منتدى استراحات زايد

منتدى استراحات زايد (http://vb.ma7room.com/index.php)
-   منتدى أخبار المواقع والمنتديات العربية والأجنبية (http://vb.ma7room.com/forumdisplay.php?f=183)
-   -   مشكلة وأنتم لها يا أبطال (http://vb.ma7room.com/showthread.php?t=130654)

محروم.كوم 05-31-2009 02:30 PM
مشكلة وأنتم لها يا أبطال
 
جهازي أصيب بفيرس وعملت سكان عليه وأزلت ما أستطيعه من فيروسات ثم وفرمت الويندوز ونزلت ويندز جديد وبعدها كلما أردت تسطيب أي برنامج لا أستطيع ثم بعد ذلك
تخرج لي رسال لقد صادف Generic Host Process for Win32 Services مشكلة ويجب إغلاقه. المعذرة على الإزعاج.
ثم أشار علي أخ أن أنزل برنامج ليفحص الجهاز وبعدها أعطاني البرنامج هذا التقرير
وأنا لا أدري ما معنى هذا التقرير فهل من مساعدة
التقرير

ComboFix 09-05-30.03 - Administrator 05/31/2009 12:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.511.333 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\svchost.exe
F:\Funny UST Scandal.avi.exe
G:\Funny UST Scandal.avi.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER
-------\Service_PowerManager


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-30 16:42 . 2009-05-31 09:53 -------- d-----w c:\documents and settings\Administrator\Tracing
2009-05-30 16:37 . 2009-05-30 16:37 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-30 16:36 . 2009-05-30 16:36 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-30 16:35 . 2009-05-31 06:08 -------- d-----w c:\windows\SxsCaPendDel
2009-05-30 16:34 . 2009-05-30 16:34 -------- d-----w c:\program files\Microsoft
2009-05-30 16:34 . 2009-05-30 16:34 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-30 16:06 . 2009-05-30 16:06 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-30 15:49 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-05-30 15:47 . 2009-05-30 15:47 -------- d-----w c:\program files\Microsoft Works
2009-05-30 15:47 . 2009-05-30 15:47 -------- d-----w c:\program files\MSBuild
2009-05-30 15:42 . 2009-05-30 15:47 -------- d-----w c:\windows\SHELLNEW
2009-05-30 15:42 . 2009-05-30 15:42 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-05-30 15:42 . 2009-05-30 15:49 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-30 15:41 . 2009-05-30 15:41 -------- d--h--r C:\MSOCache
2009-05-30 13:56 . 2009-05-30 13:56 249344 ---h--w c:\documents and settings\Administrator\Application Data\shamela\C4ACD77A\s_report.exe
2009-05-30 13:45 . 2009-05-30 13:46 3115072 ----a-w c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe
2009-05-30 13:44 . 2009-05-30 13:47 198064 ----a-w c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-30 13:43 . 2009-05-31 09:09 -------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2009-05-30 13:43 . 2009-05-31 09:50 -------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-05-30 13:43 . 2009-05-30 15:33 -------- d-----w c:\program files\Internet Download Manager
2009-05-30 13:25 . 2009-05-30 13:25 0 ----a-w c:\windows\nsreg.dat
2009-05-30 13:25 . 2009-05-30 13:25 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2049-11-19 01:43 . 2009-05-30 14:01 570128 ----a-w c:\documents and settings\Administrator\Application Data\IDM\bin\dao350.dll
2009-05-31 08:44 . 2009-05-30 08:06 -------- d-----w c:\program files\الجامع الكبير - الإصدار الرابع
2009-05-30 16:41 . 2009-05-30 09:50 -------- d-----w c:\program files\Windows Live
2009-05-30 16:06 . 2009-05-30 08:35 83840 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 14:01 . 2009-05-30 08:09 -------- d-----w c:\documents and settings\Administrator\Application Data\shamela
2009-05-30 10:06 . 2009-05-30 10:06 -------- d-----w c:\program files\VIA Technologies, Inc
2009-05-30 09:52 . 2009-05-30 09:52 -------- d-----w c:\documents and settings\Administrator\Application Data\Systweak
2009-05-30 09:52 . 2009-05-30 09:52 -------- d-----w c:\program files\Systweak
2009-05-30 09:51 . 2009-05-30 09:50 -------- d-----w c:\documents and settings\Administrator\Application Data\inSpeak
2009-05-30 09:50 . 2009-05-30 09:50 -------- d-----w c:\program files\inSpeak
2009-05-30 09:50 . 2009-05-30 09:50 -------- d-----w c:\documents and settings\All Users\Application Data\inSpeak
2009-05-30 09:31 . 2009-05-30 07:39 118144 ----a-w c:\windows\system32\BootSafe.exe
2009-05-30 08:49 . 2009-05-30 07:39 2122312 ----a-w c:\windows\system32\InfoTool.exe
2009-05-30 08:49 . 2009-05-30 07:39 761856 ----a-w c:\windows\system32\HWMonitor.exe
2009-05-30 08:49 . 2009-05-30 07:39 405504 ----a-w c:\windows\system32\HDTune.exe
2009-05-30 08:49 . 2009-05-30 07:39 394704 ----a-w c:\windows\system32\GPU-Z.exe
2009-05-30 08:47 . 2009-05-30 07:39 943104 ----a-w c:\windows\system32\DFX.exe
2009-05-30 08:47 . 2009-05-30 07:39 1286144 ----a-w c:\windows\system32\cpuz.exe
2009-05-30 08:46 . 2009-05-30 07:39 202240 ----a-w c:\windows\system32\CoreTemp.exe
2009-05-30 08:44 . 2009-05-30 07:52 3374640 ----a-w c:\windows\Help\Tours\mmTour\mui\0401\tour.exe
2009-05-30 08:15 . 2009-05-30 08:15 -------- d-----w c:\program files\ESET
2009-05-30 08:15 . 2009-05-30 08:15 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-30 07:51 . 2009-05-30 07:44 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-30 07:45 . 2009-05-30 07:45 -------- d-----w c:\program files\microsoft frontpage
2009-05-30 07:40 . 2009-05-30 07:40 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-29 08:01 . 2009-05-30 14:01 486912 ----a-w c:\documents and settings\Administrator\Application Data\IDM\bin\viewer.exe
2009-05-29 08:01 . 2009-05-30 14:01 5832192 ----a-w c:\documents and settings\Administrator\Application Data\IDM\bin\shamela.exe
2009-03-26 15:35 . 2009-05-27 10:22 210352 ----a-w c:\windows\system32\idmmbc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-01-26 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"AVO Ram Optimizer"="c:\program files\systweak\advanced vista optimizer 2009\AVO.exe" [2009-01-09 216296]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive .exe " [2006-10-05 280779]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-01-26 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\موسوعات\\الموسوعة الشاملة 3\\bin\\shamela.exe"=
"c:\\program files\\systweak\\advanced vista optimizer 2009\\AdvancedVistaOptimizer.exe"=
"d:\\برامج\\كمبيوتر وصيانة\\الأوفيس\\أوفيس 2003 عربي\\Office2003Arb\\SETUP.EXE"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\VistaDrive\\VistaDrive.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\برامج\\كمبيوتر وصيانة\\WindowsInstaller-KB893803-v2-x86.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

R2 AVO2009 Defrag;AVO2009 Defrag;c:\program files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe [5/30/2009 12:52 PM 398056]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/4/2004 3:00 PM 3584]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ skslm.sys --> c:\windows\system32\drivers\skslm.sys [?]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.shamela.ws/updates.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1e2v338.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 12:53
Windows 5.1.2600 Service Pack 3, v.3300 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2009-05-31 12:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 09:54

Pre-Run: 3,359,756,288 bytes free
Post-Run: 3,288,186,880 bytes free

159


الساعة الآن 04:44 PM

Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By Almuhajir


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227