مشكلة بعد حذف الفيروسات

فدى الرسول · 19 مارس 2009

السلام عليكم ورحمت الله وبركاتة
اخوانى الكرام بعد اصابة جهاز صديقى بالفيروسات قمت بعون الله وفضلة بانهاء جميع المشاكل الناتجة عن الفيرس
ولكن
انهاء مهمة لا تعمل تظهر الصورة التالية

وتتكرر نفس الصورة فى حالة الريجستى وامر msconfig

تقرير هايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:29 م, on 18/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
F:\e\New Folder\mohammed\1-mem\Protect\Reports\Zyzoom_HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{55461FCA-3D15-4651-B07B-FCDA898E1E5D}: NameServer = 192.168.10.1 217.52.47.130
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NetOp Helper ver. 8.00 (2006026) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp School\TEACHER\NHOSTSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3146 bytes

-----------------------------------
مع االعلم الجهاز تم فحصة على الايفرا والكاسبر والايفجى والافاست وكلة تمام بفضل الله
انتظر ردكم الكريم

MAAX · 19 مارس 2009

اهلااا بك اخي
وعذرا بنقله للقسم المناسب للمتابعة
هذا القسم خاص بتحليل تقارير برامج الحماية ،، وباقي التقارير تكون عند الطلب فقط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

MAAX · 19 مارس 2009

اخي ما فهمت عليك
متى تظهر الصورة بالضبط ؟

فدى الرسول · 19 مارس 2009

السلام عليكم اخى ماكس
الصورة تظهر عند الضغط على انهاء مهمه
او كتابة امر Msconfig فى Run

AbOdy · 19 مارس 2009

سلام عليكم

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغلها واعمل كما الشرح

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

وارفع لي تقرير هايجاك جديد

فدى الرسول · 19 مارس 2009

السلام عليكم ورحمت الله وبركاتة
اخى عبود

عند الضغط على رقم 1 تظهر نفس الصورة الاتية

مع انى مطبق كل شئ تمام كما انت موضح
تقرير RunScanner

date/time : 2009-03-18, 20:52:29, 390ms
computer name : ALAA_1
user name : omda <admin>
registered owner : omda
operating system : Windows XP Service Pack 2 build 2600
system language : Arabic
system up time : 23 minutes 46 seconds
program up time : 14 minutes 20 seconds
processor : Intel(R) Celeron(R) CPU 2.66GHz
physical memory : 394/735 MB (free/total)
free disk space : (C

9.09 GB (F

14.41 GB
display mode : 1024x768, 32 bit
process id : $e20
allocated memory : 116.19 MB
executable : RunScanner.exe
exec. date/time : 2008-08-18 18:20
version : 1.7.0.0
compiled with : Delphi 2006/07
madExcept version : 3.0h
callstack crc : $a5f40045, $a383c36c, $c7168f0a
exception number : 1
exception class : EInvalidOperation
exception message : Canvas does not allow drawing.

thread $b90 (Tonlinethread):
0047fbc8 +040 RunScanner.exe Graphics TCanvas.RequiredState
00500e83 +013 RunScanner.exe cxGraphics 3345 +1 TcxCanvas.TextExtent
00501067 +00f RunScanner.exe cxGraphics 3394 +1 TcxCanvas.TextHeight
0063b10c +020 RunScanner.exe cxGridCustomView 6257 +2 TcxCustomGridViewInfo.GetFontHeight
00639c33 +027 RunScanner.exe cxGridCustomView 5306 +5 TcxCustomGridCellViewInfo.GetTextCellHeight
00655669 +019 RunScanner.exe cxGridTableView 7442 +1 TcxGridColumnHeaderViewInfo.CalculateHeight
00656383 +05f RunScanner.exe cxGridTableView 7945 +10 TcxGridHeaderViewInfo.CalculateItemHeight
006548fd +00d RunScanner.exe cxGridTableView 6766 +2 TcxGridColumnContainerViewInfo.GetItemHeight
006560fb +003 RunScanner.exe cxGridTableView 7849 +0 TcxGridHeaderViewInfoSpecific.GetItemHeight
00656104 +000 RunScanner.exe cxGridTableView 7854 +0 TcxGridHeaderViewInfoSpecific.CalculateHeight
0065610e +002 RunScanner.exe cxGridTableView 7859 +0 TcxGridHeaderViewInfoSpecific.GetHeight
006562cd +005 RunScanner.exe cxGridTableView 7917 +0 TcxGridHeaderViewInfo.CalculateHeight
006246df +00b RunScanner.exe cxGridCustomTableView 10327 +1 TcxCustomGridPartViewInfo.CalculateVisible
00656437 +00f RunScanner.exe cxGridTableView 7975 +2 TcxGridHeaderViewInfo.CalculateVisible
006247a9 +015 RunScanner.exe cxGridCustomTableView 10369 +2 TcxCustomGridPartViewInfo.MainCalculate
0065a250 +01c RunScanner.exe cxGridTableView 10647 +3 TcxGridTableViewInfo.CalculateParts
0065a01d +025 RunScanner.exe cxGridTableView 10583 +7 TcxGridTableViewInfo.Calculate
006389c9 +019 RunScanner.exe cxGridCustomView 4461 +2 TcxGridSite.GetClientBounds
0063b290 +064 RunScanner.exe cxGridCustomView 6318 +12 TcxCustomGridViewInfo.MainCalculate
00620ddf +0df RunScanner.exe cxGridCustomTableView 8472 +22 TcxCustomGridTableController.GetVisibleRecordCount
00623be6 +0fa RunScanner.exe cxGridCustomTableView 9873 +21 TcxCustomGridTableController.MakeRecordVisible
00623ae1 +019 RunScanner.exe cxGridCustomTableView 9845 +2 TcxCustomGridTableController.MakeFocusedRecordVisible
00618e74 +048 RunScanner.exe cxGridCustomTableView 4039 +6 TcxGridFocusedRecordChange.Execute
0060af9d +035 RunScanner.exe cxGrid 1984 +6 TcxCustomGrid.DoChange
0060b46b +02f RunScanner.exe cxGrid 2217 +12 TcxCustomGrid.Changed
0063d9b2 +0a6 RunScanner.exe cxGridCustomView 7929 +20 TcxCustomGridView.Changed
006302dd +025 RunScanner.exe cxGridCustomTableView 18076 +1 TcxCustomGridTableView.FocusedRecordChanged
00620a1e +05e RunScanner.exe cxGridCustomTableView 8351 +6 TcxCustomGridTableController.FocusedRecordChanged
0065193f +02b RunScanner.exe cxGridTableView 5126 +2 TcxGridTableController.FocusedRecordChanged
0062faa9 +07d RunScanner.exe cxGridCustomTableView 17788 +9 TcxCustomGridTableView.UpdateControl
0052bc77 +013 RunScanner.exe cxCustomData 12857 +1 TcxCustomDataController.UpdateControl
0052cfe5 +029 RunScanner.exe cxCustomData 13553 +3 TcxCustomDataController.NotifyControl
0052ce98 +0a4 RunScanner.exe cxCustomData 13497 +11 TcxCustomDataController.FocusedNotification
0052cb77 +053 RunScanner.exe cxCustomData 13408 +12 TcxCustomDataController.Update
0052a139 +045 RunScanner.exe cxCustomData 11786 +11 TcxCustomDataController.CheckChanges
0052a15e +016 RunScanner.exe cxCustomData 11794 +2 TcxCustomDataController.Change
00521510 +0e4 RunScanner.exe cxCustomData 6347 +21 TcxCustomDataControllerInfo.ForwardChanges
00521e67 +1d7 RunScanner.exe cxCustomData 6653 +49 TcxCustomDataControllerInfo.Update
0051ff96 +01a RunScanner.exe cxCustomData 5568 +2 TcxCustomDataControllerInfo.CheckChanges
0051ff73 +003 RunScanner.exe cxCustomData 5562 +1 TcxCustomDataControllerInfo.EndUpdate
00526ec2 +006 RunScanner.exe cxCustomData 9814 +1 TcxCustomDataController.EndUpdate
006855d6 +04e RunScanner.exe cxDBData 4960 +7 TcxDBDataController.UpdateFocused
0052bc36 +002 RunScanner.exe cxCustomData 12839 +0 TcxCustomDataController.DataScrolled
0051d871 +00d RunScanner.exe cxCustomData 3622 +1 TcxCustomDataProvider.DataScrolled
00680aea +0b2 RunScanner.exe cxDBData 2560 +16 TcxDBDataProvider.DataScrolled
0067e6b5 +005 RunScanner.exe cxDBData 1425 +0 TcxDBDataLink.DataSetScrolled
00673cd0 +0c8 RunScanner.exe DB 7694 +20 TDataLink.DataEvent
0067e467 +00f RunScanner.exe cxDBData 1347 +1 TcxDBDataLink.DataEvent
006742ab +03f RunScanner.exe DB 7965 +4 TDataSource.NotifyLinkTypes
006742da +01e RunScanner.exe DB 7972 +3 TDataSource.NotifyDataLinks
00674307 +023 RunScanner.exe DB 7980 +4 TDataSource.DataEvent
006785c9 +131 RunScanner.exe DB 10036 +36 TDataSet.DataEvent
006a0734 +058 RunScanner.exe DBClient 1765 +10 TCustomClientDataSet.DataEvent
006793c7 +183 RunScanner.exe DB 10559 +50 TDataSet.MoveBy
00679408 +01c RunScanner.exe DB 10569 +3 TDataSet.Next
00765a93 +40b RunScanner.exe untthreadonline 94 +32 Tonlinethread.lookupallitems
0076564e +016 RunScanner.exe untthreadonline 48 +2 Tonlinethread.Execute
00405430 +028 RunScanner.exe System 64 +0 ThreadWrapper
00450a45 +00d RunScanner.exe madExcept CallThreadProcSafe
00450aaf +037 RunScanner.exe madExcept ThreadExceptFrame
>> created by Main ($e24) at:
00765578 +024 RunScanner.exe uploadform 43 +3 Tfrmupload.FormActivate

Main ($e24):
77d493f3 +00a USER32.dll WaitMessage
004cb56d +12d RunScanner.exe Forms TApplication.Idle
004ca9f7 +017 RunScanner.exe Forms TApplication.HandleMessage
004c70cb +187 RunScanner.exe Forms TCustomForm.ShowModal
0076ca5b +04f RunScanner.exe mainunit 466 +8 Tmainform.btncheckonlineClick
004ae08c +064 RunScanner.exe Controls TControl.Click
006e6df2 +01e RunScanner.exe JvXPCore TJvXPCustomControl.Click
006e8258 +000 RunScanner.exe JvXPButtons TJvXPCustomButton.Click
004ae507 +06b RunScanner.exe Controls TControl.WMLButtonUp
004adb87 +2bb RunScanner.exe Controls TControl.WndProc
004b1a8e +4fa RunScanner.exe Controls TWinControl.WndProc
006d77d9 +4e5 RunScanner.exe JvExControls TJvExCustomControl.WndProc
004b11b8 +02c RunScanner.exe Controls TWinControl.MainWndProc
00479084 +014 RunScanner.exe Classes StdWndProc
77d4bcc7 +00a USER32.dll DispatchMessageA
004ca9b0 +0fc RunScanner.exe Forms TApplication.ProcessMessage
004ca9ea +00a RunScanner.exe Forms TApplication.HandleMessage
004cac40 +0cc RunScanner.exe Forms TApplication.Run
00789961 +2d9 RunScanner.exe RunScanner 125 +78 initialization

thread $1ec:
7c90d85a +a ntdll.dll NtDelayExecution

modules:
00400000 RunScanner.exe 1.7.0.0 F:\e\New Folder\mohammed\1-mem\Protect\Reports\runscanner
026a0000 dnsq.dll 7.0.0.125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0
027d0000 idmmkb.dll 5.15.4.0 C:\Program Files\Internet Download Manager
02c80000 scrchpg.dll 7.0.0.125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0
0ffd0000 rsaenh.dll 5.1.2600.2161 C:\WINDOWS\system32
10000000 miscr3.dll 7.0.0.125 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0
20000000 xpsp2res.dll 5.1.2600.2180 C:\WINDOWS\system32
4ec50000 gdiplus.dll 5.1.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
58d40000 Wship6.dll 5.1.2600.2180 C:\WINDOWS\system32
5ad70000 uxtheme.dll 6.0.2900.2180 C:\WINDOWS\system32
5b860000 netapi32.dll 5.1.2600.2180 C:\WINDOWS\system32
5d090000 comctl32.dll 5.82.2900.2180 C:\WINDOWS\system32
629c0000 LPK.DLL 5.1.2600.2180 C:\WINDOWS\system32
71a50000 mswsock.dll 5.1.2600.2180 C:\WINDOWS\System32
71aa0000 WS2HELP.dll 5.1.2600.2180 C:\WINDOWS\system32
71ab0000 WS2_32.dll 5.1.2600.2180 C:\WINDOWS\system32
71ad0000 wsock32.dll 5.1.2600.2180 C:\WINDOWS\system32
71b20000 mpr.dll 5.1.2600.2180 C:\WINDOWS\system32
73bc0000 dciman32.dll 5.1.2600.2180 C:\WINDOWS\system32
74d90000 USP10.dll 1.420.2600.2180 C:\WINDOWS\system32
74e30000 RICHED20.DLL 5.30.23.1221 C:\WINDOWS\system32
754d0000 CRYPTUI.dll 5.131.2600.2180 C:\WINDOWS\system32
76380000 msimg32.dll 5.1.2600.2180 C:\WINDOWS\system32
763b0000 comdlg32.dll 6.0.2900.2180 C:\WINDOWS\system32
76780000 SHFolder.dll 6.0.2900.2180 C:\WINDOWS\system32
76bf0000 PSAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
76c30000 wintrust.dll 5.131.2600.2180 C:\WINDOWS\system32
76c90000 IMAGEHLP.dll 5.1.2600.2180 C:\WINDOWS\system32
76f20000 DNSAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
76f60000 WLDAP32.dll 5.1.2600.2180 C:\WINDOWS\system32
76fb0000 winrnr.dll 5.1.2600.2180 C:\WINDOWS\System32
76fd0000 CLBCATQ.DLL 2001.12.4414.258 C:\WINDOWS\system32
77050000 COMRes.dll 2001.12.4414.258 C:\WINDOWS\system32
77120000 oleaut32.dll 5.1.2600.2180 C:\WINDOWS\system32
771b0000 WININET.dll 6.0.2900.2180 C:\WINDOWS\system32
77260000 urlmon.dll 6.0.2900.2180 C:\WINDOWS\system32
773d0000 comctl32.dll 6.0.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
774e0000 ole32.dll 5.1.2600.2180 C:\WINDOWS\system32
77760000 shdocvw.dll 6.0.2900.2180 C:\WINDOWS\system32
77920000 SETUPAPI.dll 5.1.2600.2180 C:\WINDOWS\system32
77a80000 crypt32.dll 5.131.2600.2180 C:\WINDOWS\system32
77b20000 MSASN1.dll 5.1.2600.2180 C:\WINDOWS\system32
77b40000 appHelp.dll 5.1.2600.2180 C:\WINDOWS\system32
77c00000 version.dll 5.1.2600.2180 C:\WINDOWS\system32
77c10000 msvcrt.dll 7.0.2600.2180 C:\WINDOWS\system32
77d40000 USER32.dll 5.1.2600.2180 C:\WINDOWS\system32
77dd0000 ADVAPI32.dll 5.1.2600.2180 C:\WINDOWS\system32
77e70000 RPCRT4.dll 5.1.2600.2180 C:\WINDOWS\system32
77f10000 GDI32.dll 5.1.2600.2180 C:\WINDOWS\system32
77f60000 SHLWAPI.dll 6.0.2900.2180 C:\WINDOWS\system32
77fe0000 Secur32.dll 5.1.2600.2180 C:\WINDOWS\system32
7c800000 kernel32.dll 5.1.2600.2180 C:\WINDOWS\system32
7c900000 ntdll.dll 5.1.2600.2180 C:\WINDOWS\system32
7c9c0000 shell32.dll 6.0.2900.2180 C:\WINDOWS\system32

processes:
000 Idle
004 System normal
3a4 smss.exe normal C:\WINDOWS\system32
41c csrss.exe
434 winlogon.exe high C:\WINDOWS\system32
460 services.exe normal C:\WINDOWS\system32
46c lsass.exe normal C:\WINDOWS\system32
514 svchost.exe normal C:\WINDOWS\system32
560 svchost.exe
5d8 svchost.exe normal C:\WINDOWS\System32
614 svchost.exe
64c svchost.exe
7d8 spoolsv.exe normal C:\WINDOWS\system32
7e8 Explorer.EXE normal C:\WINDOWS
12c acs.exe normal C:\WINDOWS\system32
1cc avp.exe normal C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0
21c NHOSTSVC.EXE
2e0 svchost.exe normal C:\WINDOWS\system32
630 alg.exe
770 avp.exe normal C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0
760 IDMan.exe normal C:\Program Files\Internet Download Manager
958 IEMonitor.exe normal C:\Program Files\Internet Download Manager
e20 RunScanner.exe normal F:\e\New Folder\mohammed\1-mem\Protect\Reports\runscanner

hardware:
+ Computer
- ACPI Uniprocessor PC
+ Disk drives
- WDC WD2500AAJS-00VTA0
+ Display adapters
- SiS 661FX (driver 6.14.10.3600)
+ DVD/CD-ROM drives
- AXV CD/DVD-ROM SCSI CdRom Device
- ELBY DVD-ROM SCSI CdRom Device
- HL-DT-ST DVD-RAM GH22NS30
+ Floppy disk controllers
- Standard floppy disk controller
+ Floppy disk drives
- Floppy disk drive
+ Human Interface Devices
- HID-compliant game controller
- HID-compliant game controller
- Psx Gamepad 1 (driver 0.8.2002.427)
- Psx Gamepad 2 (driver 0.8.2002.427)
+ IDE ATA/ATAPI controllers
- Primary IDE Channel
- Primary IDE Channel
- Secondary IDE Channel
- Secondary IDE Channel
- SiS PCI IDE Controller
- Standard Dual Channel PCI IDE Controller
+ Keyboards
- Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
+ Mice and other pointing devices
- PS/2 Compatible Mouse
+ Monitors
- Default Monitor
+ NetOp Drivers
- NetOp Driver 3 ver. 8.00 (2006026) (NHOSTNT3) (driver 8.00.2006.26)
+ Network adapters
- SiS 900-Based PCI Fast Ethernet Adapter
- TP-LINK 11b/g Wireless Adapter (driver 4.1.2.133)
+ Ports (COM & LPT)
- Communications Port (COM1)
- Communications Port (COM2)
- Printer Port (LPT1)
+ Processors
- Intel(R) Celeron(R) CPU 2.66GHz
+ SCSI and RAID controllers
- A347SCSI SCSI Controller
- Virtual CloneDrive (driver 4.2.0.0)
+ Sound, video and game controllers
- Audio Codecs
- DTV Audio Controller (driver 2.4.1.1)
- DTV Video Controller (driver 2.4.1.1)
- EasyTV MPEG WDM TVTuner (driver 2.3.1.8)
- EasyTV MPEG, WDM Video Captures (driver 2.3.1.2)
- Legacy Audio Drivers
- Legacy Video Capture Devices
- Media Control Devices
- Psx Game Port (driver 0.8.2002.514)
- Realtek AC'97 Audio (driver 5.10.0.5630)
- Video Codecs
+ System devices
- ACPI Fan
- ACPI Fixed Feature Button
- ACPI Power Button
- ACPI Thermal Zone
- Direct memory access controller
- ISAPNP Read Data Port
- Logical Disk Manager
- Microcode Update Device
- Microsoft ACPI-Compliant System
- Microsoft System Management BIOS Driver
- Motherboard resources
- Numeric data processor
- PCI bus
- PCI standard host CPU bridge
- PCI standard ISA bridge
- Plug and Play BIOS Extension (driver 3.47.0.0)
- Plug and Play Software Device Enumerator
- Printer Port Logical Interface
- Programmable interrupt controller
- SIS Processor to AGP Controller
- System board
- System CMOS/real time clock
- System speaker
- System timer
- Terminal Server Device Redirector
- Terminal Server Keyboard Driver
- Terminal Server Mouse Driver
- Volume Manager
+ Universal Serial Bus controllers
- SiS 7001 PCI to USB Open Host Controller
- SiS 7001 PCI to USB Open Host Controller
- SiS 7001 PCI to USB Open Host Controller
- SiS PCI to USB Enhanced Host Controller
- USB Root Hub
- USB Root Hub
- USB Root Hub
- USB Root Hub

cpu registers:
eax = 057dc150
ebx = ffffff03
ecx = 057dc150
edx = 0047fbcd
esi = 00e87390
edi = 0063b11c
eip = 0047fbcd
esp = 04f0fa48
ebp = 004f23c0

stack dump:
04f0fa48 cd fb 47 00 de fa ed 0e - 01 00 00 00 07 00 00 00 ..G.............
04f0fa58 5c fa f0 04 cd fb 47 00 - 50 c1 7d 05 03 ff ff ff \.....G.P.}.....
04f0fa68 90 73 e8 00 1c b1 63 00 - c0 23 4f 00 78 fa f0 04 .s....c..#O.x...
04f0fa78 03 fa f0 04 98 fa f0 04 - 88 eb 69 05 88 0e 50 00 ..........i...P.
04f0fa88 08 00 00 00 1c b1 63 00 - 88 eb 69 05 6c 10 50 00 ......c...i.l.P.
04f0fa98 c0 23 4f 00 6a 96 4e 00 - e0 22 44 02 90 6f aa 05 .#O.j.N.."D..o..
04f0faa8 11 b1 63 00 20 5e ee 00 - 90 6f aa 05 38 9c 63 00 ..c..^...o..8.c.
04f0fab8 00 00 00 00 08 00 00 00 - 00 00 00 00 24 8a 64 00 ............$.d.
04f0fac8 6f 56 65 00 f8 ac e9 00 - 86 63 65 00 58 fb f0 04 oVe......ce.X...
04f0fad8 ba 6f aa 05 88 fb f0 04 - f8 ac e9 00 03 49 65 00 .o...........Ie.
04f0fae8 f8 ac e9 00 00 61 65 00 - 09 61 65 00 10 61 65 00 .....ae..ae..ae.
04f0faf8 d0 62 65 00 e2 46 62 00 - 88 fb f0 04 f8 ac e9 00 .be..Fb.........
04f0fb08 50 c1 7d 05 58 fb f0 04 - 88 fb f0 04 f8 ac e9 00 P.}.X...........
04f0fb18 3c 64 65 00 f8 ac e9 00 - af 47 62 00 90 6f aa 05 <de......Gb..o..
04f0fb28 55 a2 65 00 ca ca ec 00 - 23 a0 65 00 60 fb f0 04 U.e.....#.e.`...
04f0fb38 10 4d 40 00 58 fb f0 04 - ca ca ec 00 8f 7c 62 00 .M@.X........|b.
04f0fb48 78 fb f0 04 00 e6 3e 02 - cc 89 63 00 90 6f aa 05 x.....>...c..o..
04f0fb58 8c fb f0 04 93 b2 63 00 - 94 fb f0 04 10 4d 40 00 ......c......M@.
04f0fb68 8c fb f0 04 30 6c 64 00 - 91 02 00 00 00 00 00 00 ....0ld.........
04f0fb78 00 00 00 00 00 00 00 00 - ed 03 00 00 3b 02 00 00 ............;...

disassembling:
[...]
00500e73 mov esi, ecx
00500e75 mov edi, edx
00500e77 mov ebx, eax
00500e79 3345 movzx edx, byte ptr [$500ea8]
00500e80 mov eax, [ebx+4]
00500e83 > call -$81300 ($47fb88) ; Graphics.TCanvas.RequiredState
00500e88 3346 xor eax, eax
00500e8a mov [esi], eax
00500e8c 3347 xor eax, eax
00500e8e mov [esi+4], eax
00500e91 3348 push $ffffffff
[...]

تقرير هايجاك
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:09 ص, on 19/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\e\New Folder\mohammed\1-mem\Protect\Reports\Zyzoom_HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TVTray] C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{55461FCA-3D15-4651-B07B-FCDA898E1E5D}: NameServer = 192.168.10.1 217.52.47.130
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NetOp Helper ver. 8.00 (2006026) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp School\TEACHER\NHOSTSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 2903 bytes

منتظر ردك الكريم

AbOdy · 19 مارس 2009

قم بتعطيل جميع برامج الحماية واغلق المتصفح وجميع البرامج وحمل هالأداة

شوف ياغالي ,,, حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

وبعد ماتخلص جرب ارجع شغل الأداة الي عطيتك ياها في اول رد لي

وشوف هل نفس المشكلة

فدى الرسول · 19 مارس 2009

السلام عليكم اخى الكريم
عند استخدام الاداه المرفقة ظهرت الرسالة اكثر من مرة
وبعد الانتهاء قمت بتجربة الاداة الاولى المذكورة ولكن المشكلة ما زالت قائمة
تقرير الاداة الثانية
SmitFraudFix v2.405

Scan done at 9:08:17.25, Thu 03/19/2009
Run from C:\Documents and Settings\omda\Application Data\IDM\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

127.0.0.1

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

127.0.0.1 winantivirus.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 192.168.10.1
DNS Server Search Order: 217.52.47.130

HKLM\SYSTEM\CCS\Services\Tcpip\..\{55461FCA-3D15-4651-B07B-FCDA898E1E5D}: NameServer=192.168.10.1 217.52.47.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{55461FCA-3D15-4651-B07B-FCDA898E1E5D}: NameServer=192.168.10.1 217.52.47.130

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

فدى الرسول · 19 مارس 2009

سويت اعادة تشغيل واستخدمت الاداة مرة اخرى ولا يوجد سوى النتيجة الاولى ؟؟؟؟!!!
مالعمل جزاك الله خير

فدى الرسول · 19 مارس 2009

اين رد الاخوة جزاكم الله خير ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

AbOdy · 19 مارس 2009

عطل برامج الحماية وشغل الأداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes

اثناء الفحص ممكن يعاد تشغيل الجهاز

وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى

وارفق لي التقرير الي يطلع لك

فدى الرسول · 19 مارس 2009

السلام عليكم
تم ايقاف جميع برامج الحماية
وتشغيل الاداة يمكنك تحميل التقرير من

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

او
هنا

كود:

http://rapidshare.com/files/211153181/ComboFix.zip.html

التقرير
"omda" - 2009-03-19 20:24:49 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\omda\My Documents\Downloads\Programs\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\WINDOWS\system32\winlog.exe"

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NM
-------\nm

((((((((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 ))))))))))))))))))))))))))))))))))

2009-03-19 20:20 388,608 --a------ C:\WINDOWS\system32\CF30409.exe
2009-03-19 16:16 <DIR> d-------- C:\Program Files\uTorrent
2009-03-19 16:16 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\uTorrent
2009-03-19 09:08 1,364 --a------ C:\WINDOWS\system32\tmp.reg
2009-03-18 20:53 <DIR> d-------- C:\Deckard
2009-03-18 20:07 <DIR> d--hs---- C:\$RECYCLE.BIN
2009-03-18 14:44 <DIR> d-------- C:\Program Files\Bit Che
2009-03-18 13:04 9,694 --a------ C:\WINDOWS\irunin.dat
2009-03-18 13:04 36,864 --a------ C:\WINDOWS\chgtype.exe
2009-03-18 13:04 2,048 --a-s---- C:\WINDOWS\bootstet.dat
2009-03-18 13:03 720,896 --a------ C:\WINDOWS\iun6002.exe
2009-03-18 12:55 <DIR> d-------- C:\My Drivers
2009-03-18 11:57 <DIR> d--hs---- C:\RECYCLER
2009-03-17 12:12 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\inSpeak
2009-03-17 12:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\inSpeak
2009-03-16 17:48 <DIR> d-------- C:\WINDOWS\system32\YingInstall
2009-03-16 17:48 <DIR> d-------- C:\Program Files\GxUpdate
2009-03-15 22:01 <DIR> d-------- C:\Program Files\ffdshow
2009-03-15 22:00 <DIR> d-------- C:\Program Files\Easy RealMedia Tools
2009-03-15 22:00 <DIR> d-------- C:\Program Files\AviSynth 2.5
2009-03-15 22:00 <DIR> d-------- C:\Program Files\AC3Filter
2009-03-15 21:48 799,056 --a------ C:\WINDOWS\system32\D3D10WARP_beta.dll
2009-03-15 21:48 799,056 --a------ C:\WINDOWS\system32\D3D10WARP.dll
2009-03-15 21:48 728,858 --a------ C:\WINDOWS\system32\unins000.exe
2009-03-15 21:48 513,360 --a------ C:\WINDOWS\system32\D3D11_beta.dll
2009-03-15 21:48 513,360 --a------ C:\WINDOWS\system32\D3D11.dll
2009-03-15 21:48 496,464 --a------ C:\WINDOWS\system32\D3DX10d_40.dll
2009-03-15 21:48 496,464 --a------ C:\WINDOWS\system32\D3DX10d.dll
2009-03-15 21:48 484,176 --a------ C:\WINDOWS\system32\DXGI_beta.dll
2009-03-15 21:48 480,592 --a------ C:\WINDOWS\system32\D3D11Ref.dll
2009-03-15 21:48 471,888 --a------ C:\WINDOWS\system32\D3D10Level9_beta.dll
2009-03-15 21:48 471,888 --a------ C:\WINDOWS\system32\D3D10Level9.dll
2009-03-15 21:48 462,672 --a------ C:\WINDOWS\system32\D3D11SDKLayers.dll
2009-03-15 21:48 4,096 --a------ C:\WINDOWS\system32\MyProg.exe
2009-03-15 21:48 234,320 --a------ C:\WINDOWS\system32\D3DX11_40.dll
2009-03-15 21:48 208,896 --a------ C:\WINDOWS\system32\d3d10_1core.dll
2009-03-15 21:48 2,140 --a------ C:\WINDOWS\system32\unins000.dat
2009-03-15 21:48 159,744 --a------ C:\WINDOWS\system32\d3d10_1.dll
2009-03-15 11:34 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Talkback
2009-03-15 11:33 0 --a------ C:\WINDOWS\nsreg.dat
2009-03-13 21:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2009-03-13 20:51 <DIR> d--hs---- C:\System Volume Information
2009-03-13 19:11 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Desktopicon
2009-03-12 13:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Simply Super Software
2009-03-12 13:09 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2009-03-12 12:49 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2009-03-12 12:49 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2009-03-12 12:49 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2009-03-12 12:49 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2009-03-12 12:49 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2009-03-12 12:49 <DIR> d-------- C:\Program Files\Trojan Remover
2009-03-12 12:49 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Simply Super Software
2009-03-12 12:07 <DIR> d-------- C:\Program Files\FLV Player
2009-03-12 11:56 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\CyberScrub
2009-03-12 11:56 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\cleaner
2009-03-12 11:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2009-03-12 11:11 388,608 --a------ C:\WINDOWS\system32\CF12151.exe
2009-03-12 11:01 0 --a------ C:\WINDOWS\system32\WinWare.sys
2009-03-11 14:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2009-03-11 13:51 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\TMP
2009-03-11 13:01 <DIR> d-------- C:\Program Files\Catalencoder
2009-03-11 12:34 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Download Manager
2009-03-10 12:51 26 --a------ C:\WINDOWS\system32\kakle.dll
2009-03-10 12:50 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2009-03-10 12:50 90,112 --a------ C:\WINDOWS\system32\agsaami.dll
2009-03-10 12:50 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll
2009-03-10 12:50 53,760 --a------ C:\WINDOWS\system\ppacklib.dll
2009-03-10 12:50 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll
2009-03-10 12:50 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2009-03-10 12:50 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll
2009-03-10 12:50 196,608 --a------ C:\WINDOWS\system32\maag.dll
2009-03-10 12:50 1,986,560 --a------ C:\WINDOWS\system32\akll.dll
2009-03-10 12:50 1,245,184 --a------ C:\WINDOWS\system32\bkll.dll
2009-03-10 12:50 1,212,416 --a------ C:\WINDOWS\system32\ckll.dll
2009-03-10 12:50 <DIR> d-------- C:\WINDOWS\system32\RMBin
2009-03-10 12:50 <DIR> d-------- C:\Program Files\Real_SC
2009-03-09 15:46 <DIR> d-------- C:\Program Files\SatFile Filter
2009-03-09 15:46 <DIR> d-------- C:\Program Files\Common Files\Marwan Programs
2009-03-08 20:34 <DIR> d-------- C:\Program Files\inSpeak
2009-03-08 13:45 <DIR> d-------- C:\Program Files\algam3 v1.2
2009-03-07 22:39 <DIR> d-------- C:\WINDOWS\PaltalkScene
2009-03-07 22:39 <DIR> d-------- C:\Program Files\Paltalk Messenger
2009-03-07 22:39 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Paltalk
2009-03-06 21:44 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\GRETECH
2009-03-06 21:43 <DIR> d-------- C:\Program Files\GRETECH
2009-03-06 20:34 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2009-03-06 13:28 <DIR> d-------- C:\Program Files\Media Player Classic
2009-03-05 20:07 <DIR> d-------- C:\Program Files\Windows Live
2009-03-05 20:05 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2009-03-03 15:39 <DIR> d-------- C:\Program Files\netcut
2009-03-01 17:28 <DIR> d-------- C:\Program Files\Any Audio Converter
2009-02-28 11:59 <DIR> d-------- C:\Program Files\RaizeMedia
2009-02-26 13:28 <DIR> d-------- C:\Program Files\URUSoft
2009-02-26 12:11 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2009-02-26 12:11 6,550 --a------ C:\WINDOWS\jautoexp.dat
2009-02-26 12:11 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2009-02-26 12:11 46,352 --a------ C:\WINDOWS\setdebug.exe
2009-02-26 12:11 404,752 --a------ C:\WINDOWS\system32\javart.dll
2009-02-26 12:11 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2009-02-26 12:11 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2009-02-26 12:11 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2009-02-26 12:11 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2009-02-26 12:11 172,304 --a------ C:\WINDOWS\system32\jview.exe
2009-02-26 12:11 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2009-02-26 12:11 171,280 --a------ C:\WINDOWS\system32\jit.dll
2009-02-26 12:11 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2009-02-26 12:11 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2009-02-26 12:11 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2009-02-26 12:11 113 --a------ C:\WINDOWS\system32\zonedon.reg
2009-02-26 12:11 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2009-02-25 12:28 <DIR> d-------- C:\Documents and Settings\omda\Tracing
2009-02-25 12:28 <DIR> d-------- C:\DOCUME~1\omda\Tracing
2009-02-20 17:29 <DIR> d-------- C:\Program Files\nLite
2009-02-20 17:08 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2009-02-20 17:08 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2009-02-20 17:08 <DIR> d-------- C:\Program Files\Alcohol Soft
2009-02-20 11:47 <DIR> d-------- C:\Program Files\Advanced IP Scanner
2009-02-19 16:33 <DIR> d-------- C:\Program Files\Xilisoft
2009-02-19 15:15 <DIR> d-------- C:\DOCUME~1\omda\APPLIC~1\Ulead Systems
2009-02-19 15:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-03-19 18:20:08 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\DMCache
2009-03-19 07:08:07 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\IDM
2009-03-18 22:01:54 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Thinstall
2009-03-18 09:40:45 -------- d-----w C:\Program Files\Internet Download Manager
2009-03-13 12:03:30 -------- d-----w C:\Program Files\MobiMB Mobile Media Browser
2009-03-12 17:48:26 -------- d-----w C:\Program Files\Image2PDF OCR v3.2
2009-03-12 09:52:20 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\DNA
2009-03-12 09:49:33 -------- d-----w C:\Program Files\DNA
2009-03-08 20:24:24 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Real
2009-03-06 11:28:19 -------- d-----w C:\Program Files\Real Alternative
2009-03-06 11:27:41 -------- d-----w C:\Program Files\K-Lite Codec Pack
2009-03-01 11:55:13 -------- d-----w C:\Program Files\Nokia
2009-02-28 19:16:25 -------- d-----w C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)
2009-02-25 09:53:07 -------- d-----w C:\Program Files\Common Files\LogoManager
2009-02-24 11:36:11 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-02-24 11:35:27 -------- d-----w C:\Program Files\Common Files\InstallShield
2009-02-22 17:53:12 -------- d-----w C:\Program Files\Winamp
2009-02-20 18:43:04 -------- d-----w C:\Program Files\My Video Converter
2009-02-17 22:59:28 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Help
2009-02-16 17:06:17 -------- d-----w C:\Program Files\VMware
2009-02-16 13:44:20 -------- d-----w C:\Program Files\Apex
2009-02-16 07:35:02 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\IndigoRose
2009-02-16 07:28:41 -------- d-----w C:\Program Files\AutoPlay Media Studio 7.0
2009-02-16 07:26:58 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Downloaded Installations
2009-02-15 13:22:56 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Nokia
2009-02-13 22:40:37 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\ooVoo Details
2009-02-13 22:40:32 -------- d-----w C:\Program Files\ooVoo
2009-02-11 23:06:32 1,024 ----a-w C:\WINDOWS\system32\Image2PDF.dat
2009-02-07 09:45:16 -------- d-----w C:\Program Files\TechSmith
2009-02-07 09:44:37 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-02-07 09:21:29 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\PC Suite
2009-02-06 18:18:34 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\PlayFirst
2009-02-05 19:34:14 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\TravelerSafe+
2009-02-05 08:08:49 -------- d-----w C:\Program Files\DScaler5
2009-02-03 15:56:01 -------- d-----w C:\Program Files\Common Files\snpstd
2009-02-02 21:32:08 -------- d-----w C:\Program Files\Common Files\Nero
2009-02-02 21:29:50 -------- d-----w C:\Program Files\Ahead
2009-02-02 21:29:23 -------- d-----w C:\Program Files\Common Files\Ahead
2009-02-02 09:58:40 -------- d-----w C:\Program Files\Network LookOut
