مشكله في الريجستري

[A7la N3omah]

السلام عليكم​

المشكله عندي لما اتبع المسار هذا
system
current cuntrol set
services
messenger​

لا اجد messenger داخل services​

وبالنسبه لبرنامج windows worms doors cleaner
اذا فتحته يطلع لي رسالتين الاولى​

احتمال الجهاز يكون فيه فايروس وسويت تحديث للكاسبر فحصت الجهاز اكثر من مره وما طلع فيه شي ​

والثانيه:
value in registry can't be opened (system/current control
set/services/messenger)​

واخر خيار في البرنامج ما يتقفل يطلع لي نفس الكلام اللي فوق اذا حاولت اقفله ​

 

[MAAX]

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم​

 

[A7la N3omah]

هذا التقرير أخوي​

ComboFix 08-09-13.05 - tom 09/14/2008 21:09:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.429 [GMT 3:00]
Running from: C:\Documents and Settings\tom\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\WINDOWS\system32\mdm.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 18:15 639,008 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-14 18:15 6,426,144 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-14 18:15 52,332 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-14 18:15 4,312 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-14 18:13 --------- d-----w C:\Documents and Settings\tom\Application Data\DMCache
2008-09-14 18:09 --------- d-----w C:\Documents and Settings\tom\Application Data\uTorrent
2008-09-14 13:17 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-09-14 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-13 13:37 --------- d-----w C:\Program Files\DivX
2008-09-13 06:47 --------- d-----w C:\Documents and Settings\tom\Application Data\DivX
2008-09-12 09:28 --------- d-----w C:\Program Files\DivX Subtitle Displayer
2008-09-12 03:43 --------- d-----w C:\Program Files\BT Engine
2008-09-10 05:50 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-10 05:21 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-10 05:20 --------- d-----w C:\Program Files\Kaspersky Lab
2008-09-10 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-10 01:37 --------- d-----w C:\Program Files\Skype
2008-09-07 03:39 --------- d-----w C:\Documents and Settings\tom\Application Data\Grisoft
2008-09-07 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-04 18:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-04 18:42 --------- d-----w C:\Program Files\Circle Developement
2008-09-03 03:54 --------- d-----w C:\Program Files\StuffPlug3
2008-09-03 03:54 --------- d-----w C:\Program Files\MessengerDiscovery
2008-08-23 16:50 --------- d-----w C:\Program Files\Sun
2008-08-23 16:48 --------- d-----w C:\Program Files\Java
2008-08-15 05:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 17:20 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-07-26 13:08 --------- d-----w C:\Program Files\Apple Software Update
2008-07-24 07:01 --------- d-----w C:\Program Files\LtUcx
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-21 15:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-03-30 11:36 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2008-03-03 01:40 276,128 ----a-w C:\Program Files\sound tap setup.exe
2008-03-03 00:28 277,717 ----a-w C:\Program Files\vac408.zip
2008-01-16 14:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-14 22:01 721,120 ----a-w C:\Program Files\iVocalize4430.exe
2008-01-10 23:56 59,302 ----a-w C:\Program Files\Uninstall.exe
2008-01-09 12:15 16,276 ----a-w C:\Program Files\Unblockable.zip
2008-01-09 10:29 6,974,724 ----a-w C:\Program Files\BIPCPSetup.exe
2008-01-08 15:20 172,544 ----a-w C:\Program Files\ReportTemplete_v2.doc
2007-12-06 08:43 5,462 ----a-w C:\Program Files\7zip_pad.xml
2007-12-06 08:39 133,632 ----a-w C:\Program Files\7zCon.sfx
2007-12-06 08:39 133,120 ----a-w C:\Program Files\7z.sfx
2007-12-06 08:37 599,552 ----a-w C:\Program Files\7z.dll
2007-12-06 08:37 1,559 ----a-w C:\Program Files\readme.txt
2007-12-06 08:36 29,380 ----a-w C:\Program Files\History.txt
2007-12-06 08:34 208,896 ----a-w C:\Program Files\7zG.exe
2007-12-06 08:33 85,664 ----a-w C:\Program Files\7-zip.chm
2007-12-06 08:33 377,856 ----a-w C:\Program Files\7zFM.exe
2007-12-06 08:32 69,632 ----a-w C:\Program Files\7-zip.dll
2007-12-06 08:32 147,968 ----a-w C:\Program Files\7z.exe
2007-09-05 09:48 456 ----a-w C:\Program Files\descript.ion
2007-07-24 08:47 2,049 ----a-w C:\Program Files\License.txt
2001-08-29 20:19 26,948 ----a-w C:\Program Files\copying.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [09/03/2005 03:18 PM 94208]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [09/12/2007 07:15 AM 1360304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [10/22/2007 10:13 AM 9438488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [01/05/2006 02:02 PM 352256]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [03/31/2003 07:28 PM 155648]
"TDispVol"="C:\WINDOWS\system32\TDispVol.exe" [03/11/2005 03:03 PM 73728]
"RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [12/10/2005 01:49 AM 15691264]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [05/05/2006 05:36 PM 30208]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [05/01/2006 10:04 PM 1519616]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [05/01/2006 10:04 PM 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/01/2006 10:04 PM 7557120]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 12:25 PM 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/22/2008 07:28 AM 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM 206088]
"TFncKy"="TFncKy.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 1744896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
03/07/2007 01:13 PM 65536 C:\WINDOWS\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
05/05/2006 05:48 PM 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
R0 DeepFrz;DeepFrz;C:\WINDOWS\system32\drivers\DeepFrz.sys [03/07/2007 01:17 PM 130584]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM 32784]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 06:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 05:59 PM 33024]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [05/05/2006 05:33 PM 3456]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM 24592]
S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [ ]
S0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [ ]
S3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\tdi.sys [08/03/2004 11:07 PM 18560]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [02/25/2003 06:26 PM 36644]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [02/25/2003 06:26 PM 24344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbd99d33-92d5-11dc-a426-00a0d1628f45}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf4eeb4b-764d-11dd-911a-00a0d1628f45}]
\Shell\AutoRun\command - F:\kk3.bat
\Shell\explore\Command - F:\kk3.bat
\Shell\open\Command - F:\kk3.bat
.
s of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
HKLM-Run-Device Detector - DevDetect.exe​

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\o2387e1t.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2008-09-14 21:19:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\LogonDll.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 09/14/2008 21:26:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-14 18:26:45
Pre-Run: 29,501,648,896 bytes free
Post-Run: 29,413,650,432 bytes free
201 --- E O F --- 2008-09-14 00:04:52​

 

[MAAX]

استخدم هذه الاداة ,, شغلها وانتظر حتى تظهر رسالة تطلب اعادة التشغيل
اعد التشغيل وبلغنا النتائج
الحجم : 365 كيلوبايت
التوافق : ويندوز اكسبي ( فقط )

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم بلغنا النتائج​

 

[A7la N3omah]

جزاك الله خير أخوي
جاري الاستخدام

 

[A7la N3omah]

الله يعطيك العافيه

زالت المشكله k:

 

[MAAX]

الله يعافيك
والحمد لله على انتهاء المشكلة