عندي ثلاثة مشاكل وأولها عندالتشغيل الجهاز يفتح مجلد المستندات مرفق معه تقرير ...

ا

الساري

زيزوومي نشيط
إنضم
3 يناير 2008
المشاركات
128
مستوى التفاعل
1
النقاط
170
غير متصل
السلام عليكم ورحمة الله وبركاته​

كل عام والجميع بخير إن شاء الله ،،،،
لدي ثـلاثة مشاكل ....
مشكلة الأولي:
وهي عند تشغيل الجهاز يفتح معها مجلد المسنتد ات على طول....

مشكلة الثانية: مرفق معها الصورة وهذه صورتها
mr7land.com-123588b3ea.gif

مشكلة الثالثة: مرفق معها الصورة وهذه صورتها تحت أيظاً

mr7land.com-27a3e0a928.gif

ملاحظة : الوندوز اكس بي سرفيس بك 3

وأكون لكم من الشاكرين ...


التقرير​


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:44:01 م, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
E:\الـبرامج\تقرير للجهاز\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Helper Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{AF3FD578-E051-479F-8AE1-22294A356E48}: NameServer = 212.93.192.16 212.93.192.10
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
--
End of file - 5880 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
احذف هالقيم (( وغيري برنامج الحماية عن الافاست ترى ماعنده سالفه ))

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



O17 - HKLM\System\CCS\Services\Tcpip\..\{AF3FD578-E051-479F-8AE1-22294A356E48}: NameServer =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي





نزل هالاداة لتنظيف الجهاز


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



zyzoom-3c0e283670.gif


ثم نزلي هذه الاداة واتبع الشرح التالي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبي فقط



شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

002.png




وبعدين تقرير للمتابعة
 
توقيع : البارون
تأييد 0
المشكلة الأولى مانحلت وهي عند تشغيل الجهاز يفتح معها مجلد المسنتد ات على طول....

وشف هذه الرساله تطلع عل طول ،،،،

mr7land.com-b7bdd038bc.gif


هذا التقرير الثاني

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:30:03 م, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Administrator\سطح المكتب\Zyzoom_HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Helper Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
--
End of file - 5978 bytes
 
تأييد 0
احذف هالقيمة

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')

وبعدين استخدم هالاداة







اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



وعطنا بعدها تقرير

 
توقيع : البارون
تأييد 0
هذا تقرير البرنامج اللى بردك (SmitFraudFix v2.356)
SmitFraudFix v2.356
Scan done at 15:38:46.01, Fri 10/03/2008
Run from C:\Documents and Settings\Administrator\«ل¥ ںéêè¢ \SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.93.192.16
DNS Server Search Order: 212.93.192.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AF3FD578-E051-479F-8AE1-22294A356E48}: NameServer=212.93.192.16 212.93.192.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AF3FD578-E051-479F-8AE1-22294A356E48}: NameServer=212.93.192.16 212.93.192.10

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
تأييد 0
أخي اتبع ما يلي :

اكتب كلمة msconfig

واذهب إلى startup

اكبس disaple all ما عدى برنامج الحماية​
 
توقيع : المنتصر بإذن الله
تأييد 0
طيب ذحين اعطيني تقرير هايجاك جديد وكيف الاوضاع هل زالت المشكلة ام لا
 
توقيع : البارون
تأييد 0
توقيع : البارون
تأييد 0
أخوي البارون
الرسالة إلى الآن تطلع لي ، والمشكلة عند تشغيل الجهاز يفتح معه مجلد المستندات ، يطلع لي

نظام الحماية اللى عندي كاسبر أنتي فايروس ،
 
تأييد 0
اخي اعمل هذه التقارير على التوالي

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

-------------------------------------------------------

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


شغلها بدبل كلك ،، ثواني يظهر المفكرة وفيها تقرير ،، اعمل تحديد الكل وانسخه والصقه بمشاركتك القادمة
 
