الريجستر أصبح لا يدخل أصلا ما بها regedit

أ

أمكروس أمبارش

زيزوومى فعال
إنضم
11 مارس 2008
المشاركات
267
مستوى التفاعل
1
النقاط
330
غير متصل
السلام عليكم
أريد حل الكثير من المشاكل في الجهاز ولكنها تنقاد الى الريجستر ولكن يا لا التعاسة ان الريجستر
مقفل أو مفيرس أو لا أدري ما به فكلما ادخلت الدالة regedit يخرج لي الرسالة التالية
رغم ان regedit موجود في ملف الوندوز
شكرا لكم
get-10-2008-yw0gev1e.jpg
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
 
التعديل الأخير بواسطة المشرف:
توقيع : LINEZERO
تأييد 0
طيب ترجم لنا الرسالة ^^ ماهي انجليزي
 
تأييد 0
نتيجة ممتاز بالبرنامج combofix
لقد أصبح الريجستر الآن يدخل وهذا هو التقرير وأرجوا أن تعلموني ما استخلصتم منه
وهذا هو التقرير
ComboFix 08-10-14.01 - Administrateur 2008-10-14 18:38:24.1 - NTFSx86
Running from: C:\Documents and Settings\Administrateur\Mes documents\Downloads\Programs\2.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\win19.pif
C:\win4.pif
C:\win6.pif
C:\win7.pif
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
2008-10-14 18:44 . 2008-10-14 18:44 <REP> d-------- C:\WINDOWS\system32\oobe
2008-10-13 23:25 . 2007-03-06 16:01 176 --a------ C:\WINDOWS\system32\drivers\RTHDAEQ3.dat
2008-10-13 23:25 . 2007-02-07 17:16 176 --a------ C:\WINDOWS\system32\drivers\RTHDAEQ2.dat
2008-10-13 23:25 . 2007-07-30 20:01 16 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.dat
2008-10-13 23:24 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-10-13 20:21 . 2008-10-13 20:21 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
2008-10-13 20:21 . 2006-09-12 22:00 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2008-10-13 20:20 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-13 19:42 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-10-13 19:39 . 2008-10-13 19:39 <REP> d-------- C:\Program Files\Yahoo!
2008-10-12 16:19 . 2008-10-12 16:19 <REP> d--h----- C:\BJPrinter
2008-10-12 16:19 . 2004-04-23 18:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6e.DLL
2008-10-12 16:19 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-12 16:19 . 2004-04-23 18:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6e.DLL
2008-10-11 22:26 . 2008-10-11 22:38 3,856 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-11 19:15 . 2008-10-11 19:15 268 --ah----- C:\sqmdata19.sqm
2008-10-11 19:15 . 2008-10-11 19:15 244 --ah----- C:\sqmnoopt19.sqm
2008-10-11 18:25 . 2008-10-11 18:25 268 --ah----- C:\sqmdata18.sqm
2008-10-11 18:25 . 2008-10-11 18:25 244 --ah----- C:\sqmnoopt18.sqm
2008-10-10 20:20 . 2008-10-10 20:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-10-10 19:54 . 2008-10-10 19:54 280 --ah----- C:\sqmdata17.sqm
2008-10-10 19:54 . 2008-10-10 19:54 244 --ah----- C:\sqmnoopt17.sqm
2008-10-10 19:52 . 2008-10-10 19:52 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.15
2008-10-10 19:27 . 2008-10-10 19:27 268 --ah----- C:\sqmdata16.sqm
2008-10-10 19:27 . 2008-10-10 19:27 244 --ah----- C:\sqmnoopt16.sqm
2008-10-09 22:24 . 2008-10-09 22:24 268 --ah----- C:\sqmdata15.sqm
2008-10-09 22:24 . 2008-10-09 22:24 244 --ah----- C:\sqmnoopt15.sqm
2008-10-09 17:46 . 2008-10-09 17:46 268 --ah----- C:\sqmdata14.sqm
2008-10-09 17:46 . 2008-10-09 17:46 244 --ah----- C:\sqmnoopt14.sqm
2008-10-09 05:47 . 2008-10-14 09:10 268 --ah----- C:\sqmdata13.sqm
2008-10-09 05:47 . 2008-10-14 09:10 244 --ah----- C:\sqmnoopt13.sqm
2008-10-08 19:15 . 2008-10-14 01:38 268 --ah----- C:\sqmdata12.sqm
2008-10-08 19:15 . 2008-10-14 01:38 244 --ah----- C:\sqmnoopt12.sqm
2008-10-08 19:00 . 2008-10-13 23:26 268 --ah----- C:\sqmdata11.sqm
2008-10-08 19:00 . 2008-10-13 23:26 244 --ah----- C:\sqmnoopt11.sqm
2008-10-06 20:35 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-10-06 20:34 . 2008-10-13 23:24 <REP> d-------- C:\Program Files\Realtek
2008-10-06 20:34 . 2007-07-26 17:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll
2008-10-06 20:30 . 2008-10-06 20:30 0 --a------ C:\WINDOWS\CeEKey.INI
2008-10-06 20:25 . 2007-08-10 15:21 16,384,000 --a------ C:\WINDOWS\RTHDCPL.exe
2008-10-06 20:25 . 2007-03-23 19:19 9,715,200 --a------ C:\WINDOWS\RTLCPL.exe
2008-10-06 20:25 . 2007-08-10 13:52 4,603,904 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-10-06 20:25 . 2006-05-04 16:26 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe
2008-10-06 20:25 . 2007-06-28 16:44 2,165,760 --a------ C:\WINDOWS\MicCal.exe
2008-10-06 20:25 . 2007-08-03 13:22 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2008-10-06 20:25 . 2007-07-26 18:06 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-10-06 20:25 . 2005-09-21 10:25 299,008 --a------ C:\WINDOWS\system32\ALSndMgr.cpl
2008-10-06 20:25 . 2006-08-18 06:58 282,624 --a------ C:\WINDOWS\system32\RTSndMgr.cpl
2008-10-06 20:25 . 2006-07-21 16:14 86,016 --a------ C:\WINDOWS\SoundMan.exe
2008-10-06 19:51 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-10-06 15:54 . 2008-10-06 15:54 <REP> d-------- C:\Program Files\Trapcode
2008-10-06 15:54 . 2008-10-06 15:54 36,868 --a------ C:\Program Files\uninst-shine.exe
