الرجاء المساعدة لقد تم تدمير ملفات exeالموجودة في جهازي بهذا الفيروس: win32:vitro

[ishaaaak18]

الرجاء الإفادة في هذا الموضوع
لقد تم تدمير ملفات exeالموجودة في جهازي بهذا الفيروس: win32:vitro

كما أنه تم تعطيل جدار الحماية حتى صار هكذا

وهكذ

ولكم مني جزيل الشكر زالتقدير

 

[Abu-7arb]

اهلا بك بمنتديات زيزوووم للامن والحماية
تم نقل موضوعك للقسم الانسب حتى يلقى الدعم المطلوب
بارك الله فيك

 

[kadri68]

انا مثلك تماما ارجو ان يأتي الفرج من شخص له خبرة في تدمير هذا الفيروس اللعين وله منا جزيل الشكر والقدير

 

[MAAX]

الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 

[MAAX]

انا مثلك تماما ارجو ان يأتي الفرج من شخص له خبرة في تدمير هذا الفيروس اللعين وله منا جزيل الشكر والقدير

اخي افتح موضوع جديد حتى لا نواجه مشكلة بالتقارير

 

[ishaaaak18]

عذرا على الإطالة أجويMAAX
هذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:15, on 21-03-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection
DVD\EDICT.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\kadri mo hammad\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Downloads\Programs\Zyzoom_HijackThis_2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.CanadianStockMarket.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.orbitdownloader.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: myBabylon English Toolbar -
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program
Files\myBabylon_English\tbmyBa.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} -
C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer
- {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper -
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows
Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft
Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers
communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -
C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - (no file)
O3 - Toolbar: &Windows Live Toolbar -
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows
Live\Toolbar\wltcore.dll
O3 - Toolbar: myBabylon English Toolbar -
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program
Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program
Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers
communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program
Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program
Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [EPSON Stylus C64 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON
Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky
Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download
Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [E09FXLRD_8671843] "F:\Program Files\Microsoft
Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
/nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kadri mo
hammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"
/c
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\kadri mo
hammad\reader_s.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater]
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471
-"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19
(KHTML, like Gecko) Chrome/1.0.154.48 Safari/525.19"
-"file:///F:/j/http___www.funlabo.com_/www.funlabo.com/velo/lancer-cycliste.htm"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows
Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program
Files\Kaspersky Lab\Kaspersky Internet Security
2009\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit -
res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Translate with &Babylon -
res://C:\Program
Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download
Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager -
C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download
Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics -
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky
Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
- (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA}
- (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta -
{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers
communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -
https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00D727C9-286A-46E3-8607-98780C64F91A}:
NameServer = 41.221.20.4 193.251.169.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{00D727C9-286A-46E3-8607-98780C64F91A}:
NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: grooveLocalGWS -
{88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft
Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
\\?\globalroot,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: jkkklljk - jkkklljk.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab -
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2009\avp.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown
owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program
Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers
communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 12666 bytes

 

[MAAX]

ارفع التقرير بدون كود لا هنت

 

[ishaaaak18]

هذا هو التقرير ومشكور


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:15, on 21-03-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\kadri mo hammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Downloads\Programs\Zyzoom_HijackThis_2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [E09FXLRD_8671843] "F:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kadri mo hammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\kadri mo hammad\reader_s.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.48 Safari/525.19" -"

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{00D727C9-286A-46E3-8607-98780C64F91A}: NameServer = 41.221.20.4 193.251.169.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{00D727C9-286A-46E3-8607-98780C64F91A}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - Winlogon Notify: jkkklljk - jkkklljk.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 12666 bytes

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 

[ishaaaak18]

الرجاء الإنتضار جري التجربة​

 

[ishaaaak18]

هذا هو التقرير الطلع






ComboFix 09-03-19.02 - kadri mo hammad 03/21/2009 18:24:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.1.1036.18.2038.438 [GMT 1:00]
Running from: c:\documents and settings\kadri mo hammad\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\aqvkgrhx.ini
c:\windows\system32\CJSAayay.ini
c:\windows\system32\CJSAayay.ini2
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\ioslsjqv.ini
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\qpyrmhal.ini
c:\windows\system32\qvxeddjr.ini
c:\windows\system32\VB5FR.DLL
c:\windows\system32\vtusasdj.ini
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_PROTECT
-------\Legacy_RKHIT
-------\Service_ISODrive

((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-02-21 13:20 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Windows Service
2009-03-21 19:49 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-03-21 19:48 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\DMCache
2009-03-21 19:48 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-21 19:47 712,736 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-21 19:47 5,612 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-21 18:39 6,458,400 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-21 18:39 54,680 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-21 17:34 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\uTorrent
2009-03-21 17:34 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Orbit
2009-03-21 17:30 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Skype
2009-03-21 17:23 --------- d-----w c:\program files\Orbitdownloader
2009-03-21 15:06 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\skypePM
2009-03-21 12:56 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-21 12:56 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-21 12:56 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-20 20:32 --------- d-----w c:\program files\ProgDVB
2009-03-20 15:28 --------- d-----w c:\program files\Kaspersky Lab
2009-03-19 19:31 --------- d-----w c:\program files\Opera
2009-03-19 18:47 --------- d-----w c:\program files\AxtromDTV
2009-03-18 19:49 --------- d-----w c:\program files\Folder Lock
2009-03-18 19:24 --------- d-----w c:\program files\QuickTime
2009-03-18 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\ProgDVB
2009-03-18 17:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 13:04 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2009-03-18 11:44 --------- d-----w c:\program files\adslTV
2009-03-17 23:53 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Babylon
2009-03-17 23:46 --------- d-----w c:\program files\myBabylon_English
2009-03-17 21:02 --------- d-----w c:\program files\Unlocker
2009-03-17 20:58 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-17 16:39 --------- d-----w c:\program files\Webcam and Screen Recorder
2009-03-17 13:26 18,085,376 ----a-w c:\windows\RTHDCPL.EXE
2009-03-17 13:26 --------- d-----w c:\program files\Windows Desktop Search
2009-03-17 13:25 1,655,808 ----a-w c:\windows\explorer.exe
2009-03-17 13:23 71,168 ----a-w c:\windows\notepad.exe
2009-03-17 13:23 61,440 ----a-w c:\windows\ALCMTR.EXE
2009-03-17 13:23 288,768 ----a-w c:\windows\winhlp32.exe
2009-03-17 13:23 153,600 ----a-w c:\windows\regedit.exe
2009-03-17 13:23 11,264 ----a-w c:\windows\hh.exe
2009-03-15 21:57 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-15 18:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 16:49 --------- d-----w c:\program files\Paint.NET
2009-03-15 16:41 --------- d-----w c:\program files\Internet Download Manager
2009-03-15 16:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-15 15:41 253,952 ----a-w c:\windows\SETUP1.EXE
2009-03-15 15:41 174,592 ----a-w c:\windows\SETUP132.EXE
2009-03-15 10:46 53,760 ----a-w c:\windows\fake.exe
2009-03-14 21:37 --------- d-----w c:\program files\Total Uninstall 5
2009-03-14 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\Martau
2009-03-14 20:25 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Desktopicon
2009-03-13 11:07 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\IDM
2009-03-13 09:14 --------- d-----w c:\documents and settings\All Users\Application Data\Torrent2Exe
2009-03-13 08:51 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Paltalk
2009-03-09 15:01 233,510 ----a-w c:\windows\ProgDVB Uninstaller.exe
2009-03-08 17:50 --------- d-----w c:\program files\Throttle
2009-03-07 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-03-07 07:01 --------- d-----w c:\program files\P2P_Torrent
2009-03-06 20:35 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Thinstall
2009-03-06 17:27 --------- d-----w c:\program files\Elecard
2009-03-06 17:25 --------- d-----w c:\program files\Fichiers communs\Elecard
2009-03-06 17:24 --------- d-----w c:\program files\DVB-S PowerInstall
2009-03-06 17:17 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Notepad++
2009-03-06 17:13 --------- d-----w c:\program files\Notepad++
2009-03-05 18:55 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Ahead
2009-03-04 17:46 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\VitySoft
2009-03-02 22:41 --------- d-----w c:\program files\WinASO
2009-03-01 16:32 --------- d-----w c:\documents and settings\Administrateur\Application Data\Orbit
2009-02-27 17:58 --------- d-----w c:\program files\Conduit
2009-02-27 17:07 20 ----a-w C:\sccfg.sys
2009-02-27 09:47 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-22 17:49 --------- d-----w c:\program files\Windows Live
2009-02-22 10:35 --------- d-----w c:\program files\WinPcap
2009-02-22 10:05 --------- d-----w c:\program files\hkSFV
2009-02-21 20:53 --------- d-----w c:\documents and settings\Administrateur\Application Data\Windows Desktop Search
2009-02-21 20:52 --------- d-----w c:\documents and settings\Administrateur\Application Data\FarStone
2009-02-21 13:09 --------- d-----w c:\program files\Cobian Backup 9
2009-02-19 17:33 --------- d-----w c:\program files\Google
2009-02-14 11:42 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-14 11:28 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Malwarebytes
2009-02-14 11:28 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 18:12 --------- d-----w c:\program files\Auslogics
2009-02-13 18:12 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Auslogics
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 11:46 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-02-06 18:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 13:30 --------- d-----w c:\program files\Passware
2009-01-31 18:31 --------- d-----w c:\program files\Skype
2009-01-31 18:31 --------- d-----w c:\program files\Fichiers communs\Skype
2009-01-31 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-01-30 18:24 --------- d-----w c:\program files\Windows Defender
2009-01-30 18:10 --------- d-----w c:\program files\Microsoft Calculatrice Plus
2009-01-28 19:36 --------- d-----w c:\program files\Java
2009-01-25 23:05 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\Investintech
2009-01-24 18:01 --------- d-----w c:\program files\Yahoo!
2009-01-24 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-23 21:00 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\GrabPro
2009-01-23 18:13 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\CyberScrub
2009-01-23 18:10 --------- d-----w c:\documents and settings\kadri mo hammad\Application Data\cleaner
2004-03-01 12:25 114,688 ----a-w c:\program files\internet explorer\plugins\ChimeShim.dll
.
------- Sigcheck -------
08/04/2004 04:14 AM 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
04/13/2008 08:20 PM 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
03/17/2009 09:58 PM 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
03/17/2009 09:58 PM 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys
03/17/2009 02:25 PM 1655808 7901dc4c7afb8d868a91f6475aa2d207 c:\windows\explorer.exe
06/13/2007 02:10 PM 1054720 9daa35af53db3f095a664d72b18f236d c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
06/13/2007 02:22 PM 1054720 bc426707947209f0445769ca6afc4cfa c:\windows\$NtServicePackUninstall$\explorer.exe
08/04/2004 05:54 AM 1053696 db27303ea4f0c27ead77fe0881d84c75 c:\windows\$NtUninstallKB938828$\explorer.exe
04/14/2008 03:34 AM 1055232 1a6d22c1ad95a769f56a8aa9698ad272 c:\windows\ServicePackFiles\i386\explorer.exe
08/04/2004 05:54 AM 32768 f9f9e7a917c3ac4d7fb5706a5cb7efae c:\windows\$NtServicePackUninstall$\ctfmon.exe
04/14/2008 03:33 AM 32768 cfaedafd332d870f09f9a9f625a77999 c:\windows\ServicePackFiles\i386\ctfmon.exe
03/17/2009 02:26 PM 15872 fb0bae547d020302e17b9d304839af30 c:\windows\system32\ctfmon.exe
08/04/2004 05:55 AM 42496 481d2ec63739a830820be8878a19f964 c:\windows\$NtServicePackUninstall$\userinit.exe
04/14/2008 03:34 AM 44032 7cc0f5afb4a3b5cbbd40e8239fdb70de c:\windows\ServicePackFiles\i386\userinit.exe
03/17/2009 02:23 PM 27136 0a5af59c696933c01e9b8af5a06b1d6e c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [11/23/2008 11:03 PM 1784856]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [11/23/2008 11:03 PM 1784856]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [11/23/2008 11:03 PM 1784856]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [03/17/2009 02:26 PM 15872]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [02/06/2009 06:51 PM 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [06/01/2007 10:21 AM 153136]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [02/09/2009 07:35 PM 2741680]
"E09FXLRD_8671843"="f:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" [05/28/2008 11:34 AM 351000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [11/07/2008 02:31 PM 21633320]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [02/09/2009 05:47 PM 270128]
"Google Update"="c:\documents and settings\kadri mo hammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [03/15/2009 11:51 AM 133104]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\SHOCKW~1\SWHELP~2.EXE" [12/05/2008 11:01 PM 460216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [03/17/2009 02:23 PM 417792]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [03/17/2009 02:25 PM 163840]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM 153136]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [03/16/2009 11:03 PM 3563232]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [10/17/2006 02:20 AM 398944]
"EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE" [03/17/2009 02:25 PM 100352]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [10/07/2008 07:48 PM 185872]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [03/20/2009 06:54 PM 201992]
"combofix"="c:\windows\system32\CF25997.exe" [03/21/2009 06:20 PM 401920]
"RTHDCPL"="RTHDCPL.EXE" [03/17/2009 02:26 PM 18085376 c:\windows\RTHDCPL.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\windows\system32\CF25997.exe" [03/21/2009 06:20 PM 401920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [03/17/2009 02:26 PM 15872]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [08/24/2007 03:18 AM 437160]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [02/06/2009 06:51 PM 3885408]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-08-24 1719496]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 124416]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [05/26/2008 10:19 PM 304128]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\(Default)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\64c5bde7
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanRam
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 02/06/2009 06:08 PM 454000 c:\program files\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 02/28/2008 03:00 PM 166424 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 02/28/2008 03:00 PM 141848 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 02/11/2009 10:19 AM 399504 c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 11/10/2008 05:43 AM 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 10/07/2008 07:48 PM 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 11/03/2006 07:20 PM 866584 c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-18 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-18 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-04 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-14 179856]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TPPORT;TPPORT;c:\windows\system32\drivers\TPPORT.SYS [2008-10-03 6796]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [2008-06-02 10330]
R3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [2008-06-02 25600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-02-14 15504]
S1 clbowbqs;clbowbqs;\??\c:\windows\system32\drivers\clbowbqs.sys --> c:\windows\system32\drivers\clbowbqs.sys [?]
S1 ktljdxnr;ktljdxnr;\??\c:\windows\system32\drivers\ktljdxnr.sys --> c:\windows\system32\drivers\ktljdxnr.sys [?]
S1 pdjcnqml;pdjcnqml;\??\c:\windows\system32\drivers\pdjcnqml.sys --> c:\windows\system32\drivers\pdjcnqml.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
senekalight
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0444b47d-db35-11dd-8241-0008540ac0d3}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL log.exe
\Shell\Ouvrir\command - log.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d8176e2-a9d2-11dd-81a7-0008540ac0d3}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca12adf3-e3d0-11dd-9daf-0008540ac0d3}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
.
Contents of the 'Scheduled Tasks' folder
2009-03-21 c:\windows\Tasks\choguslu.job
- c:\windows\system32\awtuttqn.dll []
2009-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-2139871995-682003330-1003.job
- c:\documents and settings\kadri mo hammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [03/15/2009 11:51 AM]
2009-03-20 c:\windows\Tasks\Malwarebytes' Scheduled Scan for kadri mo hammad.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [02/11/2009 10:19 AM]
2009-03-21 c:\windows\Tasks\Malwarebytes' Scheduled Update for kadri mo hammad.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [02/11/2009 10:19 AM]
2009-03-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [11/03/2006 07:20 PM]
2009-03-21 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2029-02-21 c:\windows\Tasks\User_Feed_Synchronization-{D144C2B7-9146-40EC-AC28-32A4B20FFF01}.job
- c:\windows\system32\msfeedssync.exe [03/17/2009 02:32 PM]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-reader_s - c:\documents and settings\kadri mo hammad\reader_s.exe
HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)
HKLM-RunServices-raVe - (no file)
HKLM-RunServices-Driver32 - (no file)
HKU-Default-Run-A00F97EA71.exe - c:\windows\TEMP\_A00F97EA71.exe
Notify-jkkklljk - jkkklljk.dll
SafeBoot-senekalight

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.orbitdownloader.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Search
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\kadri mo hammad\Application Data\Mozilla\Firefox\Profiles\jx3gn61v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\kadri mo hammad\Application Data\Mozilla\Firefox\Profiles\jx3gn61v.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\kadri mo hammad\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=c:\windows\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,14,e0,22,55,48,c8,48,99,eb,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,14,e0,22,55,48,c8,48,99,eb,54,\
[HKEY_USERS\S-1-5-21-725345543-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{962D6266-3A2B-7804-896B-C8E65AE4B37D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"faknllgdjlck"=hex:6f,62,67,6f,6d,6e,69,69,6f,63,6b,6e,62,61,66,63,68,6c,6e,63,
70,6d,6a,6f,70,68,65,6f,63,6a,6d,70,69,67,70,6a,61,64,6e,64,6e,6f,68,67,67,\
[HKEY_USERS\S-1-5-21-725345543-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C82F8F76-A9F2-D608-D6BD-C9D02DD1E25A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abbfmffkhmcdidhkinnimnjbcblhafggcn"=hex:69,61,61,67,6a,64,6d,69,69,67,62,70,
6b,6e,6b,6e,6f,68,00,00
"maofjgkmdejifblmhpdnefcnif"=hex:6f,61,6e,70,6e,62,67,62,6c,69,65,66,67,67,66,
6a,66,6d,6d,6e,66,68,6f,6d,6c,6e,64,6d,6c,65,00,00
[HKEY_USERS\S-1-5-21-725345543-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E2E6AF31-AF32-2168-401D-BDD8F6F18C5B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ablfkeefickmkkgmhofinhfdnelcgfncpp"=hex:6b,61,68,68,63,6d,6a,6d,64,67,67,61,
6d,65,68,63,63,68,61,68,6b,6d,00,00
"pabgafpkbimhcbdfdodihjnkpconfejd"=hex:6a,61,68,68,6e,6c,6d,6b,6e,69,62,70,63,
63,6f,6d,6d,6c,68,6a,00,00
"abhfcecghmnolgnonnhkoiamhaipkjdili"=hex:61,61,00,00
"magfjaggnadnboockgkdiadebm"=hex:61,61,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):61,f3,53,f2,f9,91,aa,ce,ce,2f,f8,18,3c,7e,5a,ea,43,75,85,76,13,
60,3e,14,a1,86,06,e8,07,fc,80,9f,c4,a9,13,42,d9,8b,43,f2,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{be4ecac2-5d03-44a7-8eb1-c43ae0a1503e}]
@Denied: (Full) (Everyone)
"Model"=dword:00000029
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,66,a7,7c,09,d9,
1e,1e,44,05,98,32,02,34,2b,da,61,6c,3f,2b,f3,f5,b9,98,04,b1,b7,c4,a8,f1,2f,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ےےےے¤•€|ù•9~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1200)
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1260)
c:\windows\system32\idmmbc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 03/21/2009 20:51:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-21 19:51:52
Pre-Run: 6,389,080,064 octets libres
Post-Run: 8,422,805,504 octets libres
436 --- E O F --- 2009-03-20 20:12:19


وهذي صورة للطلع

 

[MAAX]

ارفع تقرير هايجاك جديد الان

 

[ishaaaak18]

هذا هو التقرير



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:31, on 21-03-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\kadri mo hammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Downloads\Programs\Zyzoom_HijackThis_2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0C2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [E09FXLRD_8671843] "F:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kadri mo hammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.48 Safari/525.19" -"

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{00D727C9-286A-46E3-8607-98780C64F91A}: NameServer = 41.221.20.4 193.251.169.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{00D727C9-286A-46E3-8607-98780C64F91A}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 12209 bytes
​

 

[MAAX]

حدد القيم التالية واحذفها

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - (no file

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll

O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.48 Safari/525.19" -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file

طريقة الحذف

​

​

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود​

ثم نزل هذه الاداة واتبع الشرح التالي​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبيفقط ​

شرح الاستخدام ,,,,,,
دبل كلك على الاداة واصبر حتى تنتهي جميع النوافذ وتقف عند هذه النافذة​

​

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

وثبت هذه الاعدادات وبلغنا النتائج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[ishaaaak18]

بارك الله فيك أخي MAAX الكشير من البرامج بدأت تشتغل عادي جازاك الله كل خير
لكن هناك مشكلة الكاسبر الذي عندي هو Kaspersky Internet Security 8.0.0357