تأييد 0
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:44, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\HijackThis.exe
C:\WINDOWS\system32\cmd.execf
C:\32788R22FWJFW\NirCmd.cfexe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Helper Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MilShieldSlave] "C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{AF3FD578-E051-479F-8AE1-22294A356E48}: NameServer = 212.93.192.16 212.93.192.10
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: MilShieldCleaner - Unknown owner - C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
--
End of file - 5406 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1308
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 17/06/1425 21:56:30
File Modified Date : 08/04/1429 16:00:03
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 03/10/1429 23:05:01
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 700 K
Mem Usage Peak : 700 K
Page Faults : 376
Pagefile Usage : 164 K
Pagefile Peak Usage : 1664 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1376
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 17/06/1425 21:56:08
File Modified Date : 08/04/1429 15:59:49
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 03/10/1429 23:05:08
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6996 K
Mem Usage Peak : 7052 K
Page Faults : 6336
Pagefile Usage : 2084 K
Pagefile Peak Usage : 2088 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1400
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 506,880
File Created Date : 17/06/1425 21:56:36
File Modified Date : 08/04/1429 16:00:06
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:09
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 16124 K
Mem Usage Peak : 16144 K
Page Faults : 9117
Pagefile Usage : 7152 K
Pagefile Peak Usage : 7412 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1448
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : ‎‎Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,544
File Created Date : 17/06/1425 21:56:30
File Modified Date : 08/04/1429 16:00:02
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:12
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4180 K
Mem Usage Peak : 4224 K
Page Faults : 2314
Pagefile Usage : 1820 K
Pagefile Peak Usage : 2092 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1460
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 17/06/1425 21:56:18
File Modified Date : 08/04/1429 15:59:55
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:12
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2860 K
Mem Usage Peak : 9328 K
Page Faults : 4088
Pagefile Usage : 4376 K
Pagefile Peak Usage : 4544 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1616
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 21:56:32
File Modified Date : 08/04/1429 16:00:03
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:14
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7836 K
Mem Usage Peak : 7888 K
Page Faults : 2162
Pagefile Usage : 3128 K
Pagefile Peak Usage : 23380 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1680
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 21:56:32
File Modified Date : 08/04/1429 16:00:03
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:15
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4788 K
Mem Usage Peak : 4792 K
Page Faults : 1351
Pagefile Usage : 1960 K
Pagefile Peak Usage : 2012 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1744
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 21:56:32
File Modified Date : 08/04/1429 16:00:03
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:16
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 40516 K
Mem Usage Peak : 157612 K
Page Faults : 83295
Pagefile Usage : 20376 K
Pagefile Peak Usage : 148344 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1932
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 21:56:32
File Modified Date : 08/04/1429 16:00:03
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:16
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4132 K
Mem Usage Peak : 4300 K
Page Faults : 2222
Pagefile Usage : 1516 K
Pagefile Peak Usage : 1716 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1984
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 21:56:32
File Modified Date : 08/04/1429 16:00:03
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:17
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5720 K
Mem Usage Peak : 5724 K
Page Faults : 1495
Pagefile Usage : 1856 K
Pagefile Peak Usage : 1928 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 352
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-0852)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 17/09/1427 01:15:57
File Modified Date : 08/04/1429 16:00:03
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:20
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5864 K
Mem Usage Peak : 5896 K
Page Faults : 2019
Pagefile Usage : 3332 K
Pagefile Peak Usage : 3704 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.exe
ProcessID : 468
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.5512 (xpsp.080413-2105)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,031,168
File Created Date : 17/06/1425 21:56:12
