|
|
أهلا وسهلا بكـ يا غير مسجل | ||
منتديات الأمل على الفيسبوك
|
باب التسجيل مغلق حاليا في منتديات الأمل
|
منتديات الأمل على تويتر
|
تابع منتديات الأمل |
قسم الطلبات وحلول مشاكل الحاسوب إذا ما احتجت أي برنامج، أو شرحا لبرنامج ما، أو صادفك أي مشكل في حاسوبك، فاكتب طلبك هنا ولن تخذل إن شاء الله. |
|
أدوات الموضوع | انواع عرض الموضوع |
19-04-2009, 13:15 | #11 | ||||
|
المشكلة العظماء والذي جعلني اشعر بالقهر الشديد ان الجهاز جديد لم يكمل الا سبوع فقط التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
19-04-2009, 13:27 | #12 | ||||
|
لا تقلقي أختي فإن شاء الله كل شيء سيتم إصلاحه.. التوقيع
|
||||
19-04-2009, 14:15 | #13 | ||||
|
هذا تقرير اداة HijackThis كود:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:12:44 م, on 19/04/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATK Hotkey\HControl.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Atheros\ACU.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\WINDOWS\system32\ACEngSvr.exe C:\WINDOWS\ASScrPro.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ASUS\ATK Hotkey\WDC.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/?v=msgrv75 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\AsScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9086 bytes التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
19-04-2009, 14:18 | #14 | ||||
|
الجزء الاول للملفات البرامج الضارة كود:
ComboFix 09-04-19.05 - USER 04/19/2009 17:00.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.2013.1740 [GMT 3:00] Running from: c:\documents and settings\USER\سطح المكتب\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))))) . 2009-04-18 19:17 . 2009-04-18 19:17 -------- d-----w c:\program files\MSXML 4.0 2009-04-18 18:59 . 2004-08-03 22:56 3675648 ----a-w c:\windows\system32\zipfldr.dll 2009-04-18 18:59 . 2004-08-03 21:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll 2009-04-18 18:59 . 2001-09-18 11:06 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe 2009-04-18 18:59 . 2001-09-18 11:06 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe 2009-04-18 18:59 . 2001-09-18 11:05 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll 2009-04-18 18:59 . 2001-09-18 11:05 17408 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll 2009-04-18 18:59 . 2001-09-18 11:06 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe 2009-04-18 18:59 . 2001-09-19 12:00 28288 -c--a-w c:\windows\system32\dllcache\xjis.nls 2009-04-18 18:58 . 2001-08-17 09:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys 2009-04-18 18:58 . 2004-08-03 19:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys 2009-04-18 18:57 . 2008-10-16 11:13 202776 ----a-w c:\windows\system32\wuweb.dll 2009-04-18 18:57 . 2001-09-19 12:00 32256 ----a-w c:\windows\system32\wupdmgr.exe 2009-04-18 18:55 . 2008-10-16 11:12 334872 ----a-w c:\windows\system32\wucltui.dll 2009-04-18 18:54 . 2004-08-03 22:56 182784 ----a-w c:\windows\system32\wuaueng1.dll 2009-04-18 18:53 . 2008-10-16 11:12 224792 ----a-w c:\windows\system32\wuaucpl.cpl 2009-04-18 18:52 . 2004-08-03 22:56 198144 ----a-w c:\windows\system32\wuauclt1.exe 2009-04-18 18:52 . 2004-08-03 21:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll 2009-04-18 18:52 . 2004-08-03 19:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys 2009-04-18 18:51 . 2004-08-03 22:56 927744 ----a-w c:\windows\system32\wsecedit.dll 2009-04-18 18:50 . 2004-08-03 22:56 147456 ----a-w c:\windows\system32\wscui.cpl 2009-04-18 18:49 . 2004-08-03 22:56 163840 ----a-w c:\windows\system32\wscript.exe 2009-04-18 18:49 . 2001-09-19 12:00 30208 ----a-w c:\windows\system32\write.exe 2009-04-18 18:48 . 2004-08-03 22:56 34304 ----a-w c:\windows\system32\wpabaln.exe 2009-04-18 18:47 . 2004-08-03 22:55 9420800 ----a-w c:\windows\system32\wmploc.dll 2009-04-18 18:44 . 2004-08-03 20:07 8832 -c--a-w c:\windows\system32\dllcache\wmiacpi.sys 2009-04-18 18:44 . 2004-08-03 19:31 154624 -c--a-w c:\windows\system32\dllcache\wlluc48.sys 2009-04-18 18:44 . 2001-09-18 10:38 34890 -c--a-w c:\windows\system32\dllcache\wlandrv2.sys 2009-04-18 18:43 . 2004-08-03 21:04 156672 -c--a-w c:\windows\system32\dllcache\winzm.ime 2009-04-18 18:43 . 2004-08-03 22:55 330752 ----a-w c:\windows\system32\winsrv.dll 2009-04-18 18:42 . 2004-08-03 21:04 156672 -c--a-w c:\windows\system32\dllcache\winsp.ime 2009-04-18 18:41 . 2004-08-03 21:04 156672 -c--a-w c:\windows\system32\dllcache\winpy.ime 2009-04-18 18:40 . 2004-08-03 22:55 4656128 ----a-w c:\windows\system32\winntbbu.dll 2009-04-18 18:39 . 2001-09-19 12:00 121856 ----a-w c:\windows\system32\winmine.exe 2009-04-18 18:37 . 2004-08-03 21:04 65536 -c--a-w c:\windows\system32\dllcache\winime.ime 2009-04-18 18:37 . 2004-08-03 22:56 351744 ----a-w c:\windows\winhlp32.exe 2009-04-18 18:36 . 2001-09-19 12:00 69120 -c--a-w c:\windows\system32\dllcache\wingb.ime 2009-04-18 18:35 . 2001-09-19 12:00 52224 ----a-w c:\windows\system32\winchat.exe 2009-04-18 18:33 . 2004-08-03 22:55 2247680 ----a-w c:\windows\system32\winbrand.dll 2009-04-18 18:30 . 2004-08-03 21:04 79360 -c--a-w c:\windows\system32\dllcache\winar30.ime 2009-04-18 18:30 . 2001-08-17 10:28 771581 -c--a-w c:\windows\system32\dllcache\winacisa.sys 2009-04-18 18:30 . 2004-08-03 22:55 697856 ----a-w c:\windows\system32\wiashext.dll 2009-04-18 18:28 . 2001-09-18 11:05 87040 -c--a-w c:\windows\system32\dllcache\wiafbdrv.dll 2009-04-18 18:28 . 2001-09-18 11:05 53760 -c--a-w c:\windows\system32\dllcache\wiamsmud.dll 2009-04-18 18:28 . 2004-08-03 22:55 3698176 ----a-w c:\windows\system32\wiadefui.dll 2009-04-18 18:27 . 2004-08-03 22:56 525312 ----a-w c:\windows\system32\wiaacmgr.exe 2009-04-18 18:26 . 2004-08-03 22:56 3291648 ----a-w c:\windows\system32\wextract.exe 2009-04-18 18:25 . 2001-09-19 12:00 31232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys 2009-04-18 18:24 . 2001-09-19 12:00 41600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll 2009-04-18 18:23 . 2001-08-17 10:28 701386 -c--a-w c:\windows\system32\dllcache\wdhaalba.sys 2009-04-18 18:23 . 2004-08-03 21:45 31872 -c--a-w c:\windows\system32\dllcache\wceusbsh.sys 2009-04-18 18:23 . 2004-08-03 19:29 23615 -c--a-w c:\windows\system32\dllcache\wch7xxnt.sys 2009-04-18 18:23 . 2001-08-17 09:10 35871 -c--a-w c:\windows\system32\dllcache\wbfirdma.sys 2009-04-18 18:22 . 2004-08-03 19:29 25471 -c--a-w c:\windows\system32\dllcache\watv10nt.sys 2009-04-18 18:22 . 2004-08-03 19:29 22271 -c--a-w c:\windows\system32\dllcache\watv06nt.sys 2009-04-18 18:22 . 2004-08-03 19:29 33599 -c--a-w c:\windows\system32\dllcache\watv04nt.sys 2009-04-18 18:22 . 2004-08-03 19:29 19551 -c--a-w c:\windows\system32\dllcache\watv02nt.sys 2009-04-18 18:22 . 2004-08-03 19:29 29311 -c--a-w c:\windows\system32\dllcache\watv01nt.sys 2009-04-18 18:22 . 2004-08-03 22:55 53248 -c--a-w c:\windows\system32\dllcache\wamreg51.dll 2009-04-18 18:21 . 2001-09-19 12:00 9216 -c--a-w c:\windows\system32\dllcache\wamps51.dll 2009-04-18 18:20 . 2004-08-03 22:55 75264 -c--a-w c:\windows\system32\dllcache\wam51.dll 2009-04-18 18:20 . 2004-08-03 19:29 11935 -c--a-w c:\windows\system32\dllcache\wadv11nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 11871 -c--a-w c:\windows\system32\dllcache\wadv09nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 11807 -c--a-w c:\windows\system32\dllcache\wadv07nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 11295 -c--a-w c:\windows\system32\dllcache\wadv08nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 12415 -c--a-w c:\windows\system32\dllcache\wadv01nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 12127 -c--a-w c:\windows\system32\dllcache\wadv02nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 11775 -c--a-w c:\windows\system32\dllcache\wadv05nt.sys 2009-04-18 18:20 . 2004-08-03 20:04 13568 -c--a-w c:\windows\system32\dllcache\wacompen.sys 2009-04-18 18:14 . 2001-08-17 09:13 16925 -c--a-w c:\windows\system32\dllcache\w940nd.sys 2009-04-18 18:14 . 2001-08-17 09:13 19528 -c--a-w c:\windows\system32\dllcache\w840nd.sys 2009-04-18 18:14 . 2001-08-17 09:13 19016 -c--a-w c:\windows\system32\dllcache\w926nd.sys 2009-04-18 18:14 . 2004-08-03 22:55 360448 -c--a-w c:\windows\system32\dllcache\w3svc.dll 2009-04-18 18:13 . 2001-09-19 12:00 5632 -c--a-w c:\windows\system32\dllcache\w3svapi.dll 2009-04-18 18:12 . 2001-09-19 12:00 73728 -c--a-w c:\windows\system32\dllcache\w3ext.dll 2009-04-18 18:11 . 2001-09-19 12:00 4608 -c--a-w c:\windows\system32\dllcache\w3ctrs51.dll 2009-04-18 18:10 . 2001-09-19 12:00 48256 -c--a-w c:\windows\system32\dllcache\w32.dll 2009-04-18 18:10 . 2001-08-17 10:28 64605 -c--a-w c:\windows\system32\dllcache\vvoice.sys 2009-04-18 18:10 . 2001-08-17 10:28 397502 -c--a-w c:\windows\system32\dllcache\vpctcom.sys 2009-04-18 18:10 . 2004-08-03 20:32 86073 -c--a-w c:\windows\system32\dllcache\voicesub.dll 2009-04-18 18:09 . 2004-08-03 20:32 426041 -c--a-w c:\windows\system32\dllcache\voicepad.dll 2009-04-18 18:08 . 2001-08-17 10:28 604253 -c--a-w c:\windows\system32\dllcache\vmodem.sys 2009-04-18 18:08 . 2001-08-17 09:14 249402 -c--a-w c:\windows\system32\dllcache\vinwm.sys 2009-04-18 18:08 . 2001-08-17 10:49 24576 -c--a-w c:\windows\system32\dllcache\viairda.sys 2009-04-18 18:08 . 2004-08-03 19:59 5376 -c--a-w c:\windows\system32\dllcache\viaide.sys 2009-04-18 18:08 . 2004-08-03 20:07 42240 -c--a-w c:\windows\system32\dllcache\viaagp.sys 2009-04-18 18:08 . 2001-09-19 12:00 124928 ----a-w c:\windows\system32\verifier.exe 2009-04-18 18:07 . 2004-08-03 21:55 11325 -c--a-w c:\windows\system32\dllcache\vchnt5.dll 2009-04-18 18:07 . 2009-04-16 12:35 218624 ----a-w c:\windows\system32\uxtheme.dll 2009-04-18 18:05 . 2004-08-03 22:55 285696 ----a-w c:\windows\system32\upnpui.dll 2009-04-18 18:02 . 2004-08-03 22:56 282112 ----a-w c:\windows\system32\unimdm.tsp 2009-04-18 18:01 . 2004-08-03 21:04 76288 -c--a-w c:\windows\system32\dllcache\uniime.dll 2009-04-18 17:59 . 2004-08-03 20:07 44672 -c--a-w c:\windows\system32\dllcache\uagp35.sys 2009-04-18 17:59 . 2001-08-17 10:48 11520 -c--a-w c:\windows\system32\dllcache\twotrack.sys 2009-04-18 17:58 . 2001-09-19 12:00 14336 -c--a-w c:\windows\system32\dllcache\tsprof.exe 2009-04-18 17:57 . 2001-09-18 11:05 525568 -c--a-w c:\windows\system32\dllcache\tridxp.dll 2009-04-18 17:57 . 2001-08-17 09:51 166784 -c--a-w c:\windows\system32\dllcache\tridxpm.sys 2009-04-18 17:57 . 2001-09-18 11:03 440576 -c--a-w c:\windows\system32\dllcache\tridkb.dll 2009-04-18 17:57 . 2001-08-17 09:51 159232 -c--a-w c:\windows\system32\dllcache\tridkbm.sys 2009-04-18 17:56 . 2001-09-18 11:03 315520 -c--a-w c:\windows\system32\dllcache\trid3d.dll 2009-04-18 17:56 . 2001-08-17 09:51 222336 -c--a-w c:\windows\system32\dllcache\trid3dm.sys 2009-04-18 17:56 . 2001-08-17 09:12 34375 -c--a-w c:\windows\system32\dllcache\tpro4.sys 2009-04-18 17:56 . 2001-09-18 11:02 42496 -c--a-w c:\windows\system32\dllcache\tp4res.dll 2009-04-18 17:56 . 2004-08-03 21:56 82432 -c--a-w c:\windows\system32\dllcache\tp4mon.exe 2009-04-18 17:56 . 2001-09-18 11:05 31744 -c--a-w c:\windows\system32\dllcache\tp4.dll 2009-04-18 17:56 . 2001-09-18 10:33 4992 -c--a-w c:\windows\system32\dllcache\toside.sys 2009-04-18 17:56 . 2001-08-17 11:02 230912 -c--a-w c:\windows\system32\dllcache\tosdvd03.sys 2009-04-18 17:56 . 2001-08-17 11:01 241664 -c--a-w c:\windows\system32\dllcache\tosdvd02.sys 2009-04-18 17:56 . 2001-08-17 09:10 28232 -c--a-w c:\windows\system32\dllcache\tos4mo.sys 2009-04-18 17:56 . 2001-09-19 12:00 31232 -c--a-w c:\windows\system32\dllcache\tools.dll 2009-04-18 17:55 . 2001-08-17 09:14 123995 -c--a-w c:\windows\system32\dllcache\tjisdn.sys 2009-04-18 17:54 . 2004-08-03 20:32 455168 -c--a-w c:\windows\system32\dllcache\tintsetp.exe 2009-04-18 17:53 . 2004-08-03 20:32 44032 -c--a-w c:\windows\system32\dllcache\tintlphr.exe 2009-04-18 17:52 . 2004-08-03 20:32 571392 -c--a-w c:\windows\system32\dllcache\tintlgnt.ime 2009-04-18 17:52 . 2004-08-03 22:56 93696 ----a-w c:\windows\system32\timedate.cpl 2009-04-18 17:51 . 2004-08-03 22:55 445440 ----a-w c:\windows\system32\themeui.dll 2009-04-18 17:50 . 2001-08-17 09:51 138528 -c--a-w c:\windows\system32\dllcache\tgiulnt5.sys 2009-04-18 17:50 . 2001-09-18 11:03 81408 -c--a-w c:\windows\system32\dllcache\tgiul50.dll 2009-04-18 17:50 . 2004-08-03 20:00 149376 -c--a-w c:\windows\system32\dllcache\tffsport.sys 2009-04-18 17:50 . 2004-08-03 22:56 99328 ----a-w c:\windows\system32\telnet.exe 2009-04-18 17:49 . 2001-09-19 12:00 29696 ----a-w c:\windows\system32\telephon.cpl 2009-04-18 17:48 . 2001-09-19 12:00 19464 -c--a-w c:\windows\system32\dllcache\tdspx.sys 2009-04-18 17:48 . 2001-08-17 09:13 37961 -c--a-w c:\windows\system32\dllcache\tdk100b.sys 2009-04-18 17:48 . 2001-08-17 09:13 17129 -c--a-w c:\windows\system32\dllcache\tdkcd31.sys 2009-04-18 17:47 . 2001-09-19 12:00 21896 -c--a-w c:\windows\system32\dllcache\tdipx.sys . التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
19-04-2009, 14:20 | #15 | ||||
|
الثاني كود:
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 12:29 . 2001-09-19 12:00 58920 ----a-w c:\windows\system32\perfc001.dat 2009-04-19 12:29 . 2001-09-19 12:00 328690 ----a-w c:\windows\system32\perfh001.dat 2009-04-19 12:24 . 2009-04-11 12:45 -------- d-----w c:\program files\lg_fwupdate 2009-04-18 10:14 . 2009-04-10 16:46 106856 ----a-w c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-16 12:12 . 2009-04-11 12:48 -------- d-----w c:\program files\Yahoo! 2009-04-16 11:28 . 2009-04-11 12:48 -------- d-----w c:\program files\Common Files\ACD Systems 2009-04-12 20:49 . 2009-04-10 16:09 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-11 12:50 . 2009-04-10 16:21 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-11 12:48 . 2009-04-11 12:48 -------- d-----w c:\documents and settings\USER\Application Data\ACD Systems 2009-04-11 12:45 . 2009-04-11 12:35 -------- d-----w c:\program files\CyberLink 2009-04-11 12:42 . 2009-04-11 12:42 -------- d-----w c:\program files\Common Files\Ahead 2009-04-11 12:42 . 2009-04-11 12:42 -------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-04-11 12:42 . 2009-04-11 12:42 -------- d-----w c:\program files\Nero 2009-04-11 12:21 . 2009-04-10 16:20 90 ----a-w C:\setup.log 2009-04-11 12:21 . 2009-04-10 16:20 -------- d-----w c:\program files\ASUS 2009-04-11 12:15 . 2009-04-10 16:14 286720 ----a-w C:\Debug.txt 2009-04-11 08:32 . 2009-04-11 08:32 196608 ----a-w c:\windows\system32\maag.dll 2009-04-11 08:32 . 2009-04-11 08:32 1245184 ----a-w c:\windows\system32\bkll.dll 2009-04-11 08:32 . 2009-04-11 08:32 1212416 ----a-w c:\windows\system32\ckll.dll 2009-04-11 08:32 . 2009-04-11 08:32 90112 ----a-w c:\windows\system32\agsaami.dll 2009-04-11 08:32 . 2009-04-11 08:32 610304 ----a-w c:\windows\system32\agsaamg.dll 2009-04-11 08:32 . 2009-04-11 08:32 372736 ----a-w c:\windows\system32\agsaamc.dll 2009-04-11 08:32 . 2009-04-11 08:32 2535424 ----a-w c:\windows\system32\agsaamj.dll 2009-04-11 08:32 . 2009-04-11 08:32 1986560 ----a-w c:\windows\system32\akll.dll 2009-04-11 08:25 . 2009-04-11 08:24 -------- d-----w c:\documents and settings\USER\Application Data\PC Suite 2009-04-11 08:25 . 2009-04-11 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-04-11 08:25 . 2009-04-11 08:25 -------- d-----w c:\documents and settings\USER\Application Data\Nokia 2009-04-11 08:25 . 2009-04-11 08:25 -------- d-----w c:\program files\Common Files\Nokia 2009-04-11 08:25 . 2009-04-11 08:25 -------- d-----w c:\program files\Common Files\PCSuite 2009-04-11 08:25 . 2009-04-11 08:24 -------- d-----w c:\program files\Nokia 2009-04-11 08:24 . 2009-04-11 08:24 -------- d-----w c:\program files\DIFX 2009-04-11 08:24 . 2009-04-11 08:24 -------- d-----w c:\program files\PC Connectivity Solution 2009-04-11 07:58 . 2009-04-11 07:58 2232 ----a-w c:\windows\java\Packages\Data\LJRP3P73.DAT 2009-04-11 07:58 . 2009-04-11 07:58 155995 ----a-w c:\windows\java\Packages\9V9V97HB.ZIP 2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\FT3NXJXJ.DAT 2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\RBDF9339.DAT 2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\M7NP3FF3.DAT 2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\8CNDNXBL.DAT 2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\FZVBN79B.DAT 2009-04-11 07:52 . 2009-04-11 07:52 -------- d-----w c:\program files\mpegable 2009-04-11 07:52 . 2009-04-11 07:52 47104 ------w c:\windows\AKDeInstall.exe 2009-04-11 07:52 . 2009-04-11 12:48 -------- d-----w c:\program files\DivX 2009-04-11 07:52 . 2009-04-11 07:52 -------- d-----w c:\program files\K-Lite Codec Pack 2009-04-10 16:34 . 2009-04-10 16:34 -------- d-----w c:\program files\WIDCOMM 2009-04-10 16:33 . 2009-04-10 16:33 -------- d-----w c:\program files\Synaptics 2009-04-10 16:33 . 2009-04-10 16:26 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-10 16:31 . 2009-04-10 16:31 -------- d-----w c:\program files\Multimedia Card Reader 2009-04-10 16:30 . 2009-04-10 16:30 -------- d-----w c:\program files\Atheros 2009-04-10 16:29 . 2009-04-10 16:29 -------- d-----w c:\documents and settings\All Users\Application Data\Atheros 2009-04-10 16:29 . 2009-04-10 16:28 -------- d-----w c:\program files\Wireless Console 2 2009-04-10 16:27 . 2009-04-10 16:26 429 ----a-w C:\RHDSetup.log 2009-04-10 16:26 . 2009-04-10 16:25 -------- d-----w c:\program files\Realtek 2009-04-10 16:26 . 2009-04-10 16:26 319488 ----a-w c:\windows\HideWin.exe 2009-04-10 16:21 . 2009-04-10 16:21 -------- d-----w c:\program files\ATKGFNEX 2009-04-10 16:20 . 2009-04-10 16:20 -------- d-----w c:\documents and settings\USER\Application Data\InstallShield 2009-04-10 16:18 . 2009-04-10 16:18 -------- d-----w c:\program files\Intel 2009-04-10 16:15 . 2004-08-03 20:59 250048 --sha-r C:\ntldr 2009-04-10 16:10 . 2009-04-10 16:10 -------- d-----w c:\program files\microsoft frontpage 2009-04-10 16:07 . 2009-04-10 16:07 22144 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-08 01:34 . 2004-08-03 22:55 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 01:33 . 2004-08-03 22:55 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 01:33 . 2004-08-03 22:55 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 01:32 . 2004-08-03 22:55 107008 ----a-w c:\windows\system32\admparse.dll 2009-03-08 01:32 . 2004-08-03 22:55 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 01:31 . 2004-08-03 22:55 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 01:31 . 2004-08-03 22:53 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 01:22 . 2001-09-19 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:00 . 2004-08-03 22:55 283136 ----a-w c:\windows\system32\pdh.dll 2009-02-09 14:15 . 2004-08-03 22:46 1846144 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:41 . 2004-08-04 00:48 2022400 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:41 . 2004-08-03 22:48 2144256 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 10:03 . 2004-08-03 22:55 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:03 . 2004-08-03 22:55 722944 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:03 . 2004-08-03 22:55 681984 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:03 . 2004-08-03 22:55 694272 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 09:50 . 2004-08-03 22:56 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 09:54 . 2001-09-19 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 20:08 . 2004-08-03 22:55 55808 ----a-w c:\windows\system32\secur32.dll . ------- Sigcheck ------- [7] 2004-08-03 22:55 654848 1E1CEF80A11BDAB92B2A83F885D214D5 c:\windows\ie8\wininet.dll [-] 2009-03-08 01:34 1016320 E7BCEFE492C257DE2A62D28A26AEBE6D c:\windows\system32\wininet.dll [7] 2009-03-08 01:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\VistaMizer\old\wininet.dll [-] 2004-08-03 22:56 540672 EF34827229B786E17000C5CCD091775F c:\windows\system32\winlogon.exe [7] 2004-08-03 22:56 501248 BA4E08425B62BE257AE4557DA058F1AA c:\windows\VistaMizer\old\winlogon.exe [-] 2004-08-03 22:56 1549824 A5145822D943C01CE9953E1A3148F801 c:\windows\explorer.exe [7] 2004-08-03 22:56 1029632 932F97B77F2625F7FF7DFC97552548F8 c:\windows\VistaMizer\old\explorer.exe [-] 2004-08-03 22:56 25088 D1442B32E926BBD6A3F5674AAAC9EA0E c:\windows\system32\ctfmon.exe [7] 2004-08-03 22:56 15360 B87D2319441038F62BDDAEEB6BCE156D c:\windows\VistaMizer\old\ctfmon.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-19_12.17.10 ))))))))))))))))))))))))))))))))))))))))) . - 2001-09-19 12:00 . 2009-04-19 11:07 58930 c:\windows\system32\perfc009.dat + 2001-09-19 12:00 . 2009-04-19 12:29 58930 c:\windows\system32\perfc009.dat + 2001-09-19 12:00 . 2009-04-19 12:29 392630 c:\windows\system32\perfh009.dat - 2001-09-19 12:00 . 2009-04-19 11:07 392630 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 14:08 143360 ----a-w c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 25088] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-04-11 171448] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1799168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496] "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304] "ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-08-08 217088] "ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "ACU"="c:\program files\Atheros\ACU.exe" [2008-04-09 450648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008] "ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-01-15 851968] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-24 159744] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-04-11 47672] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-04-11 33136] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "CTFMON"="c:\windows\system32\wscript.exe" [2004-08-03 163840] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-16 198160] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 25088] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] c:\documents and settings\All Users\çںê، ں****§ڑ\ںé****©ںê¤\****§ک ں颬نïé\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe] "Debugger"=c:\windows\system32\win.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ASUS\ATKHOT~1\ASNDIS5.SYS [2004-05-27 16269] R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656] R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-02-08 57408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4506fb51-2672-11de-a9bb-002243bfbb16}] \Shell\AutoRun\command - G:\1ogf.exe \Shell\open\Command - G:\1ogf.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90446fd8-29a7-11de-a9ce-002243bfbb16}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-04-19 c:\windows\Tasks\User_Feed_Synchronization-{63EB90FF-80F0-428C-955C-BF41BFA225D7}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 01:31] . . ------- Supplementary Scan ------- . uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\a27givl7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-19 17:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\ADSM_PData_0150 scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(240) c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'explorer.exe'(1952) c:\windows\system32\CRYPT32.dll c:\windows\system32\MSASN1.dll c:\windows\system32\COMRes.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\ieframe.dll c:\windows\system32\NETSHELL.dll . Completion time: 2009-04-19 17:06 ComboFix-quarantined-files.txt 2009-04-19 14:06 ComboFix2.txt 2009-04-19 12:18 Pre-Run: 73,659,834,368 bytes free Post-Run: 73,646,960,640 bytes free 356 --- E O F --- 2009-04-18 19:21 التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
19-04-2009, 14:25 | #16 | ||||
|
بالنسبة للجهاز كما هو يفتح عادي ليس به بطى او اي شي اخر التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
19-04-2009, 14:36 | #17 | ||||
|
إزلت أشرطة Toolbar التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
19-04-2009, 14:44 | #18 | ||||
|
جيد أختي أمل.. التوقيع
|
||||
19-04-2009, 14:49 | #19 | ||||
|
اقتباس:
كنت أتمنى أن توافيني بتقرير HijackThis لكن يبدو أنك نسيت ^_^
على مااعتقد الساعة لديكم الان في الظهيرة نحن لدينا الساعه 5:48 مساء وقد حذفت ايضا ملفات Toolbar التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
19-04-2009, 14:52 | #20 | ||||
|
حسنا اخي هادي التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
|
|