مشكلة وأنتم لها يا أبطال

محروم.كوم · #1 05-31-2009, 02:30 PM

جهازي أصيب بفيرس وعملت سكان عليه وأزلت ما أستطيعه من فيروسات ثم وفرمت الويندوز ونزلت ويندز جديد وبعدها كلما أردت تسطيب أي برنامج لا أستطيع ثم بعد ذلك
تخرج لي رسال لقد صادف Generic Host Process for Win32 Services مشكلة ويجب إغلاقه. المعذرة على الإزعاج.
ثم أشار علي أخ أن أنزل برنامج ليفحص الجهاز وبعدها أعطاني البرنامج هذا التقرير
وأنا لا أدري ما معنى هذا التقرير فهل من مساعدة
التقرير

ComboFix 09-05-30.03 - Administrator 05/31/2009 12:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.511.333 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\svchost.exe
F:\Funny UST Scandal.avi.exe
G:\Funny UST Scandal.avi.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER
-------\Service_PowerManager

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-30 16:42 . 2009-05-31 09:53 -------- d-----w c:\documents and settings\Administrator\Tracing
2009-05-30 16:37 . 2009-05-30 16:37 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-30 16:36 . 2009-05-30 16:36 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-30 16:35 . 2009-05-31 06:08 -------- d-----w c:\windows\SxsCaPendDel
2009-05-30 16:34 . 2009-05-30 16:34 -------- d-----w c:\program files\Microsoft
2009-05-30 16:34 . 2009-05-30 16:34 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-30 16:06 . 2009-05-30 16:06 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-30 15:49 . 2006-10-26 16:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-05-30 15:47 . 2009-05-30 15:47 -------- d-----w c:\program files\Microsoft Works
2009-05-30 15:47 . 2009-05-30 15:47 -------- d-----w c:\program files\MSBuild
2009-05-30 15:42 . 2009-05-30 15:47 -------- d-----w c:\windows\SHELLNEW
2009-05-30 15:42 . 2009-05-30 15:42 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2009-05-30 15:42 . 2009-05-30 15:49 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-30 15:41 . 2009-05-30 15:41 -------- d--h--r C:\MSOCache
2009-05-30 13:56 . 2009-05-30 13:56 249344 ---h--w c:\documents and settings\Administrator\Application Data\shamela\C4ACD77A\s_report.exe
2009-05-30 13:45 . 2009-05-30 13:46 3115072 ----a-w c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe

2009-05-30 13:44 . 2009-05-30 13:47 198064 ----a-w c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-05-30 13:43 . 2009-05-31 09:09 -------- d-----w c:\documents and settings\Administrator\Application Data\IDM
2009-05-30 13:43 . 2009-05-31 09:50 -------- d-----w c:\documents and settings\Administrator\Application Data\DMCache
2009-05-30 13:43 . 2009-05-30 15:33 -------- d-----w c:\program files\Internet Download Manager
2009-05-30 13:25 . 2009-05-30 13:25 0 ----a-w c:\windows\nsreg.dat
2009-05-30 13:25 . 2009-05-30 13:25 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2049-11-19 01:43 . 2009-05-30 14:01 570128 ----a-w c:\documents and settings\Administrator\Application Data\IDM\bin\dao350.dll
2009-05-31 08:44 . 2009-05-30 08:06 -------- d-----w c:\program files\الجامع الكبير - الإصدار الرابع
2009-05-30 16:41 . 2009-05-30 09:50 -------- d-----w c:\program files\Windows Live
2009-05-30 16:06 . 2009-05-30 08:35 83840 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 14:01 . 2009-05-30 08:09 -------- d-----w c:\documents and settings\Administrator\Application Data\shamela
2009-05-30 10:06 . 2009-05-30 10:06 -------- d-----w c:\program files\VIA Technologies, Inc
2009-05-30 09:52 . 2009-05-30 09:52 -------- d-----w c:\documents and settings\Administrator\Application Data\Systweak
2009-05-30 09:52 . 2009-05-30 09:52 -------- d-----w c:\program files\Systweak
2009-05-30 09:51 . 2009-05-30 09:50 -------- d-----w c:\documents and settings\Administrator\Application Data\inSpeak

2009-05-30 09:50 . 2009-05-30 09:50 -------- d-----w c:\program files\inSpeak
2009-05-30 09:50 . 2009-05-30 09:50 -------- d-----w c:\documents and settings\All Users\Application Data\inSpeak
2009-05-30 09:31 . 2009-05-30 07:39 118144 ----a-w c:\windows\system32\BootSafe.exe
2009-05-30 08:49 . 2009-05-30 07:39 2122312 ----a-w c:\windows\system32\InfoTool.exe
2009-05-30 08:49 . 2009-05-30 07:39 761856 ----a-w c:\windows\system32\HWMonitor.exe
2009-05-30 08:49 . 2009-05-30 07:39 405504 ----a-w c:\windows\system32\HDTune.exe
2009-05-30 08:49 . 2009-05-30 07:39 394704 ----a-w c:\windows\system32\GPU-Z.exe
2009-05-30 08:47 . 2009-05-30 07:39 943104 ----a-w c:\windows\system32\DFX.exe
2009-05-30 08:47 . 2009-05-30 07:39 1286144 ----a-w c:\windows\system32\cpuz.exe
2009-05-30 08:46 . 2009-05-30 07:39 202240 ----a-w c:\windows\system32\CoreTemp.exe
2009-05-30 08:44 . 2009-05-30 07:52 3374640 ----a-w c:\windows\Help\Tours\mmTour\mui\0401\tour.exe
2009-05-30 08:15 . 2009-05-30 08:15 -------- d-----w c:\program files\ESET
2009-05-30 08:15 . 2009-05-30 08:15 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-30 07:51 . 2009-05-30 07:44 166455 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-30 07:45 . 2009-05-30 07:45 -------- d-----w c:\program files\microsoft frontpage
2009-05-30 07:40 . 2009-05-30 07:40 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-29 08:01 . 2009-05-30 14:01 486912 ----a-w c:\documents and settings\Administrator\Application Data\IDM\bin\viewer.exe
2009-05-29 08:01 . 2009-05-30 14:01 5832192 ----a-w c:\documents and settings\Administrator\Application Data\IDM\bin\shamela.exe
2009-03-26 15:35 . 2009-05-27 10:22 210352 ----a-w c:\windows\system32\idmmbc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-01-26 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"AVO Ram Optimizer"="c:\program files\systweak\advanced vista optimizer 2009\AVO.exe" [2009-01-09 216296]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive .exe " [2006-10-05 280779]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-01-26 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\موسوعات\\الموسوعة الشاملة 3\\bin\\shamela.exe"=
"c:\\program files\\systweak\\advanced vista optimizer 2009\\AdvancedVistaOptimizer.exe"=
"d:\\برامج\\كمبيوتر وصيانة\\الأوفيس\\أوفيس 2003 عربي\\Office2003Arb\\SETUP.EXE"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\VistaDrive\\VistaDrive.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\برامج\\كمبيوتر وصيانة\\WindowsInstaller-KB893803-v2-x86.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=

R2 AVO2009 Defrag;AVO2009 Defrag;c:\program files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe [5/30/2009 12:52 PM 398056]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/4/2004 3:00 PM 3584]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ skslm.sys --> c:\windows\system32\drivers\skslm.sys [?]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.shamela.ws/updates.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1e2v338.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 12:53
Windows 5.1.2600 Service Pack 3, v.3300 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2009-05-31 12:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 09:54

Pre-Run: 3,359,756,288 bytes free
Post-Run: 3,288,186,880 bytes free

159 __DEFINE_LIKE_SHARE__

المواضيع المتشابهه
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
كل ميت وأنتم بخير .	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	01-25-2010 02:10 AM
كل ميت وأنتم بخير .	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	01-25-2010 02:00 AM
كل مطر وأنتم بخير -تحية أهل جدة-	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	12-04-2009 09:50 PM
كل عام وأنتم بخير :::	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	0	09-18-2009 01:50 AM
كل عام وأنتم بخير‏	محروم.كوم	منتدى أخبار المواقع والمنتديات العربية والأجنبية	1	08-03-2009 07:15 AM