File Modified Date : 08/04/1429 15:59:52
Filename : C:\WINDOWS\Explorer.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:05:20
Visible Windows : 2
Hidden Windows : 24
User Name : MK-XP\Administrator
Mem Usage : 40076 K
Mem Usage Peak : 40148 K
Page Faults : 23379
Pagefile Usage : 24284 K
Pagefile Peak Usage : 25308 K
File Attributes : A
==================================================
==================================================
Process Name : BTNtService.exe
ProcessID : 580
Priority : High
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 106,496
File Created Date : 22/09/1429 22:48:23
File Modified Date : 28/08/1425 14:54:10
Filename : C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:05:22
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2680 K
Mem Usage Peak : 2680 K
Page Faults : 684
Pagefile Usage : 1860 K
Pagefile Peak Usage : 1860 K
File Attributes : A
==================================================
==================================================
Process Name : openvpnas.exe
ProcessID : 696
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 84,440
File Created Date : 24/06/1429 00:34:46
File Modified Date : 24/06/1429 00:34:46
Filename : C:\Program Files\Hotspot Shield\bin\openvpnas.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:05:22
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3604 K
Mem Usage Peak : 3604 K
Page Faults : 901
Pagefile Usage : 760 K
Pagefile Peak Usage : 760 K
File Attributes : A
==================================================
==================================================
Process Name : ShieldService.exe
ProcessID : 760
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 331,776
File Created Date : 03/10/1429 17:02:02
File Modified Date : 03/10/1429 17:01:54
Filename : C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:05:24
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2660 K
Mem Usage Peak : 2660 K
Page Faults : 793
Pagefile Usage : 664 K
Pagefile Peak Usage : 776 K
File Attributes : A
==================================================
==================================================
Process Name : swnxt.exe
ProcessID : 1008
Priority : Normal
Product Name : SpywareNuker XT
Version : 4,8,59,1815
Description : SpywareNuker XT
Company : Trek Blue, Inc
Window Title :
File Size : 4,060,160
File Created Date : 13/05/1427 16:11:14
File Modified Date : 13/05/1427 16:11:14
Filename : C:\Program Files\Spyware Nuker\swnxt.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:05:32
Visible Windows : 0
Hidden Windows : 19
User Name : MK-XP\Administrator
Mem Usage : 40368 K
Mem Usage Peak : 41596 K
Page Faults : 417569
Pagefile Usage : 32492 K
Pagefile Peak Usage : 33584 K
File Attributes : A
==================================================
==================================================
Process Name : ShieldWorker.exe
ProcessID : 1020
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 741,376
File Created Date : 03/10/1429 17:02:02
File Modified Date : 03/10/1429 17:01:54
Filename : C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:05:33
Visible Windows : 0
Hidden Windows : 2
User Name : MK-XP\Administrator
Mem Usage : 4772 K
Mem Usage Peak : 4804 K
Page Faults : 1417
Pagefile Usage : 1012 K
Pagefile Peak Usage : 1084 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1348
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2105)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 17/06/1425 21:56:08
File Modified Date : 08/04/1429 15:59:49
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:06:00
Visible Windows : 0
Hidden Windows : 5
User Name : MK-XP\Administrator
Mem Usage : 3600 K
Mem Usage Peak : 3600 K
Page Faults : 992
Pagefile Usage : 1008 K
Pagefile Peak Usage : 1012 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 276
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-0852)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 17/06/1425 21:56:04
File Modified Date : 08/04/1429 15:59:46
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:06:07
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3936 K
Mem Usage Peak : 3948 K
Page Faults : 1025
Pagefile Usage : 1276 K
Pagefile Peak Usage : 1304 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 3632
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,724,184
File Created Date : 07/10/1428 08:34:42
File Modified Date : 23/09/1429 02:04:53
Filename : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:20:34
Visible Windows : 1
Hidden Windows : 28
User Name : MK-XP\Administrator
Mem Usage : 8500 K
Mem Usage Peak : 49348 K
Page Faults : 35682
Pagefile Usage : 33032 K
Pagefile Peak Usage : 39960 K
File Attributes : A
==================================================
==================================================
Process Name : usnsvc.exe
ProcessID : 3928
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Messenger Sharing USN Journal Reader Service
Company : Microsoft Corporation
Window Title :
File Size : 98,328
File Created Date : 07/10/1428 08:31:54
File Modified Date : 07/10/1428 08:31:54
Filename : C:\Program Files\Windows Live\Messenger\usnsvc.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:20:48
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2772 K
Mem Usage Peak : 2780 K
Page Faults : 717
Pagefile Usage : 924 K
Pagefile Peak Usage : 944 K
File Attributes : A
==================================================
==================================================
Process Name : IEXPLORE.EXE
ProcessID : 1812
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.16705 (vista_gdr.080618-1506)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : عندي ثلاثة مشاكل وأولها عندالتشغيل الجهاز يفتح مجلد المستندات مرفق معه تقرير ... - الصفحة 2 - ز - Windows Internet Explorer
File Size : 625,664
File Created Date : 22/09/1429 21:29:49
File Modified Date : 19/06/1429 09:18:36
Filename : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Base Address : 0x00400000
Created On : 03/10/1429 23:20:53
Visible Windows : 1
Hidden Windows : 28
User Name : MK-XP\Administrator
Mem Usage : 6688 K
Mem Usage Peak : 51748 K
Page Faults : 56866
Pagefile Usage : 46268 K
Pagefile Peak Usage : 51048 K
File Attributes : A
==================================================
==================================================
Process Name : wscntfy.exe
ProcessID : 3428
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2108)
Description : Windows Security Center Notification App
Company : Microsoft Corporation
Window Title :
File Size : 13,824
File Created Date : 17/06/1425 21:56:36
File Modified Date : 08/04/1429 16:00:07
Filename : C:\WINDOWS\system32\wscntfy.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:32:25
Visible Windows : 0
Hidden Windows : 2
User Name : MK-XP\Administrator
Mem Usage : 2668 K
Mem Usage Peak : 2672 K
Page Faults : 714
Pagefile Usage : 712 K
Pagefile Peak Usage : 716 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 540
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 03/10/1429 20:25:33
File Modified Date : 23/01/1429 22:24:25
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:32:39
Visible Windows : 0
Hidden Windows : 0
User Name : MK-XP\Administrator
Mem Usage : 2412 K
Mem Usage Peak : 2420 K
Page Faults : 686
Pagefile Usage : 716 K
Pagefile Peak Usage : 808 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3396
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 389,120
File Created Date : 17/06/1425 21:56:06
File Modified Date : 08/04/1429 15:59:48
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 03/10/1429 23:32:39
Visible Windows : 0
Hidden Windows : 1
User Name : MK-XP\Administrator
Mem Usage : 2928 K
Mem Usage Peak : 2992 K
Page Faults : 828
Pagefile Usage : 2104 K
Pagefile Peak Usage : 2172 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.execf
ProcessID : 1296
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 389,120
File Created Date : 03/10/1429 20:31:00
File Modified Date : 03/10/1429 20:32:40
Filename : C:\WINDOWS\system32\cmd.execf
Base Address : 0x4AD00000
Created On : 03/10/1429 23:32:41
Visible Windows : 0
Hidden Windows : 1
User Name : MK-XP\Administrator
Mem Usage : 1772 K
Mem Usage Peak : 1784 K
Page Faults : 486
Pagefile Usage : 1604 K
Pagefile Peak Usage : 1608 K
File Attributes : A
==================================================
==================================================
Process Name : NirCmd.cfexe
ProcessID : 1832
Priority : Normal
Product Name : NirCmd
Version : 2.10
Description : NirCmd
Company : NirSoft
Window Title :
File Size : 28,672
File Created Date : 03/10/1429 20:30:56
File Modified Date : 01/06/1421 05:00:00
Filename : C:\32788R22FWJFW\NirCmd.cfexe
Base Address : 0x00400000
Created On : 03/10/1429 23:32:44
Visible Windows : 0
Hidden Windows : 0
User Name : MK-XP\Administrator
Mem Usage : 2372 K
Mem Usage Peak : 2376 K
Page Faults : 613
Pagefile Usage : 872 K
Pagefile Peak Usage : 876 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1324
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2108)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 22/09/1429 21:28:02
File Modified Date : 08/04/1429 16:00:06
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 03/10/1429 23:32:44
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5704 K
Mem Usage Peak : 5704 K
Page Faults : 1463
Pagefile Usage : 2960 K
Pagefile Peak Usage : 2960 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 4084
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 03/10/1429 20:25:33
File Modified Date : 08/06/1426 04:46:34
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 03/10/1429 23:32:45
Visible Windows : 0
Hidden Windows : 0
User Name : MK-XP\Administrator
Mem Usage : 2456 K
Mem Usage Peak : 2484 K
Page Faults : 823
Pagefile Usage : 1044 K
Pagefile Peak Usage : 1080 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\userinit.exe
userinit.exe
userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.5512
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SWN2
C:\Program Files\Spyware Nuker\swnxt.exe /h
SpywareNuker XT
Trek Blue, Inc
4.08.0059.1815
c:\program files\spyware nuker\swnxt.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
7.00.0000.0125
c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MilShieldSlave
"C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" -logon
c:\program files\mil incorporated\mil shield\shieldworker.exe
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\ctfmon.exe
.
.
----------- End Report ---------------


-------------------------------التقرير من البرنامجComboFix 08-10-03.01-------------------------------------------
ComboFix 08-10-03.01 - Administrator 10/03/2008 23:38:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.724 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\??? ??????\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\ALOAudioFile2.dll
C:\WINDOWS\system32\ALOAVIFile.dll
C:\WINDOWS\system32\ALOQuickTimeFile.dll
C:\WINDOWS\system32\ALOVideoCoreM.dll
C:\WINDOWS\system32\ALOWMAFile2.dll
C:\WINDOWS\system32\kakle.dll
C:\WINDOWS\system32\winitn.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 20:40 2,223,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-03 20:36 67,645 ----a-w C:\WINDOWS\system32\drivers\pshook11.sys
2008-10-03 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-03 20:34 14,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-03 20:04 32,132 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-03 20:04 3,104 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-03 20:03 --------- d-----w C:\Program Files\Paltalk Messenger
2008-10-03 17:02 --------- d-----w C:\Program Files\Mil Incorporated
2008-10-03 17:00 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-10-03 12:56 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-10-03 12:55 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-10-03 12:55 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-10-03 12:20 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-03 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-03 11:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberScrub
2008-10-03 11:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\cleaner
2008-10-02 03:55 --------- d-----w C:\Program Files\LtUcx
2008-09-30 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-09-28 21:06 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-27 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\INAC
2008-09-27 00:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\INAC
2008-09-26 23:48 --------- d-----w C:\Program Files\Spyware Nuker
2008-09-26 23:48 --------- d-----w C:\Program Files\INAC
2008-09-26 01:00 --------- d-----w C:\Program Files\Folder Marker
2008-09-25 22:21 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-25 04:46 --------- d-----w C:\Program Files\TechSmith
2008-09-25 03:44 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-09-24 01:32 --------- d-----w C:\Program Files\Nero
2008-09-24 01:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-09-24 01:29 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-23 23:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-23 23:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ArcticLine
2008-09-23 23:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-09-23 23:32 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-23 23:31 --------- d-----w C:\Program Files\Common Files\Real
2008-09-23 22:35 --------- d-----w C:\Program Files\VS Revo Group
2008-09-23 22:27 --------- d-----w C:\Program Files\FastFolders
2008-09-23 22:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DeskSoft
2008-09-23 22:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Paltalk
2008-09-23 21:10 --------- d-----w C:\Program Files\Hotspot Shield
2008-09-23 21:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-09-23 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-09-23 20:55 98,304 ----a-w C:\WINDOWS\system32\viscomtran.dll
2008-09-23 20:54 90,112 ----a-w C:\WINDOWS\system32\ssvideo.dll
2008-09-23 20:54 344,064 ----a-w C:\WINDOWS\system32\dkll.dll
2008-09-23 20:54 196,608 ----a-w C:\WINDOWS\system32\maag.dll
2008-09-23 20:54 19,456 ----a-w C:\WINDOWS\system32\videocore.dll
2008-09-23 20:54 18,595,840 ----a-w C:\WINDOWS\system32\coredata.dll
2008-09-23 20:54 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
2008-09-23 20:54 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
2008-09-23 20:54 1,128,128 ----a-w C:\WINDOWS\system32\NMSDVDXU.dll
2008-09-23 20:54 --------- d-----w C:\Program Files\Ozone
2008-09-23 20:29 171,008 ----a-w C:\WINDOWS\system32\GeeKz_db.dll
2008-09-23 01:59 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-23 01:59 --------- d-----w C:\Program Files\Windows Live
2008-09-23 01:50 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-09-23 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-23 00:47 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-09-23 00:47 --------- d-----w C:\Program Files\mpegable
2008-09-22 23:08 --------- d-----w C:\Program Files\Alwil Software
2008-09-22 22:55 --------- d-----w C:\Program Files\Real
2008-09-22 22:53 --------- d-----w C:\Program Files\Mobily Connect Card
2008-09-22 22:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 22:48 --------- d-----w C:\Program Files\IVT Corporation
2008-09-22 22:47 --------- d-----w C:\Program Files\Thomson
2008-09-22 22:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-22 22:37 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-22 22:32 --------- d-----w C:\Program Files\CyberLink
2008-09-22 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-22 22:31 --------- d-----w C:\Program Files\Intel
2008-09-22 22:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-22 21:41 --------- d-----w C:\Program Files\Extension Changer
2008-09-22 21:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-22 21:39 --------- d-----w C:\Program Files\PowerMenu
2008-09-22 21:38 --------- d-----w C:\Program Files\Java
2008-09-22 21:38 --------- d-----w C:\Program Files\Common Files\Java
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
------- Sigcheck -------
06/23/2008 06:10 PM 664576 e8d6a238ff6a49ea3d70616334989646 C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
06/23/2008 05:54 PM 665088 201b198b2fcfa87849cb19e0ed53e22a C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
06/23/2008 06:38 PM 827904 bd4be2824bc805da1f29385519b865f9 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
01/04/2007 05:00 PM 663552 41571b5bb9579e3dfb0476603cee5a30 C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
06/23/2008 07:13 PM 665600 6d51ccbaa2000ab8ae57039b032f40cb C:\WINDOWS\ie7\wininet.dll
08/13/2007 06:54 PM 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
04/14/2008 06:59 PM 664576 699b4dbfba7d4201d67c521e5df0670d C:\WINDOWS\ServicePackFiles\i386\wininet.dll
06/23/2008 07:13 PM 665600 6d51ccbaa2000ab8ae57039b032f40cb C:\WINDOWS\SoftwareDistribution\Download\6f56b20d25c9413284cb9e4583b42aab\sp2qfe\wininet.dll
06/23/2008 06:10 PM 664576 e8d6a238ff6a49ea3d70616334989646 C:\WINDOWS\SoftwareDistribution\Download\6f56b20d25c9413284cb9e4583b42aab\sp3gdr\wininet.dll
06/23/2008 05:54 PM 665088 201b198b2fcfa87849cb19e0ed53e22a C:\WINDOWS\SoftwareDistribution\Download\6f56b20d25c9413284cb9e4583b42aab\sp3qfe\wininet.dll
04/14/2008 06:59 PM 664576 699b4dbfba7d4201d67c521e5df0670d C:\WINDOWS\SoftwareDistribution\Download\7d2cee6b1d58dd154a634d3211bdeac1\wininet.dll
06/23/2008 07:15 PM 826368 3f4bca25f29394995161e8e85d925c1a C:\WINDOWS\SoftwareDistribution\Download\8273d5a779352673538faffc55d9a88f\SP2GDR\wininet.dll
06/23/2008 06:38 PM 827904 bd4be2824bc805da1f29385519b865f9 C:\WINDOWS\SoftwareDistribution\Download\8273d5a779352673538faffc55d9a88f\SP2QFE\wininet.dll
06/23/2008 07:15 PM 826368 3f4bca25f29394995161e8e85d925c1a C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MilShieldSlave"="C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe" [10/03/2008 08:01 PM 741376]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SWN2"="C:\Program Files\Spyware Nuker\swnxt.exe" [06/09/2006 07:11 PM 4060160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.YV12"= yv12vfw.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 06/28/2007 12:51 PM 218376 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 04/14/2008 06:59 PM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 06/23/2003 05:34 AM 114688 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 06/23/2003 05:34 AM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 12/18/2002 02:20 PM 86016 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 01/26/2004 11:38 AM 866816 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
--a------ 06/09/2006 07:11 PM 4060160 C:\Program Files\Spyware Nuker\swnxt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 06/23/2003 05:35 AM 88267 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 06/20/2003 02:55 PM 55296 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM 24344]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [01/24/2008 12:25 AM 27136]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-VistaDrive - C:\WINDOWS\VistaDrive\VistaDrive.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sa/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O16 -: {6924091F-CD97-41E1-B1D4-D9079409D413} - hxxp://kotq8.digivoice.net/talk.cab
C:\WINDOWS\Downloaded Program Files\talk.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\imcv1.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-03 23:41:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/03/2008 23:42:08
ComboFix-quarantined-files.txt 2008-10-03 20:42:05
Pre-Run: 79,233,683,456 bytes free
Post-Run: 79,219,531,776 bytes free
207 --- E O F --- 2008-09-30 00:00:39
 
