مشكلة في جهازي أريد حلاً - الصفحة 2

دنيا الوفا · 13-01-2011, 11:41 PM

باااااااك

عملت اللي طلبته مني أخي أبو أنس
وهذا التقرير اللي ظهر لي:

ComboFix 11-01-12.04 - user 01/13/2011 22:52:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.502.248 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
AV: برنامج Kaspersky لمكافحة الفيروسات *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Local Settings\Application Data\Install.exe
c:\windows\system32\1.txt
c:\windows\system32\2.txt
c:\windows\system32\kakle.dll
c:\windows\system32\win.txt
.
((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.
2011-01-08 19:32 . 2011-01-08 19:32 -------- d-----w- c:\program files\Trend Micro
2011-01-07 19:00 . 2011-01-07 19:00 -------- d-----w- c:\documents and settings\user\Application Data\GRETECH
2011-01-07 18:59 . 2011-01-07 18:59 -------- d-----w- c:\program files\GRETECH
2011-01-05 22:41 . 2011-01-06 00:35 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-01-05 22:41 . 2011-01-06 00:35 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-01-05 22:40 . 2011-01-13 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-01-05 22:40 . 2011-01-05 22:40 -------- d-----w- c:\program files\Kaspersky Lab
2011-01-05 22:37 . 2011-01-05 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-11-10 23:15 . 2010-11-10 23:15 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-10 23:15 . 2010-11-10 23:15 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-11-10 06:09 . 2010-11-10 06:09 90112 ----a-w- c:\windows\system32\agsaami.dll
2010-11-10 06:09 . 2010-11-10 06:09 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2010-11-10 06:09 . 2010-11-10 06:09 1986560 ----a-w- c:\windows\system32\akll.dll
2010-11-10 06:09 . 2010-11-10 06:09 196608 ----a-w- c:\windows\system32\maag.dll
2010-11-10 06:09 . 2010-11-10 06:09 1245184 ----a-w- c:\windows\system32\bkll.dll
2010-11-10 06:09 . 2010-11-10 06:09 1212416 ----a-w- c:\windows\system32\ckll.dll
2010-11-10 06:09 . 2010-11-10 06:09 610304 ----a-w- c:\windows\system32\agsaamg.dll
2010-11-10 06:09 . 2010-11-10 06:09 53760 ----a-w- c:\windows\system\ppacklib.dll
2010-11-10 06:09 . 2010-11-10 06:09 372736 ----a-w- c:\windows\system32\agsaamc.dll
2010-11-07 15:14 . 2010-11-07 15:14 172032 ------w- c:\windows\Setup1.exe
2010-11-07 15:14 . 2010-11-07 15:14 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-11-07 14:25 . 2010-11-07 14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-07 14:25 . 2010-11-07 14:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-11-07 08:44 . 2010-11-07 08:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-07 08:44 . 2010-11-07 08:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-07 08:29 . 2010-11-07 08:29 47104 ------w- c:\windows\AKDeInstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 06:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-11-07 136600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-28 137752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-01-06 340520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-7 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2010-11-11 942080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\REALTEK\\RTL8187 Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 08:18 م 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 01:42 م 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 06:39 م 19472]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [09/11/2010 11:03 ص 323328]
S2 gupdate;خدمة تحديث Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/11/2010 08:18 م 136176]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sy s [12/11/2010 10:26 م 103424]
S4 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [12/11/2010 10:26 م 135168]
.
Contents of the 'Scheduled Tasks' folder
2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 17:18]
2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 17:18]
2011-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1844823847-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 08:33]
2011-01-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1844823847-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 08:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/webhp?sourceid=navclient&ie=UTF-8&safe=active
mStart Page = hxxp://home.sweetim.com/?crg=1.56000
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E117 12C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 23:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1732)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
- - - - - - - > 'explorer.exe'(4016)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
************************************************** ************************
.
Completion time: 2011-01-13 23:23:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-13 20:23
Pre-Run: 52,450,074,624 bytes free
Post-Run: 52,558,589,952 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 42C914E950D396BDF086D6C813974B4C

ملااااااااحظه:
عند إعادة تشغيل الجهاز ظهرت لي قائمه مكتوب فيها
هناك خطأ في مكتبة الارتباط الحيوي dll
وبعد تشغيل الجهاز طلعت النجمه الزرقاء ومكتوب نسخة ويندوز غير أصليه مع العلم أنه بعد الفرمته في احدى المحلات ركّب لي العامل ويندوز غير أصلي فعلا وأنا حليت المشكله وحولتها لأصليه عن طريق احدى البرامج الموجوده في منتداكم قبل أشهر تقريباً..
فماذا يظهر من هذا التقرير؟ وماالحل الآن ؟؟

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

دنيا الوفا · 14-01-2011, 12:20 AM

وينك أخوي أبو أنس؟؟؟؟؟؟؟؟؟

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

دنيا الوفا · 14-01-2011, 05:16 PM

وينكم ياأهل الخبره أحد يساعدني في مشكلتي

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

kogerblack · 14-01-2011, 05:56 PM

يوجد لدينا فايروس بالجهاز

كود:

c:\documents and settings\user\Local Settings\Application Data\Install.exe
c:\windows\system32\1.txt
c:\windows\system32\2.txt
c:\windows\system32\kakle.dll
c:\windows\system32\win.txt

ومنشان النجمة

Remover حمل هذه الاداة شغلها واضغط على

ومنشان ملف dll حمل الملف التالي
XP Professional
وافق على التبادل أعد التشعيل
============================
وارفع تقرير كومبو fix
اخر

بالانتظار

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

دنيا الوفا · 14-01-2011, 07:50 PM

باك..
وأعتذر عن التأخير لأن الجهاز يعلق كثير..

سويت الخطوات اللي طلبتها مني بالضبط
وهذا التقرير:

ComboFix 11-01-13.01 - user 01/14/2011 19:10:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.502.144 [GMT 3:00]
Running from: c:\documents and settings\user\سطح المكتب\ComboFix.exe
AV: برنامج Kaspersky لمكافحة الفيروسات *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.
2011-01-13 20:33 . 2009-08-06 16:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-13 20:33 . 2009-08-06 16:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-08 19:32 . 2011-01-08 19:32 -------- d-----w- c:\program files\Trend Micro
2011-01-07 19:00 . 2011-01-07 19:00 -------- d-----w- c:\documents and settings\user\Application Data\GRETECH
2011-01-07 18:59 . 2011-01-07 18:59 -------- d-----w- c:\program files\GRETECH
2011-01-05 22:41 . 2011-01-06 00:35 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-01-05 22:41 . 2011-01-06 00:35 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-01-05 22:40 . 2011-01-14 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-01-05 22:40 . 2011-01-05 22:40 -------- d-----w- c:\program files\Kaspersky Lab
2011-01-05 22:37 . 2011-01-05 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-11-10 23:15 . 2010-11-10 23:15 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-10 23:15 . 2010-11-10 23:15 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-11-10 06:09 . 2010-11-10 06:09 90112 ----a-w- c:\windows\system32\agsaami.dll
2010-11-10 06:09 . 2010-11-10 06:09 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2010-11-10 06:09 . 2010-11-10 06:09 1986560 ----a-w- c:\windows\system32\akll.dll
2010-11-10 06:09 . 2010-11-10 06:09 196608 ----a-w- c:\windows\system32\maag.dll
2010-11-10 06:09 . 2010-11-10 06:09 1245184 ----a-w- c:\windows\system32\bkll.dll
2010-11-10 06:09 . 2010-11-10 06:09 1212416 ----a-w- c:\windows\system32\ckll.dll
2010-11-10 06:09 . 2010-11-10 06:09 610304 ----a-w- c:\windows\system32\agsaamg.dll
2010-11-10 06:09 . 2010-11-10 06:09 53760 ----a-w- c:\windows\system\ppacklib.dll
2010-11-10 06:09 . 2010-11-10 06:09 372736 ----a-w- c:\windows\system32\agsaamc.dll
2010-11-07 15:14 . 2010-11-07 15:14 172032 ------w- c:\windows\Setup1.exe
2010-11-07 15:14 . 2010-11-07 15:14 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-11-07 14:25 . 2010-11-07 14:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-07 14:25 . 2010-11-07 14:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-11-07 08:44 . 2010-11-07 08:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-07 08:44 . 2010-11-07 08:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-07 08:29 . 2010-11-07 08:29 47104 ------w- c:\windows\AKDeInstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 06:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-11-07 136600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-28 137752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-01-06 340520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-7 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2010-11-11 942080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 19:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\REALTEK\\RTL8187 Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 08:18 م 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 01:42 م 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 06:39 م 19472]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [09/11/2010 11:03 ص 323328]
S2 gupdate;خدمة تحديث Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/11/2010 08:18 م 136176]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sy s [12/11/2010 10:26 م 103424]
S4 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [12/11/2010 10:26 م 135168]
.
Contents of the 'Scheduled Tasks' folder
2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 17:18]
2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 17:18]
2011-01-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1844823847-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 08:33]
2011-01-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1844823847-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 08:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/webhp?sourceid=navclient&ie=UTF-8&safe=active
mStart Page = hxxp://home.sweetim.com/?crg=1.56000
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E117 12C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 19:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1716)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
- - - - - - - > 'explorer.exe'(3608)
c:\windows\system32\msi.dll
.
Completion time: 2011-01-14 19:38:12
ComboFix-quarantined-files.txt 2011-01-14 16:37
ComboFix2.txt 2011-01-13 20:23
Pre-Run: 52,366,319,616 bytes free
Post-Run: 52,486,742,016 bytes free
- - End Of File - - 7DAB230FDDE120C9457676DBBEED2E77

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

دنيا الوفا · 14-01-2011, 08:08 PM

ملاحظه:
أثناء عمل التقرير ظهرت لي هذه القائمه
الموجوده في الصوره

واخترت عدم الارسال وتابع البرنامج عمله بشكل عادي إلى النهايه ولم يعمل إعادة تشغيل
ممكن أعرف ايش السبب

؟؟
وآسفه استفساراتي بدأت تكثر أتمنى أن تساعدوووووني

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

دنيا الوفا · 14-01-2011, 08:38 PM

؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

ابو انس جفال · 15-01-2011, 12:42 AM

هناك فيروس حجب اكمال المسح
لازالته:-
حمل برنامج malwarebytes :
http://download.cnet.com/Malwarebyte...ml?tag=mncol;1
ثبت malwarebytes وبعد التحديث قم بعمل فحص كامل للجهاز وبعد الإنتهاء أعد التشغيل .
وخبرنا

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

دنيا الوفا · 15-01-2011, 01:21 AM

أوك
راح أحملها وان شاء الله تضبط معايا

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

دنيا الوفا · 15-01-2011, 02:26 AM

أخوي أبو أنس حملت البرنامج وعمل فحص كامل وقفل البرنامج
وعملت إعادة تشغيل للجهاز ولم يحدث أي شي جديد
مازال الجهاز يعلق بكثره..

مشاركة هذا الرد في

Google	Facebook
Twitter	Digg

أدوات الموضوع
مشاهدة صفحة طباعة الموضوع أرسل هذا الموضوع إلى صديق