|
مساعدة برامج تنحذف وتنضاف على جهازي فجأه
بالله لو سمحتوا ابغى اتطمن على جهازي
لان فجاه اشوف برامج موجوده مدري من وين وبرامج محذوفه تختفي وربي خفت ان الجهاز فيه عله عشان كذا ابغى اطمن وهذا تقرير لبرنامج شفته في موضوع احد الاخوان اللي هو combofix ComboFix 10-05-10.02 - user 05/10/2010 23:38:51.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.1015.487 [GMT -7:00] Running from: c:\docume~1\user\LOCALS~1\Temp\Rar$EX00. 563\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) ))))))))) . c:\documents and settings\user\Cookies\elepuvez.pif c:\documents and settings\user\Cookies\gexynequq.inf c:\documents and settings\user\Cookies\inomu.pif c:\documents and settings\user\Cookies\jufutoho.lib c:\documents and settings\user\Cookies\mecifete.ban c:\documents and settings\user\Cookies\ujobiguwu.reg c:\documents and settings\user\Cookies\vekuni.bat c:\documents and settings\user\Cookies\yrerub._sy c:\windows\nemupamani.scr c:\windows\wiqurito.dll c:\windows\ydejuxi.dll c:\windows\zyvohek.scr E:\AUTORUN.INF . ((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 ))))))))))))))))))))))))))))))) . 2010-05-11 06:11 . 2010-05-11 06:11 -------- d-----w- C:\My Music 2010-05-11 06:10 . 2010-05-11 06:13 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat 2010-05-11 06:10 . 2010-05-11 06:10 -------- d-----w- c:\program files\AudioToolsFactory 2010-05-11 05:03 . 2010-05-11 05:03 -------- d-----w- c:\windows\LastGood 2010-05-11 05:03 . 2009-10-22 20:54 37392 ----a-w- c:\windows\system32\drivers\54714392.sys 2010-05-11 05:03 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\54714391.sys 2010-05-11 05:03 . 2009-10-10 06:31 315408 ----a-w- c:\windows\system32\drivers\5471439.sys 2010-04-18 05:21 . 2010-04-18 05:21 -------- d-----w- c:\program files\Alawar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) )))))))))))) . 2010-05-05 08:01 . 2010-03-08 04:11 439816 ----a-w- c:\documents and settings\user\Application Data\Real\Update\setup3.10\setup.exe 2010-04-10 06:39 . 2010-04-10 06:39 262144 ----a-w- c:\windows\system32\default_user_class.d at 2010-03-14 06:03 . 2010-03-14 06:03 -------- d-----w- c:\program files\UPHClean 2010-03-14 05:39 . 2010-03-14 05:29 592 ----a-w- c:\windows\chgkey.vbs 2010-03-14 05:24 . 2010-03-14 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-03-10 08:02 . 2004-08-04 07:56 417792 ----a-w- c:\windows\system32\vbscript.dll 2010-03-07 06:42 . 2010-03-07 06:42 396288 ----a-w- C:\HijackThis.exe 2010-03-07 01:02 . 2009-09-27 23:36 49840 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-26 06:12 . 2004-08-04 07:56 662016 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 06:12 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-24 12:31 . 2004-08-04 06:15 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 13:17 . 2004-08-04 06:18 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:47 . 2004-08-04 07:56 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:01 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-10-03 09:37 . 2009-10-03 09:37 19104 ----a-w- c:\program files\Common Files\olutegahi.sys 2009-10-03 09:37 . 2009-10-03 09:37 18906 ----a-w- c:\program files\Common Files\xuci.scr 2009-10-03 09:37 . 2009-10-03 09:37 15260 ----a-w- c:\program files\Common Files\synitez.dll 2009-10-03 09:37 . 2009-10-03 09:37 13914 ----a-w- c:\program files\Common Files\ukiqi.lib 2009-10-01 23:47 . 2009-10-01 23:47 10709 ----a-w- c:\program files\Common Files\voce._dl . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) )))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live Messenger Khalid Edition v5.5 Arabic\MsnMsgr.Exe" [2009-11-10 5725208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray .exe" [2007-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd .exe" [2007-09-24 166424] "Persistence"="c:\windows\system32\igfxp ers.exe" [2007-09-24 137752] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-27 185896] "DWPersistentQueuedReporting"="c:\progra m files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-03-14 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2004-08-04 15360] c:\documents and settings\user\Start Menu\Programs\Startup\ setup_9.0.0.722_10.05.2010_21-26[1].lnk - c:\documents and settings\user\Desktop\Virus Removal Tool\setup_9.0.0.722_10.05.2010_21-26[1]\startup.exe [2010-5-10 72208] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^wbhwin32.exe] path=c:\documents and settings\user\Start Menu\Programs\Startup\wbhwin32.exe backup=c:\windows\pss\wbhwin32.exeStartu p [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\SunJavaUpdateS ched] 2007-09-25 08:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\TkBellExe] 2009-09-27 14:13 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\se curity center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R0 54714392;54714392 Boot Guard Driver;c:\windows\system32\drivers\54714 392.sys [10/05/2010 10:03 م 37392] R1 54714391;54714391;c:\windows\system32\dr ivers\54714391.sys [10/05/2010 10:03 م 128016] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ ehdrv.sys [09/04/2009 03:18 م 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\dr ivers\epfwtdir.sys [09/04/2009 03:21 م 94360] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [09/04/2009 03:19 م 731840] S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.e xe [17/02/2010 09:05 م 114688] S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmn susbser.sys [17/02/2010 09:05 م 103424] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8 187.sys [27/06/2008 02:39 ص 332928] --- Other Services/Drivers In Memory --- *NewlyCreated* - 54714391 *NewlyCreated* - 54714392 *NewlyCreated* - SETUP_9.0.0.722_10.05.2010_21-26[1]DRV *Deregistered* - uphcleanhlp . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - Notify-WgaLogon - (no file) MSConfigStartUp-Antivirus Pro 2010 - c:\program files\AntivirusPro_2010\AntivirusPro_201 0.exe MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe MSConfigStartUp-mserv - c:\documents and settings\user\Application Data\seres.exe MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe MSConfigStartUp-restorer32_a - c:\windows\system32\restorer32_a.exe MSConfigStartUp-svchost - c:\documents and settings\user\Application Data\svcst.exe **************************************** ********************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-10 23:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 **************************************** ********************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Wi ndows\CurrentVersion\Run\OptionalCompone nts\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Wi ndows\CurrentVersion\Run\OptionalCompone nts\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Wi ndows\CurrentVersion\Run\OptionalCompone nts\MSFS] @DACL=(02 0000) "Installed"="1" @="" . Completion time: 2010-05-10 23:47:43 ComboFix-quarantined-files.txt 2010-05-11 06:47 Pre-Run: 33,755,144,192 bytes free Post-Run: 34,990,223,360 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition (1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WIND OWS="Microsoft Windows XP Professional (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe multi(0)disk(0)rdisk(0)partition(1)\WIND OWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WIND OWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 6F620A1E16417DF8C69BE68ED2165BD3 اذا فيه اي شي ضار علموني وطمنوني :cry4: ____________ وزياده للتاكيد هذا تقرير هايجيك Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:53:19 م, on 10/05/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EX E C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper Shim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplu gin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSi ngleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live Messenger Khalid Edition v5.5 Arabic\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: setup_9.0.0.722_10.05.2010_21-26[1].lnk = C:\Documents and Settings\user\Desktop\Virus Removal Tool\setup_9.0.0.722_10.05.2010_21-26[1]\startup.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D LL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1260912414031 O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\System32\ChgService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- End of file - 6031 bytes اي قيم ضاره اي شي فيه خطر قولولي هوه عشان احذفه :looking: الله يجزاكم خير ابغى مساعدتكم بسررررررررعه |
| الساعة الآن 03:57 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.