مشكله في المسنجر بعد تسجيل الدخول !!!

[E.x.H]

السلام عليكم ورحمة الله وبركاته
اخواني واجهتني مشكله في المسنجر اني اول ما اقوم بتسجيل الدخول للمسنجر يشتغل عادي
لاكن عندما ابدا محادثه ما الحق اكمل الرد ويكون مهنق ومعلق وما ينطفي الا من البروسس
هذا تقرير الهاي جاك :i:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:49 PM, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\DOCUME~1\Hatem\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Hatem\Desktop\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 210.158.219.49 www.yahoo.com
O1 - Hosts: 68.142.197.83 www.hotmail.com
O1 - Hosts: 66.102.7.147 www.hackingmobilephones.com
O1 - Hosts: 202.138.126.57 vijay
O1 - Hosts: 207.46.20.30 www.apple.com
O1 - Hosts: 204.13.48.20 www.orkut.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\locks for.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Tick Fork] C:\DOCUME~1\Hatem\APPLIC~1\PLATFO~1\CdromSect.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7474 bytes

اتمني ايجاد الحل سريعا
والسلام عليكم

 

[صمت السكوت]

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
(2)
واعمل تقرير للهايجاك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم

 

[E.x.H]

السلام عليكم ورحمة الله وبركاته

تقرير الاداة

ComboFix 08-11-09.04 - Hatem 2008-11-10 15:29:39.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1256.20.1033.18.37 [GMT -8:00]
Running from: c:\documents and settings\Hatem\Desktop\ComboFix.exe
 * Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\install.exe

.
(((((((((((((((((((((((((   Files Created from 2008-10-10 to 2008-11-10  )))))))))))))))))))))))))))))))
.

2008-11-09 14:57 . 2008-11-10 08:23    69    --a------    c:\windows\NeroDigital.ini
2008-11-04 11:27 . 2008-11-04 11:27    <DIR>    d--------    c:\documents and settings\Hatem\Application Data\Yahoo!
2008-11-04 11:27 . 2008-11-04 11:27    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-03 13:48 . 2008-11-03 13:48    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-03 13:47 . 2008-11-03 13:47    <DIR>    d--------    c:\program files\Yahoo!
2008-11-01 15:42 . 2008-11-01 15:42    <DIR>    d--------    c:\program files\Common Files\Nero
2008-11-01 15:38 . 2008-11-01 15:38    <DIR>    d--------    c:\program files\Common Files\Ahead
2008-11-01 15:38 . 2008-11-01 15:38    <DIR>    d--------    c:\program files\Ahead
2008-11-01 15:38 . 2001-07-06 13:41    569,344    ---------    c:\windows\system32\imagr5.dll
2008-11-01 15:38 . 2001-07-06 11:44    544,768    ---------    c:\windows\system32\imagx5.dll
2008-11-01 15:38 . 2001-07-06 17:24    283,920    ---------    c:\windows\system32\ImagXpr5.dll
2008-11-01 15:38 . 2001-07-09 10:50    155,648    --a------    c:\windows\system32\NeroCheck.exe
2008-11-01 15:38 . 2000-06-26 10:45    106,496    --a------    c:\windows\system32\TwnLib20.dll
2008-11-01 15:38 . 2001-06-26 07:15    38,912    ---------    c:\windows\system32\picn20.dll
2008-11-01 13:17 . 2008-11-01 13:17    <DIR>    d--------    c:\program files\xchat
2008-11-01 13:17 . 2008-11-01 13:17    <DIR>    d--------    c:\documents and settings\Hatem\Application Data\X-Chat 2
2008-10-30 05:47 . 2008-10-30 05:47    <DIR>    d--hs----    C:\FOUND.003
2008-10-30 05:37 . 2004-08-03 23:08    26,496    --a------    c:\windows\system32\dllcache\usbstor.sys
2008-10-30 05:18 . 2008-10-30 05:18    <DIR>    d--------    c:\program files\Platform Gpl 
2008-10-29 13:47 . 2008-11-08 15:19    748    --a------    c:\windows\PyScripter.ini
2008-10-29 13:42 . 2008-10-29 13:42    <DIR>    d--------    c:\program files\PyScripter
2008-10-24 17:42 . 2008-10-24 17:42    <DIR>    d--------    c:\program files\EwisoftWeb
2008-10-24 15:45 . 2008-10-24 15:45    <DIR>    d--------    c:\documents and settings\Hatem\Application Data\Dev-Cpp
2008-10-24 15:44 . 2008-10-24 15:44    <DIR>    d--------    C:\Dev-Cpp
2008-10-21 14:29 . 2008-10-21 15:04    96,976    --a------    c:\windows\system32\drivers\klin.dat
2008-10-21 14:29 . 2008-10-21 15:04    87,855    --a------    c:\windows\system32\drivers\klick.dat
2008-10-21 14:27 . 2008-10-21 14:27    <DIR>    d--------    c:\program files\Kaspersky Lab
2008-10-21 14:27 . 2008-10-21 14:27    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-10-21 14:27 . 2008-11-10 15:31    154,144    --ahs----    c:\windows\system32\drivers\fidbox.dat
2008-10-21 14:27 . 2008-11-10 15:31    40,992    --ahs----    c:\windows\system32\drivers\fidbox2.dat
2008-10-21 14:27 . 2008-11-10 15:31    3,332    --ahs----    c:\windows\system32\drivers\fidbox.idx
2008-10-21 14:27 . 2008-11-10 15:31    2,268    --ahs----    c:\windows\system32\drivers\fidbox2.idx
2008-10-21 14:26 . 2008-10-21 14:26    <DIR>    d--------    c:\documents and settings\All Users\Application Data\zyz Kaspersky Lab setup files
2008-10-20 04:03 . 2008-10-20 04:03    3,072,054    --a------    c:\windows\BricoPack Wallpaper.bmp
2008-10-20 04:03 . 2008-10-20 04:03    64,567    --a------    c:\windows\BricoPackUninst.cmd
2008-10-20 04:01 . 2008-10-20 04:01    <DIR>    d--------    c:\windows\BricoPacks
2008-10-20 04:01 . 2008-10-20 04:03    6,114    --a------    c:\windows\BricoPackFoldersDelete.cmd
2008-10-18 00:26 . 2008-10-18 00:26    <DIR>    d--------    c:\program files\Common Files\Adobe Systems Shared
2008-10-15 13:11 . 2008-10-15 13:11    <DIR>    d--------    c:\program files\Real
2008-10-15 13:11 . 2008-10-15 13:11    <DIR>    d--------    c:\program files\Common Files\xing shared
2008-10-15 13:11 . 2008-10-15 13:11    <DIR>    d--------    c:\program files\Common Files\Real
2008-10-15 13:11 . 2008-10-15 13:11    499,712    --a------    c:\windows\system32\msvcp71.dll
2008-10-14 22:54 . 2008-10-14 22:54    <DIR>    d--------    c:\windows\Sun
2008-10-10 15:38 . 2008-10-10 15:38    <DIR>    d--------    C:\AppServ
2008-10-10 15:33 . 2008-10-10 15:33    <DIR>    d--------    c:\documents and settings\Hatem\Application Data\OpenOffice.org2
2008-10-10 15:22 . 2008-10-10 15:22    <DIR>    d--------    c:\program files\OpenOffice.org 2.4
2008-10-10 15:22 . 2008-10-10 15:22    <DIR>    d--------    c:\program files\Java
2008-10-10 15:22 . 2008-10-10 15:22    <DIR>    d--------    c:\program files\Common Files\Java
2008-10-10 15:22 . 2007-12-14 01:59    69,632    --a------    c:\windows\system32\javacpl.cpl
2008-10-10 01:56 . 2008-10-10 01:56    <DIR>    d--------    c:\documents and settings\Hatem\.idlerc
2008-10-10 01:55 . 2008-10-10 01:55    <DIR>    d--------    C:\Python25

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 12:03    218,624    ----a-w    c:\windows\system32\uxtheme.dll
2008-10-20 12:03    218,624    ----a-w    c:\windows\system32\dllcache\uxtheme.dll
2008-10-09 23:20    ---------    d-----w    c:\program files\IntelliTamper
2008-10-07 23:11    ---------    d-----w    c:\program files\mIRC
2008-10-07 23:11    ---------    d-----w    c:\documents and settings\Hatem\Application Data\mIRC
2008-10-07 21:52    ---------    d-----w    c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-07 21:52    ---------    d-----w    c:\documents and settings\All Users\Application Data\Long slow road itch
2008-10-07 21:51    ---------    d-----w    c:\documents and settings\Hatem\Application Data\Platform Gpl 
2008-10-07 21:50    ---------    d-----w    c:\program files\Windows Live
2008-10-07 21:50    ---------    d-----w    c:\program files\Messenger Plus! Live
2008-10-07 21:50    ---------    d-----w    c:\program files\Circle Developement
2008-10-05 02:38    ---------    d-----w    c:\program files\Common Files\Wise Installation Wizard
2008-10-05 02:35    ---------    d-----w    c:\documents and settings\All Users\Application Data\Adobe Systems
2008-10-05 02:34    ---------    d-----w    c:\program files\Common Files\Adobe
2008-10-04 01:20    ---------    d-----w    c:\documents and settings\Hatem\Application Data\Apple Computer
2008-10-04 01:17    ---------    d-----w    c:\program files\QuickTime
2008-10-04 01:17    ---------    d-----w    c:\program files\Common Files\Apple
2008-10-04 01:17    ---------    d-----w    c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-04 01:16    ---------    d-----w    c:\program files\Apple Software Update
2008-10-04 01:16    ---------    d-----w    c:\documents and settings\All Users\Application Data\Apple
2008-10-02 20:00    ---------    d-----w    c:\program files\Common Files\TechSmith Shared
2008-10-02 20:00    ---------    d-----w    c:\documents and settings\All Users\Application Data\TechSmith
2008-10-02 18:10    ---------    d-----w    c:\documents and settings\Hatem\Application Data\TeamViewer
2008-10-02 18:09    ---------    d-----w    c:\program files\TeamViewer3
2008-10-02 01:54    ---------    d-----w    c:\program files\K-Lite Codec Pack
2008-10-02 01:47    ---------    d-----w    c:\program files\MP4 Player
2008-09-30 20:10    ---------    d-----w    c:\program files\FlashFXP
2008-09-30 20:10    ---------    d-----w    c:\documents and settings\All Users\Application Data\FlashFXP
2008-09-30 16:22    ---------    d-----w    c:\program files\TechSmith
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-10-22 932864]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]
"Tick Fork"="c:\docume~1\Hatem\APPLIC~1\PLATFO~1\CdromSect.exe" [2008-10-30 514560]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-12 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-12 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-12 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-15 185872]
"ROAD ITCH AMOK PING"="c:\documents and settings\All Users\Application Data\Long slow road itch\locks for.exe" [2008-11-10 2967552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"SkyTel"="SkyTel.EXE" [2006-07-18 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-18 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Hatem\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 6395464]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cain\\Cain.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\AppServ\\Apache2.2\\bin\\httpd.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [2007-01-09 20539]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-06-18 1097728]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
.
s of the 'Scheduled Tasks' folder

2008-11-10 c:\windows\Tasks\AE39E695918A6219.job
- c:\docume~1\hatem\applic~1\platfo~1\SpamLongMags.exe [2008-10-30 05:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Hatem\Application Data\Mozilla\Firefox\Profiles\mfahvsq1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.eg/
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 15:32:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\appserv\MYSQL\BIN\MYSQLD-NT.EXE
c:\program files\INTERNET EXPLORER\IEXPLORE.EXE
c:\program files\INTERNET EXPLORER\IEXPLORE.EXE
c:\program files\TECHSMITH\SNAGIT 8\TSCHELP.EXE
c:\program files\TECHSMITH\SNAGIT 8\SNAGPRIV.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\docume~1\Hatem\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2008-11-10 15:35:53 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-10 23:35:50

Pre-Run: 4,541,022,208 bytes free
Post-Run: 5,021,646,848 bytes free

195

اما عن تقرير الهاي جاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:07 PM, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\DOCUME~1\Hatem\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Documents and Settings\Hatem\Desktop\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\locks for.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Tick Fork] C:\DOCUME~1\Hatem\APPLIC~1\PLATFO~1\CdromSect.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7561 bytes

والسلام عليكم

 

[ابـــو عــبــد الــلــه]

حمل اداة الكاسبر من الرابط التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[Juve GuardJuve Guard is verified member.]

بعد اذنكم
ابو ريما
ما تظن ما له حاجه تحميل اداة الكاسبر
لأن الرجال نفسه يمتلك كاسبر 2009
او عندك رأي ثاني ؟

 

[ابـــو عــبــد الــلــه]

بعد اذنكم
ابو ريما
ما تظن ما له حاجه تحميل اداة الكاسبر
لأن الرجال نفسه يمتلك كاسبر 2009
او عندك رأي ثاني ؟

كلام سليم ...k:

بس نسيت اقول للاخ انه يستخدم الاداة في الوضع الامن ... :er:.... وبعدها ننتقل للمرحله الثانية بأذن الله​

 

[Juve GuardJuve Guard is verified member.]

اجل يسمي بالله
ويدخل على الوضع الآمن
ويفحص جهازه بالكاسبر الي عنده
وان شاء الله ما يلقى الا الي يسره
بالتوفيق

 

[E.x.H]

اجل يسمي بالله
ويدخل على الوضع الآمن
ويفحص جهازه بالكاسبر الي عنده
وان شاء الله ما يلقى الا الي يسره
بالتوفيق

جزاك الله خيرا اخي الغالي انت والاخ الكريم ابو ريما
لاكن كيف اقوم بالدخول علي "الوضع الآمن"
بالكاسبر الي عندي
والسلام عليكم جزاكم الله خيرا

 

[صمت السكوت]

اما بخصوص الدخول الوضع الامن من هنا للرائع بوب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[E.x.H]

السلام عليكم ورحمة الله وبركاته
جزاكم الله خيرا جميعا وعذرا للتاخير
بالنسبه لتقرير الفحص
تجدونه اسفل والله المسنجر جنني حذفته نهائي ونصبته تاني
وغيرت لاحدث اصدار ونفس الكلام يتوقف ويهنق

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اتمني الرد سريعا جزاكم الله خيرا

 

[E.x.H]

اتمني ايجاد الحل سريعا جزاكم الله خيرا اخواني

 

[E.x.H]

يا شباب يعني ما في امل
تنحل المشكله

 

[صابر1]

أعاني من نفش مشكلتك فهل من مساعد

 

[ابـــو عــبــد الــلــه]

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,


قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

 

[E.x.H]

السلام عليكم
التقرير اتمني ايجاد حلا سريعا جزاكم الله خيرا


SmitFraudFix v2.375

Scan done at 16:29:23.45, Thu 11/13/2008
Run from C:\Documents and Settings\Hatem\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{86C5DBE7-280D-480F-952E-8D659216669C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{86C5DBE7-280D-480F-952E-8D659216669C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{86C5DBE7-280D-480F-952E-8D659216669C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


​

 

[E.x.H]

المشكله اتحلت بعد الفحص جزاكم الله خيرا ووفقكم فيما يحبه ويرضاه

 

[صمت السكوت]

الحمدالله على انتهاء المشكله اخوي