جهازي لا يتصفح إلا عندما أغلق برنامج الحماية Kaspersky Internet Security 2009 ما الحل

  • بادئ الموضوع بادئ الموضوع rashed111
  • تاريخ البدء تاريخ البدء
  • المشاهدات 1,047
R

rashed111

زيزوومى فعال
إنضم
3 مايو 2009
المشاركات
240
مستوى التفاعل
18
النقاط
340
الإقامة
المملكة العربية السعودية - الرياض
غير متصل
السلام عليكم و رحمة الله وبركاته

لا أستطيع التصفح إلا عند إغلاق برنامج الحماية Kaspersky Internet Security 2009

و هذا تقرير جهازي :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:19 م, on 04/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.219.52:80
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\AnchorFree\bin\AFBho.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AFToolbar - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - C:\Program Files\AnchorFree\bin\AFToolbar.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Kaspersky Internet Security 2009.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O4 - Startup: Vuze.lnk = C:\Program Files\Vuze\Azureus.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: IDM بواسطة FLV تحميل محتوى فيديو - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM تحميل بواسطة - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: IDM تحميل جميع الروابط بواسطة - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: إضافة إلى حاجب الدعايات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: إ&عدادات Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Update Service (gupdate1c98a162ebc8d90) (gupdate1c98a162ebc8d90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9054 bytes

 

ترتيب حسب التاريخ ترتيب حسب الأصوات
طبق الشرح التالي يالغلااا

restoresettings_9%28en%29.gif
 
توقيع : KoNaMi
تأييد 0
المشكله ياخووك في اعداداتك للبرنامج شكلك ياحبيبي حريص على الافضل في استخدام البرنامج

ادخل هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
(
multipage.gif
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
...
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
)
 
تأييد 0
منتبهتووووش لردك ياباشا :)


بسألك :d: >> ذب الميانه

لي قرابه اسبوعين ابي اسوي شرح مثل ماوضعته بس تعبت وانا ادور

ياليت تدلني عليه :d:
 
تأييد 0
rd-19 قال:
منتبهتووووش لردك ياباشا :)


بسألك :d: >> ذب الميانه

لي قرابه اسبوعين ابي اسوي شرح مثل ماوضعته بس تعبت وانا ادور

ياليت تدلني عليه :d:
أنقر للتوسيع...

حياك اخوي
عادي يابعدي
اتفضل هنا
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 
توقيع : KoNaMi
تأييد 0
ياجعلك الجنه يارب وويسر امرك وامر صاحب الموضوع :)
 
تأييد 0
و أنبه إني مو أول مرة أستخدم هالبرنامج و نفس هالنسخة, و لكن أول مرة تحصل لي هالمشكلة الغريبة !
 
تأييد 0
يا شباب الآن استجدت عندي مشكلة كنت أشتكي منها من أمس و هي على هذا الرابط:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


و يبدو أن المشكلة كلها من الكاسبر عندي مدري وش مشكلته, و أظنها أمس انحلت بعد ما حذفت الكاسبر و رجعت ثبته!

الآن بحذف الكاسبر و بثبت

BitDefender Internet Security 2009

و أيضا منتظر ردود الخبراء, و السلام عليكم

 
تأييد 0
هذا تقرير عملته ببرنامج ComboFix بعد حذف الكاسبر سكاي

ComboFix 09-05-03.6 - user 05/05/2009 2:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.494.239 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.
2009-05-04 19:32 . 2009-05-04 19:54 -------- d-----w c:\program files\Common Files\delet
2009-05-03 09:12 . 2008-06-19 13:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-03 09:12 . 2009-05-03 09:12 -------- d-----w c:\program files\Panda Security
2009-05-03 08:56 . 2009-05-03 09:24 -------- d-----w c:\windows\BDOSCAN8
2009-05-03 05:02 . 2009-05-03 05:02 -------- d-----w c:\program files\AxBx
2009-05-02 20:03 . 2009-05-02 20:03 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-02 20:03 . 2009-05-02 20:05 -------- d-----w c:\program files\MpcStar
2009-05-01 12:46 . 2009-05-01 12:46 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-01 12:11 . 2009-05-04 23:17 -------- d-----w c:\documents and settings\user\Tracing
2009-05-01 12:09 . 2009-05-01 12:09 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-01 12:08 . 2006-11-29 10:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-01 12:07 . 2009-05-01 12:07 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-01 12:05 . 2009-05-01 12:05 -------- d-----w c:\program files\Microsoft
2009-05-01 12:05 . 2009-05-01 12:05 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-01 12:04 . 2009-05-01 12:09 -------- d-----w c:\program files\Windows Live
2009-05-01 11:58 . 2009-05-01 11:58 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-17 15:42 . 2009-04-17 15:42 -------- d-----w c:\program files\Boilsoft Video Splitter
2009-04-17 15:19 . 2009-05-01 20:26 -------- d-----w c:\program files\avisplit
2009-04-17 12:02 . 2009-04-17 12:02 -------- d-----w c:\program files\Witcobber
2009-04-15 06:51 . 2009-04-15 06:51 -------- d-----w c:\documents and settings\user\rashed10101
2009-04-15 06:40 . 2009-04-15 06:40 -------- d-----w c:\documents and settings\user\sss
2009-04-10 12:47 . 2009-05-03 15:06 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Hotspot_Shield
2009-04-10 11:11 . 2009-04-10 11:11 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Conduit
2009-04-10 11:03 . 2009-04-10 11:03 -------- d-----w c:\program files\Conduit
2009-04-10 11:03 . 2009-05-03 14:47 -------- d-----w c:\program files\Hotspot_Shield
2009-04-10 11:01 . 2009-04-03 18:18 33256 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-04-06 12:44 . 2009-04-06 15:17 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\WMTools Downloaded Files
2009-04-05 22:52 . 2009-04-05 22:54 -------- d-----w c:\documents and settings\user\Application Data\Paltalk
2009-04-05 22:51 . 2009-04-05 22:51 -------- d-----w c:\windows\PaltalkScene
2009-04-05 22:51 . 2009-04-05 22:53 -------- d-----w c:\program files\Paltalk Messenger
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 12:16 . 2008-11-30 05:19 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-01 12:10 . 2008-11-30 05:18 97552 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 06:31 . 2009-02-08 17:53 -------- d-----w c:\program files\Google
2009-04-19 10:53 . 2008-12-31 01:19 -------- d-----w c:\program files\eMule
2009-04-17 14:00 . 2009-04-17 14:00 -------- d-----w c:\program files\Zealot Software
2009-04-10 17:17 . 2008-11-29 18:21 -------- d-----w c:\program files\Vuze
2009-04-10 11:04 . 2009-01-02 13:40 -------- d-----w c:\program files\Hotspot Shield
2009-03-23 07:04 . 2008-12-18 10:07 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-23 07:03 . 2008-11-30 05:19 -------- d-----w c:\program files\Java
2009-03-19 15:08 . 2008-11-29 23:06 -------- d-----w c:\program files\Common Files\Adobe
2009-03-19 14:55 . 2009-03-19 14:55 -------- d-----w c:\program files\Common Files\Vbox
2009-03-19 14:49 . 2008-11-30 03:36 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-19 14:48 . 2008-11-30 03:34 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-19 13:58 . 2009-03-19 13:58 -------- d-----w c:\program files\MSBuild
2009-03-19 13:58 . 2009-03-19 13:58 194840 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-19 13:46 . 2009-03-19 13:46 -------- d-----w c:\program files\Reference Assemblies
2009-03-19 13:31 . 2009-03-19 13:31 -------- d-----w c:\program files\Sony Setup
2009-03-19 12:27 . 2009-03-19 12:27 -------- d-----w c:\program files\Xvid
2009-03-19 12:07 . 2009-03-19 12:07 -------- d-----w c:\program files\XviD Bitrate Calculator
2009-03-19 04:58 . 2004-05-23 12:00 12528 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-03-19 03:48 . 2009-03-19 03:48 223128 ----a-w c:\windows\system32\drivers\vaxscsi.sys
2009-03-19 03:48 . 2009-03-19 03:48 -------- d-----w c:\program files\Alcohol Soft
2009-03-19 03:39 . 2009-03-19 03:39 96256 ----a-w c:\windows\system32\drivers\sptd4253.sys
2009-03-19 03:39 . 2009-03-19 03:39 642560 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-15 20:55 . 2009-03-15 11:14 -------- d-----w c:\program files\Rapidown
2009-03-10 18:17 . 2009-03-10 18:17 -------- d-----w c:\program files\Apowersoft
2009-02-06 16:43 . 2009-02-06 16:43 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 15:52 . 2009-02-06 15:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-29 00:09 . 2009-01-05 11:01 3072 ----a-w c:\program files\Microsofts.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-04_01.11.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-04 23:42 . 2009-05-04 23:42 16384 c:\windows\Temp\Perflib_Perfdata_470.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-05-03 14:47 1883672 ----a-w c:\program files\Hotspot_Shield\tbHot1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-10 11:01 332776 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-05-03 1883672]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-05-03 1883672]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-05-23 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-10-11 802816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 148888]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-05-02 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-1-28 10950144]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Designer 8.2\\FormDesigner.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R2 gupdate1c98a162ebc8d90;Google Update Service (gupdate1c98a162ebc8d90);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-03 364008]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\DRIVERS\HssDrv.sys [2009-04-03 33256]
.
Contents of the 'Scheduled Tasks' folder
2009-05-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyServer = 212.116.219.52:80
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: IDM بواسطة FLV تحميل محتوى فيديو - c:\program files\Internet Download Manager\IEGetVL.htm
IE: IDM تحميل بواسطة - c:\program files\Internet Download Manager\IEExt.htm
IE: IDM تحميل جميع الروابط بواسطة - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\sl6cujhd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1970595&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.aldahereyah.net/forums
FF - component: c:\documents and settings\user\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\sl6cujhd.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-05 02:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6d701890-71e8-4999-92fa-70f7a57c7f8f}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005d
"Therad"=dword:0000001e
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,d9,3b,af,b2,3b,cc,0b,7d,10,7d,21,64,b9,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):eb,45,2d,50,84,54,73,8b,ae,be,87,23,5a,00,f2,65,10,d6,64,4b,04,
74,e4,5c,b1,63,4c,c5,21,80,0d,f9,15,a9,9b,9d,a5,3d,b6,11,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2500)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-04 2:49
ComboFix-quarantined-files.txt 2009-05-04 23:49
ComboFix2.txt 2009-05-04 01:18
Pre-Run: 3,766,218,752 bytes free
Post-Run: 3,780,472,832 bytes free
177
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى