ممكن مساعدة // الكاسبر سكاي بهدلني

**ظلمتُ نفسي** · 15-04-2008, 02:52 PM

للرفع

رفع الله قدركم .

**خاص جدا"** · 15-04-2008, 07:15 PM

أوكي .. الآن عطلي جميع برامج الحماية ,,
وحملي هذه الاداه واحفظيها على سطح المكتب

http://subs.geekstogo.com/ComboFix.exe

عند تشغيلها بتظهر لكِ رسالة ,, اضغطي على >> Yes
بعدها بتظهر لكِ رساله ثانيه ,, اضغطي على >> Yes

انتظري حتى الاداه تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداه بالفحص مرره ثانيه
انتظري حتى يظهر لكِ تقرير ,, انسخيه والصقيه بردك القادم

**ظلمتُ نفسي** · 17-04-2008, 02:29 AM

هذا التقرير اللي ظهر لي

و عذرا على الإزعاج

ComboFix 08-04-14.2 - DELL 04/17/2008 3:03:01.2 - NTFSx86
Running from: C:\??????????????????????????????????????????????? ?s and Settings\DELL\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-13 21:59 --------- d-----w C:\Program Files\Google
2008-04-13 21:18 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\CyberScrub
2008-04-13 21:14 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\cleaner
2008-04-04 02:23 --------- d-----w C:\Program Files\BitZipperSearch
2008-04-04 02:23 --------- d-----w C:\Program Files\BitZipper
2008-04-04 02:23 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\McAfee.com
2008-04-04 02:22 --------- d-----w C:\Program Files\McAfee.com
2008-04-04 02:10 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\Administrator\Application Data\MSN6
2008-04-04 02:02 616,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 02:02 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-04 02:02 3,284 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 02:02 1,388 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-04 02:01 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\Kaspersky Lab(2)
2008-04-03 23:30 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-03 23:30 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-03-27 11:28 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\BitZipper
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 18:32 --------- d-----w C:\Program Files\MSN Messenger
2008-03-16 15:00 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\All Users\Application Data\Messenger Plus!
2008-02-24 16:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 16:28 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-24 12:12 --------- d-----w C:\??????????????????????????????????????????????? ?s and Settings\DELL\Application Data\AdobeUM
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 00:17 0 ----a-w C:\osy3.sys
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
01/17/2008 05:35 AM 1502232 --a------ C:\Program Files\BitZipperSearch\tbBit1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= "C:\Program Files\BitZipperSearch\tbBit1.dll" [01/17/2008 05:35 AM 1502232]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= C:\Program Files\BitZipperSearch\tbBit1.dll [01/17/2008 05:35 AM 1502232]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 11:56 AM 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [04/30/2004 01:15 AM 90169]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 PM 122880 C:\WINDOWS\BCMSMMSG.exe]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [05/29/2003 04:32 AM 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/27/2004 12:01 AM 4632576]
"nwiz"="nwiz.exe" [10/27/2004 12:01 AM 921600 C:\WINDOWS\system32\nwiz.exe]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [09/22/2005 06:29 PM 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [01/11/2006 12:05 PM 212992]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [09/18/2003 04:39 AM 212992]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [08/03/2005 12:47 PM 2966528]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/22/2007 04:58 AM 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [08/04/2004 11:56 AM 15360]

C:\??????????????????????????????????????????????? ?s and Settings\DELL\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Ela-Salaty.lnk - C:\??????????????????????????????????????????????? ?s and Settings\DELL\My ????????????????????????????????????????????????s\ Salaty.exe [2006-07-22 04:57:20 4739584]

C:\??????????????????????????????????????????????? ?s and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-27 04:13:54 561213]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 01/12/2004 05:55 PM 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [11/23/2002 07:01 AM]

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 03:05:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\m chInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc24.tmp"
.
Completion time: 04/17/2008 3:07:16
ComboFix-quarantined-files.txt 2008-04-16 23:07:06

Pre-Run: 10,968,412,160 bytes free
Post-Run: 10,958,860,288 bytes free
.
2008-04-10 20:14:49 --- E O F ---

**ظلمتُ نفسي** · 18-04-2008, 09:16 PM

؟؟؟!!!

**خاص جدا"** · 19-04-2008, 08:11 AM

التقرير سليم ..

.. لي عوده إن شاء الله ..

**ظلمتُ نفسي** · 25-04-2008, 01:14 AM

بارك الله فيك .

و أنا في الإنتظار .

**X.Bro0ory.X** · 30-04-2008, 09:48 PM

البرنامج بالعربي

**X.Bro0ory.X** · 30-04-2008, 10:02 PM

Scan saved at 09:58:25 م, on 30/04/08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Favorites\Favorites.exe
C:\Windows\system32\conime.exe
F:\Favorites\مجلد جديد\مجلد جديد.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\a\??????????????????????????????????????? ?????????s\Zyzoom_HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: مساعد رابط Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Users\a\Desktop\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo Messengger] C:\Windows\system32\SSVICHOSST.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600363FE-505D-4E5C-9E0F-09C343516AF1}: NameServer = 212.102.0.82 212.102.0.10
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 5807 bytes

ممكن مساعدة // الكاسبر سكاي بهدلني

تعليق

تعليق

تعليق

تعليق

تعليق

تعليق

تعليق

تعليق