2008-10-06 15:47 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-10-06 15:47 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-05 17:48 . 2008-10-05 17:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2008-10-04 13:55 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-10-01 21:46 . 2008-10-01 21:46 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-10-01 21:29 . 2008-10-01 21:29 <REP> d-------- C:\Program Files\Bonjour
2008-10-01 21:22 . 2008-10-01 21:22 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 11:43 . 2008-10-01 11:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
2008-10-01 11:38 . 2008-10-01 11:39 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
2008-10-01 11:37 . 2008-10-01 11:37 <REP> d-------- C:\Program Files\Corel
2008-10-01 11:37 . 2008-10-01 11:38 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2008-10-01 11:36 . 2008-10-01 11:36 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-01 02:44 . 2004-03-17 16:05 134,144 --------- C:\WINDOWS\system32\dllcache\Mssap.dll
2008-10-01 02:44 . 2004-08-12 17:45 61,952 --------- C:\WINDOWS\system32\Hdaudpropshortcut.exe
2008-10-01 02:44 . 2004-08-12 17:45 24,064 --------- C:\WINDOWS\system32\Hdaudprop.dll
2008-10-01 02:44 . 2004-08-12 17:45 5,120 --------- C:\WINDOWS\system32\Hdaudpropres.dll
2008-10-01 00:23 . 2008-10-13 23:21 268 --ah----- C:\sqmdata10.sqm
2008-10-01 00:23 . 2008-10-13 23:21 244 --ah----- C:\sqmnoopt10.sqm
2008-09-30 23:57 . 2007-08-01 09:24 2,364 --a------ C:\WINDOWS\system32\Add Licence To Your Windows.reg
2008-09-30 20:54 . 2008-10-13 14:58 268 --ah----- C:\sqmdata09.sqm
2008-09-30 20:54 . 2008-10-13 14:58 244 --ah----- C:\sqmnoopt09.sqm
2008-09-30 19:29 . 2008-09-30 19:29 <REP> d-------- C:\Zyzoom_RFA_Platinum
2008-09-30 19:29 . 2008-09-30 19:29 <REP> d-------- C:\Documents and Settings\All Users.WIN2
2008-09-30 18:19 . 2008-09-30 18:19 <REP> d-------- C:\Program Files\Trend Micro
2008-09-30 17:57 . 2008-10-13 10:42 268 --ah----- C:\sqmdata08.sqm
2008-09-30 17:57 . 2008-10-13 10:42 244 --ah----- C:\sqmnoopt08.sqm
2008-09-30 14:46 . 2008-10-13 09:09 268 --ah----- C:\sqmdata07.sqm
2008-09-30 14:46 . 2008-10-13 09:09 244 --ah----- C:\sqmnoopt07.sqm
2008-09-30 13:52 . 2008-10-13 06:35 268 --ah----- C:\sqmdata06.sqm
2008-09-30 13:52 . 2008-10-13 06:35 244 --ah----- C:\sqmnoopt06.sqm
2008-09-30 02:58 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-09-30 02:25 . 2008-09-30 02:25 <REP> d-------- C:\Program Files\ESET
2008-09-30 02:25 . 2008-09-30 02:25 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-09-30 01:57 . 2008-10-14 18:45 <REP> d--h----- C:\Documents and Settings\Administrateur\Contacts
2008-09-30 01:48 . 2008-09-30 01:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-09-30 01:47 . 2008-09-30 01:47 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-09-30 01:46 . 2008-10-06 15:49 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-09-29 14:49 . 2007-11-16 14:51 <REP> d-------- C:\Program Files\VIPhd
2008-09-29 14:32 . 2008-09-29 14:32 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-09-29 14:28 . 2008-10-12 23:57 268 --ah----- C:\sqmdata05.sqm
2008-09-29 14:28 . 2008-10-12 23:57 244 --ah----- C:\sqmnoopt05.sqm
2008-09-29 14:27 . 2008-09-29 14:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberScrub
2008-09-29 14:27 . 2008-09-29 14:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\cleaner
2008-09-29 10:05 . 2008-10-12 21:42 268 --ah----- C:\sqmdata04.sqm
2008-09-29 10:05 . 2008-10-12 21:42 244 --ah----- C:\sqmnoopt04.sqm
2008-09-29 00:59 . 2008-09-29 00:59 <REP> d--h----- C:\WINDOWS\PIF
2008-09-28 22:10 . 2008-10-14 18:41 13,030 --a------ C:\PDOXUSRS.NET
2008-09-28 19:56 . 2008-10-14 16:02 <REP> d-------- C:\WINDOWS\system32\CatRoot2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 16:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DMCache
2008-10-14 16:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-10-13 08:25 --------- d-----w C:\Program Files\Kelk 2000
2008-09-30 17:21 --------- d-----w C:\Program Files\Total Video Converter
2008-09-30 01:07 --------- d-----w C:\Program Files\Paint.NET
2008-09-29 23:40 --------- d-----w C:\Program Files\Internet Download Manager
2008-09-19 09:49 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-18 11:27 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-08-18 11:19 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 11:18 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-07-22 10:16 9,216 ----a-r C:\WINDOWS\system32\agrsmsvc.exe
2008-07-22 10:16 50,752 ----a-r C:\WINDOWS\agrsmdel.exe
2008-07-22 10:16 13,312 ----a-r C:\WINDOWS\system32\agrscoin.dll
2006-12-12 09:13 32,768 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\EBLib.dll
2006-07-28 14:25 19,456 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\LPCFilter.sys
.
------- Sigcheck -------
2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe
2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\drivers\ndis.sys
2007-02-28 18:08 2437632 61381c1b4c0374569fbbf20ff9be199c C:\WINDOWS\system32\ntkrnlpa.exe
2007-12-18 04:04 2479872 37cf5612cd0b972a6a9e5a1ec4219e47 C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\ntkrnlpa.exe
2007-02-28 18:08 2557952 58228e929147d49965b884070e29381b C:\WINDOWS\system32\ntoskrnl.exe
2007-12-18 04:04 2347392 c23532a465a0b2ea4fc35b494bff5524 C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\ntoskrnl.exe
2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
2007-12-18 04:04 25088 43836cffabac8d6779e8ee55e308df2c C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"Stickies"="C:\Program Files\Bret Taylor\Stickies\\Stickies.exe" [2007-03-14 335872]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-21 2594224]
"DesktopIconToy"="C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe" [2008-03-01 430080]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-18 25088]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2007-12-18 36864]
"Vistadrv"="C:\Program Files\VIPhd\vsdrv.exe" [2006-07-30 121089]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200]
"rfagent"="C:\Zyzoom_RFA_Platinum\rfagent.exe" [2007-06-12 617088]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-08-28 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-08-28 455168]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2003-11-10 385024]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2007-08-28 59392]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2007-08-28 208952]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-07-22 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-07-22 162584]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2007-12-18 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="C:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 12451]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" [2007-12-18 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Monitor.lnk - C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2004-09-27 69632]
RocketDock.exe [2007-09-02 495616]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoClose"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 76208]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 208688]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 210224]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
*Newly Created Service* - HELPSVC
.
s of the 'Scheduled Tasks' folder
2008-10-14 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-SystemInit - (no file)
HKLM-Run-startIE - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-Karen - (no file)
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\bqceyn69.default\
.
.
------- File Associations -------
.
vbefile\shell\edit\command=C:\WINDOWS\Notepad.exe %1
vbsfile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-10-14 18:45:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc24.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Windows\System32\VttHooks.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Bret Taylor\Stickies\Stickies.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-10-14 18:54:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 16:54:06
Pre-Run: 29 414 072 320 octets libres
Post-Run: 29,989,322,752 octets libres
293


وهذا تقرير الهيجكان
وأتمنى أن تعلموني بالمستخلصات منه أيضا
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:16, on 14/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\styler\Styler.exe
C:\Zyzoom_RFA_Platinum\rfagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Bret Taylor\Stickies\Stickies.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VIPhd\vsdrv.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [rfagent] "C:\Zyzoom_RFA_Platinum\rfagent.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\\Stickies.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: RocketDock.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE828C56-D6CC-40AD-8042-EF347B52E439}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10881 bytes


على فكرة الصوت عندي في الجهاز لا يعمل ولربما دل التقريرين على فيروس مشبث او أي شيئ
 
تأييد 0
احذف هذه القيم


O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')

O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL

O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE828C56-D6CC-40AD-8042-EF347B52E439}: NameServer =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe




طريقة الحذف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



mg%20%284%29.png


=================================​

استخدم هذه الاداة للتنظيف
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


wh_15149054.png



والحمد لله كان عندك فيروسات وانحذفوا
بالنسبة للصوت
اضغط بالزر الايمن على جهاز الكمبيوتر واختار ادارة
بعدها اذهب الى ادارة الاجهزة واعمل لنا صورة
 
توقيع : فارس الملاك
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى