أداة المكنسة لزيزووم لاتعمل ؟؟؟؟

[مصطفى المنسي]

اداة زيزووم التي تستخدم بعد تقرير هايجاك لا تعمل رغم أني عملت لها سماح من الكاسبر وكذلك لا تعمل بشكل صحيح حتى لو أغلقت الكاسبرنسخة الكاسبر التاسع 454 الأخير

ارجو المساعدة لأني أستخدمها دائما

مرفق لكم صورة واسم الأداة

مع العلم جهازي نظيف ومنزل ويندوووز من يومين

 

[مصطفى المنسي]

ما ظبطت اخي ابو ريما

مرفق تقريري حسب طلب الأخ ماكس

.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:36 م, on 25/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FSCapture.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Almyasystem - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

(file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
--
End of file - 5497 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1040
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 03/08/2004 11:56:30 م
File Modified Date : 14/04/2008 04:00:03 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 25/08/2008 10:35:26 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 388 K
Mem Usage Peak : 680 K
Page Faults : 298
Pagefile Usage : 172 K
Pagefile Peak Usage : 1664 K
File Attributes : AC
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1392
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 03/08/2004 11:56:08 م
File Modified Date : 14/04/2008 03:59:49 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 25/08/2008 10:35:28 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4004 K
Mem Usage Peak : 4448 K
Page Faults : 4584
Pagefile Usage : 1804 K
Pagefile Peak Usage : 1804 K
File Attributes : AC
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1416
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 506,880
File Created Date : 03/08/2004 11:56:36 م
File Modified Date : 14/04/2008 04:00:06 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:35:30 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1964 K
Mem Usage Peak : 12376 K
Page Faults : 6577
Pagefile Usage : 7092 K
Pagefile Peak Usage : 7524 K
File Attributes : AC
==================================================
==================================================
Process Name : services.exe
ProcessID : 1472
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : ‎‎Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,544
File Created Date : 03/08/2004 11:56:30 م
File Modified Date : 14/04/2008 04:00:02 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:35:33 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4160 K
Mem Usage Peak : 4296 K
Page Faults : 1457
Pagefile Usage : 2336 K
Pagefile Peak Usage : 2580 K
File Attributes : AC
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1484
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 03/08/2004 11:56:18 م
File Modified Date : 14/04/2008 03:59:55 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:35:33 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6944 K
Mem Usage Peak : 7188 K
Page Faults : 2215
Pagefile Usage : 4596 K
Pagefile Peak Usage : 4896 K
File Attributes : AC
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1672
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 11:56:32 م
File Modified Date : 14/04/2008 04:00:03 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:35:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5108 K
Mem Usage Peak : 5156 K
Page Faults : 1387
Pagefile Usage : 3224 K
Pagefile Peak Usage : 23496 K
File Attributes : AC
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1720
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 11:56:32 م
File Modified Date : 14/04/2008 04:00:03 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:35:35 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4572 K
Mem Usage Peak : 4572 K
Page Faults : 1280
Pagefile Usage : 2000 K
Pagefile Peak Usage : 2012 K
File Attributes : AC
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 176
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 11:56:32 م
File Modified Date : 14/04/2008 04:00:03 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:35:36 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 21932 K
Mem Usage Peak : 25492 K
Page Faults : 13229
Pagefile Usage : 14160 K
Pagefile Peak Usage : 17032 K
File Attributes : AC
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 328
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 11:56:32 م
File Modified Date : 14/04/2008 04:00:03 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:35:36 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4764 K
Mem Usage Peak : 4764 K
Page Faults : 1249
Pagefile Usage : 1988 K
Pagefile Peak Usage : 1988 K
File Attributes : AC
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 936
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.5512 (xpsp.080413-2105)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Programs
File Size : 1,031,168
File Created Date : 03/08/2004 11:56:12 م
File Modified Date : 14/04/2008 03:59:52 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 25/08/2008 10:35:38 م
Visible Windows : 3
Hidden Windows : 38
User Name : العالمية\Administrator
Mem Usage : 24872 K
Mem Usage Peak : 25236 K
Page Faults : 15632
Pagefile Usage : 16332 K
Pagefile Peak Usage : 16664 K
File Attributes : AC
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1000
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-0852)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 03/08/2004 11:56:32 م
File Modified Date : 14/04/2008 04:00:03 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:35:39 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5320 K
Mem Usage Peak : 5324 K
Page Faults : 1721
Pagefile Usage : 3556 K
Pagefile Peak Usage : 3656 K
File Attributes : AC
==================================================
==================================================
Process Name : guard.exe
ProcessID : 1112
Priority : Normal
Product Name : AVG Anti-Spyware
Version : 7, 5, 1, 22
Description : AVG Anti-Spyware guard
Company : GRISOFT s.r.o.
Window Title :
File Size : 312,880
File Created Date : 30/05/2007 12:31:10 م
File Modified Date : 30/05/2007 12:31:10 م
Filename : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:35:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 19168 K
Mem Usage Peak : 49708 K
Page Faults : 71766
Pagefile Usage : 43024 K
Pagefile Peak Usage : 54332 K
File Attributes : AC
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1264
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.454
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 206,088
File Created Date : 29/07/2008 05:20:28 م
File Modified Date : 29/07/2008 05:20:28 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:35:42 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 55456 K
Mem Usage Peak : 114428 K
Page Faults : 114726
Pagefile Usage : 44404 K
