متصفحات الانترنت لاتعمل .. والتقرير بالداخل !

هاشـم · 24 أبريل 2009

ll بسم الله الرحمن الرحيم ll

السلام عليكم ورحمة الله وبركاته ..

المشكلة

متصفحات الانترنت بالجهاز لا تفتح المواقع .. :cr:

وقد بدأت تدريجيا هذه المشكلة ..

فأرجو حل المشكلة .. وجزاكم الله من خيره .. :b:

----------------------------------------

مواصفات الجهاز

ويندوز فيستا .

لابتوب نوع توشيبا .

برنامج الحماية : مكافي

.

المتصفحات المجربة : اكسبلورر و فايرفوكس ..

-------------------------------------------------------------------------

تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:29:18 م, on 24/04/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Users\TOSHIB~1\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
C:\Users\toshiba-user\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Zyzoom_HijackThis.exe
C:\Program Files\Nitro PDF\Professional\NitroPDF.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.20.10.14:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [cash dent] "C:\ProgramData\Close Dale Dale.cliaea"
O4 - HKLM\..\Run: [bone thunk axis copy] "C:\ProgramData\Bind Log First.la7c5r7"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Tok-Cirrhatus-3609] "C:\Users\toshiba-user\AppData\Local\br8241on.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [cash dent] "C:\ProgramData\Close Dale Dale.9ri8zsd"
O4 - HKCU\..\Run: [bone thunk axis copy] "C:\ProgramData\kind road mix.afu2y"
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} - x-hsp:///C:/PrimerDB/onlinelan.hsp/ActiveXATS.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

--
End of file - 11271 bytes

------------------------------------

بالتوفيق ..

أنا بالانتظار .. :king:

MAAX · 24 أبريل 2009

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

هاشـم · 24 أبريل 2009

آسف جدا عالتأخير لظروف خارجة عن الارادة .. وهذا التقرير ..

=====================================

ComboFix 08-09-22.06 - toshiba-user 04/24/2009 21:01:57.1 - NTFSx86
Running from: C:\Users\toshiba-user\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\ComboFix.exe
* Resident AV is active

.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-03-24 to 2009-04-24 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 18:03 --------- d-----w C:\Users\toshiba-user\AppData\Roaming\Free Download Manager
2009-04-24 18:02 --------- d-----w C:\Users\toshiba-user\AppData\Roaming\DMCache
2009-04-21 22:05 --------- d-----w C:\Users\toshiba-user\AppData\Roaming\U3
2009-03-17 03:38 40,960 ----a-w C:\Windows\AppPatch\apihex86.dll
2009-03-17 03:38 24,064 ----a-w C:\Windows\System32\amxread.dll
2009-03-17 03:38 13,824 ----a-w C:\Windows\System32\apilogen.dll
2009-03-02 19:43 --------- d-----w C:\Program Files\Java
2009-03-02 19:42 --------- d-----w C:\Program Files\Common Files\Java
2009-03-02 19:12 --------- d-----w C:\PROGRA~2\pure coal bone thunk
2009-03-02 19:12 --------- d-----w C:\PROGRA~2\Findpuredate
2009-03-02 19:07 --------- d-----w C:\Program Files\MSN Messenger
2009-03-02 19:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2009-02-25 04:32 --------- d-----w C:\Users\toshiba-user\AppData\Roaming\Skype
2009-02-09 03:10 2,033,152 ----a-w C:\Windows\System32\win32k.sys
2009-01-27 11:15 73,216 ----a-w C:\Windows\ST6UNST.EXE
2009-01-27 11:15 172,032 ------w C:\Windows\Setup1.exe
2008-10-13 00:16 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
07/31/2007 04:33 PM 1391640 --a------ C:\Program Files\speed-bit\tbspee.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "C:\Program Files\speed-bit\tbspee.dll" [07/31/2007 04:33 PM 1391640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspee.dll" [07/31/2007 04:33 PM 1391640]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cash dent"="C:\ProgramData\Close Dale Dale.9ri8zsd" [X]
"bone thunk axis copy"="C:\ProgramData\kind road mix.afu2y" [X]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 10:33 AM 1233920]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [08/21/2006 12:24 AM 2068527]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/30/2008 02:16 PM 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cash dent"="C:\ProgramData\Close Dale Dale.cliaea" [X]
"bone thunk axis copy"="C:\ProgramData\Bind Log First.la7c5r7" [X]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM 267064]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [11/28/2006 10:14 PM 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [11/28/2006 10:17 PM 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [11/28/2006 10:13 PM 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/02/2007 03:36 PM 835584]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM 582992]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 09:52 PM 49152]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [06/12/2008 02:25 AM 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [06/11/2008 10:43 PM 640376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"Nitro PDF Printer Monitor"="C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [09/02/2008 09:34 AM 210224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM 132496]
"RtHDVCpl"="RtHDVCpl.exe" [01/18/2007 02:46 PM 4349952 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="Userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{44422A6E-D645-4E7E-9005-2E2FA085A838}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4A3ED369-C347-4951-B98F-206BCBF168F3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9DC8514B-1D59-4121-A1E8-E3ECA46BE9BD}"= UDP:C:\Program Files\Yahoo!\Messenger\YPager.exe:Yahoo! Messenger
"{F46528E5-9EB4-4BBB-9730-CB75C5A37214}"= TCP:C:\Program Files\Yahoo!\Messenger\YPager.exe:Yahoo! Messenger
"{00C8F873-57E4-4B05-8F7D-679D186F5AE9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D9B99F57-3481-4ADE-804B-942F08636804}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{04793F92-85AB-47E2-8543-F79CF40E03CA}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{D34DFC98-5A72-491F-9B3B-DB7C7841F7CA}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"TCP Query User{F8595320-53A0-4BDA-B6DE-ADF3778E7BC0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2B1BE478-B238-4153-9808-0876D7A947A7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{049C9F1E-CE93-4DF5-A1AB-215C87DA6BCA}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{B2732861-D9DA-4FDA-ABC7-8AD8E2B06A60}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"{CDDDDDAA-FDEF-4459-8043-CD2B4ACDE14A}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{F9A6471B-B639-4E8F-979B-F14F9CBD5070}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{FF1E2DBC-2248-45BC-89C6-067D28EDEB5C}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe

oVoo
"UDP Query User{5DA25BBF-D748-439B-8094-684DA8772CDE}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe

oVoo
"{1EFCF862-69CA-45C1-87B6-F5FA16DFE64C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{59C84BFB-3D61-4232-A6DB-44A563A0995A}"= Disabled:UDP:443

oVoo TCP المنفذ 443
"{7D9D7237-B249-4D06-9B6C-A62A17F07961}"= TCP:443

oVoo UDP المنفذ 443
"{3E1DEC1B-9391-495E-9725-6E14BCF68BEC}"= UDP:37674

oVoo TCP المنفذ 37674
"{BB27BF47-BF65-466E-9A60-B0D8B7D2CC25}"= TCP:37674

oVoo UDP المنفذ 37674
"{C79AD1A9-015E-4AAA-84C6-580EFC2F5600}"= TCP:37675

oVoo UDP المنفذ 37675
"{F5CE4D0D-4B72-41BA-83A9-27D548983057}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{64C95D5C-8C67-46DA-85B6-7A5A808BDA4F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F39989B8-F8C1-4ED8-B2AD-6DE1F0F970ED}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7280440C-6C1A-4355-9204-EC1FF0A8016C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{843E54B2-2BC5-44A7-9598-9460B161E233}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{34A246D2-D9FB-4866-AE53-5A211811401E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C6510D57-F36A-48C6-AB14-1C10627962AE}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1186AD2D-D30B-43ED-924B-1E7216A7E2EF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A8CE04D3-6F8D-4E18-91AC-BFB319909DE9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{60B73138-7F34-44B2-9CBE-CD0C9971D853}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [11/02/2006 10:30 AM]
S0 phylock;phylock;C:\Windows\system32\drivers\phylock.sys [12/18/2006 12:03 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d71d9b-fbe3-11dd-b517-00037ad42752}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Sgt.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fca8f36-7437-11dc-9310-0016d4f868b4}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{238cebe1-f1ff-11dc-8c4f-00037ad42752}]
\shell\AutoRun\command - G:\RavMon.exe
\shell\explore\Command - G:\RavMon.exe -e
\shell\open\Command - G:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{515f85e3-fb63-11dc-b05d-00037ad42752}]
\shell\AutoRun\command - G:\x2tpc.cmd
\shell\open\Command - G:\x2tpc.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{515f85e7-fb63-11dc-b05d-00037ad42752}]
\shell\AutoRun\command - I:\x2tpc.cmd
\shell\open\Command - I:\x2tpc.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5948c581-ea99-11dd-ba7a-00037ad42752}]
\shell\AutoRun\command - CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
\shell\open\command - CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5948c586-ea99-11dd-ba7a-00037ad42752}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c883997-ec29-11dd-87d8-00037ad42752}]
\shell\AutoRun\command - G:\t1ypkh.exe
\shell\explore\Command - G:\t1ypkh.exe
\shell\open\Command - G:\t1ypkh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d098716-e9d0-11dd-a4f5-00037ad42752}]
\shell\AutoRun\command - G:\a2h2.com
\shell\open\Command - G:\a2h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{991ef8ea-e133-11dd-b000-00037ad42752}]
\shell\AutoRun\command - x2tpc.cmd
\shell\open\Command - x2tpc.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99903204-0251-11de-9337-00037ad42752}]
\shell\AutoRun\command - 2fiy.bat
\shell\open\Command - 2fiy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4aa000-1fe9-11dd-83ac-00037ad42752}]
\shell\AutoRun\command - G:\jfvkcsy.bat
\shell\explore\Command - G:\jfvkcsy.bat
\shell\open\Command - G:\jfvkcsy.bat
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\TOSHIB~1\AppData\Roaming\Mozilla\Firefox\Profiles\yowtnqfq.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-24 21:02:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = acaptuser32.dll???

scanning hidden files ...

**************************************************************************
.
Completion time: 04/24/2009 21:07:39
ComboFix-quarantined-files.txt 2009-04-24 18:06:29
ComboFix2.txt 2009-04-24 17:36:17

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 30,999,531,520 bytes free

187 --- E O F --- 2009-04-21 17:00:16

=============================

.

MAAX · 25 أبريل 2009

حدد التالي واحذفه

F2 - REG:system.ini: UserInit=Userinit.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

O2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL (file missing

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLL (file missing

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [cash dent] "C:\ProgramData\Close Dale Dale.cliaea

O4 - HKLM\..\Run: [bone thunk axis copy] "C:\ProgramData\Bind Log First.la7c5r7

O4 - HKCU\..\Run: [Tok-Cirrhatus-3609] "C:\Users\toshiba-user\AppData\Local\br8241on.exe"

O4 - HKCU\..\Run: [cash dent] "C:\ProgramData\Close Dale Dale.9ri8zsd

O4 - HKCU\..\Run: [bone thunk axis copy] "C:\ProgramData\kind road mix.afu2y

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9CE73426-1E7C-423E-AD30-3D7CD911B145} - x-hsp:///C:/PrimerDB/onlinelan.hsp/ActiveXATS.CAB

طريقة الحذف

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة وشغلها لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبلغنا النتائج

متصفحات الانترنت لاتعمل .. والتقرير بالداخل !

هاشـم

زيزوومي جديد

توقيع : هاشـم

MAAX

عضوشرف

هاشـم

زيزوومي جديد

توقيع : هاشـم

MAAX

عضوشرف