عندي مشكلة في كاسبر سااااااااااااااعدوووووني

[brotherhood]

السلام عليكم ورحمة الله وبركاته

كيفكم شو اخباركم
ما بطول عليكم

المشكلة وما فيها:

انا عندي برنامج كاسبر انتي فايروس 2009

كان شغال 100\100
بس طفيت الجهاز وشغلته اليوم الثاني
والبرنامج بطل يشتغل ابدا
تطلعلي هذي الرسالة:

خبروني ايش الحل



​

 

[افراح الروح]

السلام عليكم
البرنامج ما يفتح نهائي ؟؟؟
​

 

[brotherhood]

ابدا ما يفتح
​

 

[افراح الروح]

عندك السيتأب بتاع الكاسبر ؟؟؟؟؟؟؟؟؟؟؟؟؟؟
​

 

[brotherhood]

لا ما عندي
​

 

[افراح الروح]

نصيحة احذفه وركب نسخة السكيوريتي افضل ==> مجرد رأي

​

 

[techno]

المعذرة بنقله للقسم المناسب بالتوفيق
​

 

[PrinceOfPersia]

نصيحة احذفه وركب نسخة السكيوريتي افضل ==> مجرد رأي

​

ونعم الرأي

 

[brotherhood]

طيب مافي حل تاني

 

[brotherhood]

مافي حل تاني يا شبااااااآآآآآآااااااب

يعني حل بدوــن حذفـــ الكاسبر

 

[MAAX]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

 

[brotherhood]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:09 PM, on 4/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AChat\AChat.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\dell\برامج\Zyzoom_HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AChat] "C:\Program Files\AChat\AChat.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: EI??? ??C ?? C??I??E - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &EI??? ??C ?? Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{047A1B76-CB6F-4692-9CC1-9F7129E4CED5}: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{886952C9-84D7-43C5-B067-68D571C1FD10}: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5498533-15D0-4518-912E-1E39F5716F04}: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CS1\Services\Tcpip\..\{047A1B76-CB6F-4692-9CC1-9F7129E4CED5}: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CS3\Services\Tcpip\..\{047A1B76-CB6F-4692-9CC1-9F7129E4CED5}: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.130,85.255.112.184
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10124 bytes





هذا هو التقرير
اتمنى الرد

 

[MAAX]

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

وارجو متابعة موضوعك بسرعة وعدم التأخر

 

[ابـــو عــبــد الــلــه]

:er: ...​

​

​

​

​

​

​

 

[brotherhood]

ComboFix 09-04-18.07 - dell 04/18/2009 19:49.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.967.1033.18.1014.449 [GMT 3:00]
Running from: c:\users\dell\Desktop\ComboFix.exe
AV: AVG 7.5.524 *On-access scanning disabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycler\S-8-7-70-100002441-100010528-100022498-1359.com
c:\windows\system32\drivers\gaopdxpmutcrprwuvpvbnitpmycbdtxiphfsmy.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxxqhqmorkjqjymneyomwuoruvfcaixjci.dll
D:\Autorun.inf
d:\recycler\S-8-7-70-100002441-100010528-100022498-1359.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-16 11:08 . 2009-04-16 11:16 -------- d-----w c:\users\dell\AppData\Roaming\AChat
2009-04-02 12:25 . 2009-01-15 09:19 23848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-02 12:25 . 2008-04-17 09:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-02 12:24 . 2009-04-02 12:25 -------- d-----w c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-02 12:24 . 2009-04-02 12:25 -------- d-----w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-23 09:48 . 2009-04-17 15:06 -------- d-----w c:\users\dell\Tracing
2009-03-23 09:35 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-03-22 13:59 . 2009-03-22 13:59 -------- d-----w c:\users\dell\AppData\Roaming\Nokia Multimedia Player
2009-03-20 22:14 . 2008-10-19 20:36 434176 ----a-w c:\users\dell\u .exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 16:44 . 2008-09-17 00:09 999456 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-18 16:44 . 2008-09-17 00:09 5544 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-18 16:44 . 2008-09-17 00:09 6282784 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-18 16:44 . 2008-09-17 00:09 51212 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-16 11:08 . 2009-04-16 11:08 -------- d-----w c:\program files\AChat
2009-04-16 10:54 . 2008-09-17 00:11 96645 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-16 10:54 . 2008-09-17 00:11 87941 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-10 16:31 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-10 16:31 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-06 16:11 . 2008-11-29 16:52 -------- d-----w c:\users\dell\AppData\Roaming\Free Download Manager
2009-04-05 15:00 . 2009-02-13 17:15 -------- d-----w c:\program files\Norton Security Scan
2009-04-03 05:07 . 2008-04-05 19:11 -------- d-----w c:\programdata\Kaspersky Lab
2009-04-02 12:24 . 2009-04-02 12:24 -------- d-----w c:\program files\iTunes
2009-04-02 12:24 . 2009-04-02 12:24 -------- d-----w c:\program files\iPod
2009-04-02 12:24 . 2008-07-08 19:15 -------- d-----w c:\program files\Common Files\Apple
2009-04-02 12:21 . 2008-07-08 19:18 -------- d-----w c:\program files\QuickTime
2009-04-02 12:15 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-23 09:41 . 2007-11-14 06:11 -------- d-----w c:\program files\Windows Live
2009-03-23 09:40 . 2009-03-23 09:40 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-23 09:33 . 2009-03-23 09:33 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-23 09:27 . 2009-03-23 09:27 -------- d-----w c:\program files\Microsoft
2009-03-23 09:27 . 2009-03-23 09:27 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-22 15:11 . 2009-02-13 17:15 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-21 23:25 . 2009-03-21 23:25 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-20 23:45 . 2007-11-17 13:22 1356 ----a-w c:\users\dell\AppData\Local\d3d9caps.dat
2009-03-12 13:05 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-12 08:56 . 2007-09-17 10:55 -------- d-----w c:\programdata\Microsoft Help
2009-03-10 14:17 . 2009-02-10 08:54 -------- d-----w c:\users\dell\AppData\Roaming\Hide IP NG
2009-03-08 13:40 . 2009-03-08 13:40 857990 ----a-w c:\users\dell\hideipng.exe
2009-03-08 12:39 . 2009-03-08 12:39 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-08 12:38 . 2009-03-08 12:38 -------- d-----w c:\program files\JavaSoft
2009-03-08 12:38 . 2007-06-11 13:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 22:05 . 2009-02-23 16:30 -------- d-----w c:\program files\SweetIM
2009-02-26 10:47 . 2008-03-21 16:23 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 16:30 . 2009-02-23 16:30 -------- d-----w c:\programdata\SweetIM
2009-02-22 20:09 . 2008-04-13 16:34 -------- d-----w c:\program files\Messenger Plus! Live
2009-02-20 15:29 . 2009-02-20 15:29 -------- d-----w c:\programdata\Symantec
2009-02-09 03:10 . 2009-03-11 20:30 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2008-11-29 16:44 . 2008-11-29 16:35 6523712 ----a-w c:\users\dell\fdminst3.exe
2008-11-01 21:39 . 2008-11-01 21:39 28554240 ----a-w c:\users\dell\اداة كاسبر.exe
2008-10-25 15:48 . 2008-10-25 15:48 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-10-25 15:48 . 2008-10-25 15:48 56 ---ha-w c:\programdata\ezsidmv.dat
2008-10-10 18:01 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-08-18 19:54 . 2007-09-15 14:21 517864 ----a-w c:\users\dell\AppData\Local\GDIPFONTCACHEV1.DAT
2007-11-19 16:26 . 2007-09-25 22:19 106 ----a-w c:\users\dell\AppData\Roaming\wklnhst.dat
2009-01-07 19:28 . 2007-10-05 13:33 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-01-07 19:28 . 2007-10-05 13:33 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-01-07 19:28 . 2007-10-05 13:33 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-10-08 09:02 . 2008-08-02 21:15 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-08 09:02 . 2008-08-02 21:15 32768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-08 09:02 . 2008-08-02 21:15 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-11 21:15 . 2007-06-11 21:14 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AChat"="c:\program files\AChat\AChat.exe" [2007-01-24 2851328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 201992]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-11 77824]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-02-15 111928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

c:\users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-3-5 5205504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-6-11 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\xxtbatdd.exe c:\windows\system32\xxtbatdd.exe:changelist\0autocheck autochk *

[HKLM\~\startupfolder\C:^Users^dell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RK Launcher.lnk]
path=c:\users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RK Launcher.lnk
backup=c:\windows\pss\RK Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" -autorun
"Software Informer"="c:\program files\Software Informer\softinfo.exe" -autorun
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{355967B9-5C02-4532-A8AB-67180DD993B9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F12563C5-0B48-4332-989C-ABEB37AD4A97}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{788CCD0C-6F09-4C62-ABB5-4747AF12823E}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A939B521-DBDF-407E-A929-E9A825C62C81}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{71B98131-BAAA-4AFC-AB51-6D14993AF0DC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88DDFD6D-70A2-4A1C-A05C-1094F7A6D8BD}"= UDP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{34E93AE8-5437-4F47-B046-D1A329586B10}"= TCP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{3DE7EDE2-B8E0-4A27-809C-E334D7281906}"= UDP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{67329A89-B50B-47BC-99E5-27383E9A2822}"= TCP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{20FA1FD2-8766-42EF-937F-745C2D503CCF}"= UDP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{927B52FB-16EB-4B5E-9E28-1A82D2BFC16A}"= TCP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{F329647E-EC42-445F-80A5-6AF9E7AE0DBD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B7867CA8-99F3-4908-8E84-25BCD989CDE7}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{20929B47-D0B3-464F-BA2A-BB8B3B34C32C}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3C843A6E-BD8D-4845-A207-BF3DE066592F}f:\\valve\\hl.exe"= UDP:f:\valve\hl.exe:Half-Life Launcher
"UDP Query User{19BBA6C8-80B1-4B1E-B1D4-37E111369BC3}f:\\valve\\hl.exe"= TCP:f:\valve\hl.exe:Half-Life Launcher
"{DC8FFBEC-DF33-47D9-AB77-9B5E307EF4B8}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2B40AFA0-2DD2-4185-BC4E-0CE5308E64D8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7139AC47-4841-4B7E-A598-0B5024DD8AB1}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{3D0A2E5A-68F4-4950-B049-72B4D77E7C4A}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BE4BEB1F-861D-439C-974F-24F307644007}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86C0C593-687D-4469-BEAD-F76F1D61468D}"= UDP:c:\program files\TuneUp Utilities 2008\OneClick.exe:TuneUp 1-Click Maintenance
"{A747D227-AA7B-4F55-B5AB-E0BE8B5F9C96}"= TCP:c:\program files\TuneUp Utilities 2008\OneClick.exe:TuneUp 1-Click Maintenance
"{AE35B96E-EDF8-4D5C-9A6D-9ABACE87C4AE}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{6F38DB58-CF7D-4C7D-8B39-CE67381480DB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F32A5C4C-294F-4765-AA8D-EB97F0419F7F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{730A37D9-51AB-431A-9689-5497C608CE87}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{EBDD9C13-0D0B-4A7F-B30C-584F3F0A3F3C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D0A9E030-9471-4B34-885A-F6DA8B196622}c:\\users\\dell\\desktop\\counter-strike 1.6\\czero.exe"= UDP:c:\users\dell\desktop\counter-strike 1.6\czero.exe:czero.exe
"UDP Query User{34663E69-7887-4554-B7F8-16EB43D08538}c:\\users\\dell\\desktop\\counter-strike 1.6\\czero.exe"= TCP:c:\users\dell\desktop\counter-strike 1.6\czero.exe:czero.exe
"TCP Query User{2A560D21-5EFC-421D-99D8-92109473162E}c:\\users\\dell\\desktop\\counter-strike 1.6\\hlds.exe"= UDP:c:\users\dell\desktop\counter-strike 1.6\hlds.exe:hlds.exe
"UDP Query User{FB7BA001-2CEA-4C72-B479-B7A244307977}c:\\users\\dell\\desktop\\counter-strike 1.6\\hlds.exe"= TCP:c:\users\dell\desktop\counter-strike 1.6\hlds.exe:hlds.exe
"{430A6CB6-A239-4C61-8181-7DF1F94EFD5C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{32242FF9-2C07-4E2F-B50F-1B99D13A8689}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\Drivers\cam1690.sys [2006-12-20 121088]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-04 33808]
S1 is-QF9ULdrv;is-QF9ULdrv;c:\windows\system32\DRIVERS\11383066.sys [2008-07-08 148496]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 21:12 41456]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fba15fe-c6b0-11dd-b514-0019b9782b7b}]
\shell\AutoRun\command - F:\sq.com
\shell\explore\Command - F:\sq.com
\shell\open\Command - F:\sq.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32755071-4d24-11dd-a8a9-0019b9782b7b}]
\shell\AutoRun\command - semo2x.exe
\shell\explore\Command - semo2x.exe
\shell\open\Command - semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{456f6590-4f56-11dd-962a-0019b9782b7b}]
\shell\AutoRun\command - 8ng8w.com
\shell\explore\Command - 8ng8w.com
\shell\open\Command - 8ng8w.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a5349bd-e601-11dc-9f8e-00197edd8726}]
\shell\AutoRun\command - AutoRun\AutoStart.exe
\shell\Explore\Command - AutoRun\AutoStart.exe
\shell\Open\Command - AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71214234-f6a0-11dd-a026-0019b9782b7b}]
\shell\AutoRun\command - j:\autorun\AutoStart.exe
\shell\Explore\Command - j:\autorun\AutoStart.exe
\shell\Open\Command - j:\autorun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82c5b48c-ff67-11dd-983b-0019b9782b7b}]
\shell\AutoRun\command - AutoRun\AutoStart.exe
\shell\Explore\Command - AutoRun\AutoStart.exe
\shell\Open\Command - AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d83e7141-572f-11dd-93db-0019b9782b7b}]
\shell\AutoRun\command - F:\i.com
\shell\open\Command - F:\i.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8dfad5d-581c-11dd-af06-806e6f6e6963}]
\shell\AutoRun\command - F:\uxkl0apt.bat
\shell\open\Command - F:\uxkl0apt.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea54a25a-1d1b-11dd-8f61-0019b9782b7b}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea54a25e-1d1b-11dd-8f61-0019b9782b7b}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 06:59]

2009-04-05 c:\windows\Tasks\Norton Security Scan for dell.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 17:20]

2009-04-18 c:\windows\Tasks\User_Feed_Synchronization-{4A99BD4C-8428-4ABA-9CF4-64EEDD87518E}.job
- c:\windows\system32\msfeedssync.exe [2008-10-10 07:33]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
WebBrowser-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Yahoo! Pager - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free Download Manager تحميل الفيديو بواسطة - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: تحميل المحددة بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlselected.htm
IE: تنزيل الكل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dlall.htm
IE: تنزيل بفري داونلود مانيجر - file://c:\program files\Free Download Manager\dllink.htm
FF - ProfilePath - c:\users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\59vr3hya.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sa/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava131_18.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npoji600.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-18 20:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\dell\AppData\Local\Temp\gaopdx000 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxeqvyocresrfnpxfmdvuebosiipwxgsop.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gaopdxeqvyocresrfnpxfmdvuebosiipwxgsop.sys"
.
Completion time: 2009-04-18 20:03
ComboFix-quarantined-files.txt 2009-04-18 17:03
ComboFix2.txt 2008-11-01 19:04

Pre-Run: 51,182,866,432 bytes free
Post-Run: 50,947,649,536 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
393 --- E O F --- 2009-03-20 17:42

 

[MAAX]

حمل هذه الاداة ,,
واتبع الشرح التالي ,, لتنظيف جهازك من هذه الدعايات
و عمل تقرير بالعمليه حتى ترفقه بردك القادم ,,

رابط تحميل آخر تحديث للاداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شرح الاستخدام ,,,,,,
قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

 

[brotherhood]

SmitFraudFix v2.410

Scan done at 21:36:28.24, Sat 04/18/2009
Run from C:\Users\dell\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{047A1B76-CB6F-4692-9CC1-9F7129E4CED5}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D5498533-15D0-4518-912E-1E39F5716F04}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{047A1B76-CB6F-4692-9CC1-9F7129E4CED5}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D5498533-15D0-4518-912E-1E39F5716F04}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{047A1B76-CB6F-4692-9CC1-9F7129E4CED5}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D5498533-15D0-4518-912E-1E39F5716F04}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2


C:\Windows\system32\drivers\opdxeqvyocresrfnpxfmdvuebosiipwxgsop.sys detected !
use a Rootkit scanner

C:\Windows\system32\opdxqpiqtaywsptbykiqbemmueidxkmnemmv.dll detected !
use a Rootkit scanner


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[brotherhood]

طيب ارسلت التقرير
ايش اسوي بعدين

 

[MAAX]

ارفع تقرير هايجاك جديد

 

[brotherhood]

اسف على التأخير بس كنت مسافر

وهذا التقرير:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:00, on 4/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\dell\برامج\Zyzoom_HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AChat] "C:\Program Files\AChat\AChat.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free Download Manager تحميل الفيديو بواسطة - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل المحددة بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: تنزيل الكل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: تنزيل بفري داونلود مانيجر - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: EI??? ??C ?? C??I??E - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &EI??? ??C ?? Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8615 bytes