بالله لو سمحتوا ابغى اتطمن على جهازي
لان فجاه اشوف برامج موجوده مدري من وين وبرامج محذوفه تختفي
وربي خفت ان الجهاز فيه عله
عشان كذا ابغى اطمن
وهذا تقرير لبرنامج شفته في موضوع احد الاخوان
اللي هو combofix
ComboFix 10-05-10.02 - user 05/10/2010 23:38:51
2 - x86
Microsoft Windows XP Professional 52600.2.1256.966.1033.gif ".18.")
1015.487 [GMT -7:00]
Running from: c:\docume~1\user\LOCALS~1\Temp\Rar$EX00. 563\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
c:\documents and settings\user\Cookies\elepuvez.pif
c:\documents and settings\user\Cookies\gexynequq.inf
c:\documents and settings\user\Cookies\inomu.pif
c:\documents and settings\user\Cookies\jufutoho.lib
c:\documents and settings\user\Cookies\mecifete.ban
c:\documents and settings\user\Cookies\ujobiguwu.reg
c:\documents and settings\user\Cookies\vekuni.bat
c:\documents and settings\user\Cookies\yrerub._sy
c:\windows\nemupamani.scr
c:\windows\wiqurito.dll
c:\windows\ydejuxi.dll
c:\windows\zyvohek.scr
E:\AUTORUN.INF
.
((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.
2010-05-11 06:11 . 2010-05-11 06:11 -------- d-----w- C:\My Music
2010-05-11 06:10 . 2010-05-11 06:13 5 ----a-w- c:\windows\system32\SySMP3CutJoin.dat
2010-05-11 06:10 . 2010-05-11 06:10 -------- d-----w- c:\program files\AudioToolsFactory
2010-05-11 05:03 . 2010-05-11 05:03 -------- d-----w- c:\windows\LastGood
2010-05-11 05:03 . 2009-10-22 20:54 37392 ----a-w- c:\windows\system32\drivers\54714392.sys
2010-05-11 05:03 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\54714391.sys
2010-05-11 05:03 . 2009-10-10 06:31 315408 ----a-w- c:\windows\system32\drivers\5471439.sys
2010-04-18 05:21 . 2010-04-18 05:21 -------- d-----w- c:\program files\Alawar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2010-05-05 08:01 . 2010-03-08 04:11 439816 ----a-w- c:\documents and settings\user\Application Data\Real\Update\setup3.10\setup.exe
2010-04-10 06:39 . 2010-04-10 06:39 262144 ----a-w- c:\windows\system32\default_user_class.d at
2010-03-14 06:03 . 2010-03-14 06:03 -------- d-----w- c:\program files\UPHClean
2010-03-14 05:39 . 2010-03-14 05:29 592 ----a-w- c:\windows\chgkey.vbs
2010-03-14 05:24 . 2010-03-14 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-10 08:02 . 2004-08-04 07:56 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 06:42 . 2010-03-07 06:42 396288 ----a-w- C:\HijackThis.exe
2010-03-07 01:02 . 2009-09-27 23:36 49840 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-26 06:12 . 2004-08-04 07:56 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2004-08-04 06:15 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:17 . 2004-08-04 06:18 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-04 07:56 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-10-03 09:37 . 2009-10-03 09:37 19104 ----a-w- c:\program files\Common Files\olutegahi.sys
2009-10-03 09:37 . 2009-10-03 09:37 18906 ----a-w- c:\program files\Common Files\xuci.scr
2009-10-03 09:37 . 2009-10-03 09:37 15260 ----a-w- c:\program files\Common Files\synitez.dll
2009-10-03 09:37 . 2009-10-03 09:37 13914 ----a-w- c:\program files\Common Files\ukiqi.lib
2009-10-01 23:47 . 2009-10-01 23:47 10709 ----a-w- c:\program files\Common Files\voce._dl
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live Messenger Khalid Edition v5.5 Arabic\MsnMsgr.Exe" [2009-11-10 5725208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray .exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd .exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxp ers.exe" [2007-09-24 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-27 185896]
"DWPersistentQueuedReporting"="c:\progra m files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2007-03-14 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2004-08-04 15360]
c:\documents and settings\user\Start Menu\Programs\Startup\
setup_9.0.0.722_10.05.2010_21-26[1].lnk - c:\documents and settings\user\Desktop\Virus Removal Tool\setup_9.0.0.722_10.05.2010_21-26[1]\startup.exe [2010-5-10 72208]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^wbhwin32.exe]
path=c:\documents and settings\user\Start Menu\Programs\Startup\wbhwin32.exe
backup=c:\windows\pss\wbhwin32.exeStartu p
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\SunJavaUpdateS ched]
2007-09-25 08:11 132496 ----a-w- c:\program files\Java\jre1.gif ".6.")
0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\sh ared tools\msconfig\startupreg\TkBellExe]
2009-09-27 14:13 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\se curity center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 54714392;54714392 Boot Guard Driver;c:\windows\system32\drivers\54714 392.sys [10/05/2010 10:03 م 37392]
R1 54714391;54714391;c:\windows\system32\dr ivers\54714391.sys [10/05/2010 10:03 م 128016]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ ehdrv.sys [09/04/2009 03:18 م 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\dr ivers\epfwtdir.sys [09/04/2009 03:21 م 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [09/04/2009 03:19 م 731840]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.e xe [17/02/2010 09:05 م 114688]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmn susbser.sys [17/02/2010 09:05 م 103424]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8 187.sys [27/06/2008 02:39 ص 332928]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - 54714391
*NewlyCreated* - 54714392
*NewlyCreated* - SETUP_9.0.0.722_10.05.2010_21-26[1]DRV
*Deregistered* - uphcleanhlp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
MSConfigStartUp-Antivirus Pro 2010 - c:\program files\AntivirusPro_2010\AntivirusPro_201 0.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-mserv - c:\documents and settings\user\Application Data\seres.exe
MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe
MSConfigStartUp-restorer32_a - c:\windows\system32\restorer32_a.exe
MSConfigStartUp-svchost - c:\documents and settings\user\Application Data\svcst.exe
**************************************** **********************************
catchme 0.gif ".3.")
1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 23:46
Windows 52600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************** **********************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Wi ndows\CurrentVersion\Run\OptionalCompone nts\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Wi ndows\CurrentVersion\Run\OptionalCompone nts\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Wi ndows\CurrentVersion\Run\OptionalCompone nts\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
Completion time: 2010-05-10 23:47:43
ComboFix-quarantined-files.txt 2010-05-11 06:47
Pre-Run: 33,755,144,192 bytes free
Post-Run: 34,990,223,360 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition (1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WIND OWS="Microsoft Windows XP Professional (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WIND OWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WIND OWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 6F620A1E16417DF8C69BE68ED2165BD3
اذا فيه اي شي ضار علموني وطمنوني
:cry4:
____________
وزياده للتاكيد هذا تقرير هايجيك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:19 م, on 10/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EX E
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper Shim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplu gin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre10_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSi ngleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live Messenger Khalid Edition v5.5 Arabic\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_10.05.2010_21-26[1].lnk = C:\Documents and Settings\user\Desktop\Virus Removal Tool\setup_9.0.0.722_10.05.2010_21-26[1]\startup.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre10_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre10_03\bin\ssv.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D LL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1260912414031
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\System32\ChgService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
--
End of file - 6031 bytes
اي قيم ضاره اي شي فيه خطر قولولي هوه عشان احذفه :looking:
الله يجزاكم خير ابغى مساعدتكم بسررررررررعه
05-11-2010, 03:47 PM
مساعدة برامج تنحذف وتنضاف على جهازي فجأه
العرض العادي