Pagefile Peak Usage : 107028 K
File Attributes : AC
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1432
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.454
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 206,088
File Created Date : 29/07/2008 05:20:28 م
File Modified Date : 29/07/2008 05:20:28 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:35:45 م
Visible Windows : 0
Hidden Windows : 6
User Name : العالمية\Administrator
Mem Usage : 2112 K
Mem Usage Peak : 8196 K
Page Faults : 9010
Pagefile Usage : 5772 K
Pagefile Peak Usage : 6032 K
File Attributes : AC
==================================================
==================================================
Process Name : alg.exe
ProcessID : 2668
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-0852)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 03/08/2004 11:56:04 م
File Modified Date : 14/04/2008 03:59:46 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:36:19 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3904 K
Mem Usage Peak : 3912 K
Page Faults : 1016
Pagefile Usage : 1404 K
Pagefile Peak Usage : 1416 K
File Attributes : AC
==================================================
==================================================
Process Name : FSCapture.exe
ProcessID : 2760
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title : FastStone Capture
File Size : 1,123,840
File Created Date : 25/08/2008 07:36:18 م
File Modified Date : 24/05/2007 06:35:06 م
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FSCapture.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:36:20 م
Visible Windows : 3
Hidden Windows : 12
User Name : العالمية\Administrator
Mem Usage : 6032 K
Mem Usage Peak : 7264 K
Page Faults : 3697
Pagefile Usage : 5024 K
Pagefile Peak Usage : 5160 K
File Attributes : AC
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 3632
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.16705 (vista_gdr.080618-1506)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : أداة المكنسة لزيزووم لاتعمل ؟؟؟؟ - زيزوووم للأمن والحمايه - Windows Internet Explorer
File Size : 625,664
File Created Date : 19/08/2008 01:04:53 م
File Modified Date : 23/06/2008 09:18:36 ص
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:36:36 م
Visible Windows : 1
Hidden Windows : 26
User Name : العالمية\Administrator
Mem Usage : 19272 K
Mem Usage Peak : 40144 K
Page Faults : 19796
Pagefile Usage : 27852 K
Pagefile Peak Usage : 27960 K
File Attributes : AC
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 3672
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2105)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 03/08/2004 11:56:08 م
File Modified Date : 14/04/2008 03:59:49 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:36:37 م
Visible Windows : 0
Hidden Windows : 5
User Name : العالمية\Administrator
Mem Usage : 3468 K
Mem Usage Peak : 3672 K
Page Faults : 1066
Pagefile Usage : 1112 K
Pagefile Peak Usage : 1520 K
File Attributes : AC
==================================================
==================================================
Process Name : wuauclt.exe
ProcessID : 4044
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904)
Description : Windows Update Automatic Updates
Company : Microsoft Corporation
Window Title :
File Size : 53,448
File Created Date : 20/08/2008 09:10:03 م
File Modified Date : 18/07/2008 07:10:42 م
Filename : C:\WINDOWS\system32\wuauclt.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:36:41 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 10216 K
Mem Usage Peak : 11044 K
Page Faults : 3383
Pagefile Usage : 7796 K
Pagefile Peak Usage : 8756 K
File Attributes : AC
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 2724
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.16705 (vista_gdr.080618-1506)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : HijackThis Logfileauswertung - Windows Internet Explorer
File Size : 625,664
File Created Date : 19/08/2008 01:04:53 م
File Modified Date : 23/06/2008 09:18:36 ص
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:37:58 م
Visible Windows : 1
Hidden Windows : 25
User Name : العالمية\Administrator
Mem Usage : 15752 K
Mem Usage Peak : 28824 K
Page Faults : 14547
Pagefile Usage : 18632 K
Pagefile Peak Usage : 18808 K
File Attributes : AC
==================================================
==================================================
Process Name : runn.exe
ProcessID : 1872
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 25/08/2008 07:38:32 م
File Modified Date : 31/01/2008 10:24:25 م
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:38:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : العالمية\Administrator
Mem Usage : 2416 K
Mem Usage Peak : 2420 K
Page Faults : 707
Pagefile Usage : 840 K
Pagefile Peak Usage : 916 K
File Attributes : AC
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 896
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 389,120
File Created Date : 03/08/2004 11:56:06 م
File Modified Date : 14/04/2008 03:59:48 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 25/08/2008 10:38:32 م
Visible Windows : 0
Hidden Windows : 1
User Name : العالمية\Administrator
Mem Usage : 3400 K
Mem Usage Peak : 3464 K
Page Faults : 953
Pagefile Usage : 2224 K
Pagefile Peak Usage : 2300 K
File Attributes : AC
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 2108
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2108)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 20/08/2008 09:08:14 م
File Modified Date : 14/04/2008 04:00:06 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 25/08/2008 10:38:35 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 6392 K
Mem Usage Peak : 6392 K
Page Faults : 1639
Pagefile Usage : 3480 K
Pagefile Peak Usage : 3480 K
File Attributes : AC
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 1948
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 25/08/2008 07:38:32 م
File Modified Date : 14/07/2005 04:46:34 ص
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 25/08/2008 10:38:36 م
Visible Windows : 0
Hidden Windows : 0
User Name : العالمية\Administrator
Mem Usage : 2436 K
Mem Usage Peak : 2448 K
Page Faults : 801
Pagefile Usage : 972 K
Pagefile Peak Usage : 972 K
File Attributes : AC
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.5512
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
8.00.0000.0454
c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\ctfmon.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Privacy Suite
"C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite"
Privacy Suite (TM)
CyberScrub LLC
4.07.0000.0139
c:\documents and settings\administrator\application data\cleaner\cspseraser.exe
.
.
----------- End Report ---------------

 

[MAAX]

طبق التالي
من ابدأ اختر تشغيل واكتب
%temp%

يفتح لك مجلد احذف كل ما فيه

واكتب مرة اخرى temp

يفتح لك مجلد احذف كل ما فيه

اي ملف يرفض الحذف استخدم هذه الاداة لحذفه

Unlocker

طريقة الحذف

بعد تثبيت الاداة اضغط كليك يمين على الملف المراد حذفه
واختر Unlocker ثم اختر كما بالصورة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التحميل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم اعد استخدام الاداة

 

[مصطفى المنسي]

نفذت المطلوب ومرفق لك بعض الصور

 

[مصطفى المنسي]

للعلم الكاسبر منذالصباح يبلغ عن برنامج غير مرغوب وغير قادر على حذفة

وركبيت الAVAG للتجسس ومعملش شيئ

وعلى ما اعتقد مشكلتي اصبحت واضحة تماما من تقريري وصور الجهاز المرفقة


آملا المساعدة لأنكم تدركون مدى أهمية أداة المكنسة في الأستخدام


الصورة الثانية

 

[MAAX]

ركب ملف الاعدادات التالي على الكاسبر

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

‏

ثم اعمل فحص كامل للجهاز

 

[مصطفى المنسي]

أكرر شكري لك أستاذ ماكس لأهتمامك بموضوعي

أنا مركب هذة الأعدادات وعملت فحص كامل ويجد ملف تجسس لكن لا يستطيع حذفة أو حجزة

أنا الآن نصبت هذة الأداة وبأعمل فحص بها وأنشاء الله تظبط وسأوافيك بالنتائج أستاذي ماكس

أسم الأداة kasperskay virus removal tool

 

[مصطفى المنسي]

أستاز ماكس مش عارف احذف هذا الفيروس

فشل الكاسبر واداة الكاسبر في حذف

 

[مصطفى المنسي]

 

[Al jNtEeL]

المعذره :::

حمل الاداة ذي ::

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

روح للملف الي ما انحذف وبزر الماوس الأيمن

ثم اختر كم في الصورة :::

ثم بعد ذلك اختر بدل NO action كلمة delete ثم اضغط Unlock all وسيحذف بحول الله

بنتظارك

 

[مصطفى المنسي]

شكرا يا اخ جنتل ماظبط

ماهو هذا الفيروس

الكاسبر ماسكة لكن مش عارف يعمل شيئ

انا الان أفحص جهازي on line مع البينديفندر وسأوافيكم بالنتائج

 

[مصطفى المنسي]

موقع البيندفندر لم يجد أي شيئ ( تصوروا ) لم يستدل على الفيروس

عظيم يا كاسبر

وتقريبا أستخدمت كل الأدوات الزيزومية ولم تحذفة

سؤال؟؟؟

ماهذا الفيروس وكيف دخل جهازي ؟؟؟؟؟

بأنتظار ردكم ياعمالقة المنتديات

حتى اتخلص منة

 

[Al jNtEeL]

عزيزي افحص في الوضع الآمن .. وان شاء الله يحذف أبوها

 

[KinXG BlacK]

بعد إذنكم​

عطل استعادة النظام ​

جهاز الكمبيوتر

ثم
خصائص
استعادة النظام

بعدها بتجيك رساله وافق عليه​

ثم​

عطل جميع برامج الحماية ,,​

وحمل هذه الاداة واحفظها على سطح المكتب​

​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes

بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

--------------------------------------------​

واعمل تقرير للهايجاك​

 

[مصطفى المنسي]

هذا تقرير الأداة


ComboFix 08-08-25.01 - Administrator 08/26/2008 19:35:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1675 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\.#
C:\Documents and Settings\Administrator\Application Data\.#\MBX@29C@3E39D0.###
C:\Documents and Settings\Administrator\Application Data\.#\MBX@29C@3E39E0.###
C:\Documents and Settings\Administrator\s\BBUXJ.DOC
C:\Documents and Settings\Administrator\s\DDXER.KMA
C:\Documents and Settings\Administrator\s\DFAAL.LJP
C:\Documents and Settings\Administrator\s\DIHIT.GTK
C:\Documents and Settings\Administrator\s\JPOSW.IDL
C:\Documents and Settings\Administrator\s\OWBVI.HUG
C:\Documents and Settings\Administrator\s\PDTMT.BBI
C:\Documents and Settings\Administrator\s\SJITB.AUG
C:\Documents and Settings\Administrator\s\TGDVK.KST
C:\Documents and Settings\Administrator\s\TWQOC.MLK
.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 16:38 --------- dc----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-08-26 16:36 352,288 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-26 16:36 3,332 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-26 16:36 19,736 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-26 16:36 1,985,568 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-26 12:05 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-08-26 11:03 --------- dc--a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-26 10:50 --------- dc----w C:\Program Files\Sophos
2008-08-26 08:49 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CA
2008-08-26 08:28 7,168 -c--a-w C:\WINDOWS\system32\drivers\utmymjk4.sys
2008-08-26 01:00 --------- dc----w C:\Documents and Settings\Administrator\Application Data\cleaner
2008-08-25 20:11 --------- dc----w C:\Program Files\Unlocker
2008-08-25 20:09 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Desktopicon
2008-08-25 18:33 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-08-25 09:23 --------- dc----w C:\Documents and Settings\Administrator\Application Data\MSNShell
2008-08-24 08:11 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-08-23 22:32 --------- dc----w C:\Program Files\Rainy Screensaver
2008-08-23 22:25 --------- dc----w C:\Program Files\USB Disk Security
2008-08-22 00:09 --------- dc----w C:\Documents and Settings\Administrator\Application Data\CyberScrub
2008-08-21 18:36 --------- dc----w C:\Program Files\Windows Live
2008-08-21 03:40 --------- dc----w C:\Documents and Settings\Administrator\Application Data\IDM
2008-08-21 00:52 --------- dc----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-08-21 00:45 --------- dc----w C:\Program Files\DivX
2008-08-21 00:32 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-08-21 00:16 --------- dc----w C:\Program Files\Internet Download Manager
2008-08-21 00:13 --------- dc----w C:\Program Files\ShaPlus Google Translator
2008-08-21 00:02 --------- dc----w C:\Program Files\The KMPlayer
2008-08-20 22:58 --------- dc----w C:\Program Files\Sun
2008-08-20 22:57 --------- dc----w C:\Program Files\Java
2008-08-20 22:43 --------- dc----w C:\Program Files\Real
2008-08-20 22:40 --------- dc----w C:\Program Files\Windows Doctor
2008-08-20 22:35 --------- dc----w C:\Program Files\Your Uninstaller 2008
2008-08-20 22:32 --------- dc----w C:\Documents and Settings\Administrator\Application Data\URSoft
2008-08-20 22:29 --------- dc----w C:\Program Files\CCleaner
2008-08-20 21:58 96,976 -c--a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-20 21:43 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-08-20 21:39 87,855 -c--a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-20 21:38 --------- dc----w C:\Program Files\Kaspersky Lab
2008-08-20 21:37 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-08-20 17:03 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-08-20 06:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-19 15:27 --------- dc----w C:\Program Files\Common Files\xing shared
2008-08-19 15:27 --------- dc----w C:\Program Files\Common Files\Real
2008-08-19 13:25 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-08-19 13:22 --------- dc----w C:\Program Files\Attansic
2008-08-19 13:19 --------- dc----w C:\Program Files\Realtek
2008-08-19 13:16 --------- dc----w C:\Program Files\Intel
2008-08-19 13:07 --------- dc----w C:\Program Files\microsoft frontpage
2008-07-29 17:20 24,774 -c--a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-23 16:50 9,464 -c----w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 -c----w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 -c----w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-21 15:34 121,872 -c--a-w C:\WINDOWS\system32\drivers\kl1.sys
2006-06-22 23:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@Tue 08-26-2008_14.22.39.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 -c--a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-08-26 11:05:04 59,206 ----a-w C:\WINDOWS\system32\perfc001.dat
+ 2008-08-26 12:09:51 59,206 ----a-w C:\WINDOWS\system32\perfc001.dat
- 2008-08-26 11:05:04 59,236 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-26 12:09:51 59,236 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-26 11:05:04 329,350 ----a-w C:\WINDOWS\system32\perfh001.dat
+ 2008-08-26 12:09:51 329,350 ----a-w C:\WINDOWS\system32\perfh001.dat
- 2008-08-26 11:05:04 393,320 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-26 12:09:51 393,320 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:59 PM 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/29/2008 08:25 PM 2610608]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2008 06:59 PM 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/21/2008 01:43 AM 185896]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/02/2008 07:15 AM 15872]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04/14/2008 06:59 PM 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [07/28/2006 12:28 AM]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1.tmp []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
O8 -: ShaPlus Google Translator - C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 -: {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-08-26 19:38:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\sccfg.sys 20 bytes

**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 08/26/2008 19:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 16:40:20
ComboFix2.txt 2008-08-26 11:23:02
ComboFix3.txt 2008-08-26 11:17:01
Pre-Run: 36,234,715,136 bytes free
Post-Run: 36,224,208,896 bytes free
168 --- E O F --- 2008-08-21 20:43:22

 

[مصطفى المنسي]

وهذا تقرير الهايجاك



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:46:48 م, on 26/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\سطح المكتب\أبو العبد\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Almyasystem - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

(file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
--
End of file - 5479 bytes

 

[Al jNtEeL]

حدد التالي واحذفه /

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: Almyasystem - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

(file missing)

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وياليت تفحص جهازك بـ اداة الكاسبر في الوضع الآمن

لأني توضح لـ وجود بـعض الفايروسات والله اعلم

 

[KinXG BlacK]

بعد ماتعمل إللي في رد الجنتل

هذي أداة من زيزوم ..

الإصلاح محرر التسجيل
وإزالة قيود الفيروسات ..:d:

حملها من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيل الاداة ,, لحظات وتظهر لك هذه الرساله ,, بعدها اعد تشغيل جهازك

بعدها شغل أداة زيزوم للتنظيف
وإن شاء تشتغل​

 

[Al jNtEeL]

بعد ماتعمل إللي في رد الجنتل​

هذي أداة من زيزوم ..​

الإصلاح محرر التسجيل
وإزالة قيود الفيروسات ..:d:​

بعدها شغل أداة زيزوم للتنظيف

وإن شاء تشتغل​

k:k:k:

 

[KinXG BlacK]

نزل هالاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وانسخ هالملف وحطه مكان الحذف
C:\sccfg.sys

شرح طريقة الحذف

​

 

[مصطفى المنسي]

المكنسة أشتغلت ( تطور ايجابي ) لأنها ماكانت ترضى تعمل
لكن بعد اعادة التشغيل ظهرت هذة الصور مرة أخرى