مشكلة Kaspersky Anti-Virus 2009

fata_love · 10 أبريل 2009

السلا معليكم ورحمة الله وبركاته

سـوف آشرح مشكلتي مـع الكاسبر ( حيث آن تظهر لي رساله خطأ ويقطع الآتصال بـ النت )

آولآ تظهر لـي هذة الرسالة :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وهنـآ يطفي الكاسبر والـنت

وتظهرهـذة الرساله من آسفل اليمين :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ومباشرة تظهر هـذة الرسالة :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وآحياناَ تتكرر معي كثيراَ,,,,, وآنا آغلق برنامج الكاسبر كي آنجز عملي من الآنترنت
وبعد ذلك آعيد تـنـشيط البرنامج

(( وفي ردي الثاني تقرير الهاي جاك ))

آنـا شاكر ومقدر لك من آقدم لـ مسـآعدتـي

fata_love · 10 أبريل 2009

تقرير الهاي جاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:57 ص, on 10/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\Administrator\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\dtx.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\dtx.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sixth exit vga dash] C:\Documents and Settings\All Users\Application Data\Okay Way Sixth Exit\meow corn.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [curb style] C:\DOCUME~1\ADMINI~1\APPLIC~1\DEADGR~1\OwnsDoes.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9740 bytes

ابـــو عــبــد الــلــه · 10 أبريل 2009

وعليكم السلام

...
اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

fata_love · 10 أبريل 2009

ComboFix 09-04-04.01 - Administrator 04/10/2009 23:23:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.502.218 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: Kaspersky Anti-Virus *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\docume~1\ADMINI~1\LOCALS~1\adhvvf.kor
c:\windows\IE4 Error Log.txt
c:\windows\system32\agsaame.dll
c:\windows\system32\ALOAudioFile2.dll
c:\windows\system32\ALOAVIFile.dll
c:\windows\system32\ALOQuickTimeFile.dll
c:\windows\system32\ALOVideoCoreM.dll
c:\windows\system32\ALOWMAFile2.dll
c:\windows\system32\Desktop_.ini
c:\windows\system32\kakle.dll
c:\windows\system32\setting.ini
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\winitn.dll
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 20:27 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-10 20:26 4,492 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-10 20:26 385,056 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-10 20:26 16,448 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-10 20:26 1,698,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-10 14:33 --------- d-----w c:\program files\WIDCOMM
2009-04-10 14:03 --------- d-----w c:\documents and settings\Administrator\Application Data\U3
2009-04-10 09:55 --------- d-----w c:\program files\AV VCS 3.0
2009-04-10 07:35 --------- d-----w c:\program files\Hotspot Shield
2009-04-08 23:07 --------- d-----w c:\program files\Mobile Partner
2009-04-08 21:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 12:31 --------- d-----w c:\documents and settings\Administrator\Application Data\oovootb
2009-04-08 12:19 --------- d-----w c:\program files\Hotspot_Shield
2009-04-08 12:18 --------- d-----w c:\program files\Conduit
2009-04-05 06:39 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-04 19:57 --------- d-----w c:\program files\oovootb
2009-04-04 19:56 --------- d-----w c:\program files\mpegable
2009-04-04 19:56 --------- d-----w c:\program files\ClocX
2009-04-04 19:56 --------- d-----w c:\program files\Atheros
2009-04-04 19:48 72,226 ----a-w c:\windows\BricoPackUninst.cmd
2009-04-04 19:23 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-04 19:23 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-04 18:46 --------- d-----w c:\program files\Kaspersky Lab
2009-04-04 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-04 11:49 --------- d-----w c:\documents and settings\Administrator\Application Data\dead grid bind
2009-04-03 18:18 33,256 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-04-03 13:40 --------- d-----w c:\program files\Google
2009-04-03 10:51 --------- d-----w c:\program files\Professor Franklin
2009-04-03 10:51 --------- d-----w c:\program files\Common Files\Streetwise Shared
2009-04-03 08:27 --------- d-----w c:\program files\DFX
2009-04-03 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\DFX
2009-04-03 08:26 --------- d-----w c:\program files\Common Files\DFX
2009-04-02 10:38 41,581 ----a-w C:\report.zip
2009-04-01 19:56 --------- d-----w c:\program files\Circl Developement
2009-04-01 14:12 --------- d-----w c:\program files\Ozone
2009-03-31 13:05 --------- d-----w c:\documents and settings\Administrator\Application Data\Webcammax
2009-03-31 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-30 22:02 --------- d-----w c:\documents and settings\Administrator\Application Data\EmailNotifier
2009-03-30 20:58 --------- d-----w c:\documents and settings\Administrator\Application Data\ooVoo Details
2009-03-30 20:53 --------- d-----w c:\program files\ooVoo
2009-03-30 20:52 --------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier
2009-03-29 01:47 --------- d-----w c:\program files\SodaBush
2009-03-29 01:47 --------- d-----w c:\documents and settings\Administrator\Application Data\SodaBush
2009-03-29 00:48 --------- d-----w c:\program files\Perfect Uninstaller
2009-03-28 12:05 --------- d-----w c:\program files\AVG
2009-03-28 11:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-28 04:30 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-27 17:30 --------- d-----w c:\program files\Disk Password Protection
2009-03-27 16:09 --------- d-----w c:\program files\LtUcx
2009-03-26 21:44 --------- d-----w c:\program files\Common Files\ACD Systems
2009-03-26 02:35 --------- d-----w c:\program files\GreenBrowser
2009-03-25 18:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-03-25 10:37 --------- d-----w c:\program files\Common Files\xing shared
2009-03-25 10:37 --------- d-----w c:\program files\Common Files\Real
2009-03-25 09:12 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-25 09:04 --------- d-----w c:\program files\dead grid bind
2009-03-25 09:04 --------- d-----w c:\documents and settings\All Users\Application Data\Okay Way Sixth Exit
2009-03-25 09:03 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-25 09:00 --------- d-----w c:\program files\Windows Live
2009-03-25 08:59 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-25 08:59 --------- d-----w c:\program files\Microsoft
2009-03-25 08:33 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-25 08:06 --------- d-----w c:\program files\Webteh
2009-03-25 08:06 --------- d-----w c:\documents and settings\Administrator\Application Data\BSplayer Pro
2009-03-25 06:43 --------- d-----w c:\program files\Microsoft.NET
2009-03-25 06:42 --------- d-----w c:\program files\Microsoft Works
2009-03-24 20:32 --------- d-----w c:\program files\Common Files\Adobe
2009-03-24 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-03-24 20:27 --------- d-----w c:\program files\Common Files\Ahead
2009-03-24 20:27 --------- d-----w c:\program files\Ahead
2009-03-24 20:24 --------- d-----w c:\program files\Real
2009-03-24 20:23 47,104 ------w c:\windows\AKDeInstall.exe
2009-03-24 20:22 --------- d-----w c:\program files\K-Lite Codec Pack
2009-03-24 20:21 720,896 ----a-w c:\windows\iun6002.exe
2009-03-24 20:20 --------- d-----w c:\program files\FLV Player
2009-03-24 20:19 --------- d-----w c:\program files\Yahoo!
2009-03-24 20:18 --------- d-----w c:\program files\QuickTime
2009-03-24 20:17 --------- d-----w c:\program files\Apple Software Update
2009-03-24 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-24 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-24 20:16 --------- d-----w c:\program files\CyberLink
2009-03-24 20:13 10,368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-03-24 20:13 --------- d-----w c:\documents and settings\Administrator\Application Data\ACD Systems
2009-03-24 20:12 --------- d-----w c:\program files\Xilisoft
2009-03-24 20:11 --------- d-----w c:\program files\Java
2009-03-24 20:10 --------- d-----w c:\program files\Common Files\Java
2009-03-24 19:51 --------- d-----w c:\program files\Synaptics
2009-03-24 19:51 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-24 19:47 --------- d-----w c:\program files\Fingerprint Sensor
2009-03-24 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2009-03-24 19:41 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2009-03-24 19:39 --------- d-----w c:\program files\Broadcom
2009-03-24 19:36 --------- d-----w c:\program files\CONEXANT
2009-03-24 19:24 315,392 ----a-w c:\windows\HideWin.exe
2009-03-24 19:24 --------- d-----w c:\program files\Realtek
2009-03-24 19:15 --------- d-----w c:\program files\Intel
2009-03-24 18:47 --------- d-----w c:\program files\microsoft frontpage
.
------- Sigcheck -------
04/14/2008 09:29 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\explorer.exe
08/03/2004 11:56 PM 973312 a10b8a9309fee2bf9ee6538693844d77 c:\windows\$NtServicePackUninstall$\explorer.exe
04/14/2008 09:29 PM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 c:\windows\ServicePackFiles\i386\explorer.exe
08/03/2004 11:56 PM 100352 fe6583e05057a70b96d83038544b22cd c:\windows\$NtServicePackUninstall$\wuauclt.exe
04/14/2008 09:30 PM 100352 70d82b81c0157cf4579b1ada9a9551b0 c:\windows\ServicePackFiles\i386\wuauclt.exe
04/14/2008 09:30 PM 100352 70d82b81c0157cf4579b1ada9a9551b0 c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
03/16/2009 04:53 PM 87512 --a------ c:\program files\oovootb\dtx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
06/24/2008 11:17 PM 1569304 --a------ c:\program files\Hotspot_Shield\tbHots.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
04/08/2009 03:18 PM 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\dtx.dll" [03/16/2009 04:53 PM 87512]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHots.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [02/25/2009 06:29 PM 14657328]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 09:29 PM 15360]
"ClocX"="c:\program files\ClocX\ClocX.exe" [07/26/2007 06:43 PM 270336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/25/2009 01:37 PM 198160]
"Sixth exit vga dash"="c:\documents and settings\All Users\Application Data\Okay Way Sixth Exit\meow corn.exe" [04/10/2009 11:27 PM 765952]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [09/01/2006 03:57 PM 282624]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM 54832]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [12/06/2006 06:37 PM 69216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM 36975]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [05/19/2006 02:51 PM 774233]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [06/11/2005 02:51 PM 53248]
"Persistence"="c:\windows\system32\igfxpers.exe" [06/13/2007 07:55 AM 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [06/13/2007 07:55 AM 162584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [06/13/2007 07:56 AM 142104]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [04/04/2009 10:23 PM 206088]
"ClocX"="c:\program files\ClocX\ClocX.exe" [07/26/2007 06:43 PM 270336]
"RTHDCPL"="RTHDCPL.EXE" [05/28/2007 11:32 AM 16132608 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 09:29 PM 15360]
c:\documents and settings\Administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP

oVoo TCP المنفذ 443
"443:UDP"= 443:UDP

oVoo UDP المنفذ 443
"37674:TCP"= 37674:TCP

oVoo TCP المنفذ 37674
"37674:UDP"= 37674:UDP

oVoo UDP المنفذ 37674
"37675:UDP"= 37675:UDP

oVoo UDP المنفذ 37675
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2009-03-24 23:16:17 13560]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-03 364008]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-04-08 33256]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81a872ae-1916-11de-a4cb-001fe2eb8fc8}]
\Shell\AutoRun\command - d1vmq.exe
\Shell\open\Command - d1vmq.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8bca3a0-2482-11de-ae18-0017c4233d07}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\AB67912C91BC0448.job
- c:\docume~1\admini~1\applic~1\deadgr~1\Logo team name.exe [03/25/2009 12:05 PM]
2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [08/29/2006 02:21 PM]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-curb style - c:\docume~1\ADMINI~1\APPLIC~1\DEADGR~1\OwnsDoes.exe
Notify-avgrsstarter - avgrsstx.dll
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} - hxxp://76.76.19.77/imscp/talks3n.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-10 23:27:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1202660629-329068152-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B59DF565-52D0-FDA2-4C4A-103AAE382F7A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialjpnfbiphhikjhlc"=hex:6b,61,6b,6f,6b,6a,70,70,6d,62,6b,6a,63,6f,69,6f,67,6f,
68,6c,65,64,00,00
"jalafjmpleaonihblmcd"=hex:62,61,6e,6e,00,00
"jalafjmpleaonihblmgd"=hex:62,61,62,6f,00,00
"hafknagdfpeacaog"=hex:6b,61,6b,6f,6b,6a,70,70,6d,62,6b,6a,63,6f,69,6f,67,6f,
68,6c,65,64,00,00
"iafknaldhmiidoobnh"=hex:6e,61,6b,6a,64,63,6c,66,66,66,67,6a,6c,6c,6f,67,69,63,
62,64,6a,68,6a,65,6b,6d,6f,6b,00,d0
"hahabmbofplmgbcl"=hex:70,61,6d,61,65,6a,70,61,69,6e,63,64,70,61,6f,62,69,62,
66,67,62,6c,65,69,70,63,70,67,66,66,6e,6a,00,05
"jaiaembkgcfknbpdhgkp"=hex:64,62,68,6f,62,66,70,66,64,70,6b,6e,6d,64,6d,6e,6e,
66,69,6d,68,61,6f,6e,67,62,68,66,66,6a,6f,6c,63,63,62,6d,62,70,62,6b,00,05
"jagkiagflmdcaklfgbhp"=hex:62,61,6a,6f,00,00
"babk"=hex:64,61,6b,6f,67,6a,61,62,00,ee
"back"=hex:63,61,6c,6f,67,67,00,62
"cailjf"=hex:64,61,63,6f,69,64,67,70,00,ee
"cailif"=hex:64,61,6c,6f,68,67,66,68,00,ee
"iaikcoeffoicfbhmmf"=hex:65,61,6b,6f,6b,6a,61,61,66,70,00,00
"iaikcoeffoicfbhmpf"=hex:64,61,6d,6f,70,66,6f,62,00,70
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B59DF565-52D0-FDA2-4C4A-103AAE382F7A}\InProcServer32*]
"jajjjdcpdbehnhdjbemh"=hex:67,61,62,6f,70,66,6e,63,6a,6b,6a,65,62,6a,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 04/10/2009 23:29:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-10 20:29:34
Pre-Run: 22,332,416,000 bytes free
Post-Run: 22,772,506,624 bytes free
302

Corporation · 10 أبريل 2009

تم التنظيف من فيروسآت الأوتورآن ,,

هايجــآك جديد لااهنت ,,

fata_love · 10 أبريل 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:20 م, on 10/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ooVoo\oovoo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\Administrator\سطح المكتب\Zyzoom_HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\dtx.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\dtx.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sixth exit vga dash] C:\Documents and Settings\All Users\Application Data\Okay Way Sixth Exit\meow corn.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .3gp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9360 bytes

Corporation · 10 أبريل 2009

من التقرير أحذف التآلي ,,

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\dtx.dll

O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\dtx.dll

O4 - HKLM\..\Run: [Sixth exit vga dash] C:\Documents and Settings\All Users\Application Data\Okay Way Sixth Exit\meow corn.exe

O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized

O16 - DPF: {20AD521D-3A3E-11D4-BC32-0050040D952B} (SwIcdInstall Class) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~...mp/swicdad.cab

O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

طريقة الحذف للاكس بي

بعدها أذهب إلى لوحة التحكم وأحذف أي تول بآآر موجود بأظافة وآزالة البرآمج

ويفضل حذف برنامج oovoo التاابع لبرآمج المحآدثة ,,

بعدها ,,

حمل هذه الأدآة للتنظيف ,,

التحميل من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,

عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

موفق ,,

fata_love · 11 أبريل 2009

الله يعطيك العافية

أنا شاكر ومقدر لـك أهتمامك والله يكتبها لـ في خطوة حسنه وتوفيق من الله

لكن أدآة التنظيف لم آستطيع تحميلها من الموقع ؟

Corporation · 11 أبريل 2009

استخدم هذه الاداة للتنظيف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

موفق

ابـــو عــبــد الــلــه · 11 أبريل 2009

جزاك الله خير يا COMPAQ99

....

اضافة ... اعمل التالي يا fata_love

عطل نقطة استعادة النظام حسب الشرح التالي

مشكلة Kaspersky Anti-Virus 2009

fata_love

زيزوومي جديد

fata_love

زيزوومي جديد

ابـــو عــبــد الــلــه

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

fata_love

زيزوومي جديد

Corporation

زيزوومى فضى

توقيع : Corporation

fata_love

زيزوومي جديد

Corporation

زيزوومى فضى

توقيع : Corporation

fata_love

زيزوومي جديد

Corporation

زيزوومى فضى

توقيع : Corporation

ابـــو عــبــد الــلــه

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه