|
|
|
|
|
 |
 |
|
|||||||
 أهلا وسهلا بكـ يا غير مسجل |
||
|
منتديات الأمل على الفيسبوك
|
باب التسجيل مغلق حاليا في منتديات الأمل
|
منتديات الأمل على تويتر
|
|
تابع منتديات الأمل | |
| قسم الطلبات وحلول مشاكل الحاسوب إذا ما احتجت أي برنامج، أو شرحا لبرنامج ما، أو صادفك أي مشكل في حاسوبك، فاكتب طلبك هنا ولن تخذل إن شاء الله. |
 |
|
|
أدوات الموضوع | انواع عرض الموضوع |
19-04-2009, 13:15
|
#11 | ||||
|
المشكلة العظماء والذي جعلني اشعر بالقهر الشديد ان الجهاز جديد لم يكمل الا سبوع فقط التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا  |
||||
|
19-04-2009, 13:27
|
#12 | ||||
|
لا تقلقي أختي فإن شاء الله كل شيء سيتم إصلاحه.. التوقيع
|
||||
|
19-04-2009, 14:15
|
#13 | ||||
|
هذا تقرير اداة HijackThis كود:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:12:44 م, on 19/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\ASScrPro.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/?v=msgrv75
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\AsScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9086 bytes
التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
|
19-04-2009, 14:18
|
#14 | ||||
|
الجزء الاول للملفات البرامج الضارة كود:
ComboFix 09-04-19.05 - USER 04/19/2009 17:00.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.2013.1740 [GMT 3:00] Running from: c:\documents and settings\USER\سطح المكتب\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))))) . 2009-04-18 19:17 . 2009-04-18 19:17 -------- d-----w c:\program files\MSXML 4.0 2009-04-18 18:59 . 2004-08-03 22:56 3675648 ----a-w c:\windows\system32\zipfldr.dll 2009-04-18 18:59 . 2004-08-03 21:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll 2009-04-18 18:59 . 2001-09-18 11:06 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe 2009-04-18 18:59 . 2001-09-18 11:06 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe 2009-04-18 18:59 . 2001-09-18 11:05 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll 2009-04-18 18:59 . 2001-09-18 11:05 17408 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll 2009-04-18 18:59 . 2001-09-18 11:06 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe 2009-04-18 18:59 . 2001-09-19 12:00 28288 -c--a-w c:\windows\system32\dllcache\xjis.nls 2009-04-18 18:58 . 2001-08-17 09:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys 2009-04-18 18:58 . 2004-08-03 19:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys 2009-04-18 18:57 . 2008-10-16 11:13 202776 ----a-w c:\windows\system32\wuweb.dll 2009-04-18 18:57 . 2001-09-19 12:00 32256 ----a-w c:\windows\system32\wupdmgr.exe 2009-04-18 18:55 . 2008-10-16 11:12 334872 ----a-w c:\windows\system32\wucltui.dll 2009-04-18 18:54 . 2004-08-03 22:56 182784 ----a-w c:\windows\system32\wuaueng1.dll 2009-04-18 18:53 . 2008-10-16 11:12 224792 ----a-w c:\windows\system32\wuaucpl.cpl 2009-04-18 18:52 . 2004-08-03 22:56 198144 ----a-w c:\windows\system32\wuauclt1.exe 2009-04-18 18:52 . 2004-08-03 21:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll 2009-04-18 18:52 . 2004-08-03 19:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys 2009-04-18 18:51 . 2004-08-03 22:56 927744 ----a-w c:\windows\system32\wsecedit.dll 2009-04-18 18:50 . 2004-08-03 22:56 147456 ----a-w c:\windows\system32\wscui.cpl 2009-04-18 18:49 . 2004-08-03 22:56 163840 ----a-w c:\windows\system32\wscript.exe 2009-04-18 18:49 . 2001-09-19 12:00 30208 ----a-w c:\windows\system32\write.exe 2009-04-18 18:48 . 2004-08-03 22:56 34304 ----a-w c:\windows\system32\wpabaln.exe 2009-04-18 18:47 . 2004-08-03 22:55 9420800 ----a-w c:\windows\system32\wmploc.dll 2009-04-18 18:44 . 2004-08-03 20:07 8832 -c--a-w c:\windows\system32\dllcache\wmiacpi.sys 2009-04-18 18:44 . 2004-08-03 19:31 154624 -c--a-w c:\windows\system32\dllcache\wlluc48.sys 2009-04-18 18:44 . 2001-09-18 10:38 34890 -c--a-w c:\windows\system32\dllcache\wlandrv2.sys 2009-04-18 18:43 . 2004-08-03 21:04 156672 -c--a-w c:\windows\system32\dllcache\winzm.ime 2009-04-18 18:43 . 2004-08-03 22:55 330752 ----a-w c:\windows\system32\winsrv.dll 2009-04-18 18:42 . 2004-08-03 21:04 156672 -c--a-w c:\windows\system32\dllcache\winsp.ime 2009-04-18 18:41 . 2004-08-03 21:04 156672 -c--a-w c:\windows\system32\dllcache\winpy.ime 2009-04-18 18:40 . 2004-08-03 22:55 4656128 ----a-w c:\windows\system32\winntbbu.dll 2009-04-18 18:39 . 2001-09-19 12:00 121856 ----a-w c:\windows\system32\winmine.exe 2009-04-18 18:37 . 2004-08-03 21:04 65536 -c--a-w c:\windows\system32\dllcache\winime.ime 2009-04-18 18:37 . 2004-08-03 22:56 351744 ----a-w c:\windows\winhlp32.exe 2009-04-18 18:36 . 2001-09-19 12:00 69120 -c--a-w c:\windows\system32\dllcache\wingb.ime 2009-04-18 18:35 . 2001-09-19 12:00 52224 ----a-w c:\windows\system32\winchat.exe 2009-04-18 18:33 . 2004-08-03 22:55 2247680 ----a-w c:\windows\system32\winbrand.dll 2009-04-18 18:30 . 2004-08-03 21:04 79360 -c--a-w c:\windows\system32\dllcache\winar30.ime 2009-04-18 18:30 . 2001-08-17 10:28 771581 -c--a-w c:\windows\system32\dllcache\winacisa.sys 2009-04-18 18:30 . 2004-08-03 22:55 697856 ----a-w c:\windows\system32\wiashext.dll 2009-04-18 18:28 . 2001-09-18 11:05 87040 -c--a-w c:\windows\system32\dllcache\wiafbdrv.dll 2009-04-18 18:28 . 2001-09-18 11:05 53760 -c--a-w c:\windows\system32\dllcache\wiamsmud.dll 2009-04-18 18:28 . 2004-08-03 22:55 3698176 ----a-w c:\windows\system32\wiadefui.dll 2009-04-18 18:27 . 2004-08-03 22:56 525312 ----a-w c:\windows\system32\wiaacmgr.exe 2009-04-18 18:26 . 2004-08-03 22:56 3291648 ----a-w c:\windows\system32\wextract.exe 2009-04-18 18:25 . 2001-09-19 12:00 31232 -c--a-w c:\windows\system32\dllcache\weitekp9.sys 2009-04-18 18:24 . 2001-09-19 12:00 41600 -c--a-w c:\windows\system32\dllcache\weitekp9.dll 2009-04-18 18:23 . 2001-08-17 10:28 701386 -c--a-w c:\windows\system32\dllcache\wdhaalba.sys 2009-04-18 18:23 . 2004-08-03 21:45 31872 -c--a-w c:\windows\system32\dllcache\wceusbsh.sys 2009-04-18 18:23 . 2004-08-03 19:29 23615 -c--a-w c:\windows\system32\dllcache\wch7xxnt.sys 2009-04-18 18:23 . 2001-08-17 09:10 35871 -c--a-w c:\windows\system32\dllcache\wbfirdma.sys 2009-04-18 18:22 . 2004-08-03 19:29 25471 -c--a-w c:\windows\system32\dllcache\watv10nt.sys 2009-04-18 18:22 . 2004-08-03 19:29 22271 -c--a-w c:\windows\system32\dllcache\watv06nt.sys 2009-04-18 18:22 . 2004-08-03 19:29 33599 -c--a-w c:\windows\system32\dllcache\watv04nt.sys 2009-04-18 18:22 . 2004-08-03 19:29 19551 -c--a-w c:\windows\system32\dllcache\watv02nt.sys 2009-04-18 18:22 . 2004-08-03 19:29 29311 -c--a-w c:\windows\system32\dllcache\watv01nt.sys 2009-04-18 18:22 . 2004-08-03 22:55 53248 -c--a-w c:\windows\system32\dllcache\wamreg51.dll 2009-04-18 18:21 . 2001-09-19 12:00 9216 -c--a-w c:\windows\system32\dllcache\wamps51.dll 2009-04-18 18:20 . 2004-08-03 22:55 75264 -c--a-w c:\windows\system32\dllcache\wam51.dll 2009-04-18 18:20 . 2004-08-03 19:29 11935 -c--a-w c:\windows\system32\dllcache\wadv11nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 11871 -c--a-w c:\windows\system32\dllcache\wadv09nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 11807 -c--a-w c:\windows\system32\dllcache\wadv07nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 11295 -c--a-w c:\windows\system32\dllcache\wadv08nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 12415 -c--a-w c:\windows\system32\dllcache\wadv01nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 12127 -c--a-w c:\windows\system32\dllcache\wadv02nt.sys 2009-04-18 18:20 . 2004-08-03 19:29 11775 -c--a-w c:\windows\system32\dllcache\wadv05nt.sys 2009-04-18 18:20 . 2004-08-03 20:04 13568 -c--a-w c:\windows\system32\dllcache\wacompen.sys 2009-04-18 18:14 . 2001-08-17 09:13 16925 -c--a-w c:\windows\system32\dllcache\w940nd.sys 2009-04-18 18:14 . 2001-08-17 09:13 19528 -c--a-w c:\windows\system32\dllcache\w840nd.sys 2009-04-18 18:14 . 2001-08-17 09:13 19016 -c--a-w c:\windows\system32\dllcache\w926nd.sys 2009-04-18 18:14 . 2004-08-03 22:55 360448 -c--a-w c:\windows\system32\dllcache\w3svc.dll 2009-04-18 18:13 . 2001-09-19 12:00 5632 -c--a-w c:\windows\system32\dllcache\w3svapi.dll 2009-04-18 18:12 . 2001-09-19 12:00 73728 -c--a-w c:\windows\system32\dllcache\w3ext.dll 2009-04-18 18:11 . 2001-09-19 12:00 4608 -c--a-w c:\windows\system32\dllcache\w3ctrs51.dll 2009-04-18 18:10 . 2001-09-19 12:00 48256 -c--a-w c:\windows\system32\dllcache\w32.dll 2009-04-18 18:10 . 2001-08-17 10:28 64605 -c--a-w c:\windows\system32\dllcache\vvoice.sys 2009-04-18 18:10 . 2001-08-17 10:28 397502 -c--a-w c:\windows\system32\dllcache\vpctcom.sys 2009-04-18 18:10 . 2004-08-03 20:32 86073 -c--a-w c:\windows\system32\dllcache\voicesub.dll 2009-04-18 18:09 . 2004-08-03 20:32 426041 -c--a-w c:\windows\system32\dllcache\voicepad.dll 2009-04-18 18:08 . 2001-08-17 10:28 604253 -c--a-w c:\windows\system32\dllcache\vmodem.sys 2009-04-18 18:08 . 2001-08-17 09:14 249402 -c--a-w c:\windows\system32\dllcache\vinwm.sys 2009-04-18 18:08 . 2001-08-17 10:49 24576 -c--a-w c:\windows\system32\dllcache\viairda.sys 2009-04-18 18:08 . 2004-08-03 19:59 5376 -c--a-w c:\windows\system32\dllcache\viaide.sys 2009-04-18 18:08 . 2004-08-03 20:07 42240 -c--a-w c:\windows\system32\dllcache\viaagp.sys 2009-04-18 18:08 . 2001-09-19 12:00 124928 ----a-w c:\windows\system32\verifier.exe 2009-04-18 18:07 . 2004-08-03 21:55 11325 -c--a-w c:\windows\system32\dllcache\vchnt5.dll 2009-04-18 18:07 . 2009-04-16 12:35 218624 ----a-w c:\windows\system32\uxtheme.dll 2009-04-18 18:05 . 2004-08-03 22:55 285696 ----a-w c:\windows\system32\upnpui.dll 2009-04-18 18:02 . 2004-08-03 22:56 282112 ----a-w c:\windows\system32\unimdm.tsp 2009-04-18 18:01 . 2004-08-03 21:04 76288 -c--a-w c:\windows\system32\dllcache\uniime.dll 2009-04-18 17:59 . 2004-08-03 20:07 44672 -c--a-w c:\windows\system32\dllcache\uagp35.sys 2009-04-18 17:59 . 2001-08-17 10:48 11520 -c--a-w c:\windows\system32\dllcache\twotrack.sys 2009-04-18 17:58 . 2001-09-19 12:00 14336 -c--a-w c:\windows\system32\dllcache\tsprof.exe 2009-04-18 17:57 . 2001-09-18 11:05 525568 -c--a-w c:\windows\system32\dllcache\tridxp.dll 2009-04-18 17:57 . 2001-08-17 09:51 166784 -c--a-w c:\windows\system32\dllcache\tridxpm.sys 2009-04-18 17:57 . 2001-09-18 11:03 440576 -c--a-w c:\windows\system32\dllcache\tridkb.dll 2009-04-18 17:57 . 2001-08-17 09:51 159232 -c--a-w c:\windows\system32\dllcache\tridkbm.sys 2009-04-18 17:56 . 2001-09-18 11:03 315520 -c--a-w c:\windows\system32\dllcache\trid3d.dll 2009-04-18 17:56 . 2001-08-17 09:51 222336 -c--a-w c:\windows\system32\dllcache\trid3dm.sys 2009-04-18 17:56 . 2001-08-17 09:12 34375 -c--a-w c:\windows\system32\dllcache\tpro4.sys 2009-04-18 17:56 . 2001-09-18 11:02 42496 -c--a-w c:\windows\system32\dllcache\tp4res.dll 2009-04-18 17:56 . 2004-08-03 21:56 82432 -c--a-w c:\windows\system32\dllcache\tp4mon.exe 2009-04-18 17:56 . 2001-09-18 11:05 31744 -c--a-w c:\windows\system32\dllcache\tp4.dll 2009-04-18 17:56 . 2001-09-18 10:33 4992 -c--a-w c:\windows\system32\dllcache\toside.sys 2009-04-18 17:56 . 2001-08-17 11:02 230912 -c--a-w c:\windows\system32\dllcache\tosdvd03.sys 2009-04-18 17:56 . 2001-08-17 11:01 241664 -c--a-w c:\windows\system32\dllcache\tosdvd02.sys 2009-04-18 17:56 . 2001-08-17 09:10 28232 -c--a-w c:\windows\system32\dllcache\tos4mo.sys 2009-04-18 17:56 . 2001-09-19 12:00 31232 -c--a-w c:\windows\system32\dllcache\tools.dll 2009-04-18 17:55 . 2001-08-17 09:14 123995 -c--a-w c:\windows\system32\dllcache\tjisdn.sys 2009-04-18 17:54 . 2004-08-03 20:32 455168 -c--a-w c:\windows\system32\dllcache\tintsetp.exe 2009-04-18 17:53 . 2004-08-03 20:32 44032 -c--a-w c:\windows\system32\dllcache\tintlphr.exe 2009-04-18 17:52 . 2004-08-03 20:32 571392 -c--a-w c:\windows\system32\dllcache\tintlgnt.ime 2009-04-18 17:52 . 2004-08-03 22:56 93696 ----a-w c:\windows\system32\timedate.cpl 2009-04-18 17:51 . 2004-08-03 22:55 445440 ----a-w c:\windows\system32\themeui.dll 2009-04-18 17:50 . 2001-08-17 09:51 138528 -c--a-w c:\windows\system32\dllcache\tgiulnt5.sys 2009-04-18 17:50 . 2001-09-18 11:03 81408 -c--a-w c:\windows\system32\dllcache\tgiul50.dll 2009-04-18 17:50 . 2004-08-03 20:00 149376 -c--a-w c:\windows\system32\dllcache\tffsport.sys 2009-04-18 17:50 . 2004-08-03 22:56 99328 ----a-w c:\windows\system32\telnet.exe 2009-04-18 17:49 . 2001-09-19 12:00 29696 ----a-w c:\windows\system32\telephon.cpl 2009-04-18 17:48 . 2001-09-19 12:00 19464 -c--a-w c:\windows\system32\dllcache\tdspx.sys 2009-04-18 17:48 . 2001-08-17 09:13 37961 -c--a-w c:\windows\system32\dllcache\tdk100b.sys 2009-04-18 17:48 . 2001-08-17 09:13 17129 -c--a-w c:\windows\system32\dllcache\tdkcd31.sys 2009-04-18 17:47 . 2001-09-19 12:00 21896 -c--a-w c:\windows\system32\dllcache\tdipx.sys . التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
|
19-04-2009, 14:20
|
#15 | ||||
|
الثاني كود:
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 12:29 . 2001-09-19 12:00 58920 ----a-w c:\windows\system32\perfc001.dat
2009-04-19 12:29 . 2001-09-19 12:00 328690 ----a-w c:\windows\system32\perfh001.dat
2009-04-19 12:24 . 2009-04-11 12:45 -------- d-----w c:\program files\lg_fwupdate
2009-04-18 10:14 . 2009-04-10 16:46 106856 ----a-w c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 12:12 . 2009-04-11 12:48 -------- d-----w c:\program files\Yahoo!
2009-04-16 11:28 . 2009-04-11 12:48 -------- d-----w c:\program files\Common Files\ACD Systems
2009-04-12 20:49 . 2009-04-10 16:09 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-11 12:50 . 2009-04-10 16:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 12:48 . 2009-04-11 12:48 -------- d-----w c:\documents and settings\USER\Application Data\ACD Systems
2009-04-11 12:45 . 2009-04-11 12:35 -------- d-----w c:\program files\CyberLink
2009-04-11 12:42 . 2009-04-11 12:42 -------- d-----w c:\program files\Common Files\Ahead
2009-04-11 12:42 . 2009-04-11 12:42 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-04-11 12:42 . 2009-04-11 12:42 -------- d-----w c:\program files\Nero
2009-04-11 12:21 . 2009-04-10 16:20 90 ----a-w C:\setup.log
2009-04-11 12:21 . 2009-04-10 16:20 -------- d-----w c:\program files\ASUS
2009-04-11 12:15 . 2009-04-10 16:14 286720 ----a-w C:\Debug.txt
2009-04-11 08:32 . 2009-04-11 08:32 196608 ----a-w c:\windows\system32\maag.dll
2009-04-11 08:32 . 2009-04-11 08:32 1245184 ----a-w c:\windows\system32\bkll.dll
2009-04-11 08:32 . 2009-04-11 08:32 1212416 ----a-w c:\windows\system32\ckll.dll
2009-04-11 08:32 . 2009-04-11 08:32 90112 ----a-w c:\windows\system32\agsaami.dll
2009-04-11 08:32 . 2009-04-11 08:32 610304 ----a-w c:\windows\system32\agsaamg.dll
2009-04-11 08:32 . 2009-04-11 08:32 372736 ----a-w c:\windows\system32\agsaamc.dll
2009-04-11 08:32 . 2009-04-11 08:32 2535424 ----a-w c:\windows\system32\agsaamj.dll
2009-04-11 08:32 . 2009-04-11 08:32 1986560 ----a-w c:\windows\system32\akll.dll
2009-04-11 08:25 . 2009-04-11 08:24 -------- d-----w c:\documents and settings\USER\Application Data\PC Suite
2009-04-11 08:25 . 2009-04-11 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-04-11 08:25 . 2009-04-11 08:25 -------- d-----w c:\documents and settings\USER\Application Data\Nokia
2009-04-11 08:25 . 2009-04-11 08:25 -------- d-----w c:\program files\Common Files\Nokia
2009-04-11 08:25 . 2009-04-11 08:25 -------- d-----w c:\program files\Common Files\PCSuite
2009-04-11 08:25 . 2009-04-11 08:24 -------- d-----w c:\program files\Nokia
2009-04-11 08:24 . 2009-04-11 08:24 -------- d-----w c:\program files\DIFX
2009-04-11 08:24 . 2009-04-11 08:24 -------- d-----w c:\program files\PC Connectivity Solution
2009-04-11 07:58 . 2009-04-11 07:58 2232 ----a-w c:\windows\java\Packages\Data\LJRP3P73.DAT
2009-04-11 07:58 . 2009-04-11 07:58 155995 ----a-w c:\windows\java\Packages\9V9V97HB.ZIP
2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\FT3NXJXJ.DAT
2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\RBDF9339.DAT
2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\M7NP3FF3.DAT
2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\8CNDNXBL.DAT
2009-04-11 07:58 . 2009-04-11 07:58 2678 ----a-w c:\windows\java\Packages\Data\FZVBN79B.DAT
2009-04-11 07:52 . 2009-04-11 07:52 -------- d-----w c:\program files\mpegable
2009-04-11 07:52 . 2009-04-11 07:52 47104 ------w c:\windows\AKDeInstall.exe
2009-04-11 07:52 . 2009-04-11 12:48 -------- d-----w c:\program files\DivX
2009-04-11 07:52 . 2009-04-11 07:52 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-10 16:34 . 2009-04-10 16:34 -------- d-----w c:\program files\WIDCOMM
2009-04-10 16:33 . 2009-04-10 16:33 -------- d-----w c:\program files\Synaptics
2009-04-10 16:33 . 2009-04-10 16:26 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-10 16:31 . 2009-04-10 16:31 -------- d-----w c:\program files\Multimedia Card Reader
2009-04-10 16:30 . 2009-04-10 16:30 -------- d-----w c:\program files\Atheros
2009-04-10 16:29 . 2009-04-10 16:29 -------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2009-04-10 16:29 . 2009-04-10 16:28 -------- d-----w c:\program files\Wireless Console 2
2009-04-10 16:27 . 2009-04-10 16:26 429 ----a-w C:\RHDSetup.log
2009-04-10 16:26 . 2009-04-10 16:25 -------- d-----w c:\program files\Realtek
2009-04-10 16:26 . 2009-04-10 16:26 319488 ----a-w c:\windows\HideWin.exe
2009-04-10 16:21 . 2009-04-10 16:21 -------- d-----w c:\program files\ATKGFNEX
2009-04-10 16:20 . 2009-04-10 16:20 -------- d-----w c:\documents and settings\USER\Application Data\InstallShield
2009-04-10 16:18 . 2009-04-10 16:18 -------- d-----w c:\program files\Intel
2009-04-10 16:15 . 2004-08-03 20:59 250048 --sha-r C:\ntldr
2009-04-10 16:10 . 2009-04-10 16:10 -------- d-----w c:\program files\microsoft frontpage
2009-04-10 16:07 . 2009-04-10 16:07 22144 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-08 01:34 . 2004-08-03 22:55 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 . 2004-08-03 22:55 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:33 . 2004-08-03 22:55 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:32 . 2004-08-03 22:55 107008 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 . 2004-08-03 22:55 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 . 2004-08-03 22:55 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:31 . 2004-08-03 22:53 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:22 . 2001-09-19 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:00 . 2004-08-03 22:55 283136 ----a-w c:\windows\system32\pdh.dll
2009-02-09 14:15 . 2004-08-03 22:46 1846144 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:41 . 2004-08-04 00:48 2022400 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:41 . 2004-08-03 22:48 2144256 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:03 . 2004-08-03 22:55 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:03 . 2004-08-03 22:55 722944 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:03 . 2004-08-03 22:55 681984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:03 . 2004-08-03 22:55 694272 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 09:50 . 2004-08-03 22:56 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 09:54 . 2001-09-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:08 . 2004-08-03 22:55 55808 ----a-w c:\windows\system32\secur32.dll
.
------- Sigcheck -------
[7] 2004-08-03 22:55 654848 1E1CEF80A11BDAB92B2A83F885D214D5 c:\windows\ie8\wininet.dll
[-] 2009-03-08 01:34 1016320 E7BCEFE492C257DE2A62D28A26AEBE6D c:\windows\system32\wininet.dll
[7] 2009-03-08 01:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\VistaMizer\old\wininet.dll
[-] 2004-08-03 22:56 540672 EF34827229B786E17000C5CCD091775F c:\windows\system32\winlogon.exe
[7] 2004-08-03 22:56 501248 BA4E08425B62BE257AE4557DA058F1AA c:\windows\VistaMizer\old\winlogon.exe
[-] 2004-08-03 22:56 1549824 A5145822D943C01CE9953E1A3148F801 c:\windows\explorer.exe
[7] 2004-08-03 22:56 1029632 932F97B77F2625F7FF7DFC97552548F8 c:\windows\VistaMizer\old\explorer.exe
[-] 2004-08-03 22:56 25088 D1442B32E926BBD6A3F5674AAAC9EA0E c:\windows\system32\ctfmon.exe
[7] 2004-08-03 22:56 15360 B87D2319441038F62BDDAEEB6BCE156D c:\windows\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-19_12.17.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-19 12:00 . 2009-04-19 11:07 58930 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2009-04-19 12:29 58930 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2009-04-19 12:29 392630 c:\windows\system32\perfh009.dat
- 2001-09-19 12:00 . 2009-04-19 11:07 392630 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:08 143360 ----a-w c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 25088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-04-11 171448]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1799168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2008-08-08 217088]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-09 450648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-01-15 851968]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-24 159744]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-04-11 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-04-11 33136]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"CTFMON"="c:\windows\system32\wscript.exe" [2004-08-03 163840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-16 198160]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 25088]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\documents and settings\All Users\çںê، ں****§ڑ\ںé****©ںê¤\****§ک ں颬نïé\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\progra~1\ASUS\ATKHOT~1\ASNDIS5.SYS [2004-05-27 16269]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4506fb51-2672-11de-a9bb-002243bfbb16}]
\Shell\AutoRun\command - G:\1ogf.exe
\Shell\open\Command - G:\1ogf.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90446fd8-29a7-11de-a9ce-002243bfbb16}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-19 c:\windows\Tasks\User_Feed_Synchronization-{63EB90FF-80F0-428C-955C-BF41BFA225D7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\a27givl7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 17:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\ADSM_PData_0150
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(1952)
c:\windows\system32\CRYPT32.dll
c:\windows\system32\MSASN1.dll
c:\windows\system32\COMRes.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
.
Completion time: 2009-04-19 17:06
ComboFix-quarantined-files.txt 2009-04-19 14:06
ComboFix2.txt 2009-04-19 12:18
Pre-Run: 73,659,834,368 bytes free
Post-Run: 73,646,960,640 bytes free
356 --- E O F --- 2009-04-18 19:21
التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
|
19-04-2009, 14:25
|
#16 | ||||
|
بالنسبة للجهاز كما هو يفتح عادي ليس به بطى او اي شي اخر التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
|
19-04-2009, 14:36
|
#17 | ||||
|
إزلت أشرطة Toolbar التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
|
19-04-2009, 14:44
|
#18 | ||||
|
جيد أختي أمل.. التوقيع
|
||||
|
19-04-2009, 14:49
|
#19 | ||||
|
اقتباس:
كنت أتمنى أن توافيني بتقرير HijackThis لكن يبدو أنك نسيت ^_^
على مااعتقد الساعة لديكم الان في الظهيرة نحن لدينا الساعه 5:48 مساء وقد حذفت ايضا ملفات Toolbar التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
|
19-04-2009, 14:52
|
#20 | ||||
|
حسنا اخي هادي التوقيع
[flash="http://n61c3a.bay.livefilestore.com/y1pKwu0NmpyQhfVeWLKUb82Yth0cnWEb-DaQL6h9CtMTPIBX_NXU7a7sR6Ez6V1CMD1TQJxnYek7RkgCS4j x3WvTw/amal.swf"]width=500 height=200[/flash] ما عدت أطلب إلا حسن خاتمتي .... وأسأل الله غفرانا إذا سمحا وأن يكفر عني السيئات ....وأن يظل صدري بالإيمان منشرحا |
||||
|
|
|
دنيا الأمل
مدونة الأمل
مكتبة الأمل للبرامج
الخلاصات RSS
راسلنا
إرشادات
العرض العادي