2009-02-02 07:25:02 -------- d-----w C:\Program Files\WinPcap
2009-02-01 16:45:48 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Kingston
2009-01-31 10:21:50 131,072 ----a-w C:\softcam.bin
2009-01-30 19:11:39 -------- d-----w C:\Program Files\Elaborate Bytes
2009-01-30 07:42:03 4,096 ----a-w C:\WINDOWS\d3dx.dat
2009-01-29 23:23:19 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Media Player Classic
2009-01-29 19:09:19 -------- d-----w C:\Program Files\Common Files\PCSuite
2009-01-29 19:09:17 -------- d-----w C:\Program Files\Common Files\Nokia
2009-01-29 19:09:04 -------- d-----w C:\Program Files\DIFX
2009-01-29 19:08:50 -------- d-----w C:\Program Files\PC Connectivity Solution
2009-01-29 16:15:28 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\mjusbsp
2009-01-29 07:10:19 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Danware Data
2009-01-29 07:09:01 -------- d-----w C:\Program Files\Danware Data
2009-01-28 23:14:10 -------- d-----w C:\Program Files\Yahoo!
2009-01-28 21:29:08 -------- d-----w C:\Program Files\PC-TV
2009-01-28 21:08:45 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2009-01-28 20:37:06 94,636 ----a-w C:\WINDOWS\dropcpyr.dll
2009-01-28 20:37:06 73,728 ----a-w C:\WINDOWS\copyfstq.exe
2009-01-28 20:30:37 -------- d-----w C:\Program Files\Common Files\ODBC
2009-01-28 20:30:34 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2009-01-28 20:24:24 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Microsoft Web Folders
2009-01-28 19:37:10 -------- d-----w C:\DOCUME~1\omda\APPLIC~1\Mikrotik
2009-01-28 19:22:07 -------- d-----w C:\Program Files\Kaspersky Lab
2009-01-28 19:17:14 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2009-01-28 19:17:12 -------- d-----w C:\Program Files\TP-LINK
2009-01-28 19:15:25 -------- d-----w C:\Program Files\EasyTV
2009-01-28 19:04:44 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2009-01-28 19:04:25 155,405 ----a-w C:\WINDOWS\Uninstall.exe
2009-01-28 19:01:40 2,467 ----a-w C:\Program Files\Common Files\unins000.dat
2009-01-28 19:01:23 728,858 ----a-w C:\Program Files\Common Files\unins000.exe
2009-01-28 18:48:21 -------- d-----w C:\Program Files\microsoft frontpage
2009-01-28 18:47:55 0 --sha-r C:\IO.SYS
2009-01-28 18:47:55 0 ---h--w C:\MSDOS.SYS
2009-01-28 18:47:55 0 ----a-w C:\CONFIG.SYS
2009-01-28 18:47:55 0 ----a-w C:\AUTOEXEC.BAT
2009-01-28 18:46:13 -------- d--h--w C:\Program Files\WindowsUpdate
2009-01-28 18:46:10 -------- d-----w C:\Program Files\Online Services
2009-01-28 18:45:20 -------- d-----w C:\Program Files\Common Files\MSSoap
2009-01-28 18:45:10 -------- d-----w C:\Program Files\Movie Maker
2009-01-28 18:44:14 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2009-01-28 18:43:50 -------- d-----w C:\Program Files\Messenger
2009-01-28 18:43:45 -------- d-----w C:\Program Files\MSN Gaming Zone
2009-01-28 18:43:36 -------- d-----w C:\Program Files\Windows NT
2009-01-22 14:49:49 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208}=C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-02-16 18:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVTray"="C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe" [2006-03-03 15:52]
"SystemInit"="" []
"Karen"="" []
"raVe"="" []
"Win32BaseServiceMOD"="" []
"startIE"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2009-03-13 21:36]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"raVe"=
"Driver32"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoConfigPage"=0 (0x0)
"NoDevMgrPage"=0 (0x0)
"NoFileSysPage"=0 (0x0)
"NoVirtMemPage"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"NoFolderOptions"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoConfigPage"=0 (0x0)
"NoDevMgrPage"=0 (0x0)
"NoFileSysPage"=0 (0x0)
"NoVirtMemPage"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoFolderOptions"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoSetTaskbar"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\WinOldApp]
"Disabled"=0 (0x0)
"NoRealMode"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoFind"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetTaskbar"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\WinOldApp]
"Disabled"=0 (0x0)
"NoRealMode"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
Debugger=C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
"C:\Documents and Settings\omda\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy]
copyfstq.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVTray]
C:\PROGRA~1\EasyTV\EASYTV~1\TVTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
"C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-03-19 08:27:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2009-03-19 8:29:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2009-03-19 08:29

--- E O F ---

فدى الرسول · 19 مارس 2009

ياريت الرد يا اخوة لان النت ويرليس وبيقطع معايا

فدى الرسول · 19 مارس 2009

خلاص يا شباب انا عرفتها بفضل الله هى فين المشكلة
بقيمة فى الرجستى
القيمة هى

C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg

قمت بتغييرها الى
NTsD-D
واشتغلت بفضل الله

زيزوومى مبدع

توقيع : فدى الرسول

عضوشرف

عضوشرف

زيزوومى مبدع

توقيع : فدى الرسول

عضو شرف

توقيع : AbOdy

زيزوومى مبدع

توقيع : فدى الرسول

عضو شرف

توقيع : AbOdy

زيزوومى مبدع

توقيع : فدى الرسول

زيزوومى مبدع

توقيع : فدى الرسول

زيزوومى مبدع

توقيع : فدى الرسول

عضو شرف

توقيع : AbOdy

زيزوومى مبدع

توقيع : فدى الرسول

زيزوومى مبدع

توقيع : فدى الرسول

زيزوومى مبدع

توقيع : فدى الرسول