تأييد 0
الحمد الله حليت مشكلة (عند تشغيل الجهاز يفتح معها مجلد المستندات )

بس باقي هذه المشكلة اللى تطلع لى دائماً وهذه صورة للمشكلة

mr7land.com-123588b3ea.gif
 
تأييد 0
الساري قال:
الحمد الله حليت مشكلة (عند تشغيل الجهاز يفتح معها مجلد المستندات )

بس باقي هذه المشكلة اللى تطلع لى دائماً وهذه صورة للمشكلة

mr7land.com-123588b3ea.gif
أنقر للتوسيع...

متى تظهر هذه الرسالة ؟
 
تأييد 0
عند التصفح للمنتدي
 
تأييد 0
اخي احذف هذا البرنامج

Spyware Nuker

ثم اعد تشغيل الجهاز بالوضع الامن

واعمل الخطوات التالية

حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

000.png





001.png





002.png





003.png





004.png





005.png
أنقر للتوسيع...

ثم

نزل هذه الاداة واتبع الشرح التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


التوافق : ويندوز اكسبيفقط


شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة


002.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))
أنقر للتوسيع...

كلها بالوضع الامن استخدمها
 
تأييد 0
طبقتها كلها أخوي ماكس ،ونفس المشكلة،،،،
 
تأييد 0
التقرير تبع الاداة وينه اخوي
 
تأييد 0
تقصد تقرير هذه الإداء هذه (SmitfraudFix)
SmitFraudFix v2.356
Scan done at 22:36:46.72, Sat 10/04/2008
Run from C:\Documents and Settings\Administrator\«ل¥ ںéêè¢ \SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
تأييد 0
للرفع
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى