما هو برنامج الحماية الموجود في جهازك
 
توقيع : علي كيوان
تأييد 0
اختي جهازك مو بس مخترق الا مدينة فيروسات فيه

أختي حملي هذا البرنامج ودبل كليك بتطلع لك شاشة سوداء للفحص اتركيها الى ان تنغلق من تلقاء نفسها

وبعدين دخلي على السي وبتشوفين ملف اسمه noor_mcafee

رفعيه لنا

تحميل برنامج المكافي
فحص جميع ملفات الجهاز عن الفيروسات بجميع أنواعها


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
 
توقيع : فارس الملاك
تأييد 0
طيب وش رايكم تشوفون جهازي


ComboFix 09-10-08.04 - ksa 10/10/2009 17:35.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2037.1570 [GMT 3:00]
Running from: c:\documents and settings\ksa\سطح المكتب\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091008-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ieuinit.inf
.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.
2009-10-10 14:11 . 2009-10-10 14:11 -------- d-----w- c:\windows\LastGood
2009-10-10 14:05 . 2009-10-10 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-10-10 14:05 . 2009-10-10 14:05 -------- d-----w- c:\program files\Common Files\InterVideo
2009-10-10 14:04 . 2009-10-10 14:04 -------- d-----w- c:\program files\InterVideo
2009-10-09 21:31 . 2009-10-09 21:31 -------- d-----w- C:\temp
2009-10-09 21:27 . 2005-05-18 08:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2009-10-09 21:27 . 2005-04-25 10:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-10-09 21:27 . 2005-04-25 10:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-10-09 21:27 . 2005-04-04 14:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2009-10-09 21:27 . 2005-03-28 12:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-10-09 21:27 . 2005-03-28 12:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2009-10-09 21:27 . 2005-02-24 08:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2009-10-09 21:27 . 2005-05-17 09:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-10-09 21:27 . 2005-04-15 09:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2009-10-09 21:27 . 2005-03-29 04:57 2084864 ----a-w- c:\windows\system32\NCTAudioDesign2.dll
2009-10-09 21:27 . 2004-11-04 10:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-10-09 21:27 . 2009-10-09 21:27 -------- d-----w- c:\program files\Gold Wave Editor
2009-10-09 17:29 . 2009-10-09 17:29 -------- d-----w- c:\documents and settings\ksa\Tracing
2009-10-09 17:29 . 2009-10-09 17:29 -------- d-----w- c:\program files\Microsoft
2009-10-09 17:28 . 2009-10-09 17:28 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-09 17:28 . 2009-10-09 17:29 -------- d-----w- c:\program files\Windows Live
2009-10-09 17:24 . 2009-10-09 17:24 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-08 21:44 . 2009-10-08 21:44 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-08 21:34 . 2001-09-18 11:05 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-10-08 21:33 . 2001-09-18 11:05 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-10-08 21:32 . 2001-08-17 10:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2009-10-08 21:31 . 2001-08-17 11:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-10-08 21:30 . 2001-09-18 11:04 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2009-10-08 21:29 . 2001-09-18 10:44 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2009-10-08 21:28 . 2008-04-13 21:16 36480 -c--a-w- c:\windows\system32\dllcache\bthprint.sys
2009-10-08 21:27 . 2001-08-17 11:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-10-08 21:18 . 2009-10-08 21:18 -------- d-----w- c:\program files\GRETECH
2009-10-08 21:12 . 2009-10-08 21:13 -------- d-----w- c:\documents and settings\ksa\Application Data\FLVPlayer4Free
2009-10-08 21:12 . 2009-10-08 21:12 -------- d-----w- c:\program files\FLVPlayer4Free
2009-10-08 21:06 . 2008-04-14 17:29 218112 -c--a-w- c:\windows\system32\dllcache\c_g18030.dll
2009-10-08 20:50 . 2009-10-08 20:50 -------- d-----w- c:\documents and settings\ksa\Application Data\Media Player Classic
2009-10-08 16:44 . 2009-10-09 15:33 -------- d-----w- c:\program files\Mobily Connect Card
2009-10-08 16:44 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-08 16:44 . 2008-04-13 21:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-08 16:44 . 2008-04-13 21:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-08 10:56 . 2009-10-08 10:56 -------- d-----w- c:\program files\FormatFactory
2009-10-07 20:18 . 2009-10-07 20:19 -------- d-----w- c:\documents and settings\ksa\Application Data\Gold Wave Editor
2009-10-07 20:18 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 14:11 . 2009-10-06 14:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-10 14:10 . 2001-09-19 17:00 40118 ----a-w- c:\windows\system32\perfc001.dat
2009-10-10 14:10 . 2001-09-19 17:00 251674 ----a-w- c:\windows\system32\perfh001.dat
2009-10-10 14:06 . 2009-10-06 12:11 -------- d-----w- c:\documents and settings\ksa\Application Data\DMCache
2009-10-10 14:04 . 2009-10-06 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 14:04 . 2009-10-06 12:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-10 14:03 . 2009-10-06 12:11 -------- d-----w- c:\program files\Internet Download Manager
2009-10-10 14:02 . 2009-10-06 12:11 -------- d-----w- c:\documents and settings\ksa\Application Data\IDM
2009-10-09 17:29 . 2009-10-06 11:56 416104 ----a-w- c:\documents and settings\ksa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 21:27 . 2009-10-08 21:27 -------- d-----w- c:\documents and settings\ksa\Application Data\GRETECH
2009-10-06 15:03 . 2009-10-06 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-06 14:58 . 2009-10-06 14:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-06 14:56 . 2009-10-06 14:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-06 14:55 . 2009-10-06 14:55 -------- d-----w- c:\program files\NOS
2009-10-06 14:52 . 2009-10-06 14:52 -------- d-----w- c:\documents and settings\ksa\Application Data\AdobeUM
2009-10-06 14:46 . 2009-10-06 14:42 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-10-06 14:43 . 2009-10-06 14:43 -------- d-----w- c:\documents and settings\ksa\Application Data\URSoft
2009-10-06 14:30 . 2009-10-06 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-10-06 14:30 . 2009-10-06 14:28 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-06 14:28 . 2009-10-06 14:28 -------- d-----w- c:\program files\Nero
2009-10-06 14:28 . 2009-10-06 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-06 13:43 . 2009-10-06 13:42 -------- d-----w- c:\program files\Common Files\Real
2009-10-06 13:43 . 2009-10-06 13:43 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-06 13:42 . 2009-10-06 13:42 -------- d-----w- c:\program files\Real
2009-10-06 13:37 . 2009-10-06 13:37 -------- d-----w- c:\documents and settings\ksa\Application Data\Avant Profiles
2009-10-06 13:37 . 2009-10-06 13:37 -------- d-----w- c:\program files\Avant Browser
2009-09-09 10:43 . 2009-09-16 12:26 210352 -c--a-w- c:\windows\system32\idmmbc.dll
2009-07-26 13:44 . 2009-07-26 13:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-16 3114416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-06 198160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/10/2009 03:45 م 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/10/2009 03:45 م 20560]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [14/04/2008 08:30 م 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-10-10 17:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-10-10 17:38
ComboFix-quarantined-files.txt 2009-10-10 14:38
Pre-Run: 34,143,252,480 bytes free
Post-Run: 34,120,540,160 bytes free
156
 
توقيع : سيف العرب
تأييد 0
يارجال لاتشتتون البنيــه

واحد يتكفل بالموضوع

ويعطيكم العافيــــه
 
توقيع : طآغي النظرهـ
تأييد 0
عزيزي سيف العرب افتح لك موضوع خاص فيك حتى يتم مساعدتك بشكل افضل
 
توقيع : فارس الملاك
تأييد 0
اول شي اختي اعملي اظهار للملفات المخفية ،،

بعدين جربي هذا الحل ::

1 / إدارة المهام

2 / processes

3 / تلاقين تطبيق باسم قفليه explorer.exe

4 / راح تلاحظين اختفاء كل شيء قائمة إبدأ وسطح المكتب

5 / ارجعي للتطبيقات ( Applications ) اكتبي هذا التطبيق explorer

راح يطلع لك مربع صغير يوضح مكان نزول الباتش اذا كان محقون بالمتصفح ،، ابحثي عنه وازيليه .


=============== هذا حل اخر ====================

عن طريق تحميل هذا البرنامج من اخونا البتال

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يفضل استخدامه بعد اعادة التشغيل ،، دون تشغيل اي برنامج او متصفح والبحث عن هذه المنافذ

(( 81 ، 3460 ،، 288 ))
 
تأييد 0
عاشق الدمعة قال:
اول شي اختي اعملي اظهار للملفات المخفية ،،

بعدين جربي هذا الحل ::

1 / إدارة المهام

2 / processes

3 / تلاقين تطبيق باسم قفليه explorer.exe

4 / راح تلاحظين اختفاء كل شيء قائمة إبدأ وسطح المكتب

5 / ارجعي للتطبيقات ( Applications ) اكتبي هذا التطبيق explorer

راح يطلع لك مربع صغير يوضح مكان نزول الباتش اذا كان محقون بالمتصفح ،، ابحثي عنه وازيليه .


=============== هذا حل اخر ====================

عن طريق تحميل هذا البرنامج من اخونا البتال

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يفضل استخدامه بعد اعادة التشغيل ،، دون تشغيل اي برنامج او متصفح والبحث عن هذه المنافذ

(( 81 ، 3460 ،، 288 ))
أنقر للتوسيع...

طيب راح اجرب الطريقه والله خربطوني :f:
 
تأييد 0
زهرة النسرين قال:
طيب راح اجرب الطريقه والله خربطوني :f:
أنقر للتوسيع...


حملي برنامج قاتل المنافذ وقفلي كل شئ ..

وصوري لنا العمليات وانا اقولك مخترق او لا ..

واذا مخترررق راح نحذف لك البآتش وننظف جهآززك .. :smile:

أهم شئ تفتحين قآتل المنافذ وتصورين لنا صورة للعمليات ..
 
توقيع : حفراوي
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى