- بادئ الموضوع جهينة
- تاريخ البدء
- 1,198
للرفع
وانا عندي وندوز فيستا
وحاولت احذف من الرجستري بعد دخولي بسيف مود وبامستريتر ونفس الشئ يرفض التثبيت وتظهر هالرسالة
ارجو الحل اريد تثبيت كاسبر وعاجز
هذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:20 PM, on 12/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\Documents\الملفّات المحمّلة\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: Filseclab Messenger.lnk = ?
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0C683C54-C79F-4830-AE11-83CC62B34018} (StreamerX Control) - file:///G:/Streamer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\scannerd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 5581 bytes
وانا عندي وندوز فيستا
وحاولت احذف من الرجستري بعد دخولي بسيف مود وبامستريتر ونفس الشئ يرفض التثبيت وتظهر هالرسالة
ارجو الحل اريد تثبيت كاسبر وعاجز
هذا التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:20 PM, on 12/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\Documents\الملفّات المحمّلة\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: Filseclab Messenger.lnk = ?
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0C683C54-C79F-4830-AE11-83CC62B34018} (StreamerX Control) - file:///G:/Streamer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\scannerd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 5581 bytes
تأييد
0
الديبلوماسي
زيزوومى فضى
غير متصل
جهينه :
من وين حملتي الرابط ؟؟
وبأي برنامج ؟؟
من وين حملتي الرابط ؟؟
وبأي برنامج ؟؟
توقيع : الديبلوماسي
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
(1)
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
التعديل الأخير بواسطة المشرف:
توقيع : فارس الملاك
تأييد
0
انا حملت من المنتدى اكثر من رابط وجربته على اجهزة اخرى واشتغل
هذا بعد ما طبقت ما كتبت
هذا بالبرنامج الاول
ComboFix 08-12-01.03 - famo 2008-12-03 12:41:31.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1256.966.1025.18.1473 [GMT 3:00]
Running from: c:\users\famo\Documents\الملفّات المحمّلة\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-02 22:39 . 2008-12-02 22:39 <DIR> d-------- c:\program files\ESET
2008-12-02 21:46 . 2008-12-02 21:46 <DIR> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-12-02 21:36 . 2008-12-02 21:37 197,474,974 --a------ c:\windows\MEMORY.DMP
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Videos
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Searches
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Saved Games
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Pictures
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Music
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Links
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Downloads
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Documents
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Contacts
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> d--h----- c:\users\Administrator\AppData
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> d-------- c:\users\Administrator
2008-12-02 20:32 . 2008-12-02 20:32 <DIR> d-------- c:\program files\Filseclab
2008-12-02 20:32 . 2008-12-03 12:26 <DIR> d-------- c:\program files\Common Files\Filseclab
2008-12-02 20:16 . 2008-12-03 12:17 <DIR> d-------- c:\program files\WebZIP 7
2008-12-02 19:00 . 2008-12-03 12:17 <DIR> d-------- c:\program files\PhotoPerfect Express
2008-12-02 16:06 . 2008-12-02 16:06 <DIR> d-------- c:\program files\Alcohol Soft
2008-12-02 16:03 . 2008-12-02 16:03 685,816 --a------ c:\windows\System32\drivers\sptd.sys
2008-12-02 13:40 . 2008-12-02 13:51 <DIR> d-------- c:\users\All Users\Vso
2008-12-02 13:40 . 2008-12-02 13:51 <DIR> d-------- c:\progra~2\Vso
2008-12-02 13:40 . 2008-12-02 13:40 94,208 --a------ c:\windows\System32\drivers\ezplay.sys
2008-12-02 13:40 . 2008-12-02 18:48 94,208 --a------ c:\users\famo\AppData\Roaming\ezplay.sys
2008-12-02 13:39 . 2008-12-02 18:48 <DIR> d-------- c:\users\famo\AppData\Roaming\Vso
2008-12-02 13:39 . 2008-12-03 12:17 <DIR> d-------- c:\program files\VSO
2008-12-02 13:39 . 2008-12-02 13:39 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-12-02 13:39 . 2008-12-02 13:39 47,360 --a------ c:\users\famo\AppData\Roaming\pcouffin.sys
2008-12-02 12:47 . 2008-12-02 12:47 <DIR> d-------- c:\users\famo\AppData\Roaming\Ashampoo
2008-12-02 12:47 . 2008-12-02 12:47 <DIR> d-------- c:\users\All Users\ashampoo
2008-12-02 12:47 . 2008-12-02 12:47 <DIR> d-------- c:\program files\Ashampoo
2008-12-02 12:47 . 2008-12-02 12:47 <DIR> d-------- c:\progra~2\ashampoo
2008-12-02 12:05 . 2008-12-02 12:05 <DIR> d-------- c:\users\famo\حُكم القراءة بالمقامات الشيخ إبن باز رحمهُ الله - منتديات همة المسلم_files
2008-12-02 06:39 . 2008-12-02 06:39 <DIR> d-------- c:\program files\SlySoft
2008-12-02 06:39 . 2008-12-02 07:01 24 ---hs---- c:\windows\SC6D2B9FA.tmp
2008-11-29 23:02 . 2008-11-29 23:02 <DIR> d-------- c:\users\famo\AppData\Roaming\SlipStream
2008-11-29 23:02 . 2008-11-29 23:02 <DIR> d-------- c:\users\famo\AppData\Roaming\ONSPEED_TOOLBAR
2008-11-29 22:54 . 2008-11-29 22:54 <DIR> d-------- c:\program files\mFaraj DB viewer2.5
2008-11-29 22:54 . 2008-11-29 22:54 193,024 --------- c:\windows\Setup1.exe
2008-11-29 22:54 . 2008-11-29 22:54 73,216 --a------ c:\windows\ST6UNST.EXE
2008-11-29 21:33 . 2008-11-29 21:33 <DIR> d-------- C:\عروض تقديمية من مركز إشراف الشمال
2008-11-26 21:27 . 2008-11-26 21:27 1,114 --a------ C:\newcamd.conf
2008-11-18 20:08 . 2008-11-29 23:03 <DIR> d-------- c:\program files\ONSPEED
2008-11-13 13:31 . 2008-11-13 13:31 <DIR> d-------- c:\users\famo\وسائل تعليميه
2008-11-06 12:19 . 2008-11-06 12:19 <DIR> d-------- c:\users\famo\مركز الإشراف التربوي بشرق مكة_files
2008-11-03 06:27 . 2008-10-02 04:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-11-03 06:27 . 2008-10-02 06:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-11-03 06:27 . 2008-08-12 06:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-03 06:27 . 2008-06-26 06:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 09:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 09:26 --------- d---a-w c:\progra~2\TEMP
2008-12-03 09:17 --------- d-----w c:\program files\XnView
2008-12-03 09:17 --------- d-----w c:\program files\Real_SC
2008-12-03 09:17 --------- d-----w c:\program files\Power Sound Editor Free
2008-11-26 22:10 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-26 22:10 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-26 22:10 223,615,008 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-26 22:10 2,623,652 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-26 21:50 --------- d-----w c:\program files\COMODO
2008-11-14 18:48 --------- d-----w c:\program files\Windows Mail
2008-11-04 09:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-04 04:24 --------- d-----w c:\program files\NortonInstaller
2008-11-04 04:19 --------- d-----w c:\progra~2\Norton
2008-11-04 04:13 --------- d-----w c:\progra~2\NortonInstaller
2008-11-04 04:08 --------- d-----w c:\progra~2\Microsoft Help
2008-11-02 17:54 --------- d-----w c:\progra~2\PC Drivers Headquarters
2008-10-30 22:13 --------- d-----w c:\program files\Real
2008-10-30 22:13 --------- d-----w c:\program files\Common Files\xing shared
2008-10-30 22:13 --------- d-----w c:\program files\Common Files\Real
2008-10-28 04:12 --------- d-----w c:\users\famo\AppData\Roaming\Thinstall
2008-10-27 11:19 --------- d-----w c:\program files\Foxit Software
2008-10-27 11:00 --------- d-----w c:\progra~2\Avira
2008-10-25 19:09 --------- d-----w c:\program files\Common Files\Cisco Systems
2008-10-25 12:15 --------- d-----w c:\program files\IEPro
2008-10-25 12:04 --------- d-----w c:\program files\AmiBroker
2008-10-25 12:04 --------- d-----w c:\program files\All Audio Recorder
2008-10-25 11:22 --------- d-----w c:\users\famo\AppData\Roaming\Systweak
2008-10-24 20:47 --------- d-----w c:\program files\NoAdware5.0
2008-10-24 19:28 --------- d-----w c:\progra~2\iolo
2008-10-24 19:20 --------- d-----w c:\users\famo\AppData\Roaming\iolo
2008-10-24 19:08 --------- d-----w c:\program files\iolo
2008-10-24 13:28 --------- d-----w c:\progra~2\Lavasoft
2008-10-24 13:27 --------- d-----w c:\program files\Lavasoft
2008-10-24 13:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-14 05:14 --------- d-----w c:\users\famo\AppData\Roaming\Orbit
2008-10-13 19:38 720,896 ----a-w c:\windows\iun6002.exe
2008-10-13 19:38 --------- d-----w c:\program files\Abadisoft
2008-10-12 11:50 --------- d-----w c:\program files\Common Files\delet
2008-10-09 15:39 --------- d-----w c:\program files\Microsoft Works
2008-09-30 13:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 05:07 19,480 ----a-w c:\windows\System32\MFEOtlk.dll
2008-09-14 16:20 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-09-10 20:23 10,488 ----a-w c:\windows\System32\crcnat.exe
2008-09-07 20:42 143,104 ----a-w c:\windows\System32\guard32.dll
2008-09-07 14:40 174 --sha-w c:\program files\desktop.ini
2008-09-07 14:17 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-07 14:17 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-06 02:46 47,104 ------w c:\windows\AKDeInstall.exe
2008-08-29 23:45 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-08-29 23:45 56 ---ha-w c:\progra~2\ezsidmv.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-09-08 1122816]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GW Port Controller]
--a------ 2004-02-09 14:03 163840 c:\progra~1\Samsung\SmarThru\Portctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-31 01:12 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-625930781-473031330-1227517771-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A095635E-3C31-4ECA-9494-C2DA430CC200}"= Disabled:UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{8A1A5DFE-64AD-408A-8280-4BC5A89CDA41}"= Disabled:TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{27974BD3-7060-490C-A14F-4583C1722558}"= Disabled:UDP:c:\program files\Norton AntiVirus\Engine\16.0.0.125\uiStub.exe:Norton AntiVirus
"{1ED9592B-4E30-4D44-BD6B-7763DFA0F7D1}"= Disabled:TCP:c:\program files\Norton AntiVirus\Engine\16.0.0.125\uiStub.exe:Norton AntiVirus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-09-07 85008]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-09-07 25104]
R1 ElRawDisk;ElRawDisk;\??\c:\windows\system32\drivers\elrawdsk.sys [2008-10-24 12800]
R2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [2008-09-02 57344]
R2 RsVScanner;Rising Vista Scanner;c:\program files\Rising\Rav\scannerd.exe [2008-09-16 174704]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2008-08-27 35824]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2008-07-19 215040]
S3 USBSER34;USBSER34;c:\windows\system32\Drivers\USBSER34.SYS [2008-08-26 37456]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Streamer.ocx - O16 -: {0C683C54-C79F-4830-AE11-83CC62B34018}
file:///G:/Streamer.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-12-03 12:44:26
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-03 12:46:22
ComboFix-quarantined-files.txt 2008-12-03 09:46:16
ComboFix2.txt 2008-12-03 09:34:05
ComboFix3.txt 2008-09-13 15:18:49
Pre-Run: 107,444,613,120 bytes free
Post-Run: 107,413,725,184 bytes free
194 --- E O F --- 2008-11-17 10:24:05
-----------------------------------------------------------------------
هذا بالبرنامج الثاني:u:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:50 PM, on 12/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\mobsync.exe
C:\Users\famo\Documents\الملفّات المحمّلة\Zyzoom_HijackThis.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0C683C54-C79F-4830-AE11-83CC62B34018} (StreamerX Control) - file:///G:/Streamer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\scannerd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 5350 bytes
هذا بعد ما طبقت ما كتبت
هذا بالبرنامج الاول
ComboFix 08-12-01.03 - famo 2008-12-03 12:41:31.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1256.966.1025.18.1473 [GMT 3:00]
Running from: c:\users\famo\Documents\الملفّات المحمّلة\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-02 22:39 . 2008-12-02 22:39 <DIR> d-------- c:\program files\ESET
2008-12-02 21:46 . 2008-12-02 21:46 <DIR> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-12-02 21:36 . 2008-12-02 21:37 197,474,974 --a------ c:\windows\MEMORY.DMP
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Videos
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Searches
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Saved Games
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Pictures
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Music
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Links
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Downloads
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Documents
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> dr------- c:\users\Administrator\Contacts
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> d--h----- c:\users\Administrator\AppData
2008-12-02 21:07 . 2008-12-02 21:07 <DIR> d-------- c:\users\Administrator
2008-12-02 20:32 . 2008-12-02 20:32 <DIR> d-------- c:\program files\Filseclab
2008-12-02 20:32 . 2008-12-03 12:26 <DIR> d-------- c:\program files\Common Files\Filseclab
2008-12-02 20:16 . 2008-12-03 12:17 <DIR> d-------- c:\program files\WebZIP 7
2008-12-02 19:00 . 2008-12-03 12:17 <DIR> d-------- c:\program files\PhotoPerfect Express
2008-12-02 16:06 . 2008-12-02 16:06 <DIR> d-------- c:\program files\Alcohol Soft
2008-12-02 16:03 . 2008-12-02 16:03 685,816 --a------ c:\windows\System32\drivers\sptd.sys
2008-12-02 13:40 . 2008-12-02 13:51 <DIR> d-------- c:\users\All Users\Vso
2008-12-02 13:40 . 2008-12-02 13:51 <DIR> d-------- c:\progra~2\Vso
2008-12-02 13:40 . 2008-12-02 13:40 94,208 --a------ c:\windows\System32\drivers\ezplay.sys
2008-12-02 13:40 . 2008-12-02 18:48 94,208 --a------ c:\users\famo\AppData\Roaming\ezplay.sys
2008-12-02 13:39 . 2008-12-02 18:48 <DIR> d-------- c:\users\famo\AppData\Roaming\Vso
2008-12-02 13:39 . 2008-12-03 12:17 <DIR> d-------- c:\program files\VSO
2008-12-02 13:39 . 2008-12-02 13:39 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-12-02 13:39 . 2008-12-02 13:39 47,360 --a------ c:\users\famo\AppData\Roaming\pcouffin.sys
2008-12-02 12:47 . 2008-12-02 12:47 <DIR> d-------- c:\users\famo\AppData\Roaming\Ashampoo
2008-12-02 12:47 . 2008-12-02 12:47 <DIR> d-------- c:\users\All Users\ashampoo
2008-12-02 12:47 . 2008-12-02 12:47 <DIR> d-------- c:\program files\Ashampoo
2008-12-02 12:47 . 2008-12-02 12:47 <DIR> d-------- c:\progra~2\ashampoo
2008-12-02 12:05 . 2008-12-02 12:05 <DIR> d-------- c:\users\famo\حُكم القراءة بالمقامات الشيخ إبن باز رحمهُ الله - منتديات همة المسلم_files
2008-12-02 06:39 . 2008-12-02 06:39 <DIR> d-------- c:\program files\SlySoft
2008-12-02 06:39 . 2008-12-02 07:01 24 ---hs---- c:\windows\SC6D2B9FA.tmp
2008-11-29 23:02 . 2008-11-29 23:02 <DIR> d-------- c:\users\famo\AppData\Roaming\SlipStream
2008-11-29 23:02 . 2008-11-29 23:02 <DIR> d-------- c:\users\famo\AppData\Roaming\ONSPEED_TOOLBAR
2008-11-29 22:54 . 2008-11-29 22:54 <DIR> d-------- c:\program files\mFaraj DB viewer2.5
2008-11-29 22:54 . 2008-11-29 22:54 193,024 --------- c:\windows\Setup1.exe
2008-11-29 22:54 . 2008-11-29 22:54 73,216 --a------ c:\windows\ST6UNST.EXE
2008-11-29 21:33 . 2008-11-29 21:33 <DIR> d-------- C:\عروض تقديمية من مركز إشراف الشمال
2008-11-26 21:27 . 2008-11-26 21:27 1,114 --a------ C:\newcamd.conf
2008-11-18 20:08 . 2008-11-29 23:03 <DIR> d-------- c:\program files\ONSPEED
2008-11-13 13:31 . 2008-11-13 13:31 <DIR> d-------- c:\users\famo\وسائل تعليميه
2008-11-06 12:19 . 2008-11-06 12:19 <DIR> d-------- c:\users\famo\مركز الإشراف التربوي بشرق مكة_files
2008-11-03 06:27 . 2008-10-02 04:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-11-03 06:27 . 2008-10-02 06:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-11-03 06:27 . 2008-08-12 06:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-03 06:27 . 2008-06-26 06:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 09:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 09:26 --------- d---a-w c:\progra~2\TEMP
2008-12-03 09:17 --------- d-----w c:\program files\XnView
2008-12-03 09:17 --------- d-----w c:\program files\Real_SC
2008-12-03 09:17 --------- d-----w c:\program files\Power Sound Editor Free
2008-11-26 22:10 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-26 22:10 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-26 22:10 223,615,008 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-26 22:10 2,623,652 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-26 21:50 --------- d-----w c:\program files\COMODO
2008-11-14 18:48 --------- d-----w c:\program files\Windows Mail
2008-11-04 09:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-04 04:24 --------- d-----w c:\program files\NortonInstaller
2008-11-04 04:19 --------- d-----w c:\progra~2\Norton
2008-11-04 04:13 --------- d-----w c:\progra~2\NortonInstaller
2008-11-04 04:08 --------- d-----w c:\progra~2\Microsoft Help
2008-11-02 17:54 --------- d-----w c:\progra~2\PC Drivers Headquarters
2008-10-30 22:13 --------- d-----w c:\program files\Real
2008-10-30 22:13 --------- d-----w c:\program files\Common Files\xing shared
2008-10-30 22:13 --------- d-----w c:\program files\Common Files\Real
2008-10-28 04:12 --------- d-----w c:\users\famo\AppData\Roaming\Thinstall
2008-10-27 11:19 --------- d-----w c:\program files\Foxit Software
2008-10-27 11:00 --------- d-----w c:\progra~2\Avira
2008-10-25 19:09 --------- d-----w c:\program files\Common Files\Cisco Systems
2008-10-25 12:15 --------- d-----w c:\program files\IEPro
2008-10-25 12:04 --------- d-----w c:\program files\AmiBroker
2008-10-25 12:04 --------- d-----w c:\program files\All Audio Recorder
2008-10-25 11:22 --------- d-----w c:\users\famo\AppData\Roaming\Systweak
2008-10-24 20:47 --------- d-----w c:\program files\NoAdware5.0
2008-10-24 19:28 --------- d-----w c:\progra~2\iolo
2008-10-24 19:20 --------- d-----w c:\users\famo\AppData\Roaming\iolo
2008-10-24 19:08 --------- d-----w c:\program files\iolo
2008-10-24 13:28 --------- d-----w c:\progra~2\Lavasoft
2008-10-24 13:27 --------- d-----w c:\program files\Lavasoft
2008-10-24 13:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-14 05:14 --------- d-----w c:\users\famo\AppData\Roaming\Orbit
2008-10-13 19:38 720,896 ----a-w c:\windows\iun6002.exe
2008-10-13 19:38 --------- d-----w c:\program files\Abadisoft
2008-10-12 11:50 --------- d-----w c:\program files\Common Files\delet
2008-10-09 15:39 --------- d-----w c:\program files\Microsoft Works
2008-09-30 13:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 05:07 19,480 ----a-w c:\windows\System32\MFEOtlk.dll
2008-09-14 16:20 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-09-10 20:23 10,488 ----a-w c:\windows\System32\crcnat.exe
2008-09-07 20:42 143,104 ----a-w c:\windows\System32\guard32.dll
2008-09-07 14:40 174 --sha-w c:\program files\desktop.ini
2008-09-07 14:17 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-07 14:17 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-06 02:46 47,104 ------w c:\windows\AKDeInstall.exe
2008-08-29 23:45 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-08-29 23:45 56 ---ha-w c:\progra~2\ezsidmv.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-09-08 1122816]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GW Port Controller]
--a------ 2004-02-09 14:03 163840 c:\progra~1\Samsung\SmarThru\Portctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-31 01:12 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-625930781-473031330-1227517771-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A095635E-3C31-4ECA-9494-C2DA430CC200}"= Disabled:UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{8A1A5DFE-64AD-408A-8280-4BC5A89CDA41}"= Disabled:TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{27974BD3-7060-490C-A14F-4583C1722558}"= Disabled:UDP:c:\program files\Norton AntiVirus\Engine\16.0.0.125\uiStub.exe:Norton AntiVirus
"{1ED9592B-4E30-4D44-BD6B-7763DFA0F7D1}"= Disabled:TCP:c:\program files\Norton AntiVirus\Engine\16.0.0.125\uiStub.exe:Norton AntiVirus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-09-07 85008]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-09-07 25104]
R1 ElRawDisk;ElRawDisk;\??\c:\windows\system32\drivers\elrawdsk.sys [2008-10-24 12800]
R2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [2008-09-02 57344]
R2 RsVScanner;Rising Vista Scanner;c:\program files\Rising\Rav\scannerd.exe [2008-09-16 174704]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe []
S3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2008-08-27 35824]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2008-07-19 215040]
S3 USBSER34;USBSER34;c:\windows\system32\Drivers\USBSER34.SYS [2008-08-26 37456]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Streamer.ocx - O16 -: {0C683C54-C79F-4830-AE11-83CC62B34018}
file:///G:/Streamer.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-12-03 12:44:26
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-03 12:46:22
ComboFix-quarantined-files.txt 2008-12-03 09:46:16
ComboFix2.txt 2008-12-03 09:34:05
ComboFix3.txt 2008-09-13 15:18:49
Pre-Run: 107,444,613,120 bytes free
Post-Run: 107,413,725,184 bytes free
194 --- E O F --- 2008-11-17 10:24:05
-----------------------------------------------------------------------
هذا بالبرنامج الثاني:u:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:50 PM, on 12/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\mobsync.exe
C:\Users\famo\Documents\الملفّات المحمّلة\Zyzoom_HijackThis.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\famo\AppData\Local\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ???C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ??&?C? ??? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: E?E - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0C683C54-C79F-4830-AE11-83CC62B34018} (StreamerX Control) - file:///G:/Streamer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\scannerd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 5350 bytes
تأييد
0
فارس الملاك
زيزوومى محترف
غير متصل
احذفي هذه القيم
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O16 - DPF: {0C683C54-C79F-4830-AE11-83CC62B34018} (StreamerX Control) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\scannerd.exe
طريقة الحذف
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
=================================
توقيع : فارس الملاك
تأييد
0
