إختفاء خاصية مجلد جديد من قوائم الزر الأيمن لـ الماوس ..!

[Asheeq]

مرحبا​

طولوا البال معي ..
مشان الجهاز خراب إن خراب :q:​

-- -- -- -- --​

قضية اليوم في الزر الأيمن للماوس ..​

خاصية جديد >> مجلد جديد + اختصار + ......... لخ​

فجأة اختفت خاصية مجلد جديد من قائمة جديد << فهمتوا شيء ؟ :d:​

شوفوا هاي الصورة​

:d: جزر >> خيار المجلد الجديد اختفى .. ومابعرف وين راح ؟! :?:​

ممكن طريقة لأسترجاعه ؟​

اسمى التحايا ..!​

.​

 

[kemo_2009]

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات .. ويظهر لك تقرير ==> انسخه والصقه بردك القادم

 

[Asheeq]

معلومة : تقرير الهايجاك سليييييييم


ولـ التأكيد ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:30 PM, on 6/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Aqee\Desktop\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kooora Brazil Toolbar - {70010df9-6686-4459-ac0b-7e754159245a} - C:\Program Files\Kooora_Brazil\tbKooo.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Kooora Brazil Toolbar - {70010df9-6686-4459-ac0b-7e754159245a} - C:\Program Files\Kooora_Brazil\tbKooo.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Kooora Brazil Toolbar - {70010df9-6686-4459-ac0b-7e754159245a} - C:\Program Files\Kooora_Brazil\tbKooo.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: fbt32.dll fbt32.dll fbt32.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c953cf769f00) (gupdate1c9c953cf769f00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
--
End of file - 7601 bytes

​

 

[kemo_2009]

تقريرك سليم بس سوي هذه

بعدها

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

عطل برنامج الحمايه واستخدم اداة SmitfraudFix​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

​

​

ثم قم بعمل تقرير هايجاك جديد

 

[Asheeq]

داخل حرب .. :q:



1

تقرير ComboFix


ComboFix 09-06-04.09 - Aqee 06/05/2009 16:57.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1256.966.1033.18.1013.404 [GMT 3:00]
Running from: c:\users\Aqee\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\msimg32.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
c:\users\Aqee\AppData\Roaming\inst.exe
c:\users\Aqee\FAVORI~1\Download programs.url
c:\users\Aqee\FAVORI~1\Games.url
c:\users\Aqee\FAVORI~1\Videos.url
c:\users\Aqee\Favorites\Download programs.url
c:\users\Aqee\Favorites\Games.url
c:\users\Aqee\Favorites\Videos.url
c:\windows\system32\anidkaho.ini
c:\windows\system32\bgdkfaed.ini
c:\windows\system32\bISDNqru.ini
c:\windows\system32\bISDNqru.ini2
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\ebojepaa.ini
c:\windows\system32\fbt32.dll
c:\windows\system32\fohceupx.ini
c:\windows\system32\gfpoccma.ini
c:\windows\system32\ihpofija.ini
c:\windows\system32\ileqlwqt.ini
c:\windows\system32\jhxxwxqs.ini
c:\windows\system32\kakle.dll
c:\windows\system32\lcmaxeni.ini
c:\windows\system32\mpdyccnt.ini
c:\windows\system32\mwcxmfgp.ini
c:\windows\system32\ohocvmjl.ini
c:\windows\system32\p958w3m.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\psuwohou.ini
c:\windows\system32\reeolffv.ini
c:\windows\system32\rldmntfd.ini
c:\windows\system32\uvGjQqss.ini
c:\windows\System32\uvGjQqss.ini2
c:\windows\system32\videocore.dll
c:\windows\system32\videoformat.dll
c:\windows\system32\virfmkqe.ini
c:\windows\system32\vxcmeudu.ini
c:\windows\system32\winitn.dll
c:\windows\system32\xhcjvdrp.ini
c:\windows\system32\yqvhxbjx.ini
c:\windows\system32\ywetlptm.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 13:54 . 2009-06-05 13:54 -------- d-----w- \Qoobox
2009-06-04 12:48 . 2009-06-04 12:51 -------- d-----w- c:\program files\Video-AVI to GIF Converter
2009-06-03 15:13 . 2009-06-04 05:09 -------- d-----w- c:\program files\AVI-GIF
2009-06-03 03:15 . 2007-08-03 20:49 -------- d-----w- c:\windows\system32\SmitfraudFix
2009-06-02 05:03 . 2009-06-02 05:03 -------- d-----w- c:\program files\Scorpio Software
2009-06-01 06:03 . 2008-12-03 22:25 120832 ----a-w- c:\users\Aqee\AppData\Roaming\Mozilla\Firefox\Profiles\f4hd6i2u.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-05-30 00:42 . 2009-05-30 01:06 -------- d-----w- c:\program files\CCM Wizard
2009-05-29 15:34 . 2009-05-29 15:34 -------- d-----w- c:\users\Aqee\AppData\Roaming\Malwarebytes
2009-05-29 15:34 . 2009-05-29 15:34 -------- d-----w- c:\programdata\Malwarebytes
2009-05-28 16:39 . 2009-05-28 16:39 33792 ----a-w- c:\users\Aqee\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\1000000600002i\verclsid.exe
2009-05-28 16:37 . 2009-05-28 16:37 -------- d-----w- c:\users\Aqee\AppData\Local\Thinstall
2009-05-28 16:23 . 2009-05-29 22:11 -------- d-----w- c:\users\Aqee\KAV_2009
2009-05-28 15:40 . 2009-05-28 16:43 -------- d-----w- c:\users\Aqee\office
2009-05-28 13:53 . 2009-05-28 13:53 206088 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-28 13:52 . 2009-05-28 13:52 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-28 13:52 . 2009-05-28 13:52 239120 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista\klif.sys
2009-05-27 23:10 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-05-27 23:10 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-27 23:10 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-05-27 23:10 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-05-27 23:10 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-05-27 23:10 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-05-27 23:10 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-05-27 22:49 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-05-27 22:49 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-05-27 22:49 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-27 22:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-05-27 22:48 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-05-27 13:19 . 2009-05-28 13:53 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-27 13:19 . 2009-05-28 13:53 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-27 13:15 . 2009-06-05 14:09 614432 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-27 13:15 . 2009-06-05 14:06 4859936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-27 11:39 . 2009-05-27 11:39 -------- d-----w- c:\users\Aqee\{3cde4dda-0add-41cd-bcc6-8dd97d4363e6}
2009-05-27 10:55 . 2009-05-27 10:55 -------- d-----w- c:\users\Aqee\AppData\Roaming\Kaspersky_Key_Finder_(KKF
2009-05-25 05:13 . 2009-05-25 05:34 -------- d-----w- c:\program files\Video GIF Converter
2009-05-25 03:54 . 2009-06-04 05:06 -------- d-----w- c:\program files\Video-AVI to GIF-JPEG
2009-05-20 02:40 . 2009-05-20 02:41 -------- d-----w- c:\users\Aqee\AppData\Roaming\MiniDm
2009-05-14 16:17 . 2009-05-15 22:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-13 13:19 . 2009-05-13 13:19 53248 ----a-w- c:\users\Aqee\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000111800002h\EXCEL.EXE
2009-05-13 13:17 . 2009-05-13 13:17 53248 ----a-w- c:\users\Aqee\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000004500002h\OIS.EXE
2009-05-11 10:14 . 2009-05-11 10:14 -------- d-----w- c:\program files\Conduit
2009-05-11 10:14 . 2009-05-29 20:51 -------- d-----w- c:\program files\Kooora_Brazil
2009-05-11 08:25 . 2009-05-10 20:56 51200 ----a-w- c:\users\Aqee\AppData\Roaming\Mozilla\Firefox\Profiles\f4hd6i2u.default\extensions\{70010df9-6686-4459-ac0b-7e754159245a}\components\FFExternalAlert.dll
2009-05-11 08:25 . 2009-05-10 20:56 114688 ----a-w- c:\users\Aqee\AppData\Roaming\Mozilla\Firefox\Profiles\f4hd6i2u.default\extensions\{70010df9-6686-4459-ac0b-7e754159245a}\components\npmozax.dll
2009-05-06 17:29 . 2009-05-06 17:29 3584 ----a-r- c:\users\Aqee\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-05-06 17:29 . 2009-05-06 17:29 -------- d-----w- c:\program files\Windows Installer Clean Up
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 14:09 . 2009-05-27 13:15 3180 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-05 14:07 . 2008-03-08 03:17 1377107968 --sha-w- \pagefile.sys
2009-06-05 14:06 . 2009-05-27 13:15 40096 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-05 14:06 . 2008-05-09 14:29 7731 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 08:22 . 2008-06-01 18:15 -------- d-----w- c:\programdata\Kaspersky Lab
2009-06-04 05:58 . 2008-07-18 09:32 1356 ----a-w- c:\users\Aqee\AppData\Local\d3d9caps.dat
2009-06-03 11:58 . 2008-05-30 13:22 -------- d-----w- c:\users\Aqee\AppData\Roaming\Thinstall
2009-05-30 02:07 . 2008-04-29 07:01 -------- d-----w- c:\program files\Google
2009-05-28 13:53 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-25 05:01 . 2008-09-17 09:51 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-05-17 14:54 . 2008-07-17 03:25 -------- d-----w- c:\program files\MSECache
2009-05-17 03:31 . 2008-07-17 09:56 -------- d-----w- c:\programdata\Microsoft Help
2009-05-15 22:59 . 2008-06-02 11:52 113568 ----a-w- c:\users\Aqee\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-15 10:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-14 16:27 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-05-13 16:02 . 2009-03-25 01:56 -------- d-----w- c:\programdata\Messenger Plus!
2009-05-07 06:55 . 2009-03-18 02:58 -------- d-----w- c:\users\Aqee\AppData\Roaming\GetRightToGo
2009-05-07 04:17 . 2009-04-07 19:46 -------- d-----w- c:\program files\WMCap
2009-05-04 15:53 . 2009-05-04 15:53 -------- d-----w- c:\program files\Microsoft Works
2009-05-04 15:52 . 2009-05-04 15:52 -------- d-----w- c:\program files\Microsoft.NET
2009-04-24 10:40 . 2009-03-26 01:57 -------- d-----w- c:\program files\WMR11
2009-03-26 08:11 . 2009-04-25 17:40 2082104 ----a-w- c:\users\Aqee\AppData\Roaming\Mozilla\Firefox\Profiles\f4hd6i2u.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-03-19 11:21 . 2009-03-19 11:11 6 ----a-w- C:\tw0001.dat
2009-03-19 11:21 . 2009-03-19 11:11 6 ----a-w- \tw0001.dat
2009-03-17 03:38 . 2009-04-15 12:52 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 12:52 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-27 23:31 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-27 23:31 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-27 23:31 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-27 23:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-27 23:31 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-27 23:31 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-27 23:31 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-27 23:31 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-27 23:31 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-27 23:31 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-27 23:31 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-27 23:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-27 23:31 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-27 23:31 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-27 23:31 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-27 23:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-27 23:31 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-27 23:31 156160 ----a-w- c:\windows\system32\msls31.dll
2008-12-07 05:31 . 2008-12-07 05:31 1839 ----a-w- c:\program files\uninplug.log
2008-05-05 19:41 . 2008-05-05 19:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70010df9-6686-4459-ac0b-7e754159245a}]
2009-05-06 13:27 2093080 ----a-w- c:\program files\Kooora_Brazil\tbKooo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-05-05 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-12 185872]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-28 68592]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-5-15 6822728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Aqee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^delvista.exe]
backup=c:\windows\pss\delvista.exe.Startup
backupExtension=.Startup
path=c:\users\Aqee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\delvista.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2472209663-2094805294-3685982350-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C3D14D74-3E59-4855-BF7E-3E6DC4AA3B18}"= UDP:22541:BitComet 22541 TCP
"{70433444-9CBA-4B81-BB69-21467D2E297B}"= TCP:22541:BitComet 22541 UDP
"TCP Query User{B3239D38-DB2D-401D-8916-9AEC15605BA0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2CABD342-4EF1-49A1-A0E0-FF94E831AF7D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F6E5F57F-1A0A-4018-9E9F-1303A1B73705}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{503266F9-0FE5-408C-9F85-99C6A905E128}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9E5D6D77-949F-4164-B5A1-2C6AAF984D60}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{A7CE9B4D-6B47-4756-B52C-9085E222BFC1}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{ECB13B91-5548-47DC-ACA5-265B506913F4}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{F10EE2FF-E185-46A4-8720-DE018C8D7B83}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{196C9F06-148B-46D6-AF15-81A0187C7A53}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{3ED0887B-B837-4119-9B88-8EBAACEA057E}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{7A70DA01-6F16-462E-8EE4-3AC1F23549DD}"= UDP:c:\program files\DAP\DAP.exeownload Accelerator Plus (DAP)
"{AC30FB48-3AB5-4A52-806F-DC96E8EA9AAD}"= TCP:c:\program files\DAP\DAP.exeownload Accelerator Plus (DAP)
"{EEB14326-70BF-465E-B3D5-2C0C397CF5F0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DAB98C9F-D3D8-42F2-A8C8-B885B6FD98F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{EEE915DE-F777-4D65-B38F-B698361E714B}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{E5D583E4-9D91-4B0A-9F92-2782B950AEB8}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{7FB5F296-A2A1-4781-A93C-85B02D947E7D}c:\\program files\\imesh applications\\imesh\\imesh.exe"= UDP:c:\program files\imesh applications\imesh\imesh.exe:iMesh
"UDP Query User{E2B69ABF-295E-4049-A545-855BB0BDA0F6}c:\\program files\\imesh applications\\imesh\\imesh.exe"= TCP:c:\program files\imesh applications\imesh\imesh.exe:iMesh
"{B0E252C8-8F3E-4DDE-8CEC-B7BA1821CE2D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{47C22E03-C088-4638-996A-BE28D9363F96}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{75C5E8A2-2BF6-49F0-B12D-32F4BC3422EC}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{69CF801F-F7F1-403A-8949-E27CA3D92042}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{C53F4130-6219-462D-858A-94697A3F11CB}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{62B07214-6EEF-4422-A580-F4158B38B85D}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{B1B4F5E1-B7B7-4EE1-8D10-FEB219E70B3E}c:\\users\\aqee\\gilitter\\saved games\\ألعاب السيدي\\nes\\virtuanes.exe"= UDP:c:\users\aqee\gilitter\saved games\ألعاب السيدي\nes\virtuanes.exe:virtuanes.exe
"UDP Query User{82B873F9-C187-4766-977B-750E4203BCF9}c:\\users\\aqee\\gilitter\\saved games\\ألعاب السيدي\\nes\\virtuanes.exe"= TCP:c:\users\aqee\gilitter\saved games\ألعاب السيدي\nes\virtuanes.exe:virtuanes.exe
"{DFE3480E-07BD-4967-BB06-D29801599973}"= UDP:c:\users\Aqee\Desktop\utorrent.exe:µTorrent (TCP-In)
"{204102B6-78C8-490A-9214-8E92FF569CB0}"= TCP:c:\users\Aqee\Desktop\utorrent.exe:µTorrent (UDP-In)
"{9A04E573-E847-41AE-90E4-7D671F4EB1DA}"= UDP:c:\users\Aqee\Desktop\Programs\utorrent.exe:µTorrent (TCP-In)
"{35E07F85-9493-4829-82D9-C528761D07BC}"= TCP:c:\users\Aqee\Desktop\Programs\utorrent.exe:µTorrent (UDP-In)
"{3EED8BFD-E576-489D-BF0D-3A1C7AE85178}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{30AE3E6F-B920-4C3F-85F8-9DA1387D701B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{27231C70-84AF-4211-B49D-3893A3B4054D}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{1B76CDAC-513E-4263-869A-E92B3EF42714}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{E4EF33CA-3DC6-43F5-B2EE-5D6E521D3949}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CDFDA02F-A631-47F0-A7D7-6EE8F75DDEBD}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{2EA05089-22DD-4D37-9201-170A24C7D327}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24DA419B-0872-467C-AFAA-0E55AF5950E2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98D9161D-53A4-4E3E-931E-BE158C6CA9EB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3268459D-FAD4-4F00-8FB2-3489BE5AC878}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CD909340-AB84-40AC-A202-E11FF8BB8137}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [7/9/2008 5:28 PM 20496]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [5/5/2008 10:31 PM 21504]
R3 BthAudioHF;BthAudioHF Service;c:\windows\System32\drivers\BthAudioHF.sys [3/31/2008 9:15 PM 30208]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [7/10/2008 3:43 PM 15872]
S2 gupdate1c9c953cf769f00;Google Update Service (gupdate1c9c953cf769f00);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 8:23 AM 133104]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [7/10/2008 3:43 PM 34816]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-04 05:43]
2009-06-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 05:23]
2009-06-05 c:\windows\Tasks\User_Feed_Synchronization-{F210D213-018C-4510-9CFD-BDA1EE5FFD25}.job
- c:\windows\system32\msfeedssync.exe [2009-05-27 11:31]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

FF - ProfilePath - c:\users\Aqee\AppData\Roaming\Mozilla\Firefox\Profiles\f4hd6i2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272696&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Kooora Brazil Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272696&SearchSource=2&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\Aqee\AppData\Roaming\Mozilla\Firefox\Profiles\f4hd6i2u.default\extensions\{70010df9-6686-4459-ac0b-7e754159245a}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260 (2).dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\users\Aqee\AppData\Roaming\Mozilla\Firefox\Profiles\f4hd6i2u.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-05 17:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2472209663-2094805294-3685982350-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7823D904-AF05-9C86-F72A-D1849B5E723D}*]
"abpjdbjijpjojmgmbollpiofoeeakaoojg"=hex:61,61,00,00
"maojicpndajmjbakgenjkmibko"=hex:61,61,00,00
[HKEY_USERS\S-1-5-21-2472209663-2094805294-3685982350-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ec,0c,00,3a,39,47,5a,2f,18,01,c5,5b,7e,0f,03,85,7a,40,fd,34,eb,
a9,4f,2c,ec,70,cd,1c,a9,ed,d9,f1,2d,16,81,f4,42,a3,d1,52,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2472209663-2094805294-3685982350-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0a,08,04,4c,36,5c,60,55,b8,7a,96,7b,c4,36,98,63,cd,a6,a3,cc,17,
bc,79,2e,6b,01,00,a7,e4,16,df,3e,8c,d7,99,95,1e,40,20,0b,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2472209663-2094805294-3685982350-1000_Classes\CLSID\{9b9eb271-c13c-46b7-bcf4-e4b668d1761b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000151
"Therad"=dword:00000015
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,8d,81,21,3b,7a,46,2b,ab,d1,b6,01,36,54,a3,b7,36,11,85,82,e8,8f,80,\
[HKEY_USERS\S-1-5-21-2472209663-2094805294-3685982350-1000_Classes\CLSID\{c4592bf3-539f-4307-a5c8-7cc8d9ae3004}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000151
"Therad"=dword:0000002b
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,6b,89,e9,09,6f,ad,8c,9d,94,13,a2,39,c8,14,bd,b9,60,51,27,e7,22,d3,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\windows\System32\conime.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\TechSmith\SnagIt 9\TscHelp.exe
c:\program files\TechSmith\SnagIt 9\SnagPriv.exe
c:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
.
**************************************************************************
.
Completion time: 2009-06-05 17:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 14:22
Pre-Run: 22,781,079,552 bytes free
Post-Run: 22,367,674,368 bytes free
415 --- E O F --- 2009-06-05 08:29




.

​

 

[Asheeq]

2

تقرير SmitFraudFix

SmitFraudFix v2.419
Scan done at 17:27:53.42, Fri 06/05/2009
Run from C:\Users\Aqee\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D1F89DB6-2038-4521-ABDA-D462B82BD495}: DhcpNameServer=212.93.192.16 212.93.192.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D1F89DB6-2038-4521-ABDA-D462B82BD495}: DhcpNameServer=212.93.192.16 212.93.192.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.93.192.16 212.93.192.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.93.192.16 212.93.192.10

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End



.​

 

[Asheeq]

3

تقرير hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:59, on 6/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aqee\Desktop\Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kooora Brazil Toolbar - {70010df9-6686-4459-ac0b-7e754159245a} - C:\Program Files\Kooora_Brazil\tbKooo.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Kooora Brazil Toolbar - {70010df9-6686-4459-ac0b-7e754159245a} - C:\Program Files\Kooora_Brazil\tbKooo.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Kooora Brazil Toolbar - {70010df9-6686-4459-ac0b-7e754159245a} - C:\Program Files\Kooora_Brazil\tbKooo.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c953cf769f00) (gupdate1c9c953cf769f00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
--
End of file - 5704 bytes


.
​

 

[Asheeq]

بس :q:

​

 

[GranDMasteR]

السلام عليكم
لا اعلم هل نظامك هو فيستا ام 7
ان كان فيستا تفضل اخي حمل هذا ملف الريجستري من

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل اعمل كليك يمين واختر Merge ومن ثم اضغط زر Run اذا سألك عن الحمايه
ومن ثم Continue اذا كنت مفعل خاصية UAC ومن ثم Yes للتأكيد , وفي النهايه Ok بعد الانتهاء
اعمل Logoff ومن ثم Logon اذا كنت تفضل عدم عمل ريستارت, او اعمل ريستارت وهو المفضل
اسف لاني لم اضع الملف في المرفقات لان عدد مشاركاتي لا تسمح بذلك

بالتوفيق يالغالي

 

[فواصل الحب]

مشكوووور اااالك ويعطيك ااالف عااافيه​

 

[Asheeq]

^ ^

وعليكم السلام ..

النظام فيستا ألتيمت ..

جاري تحميلها ووضعها في الاحتياط ..

لأنني بـ أنتظار الرد على السابق .. حتى اعرف ماذا حدث ؟

بـ اعتبار تكملة مابدأتُ به ..

واشكر مرورك ومساعدتك ..

​

 

[Asheeq]

مشكوووور اااالك ويعطيك ااالف عااافيه
​

عفوا .. ؟؟ :q:

:hh:

لم تنتهي المشكلة بعد ..

.
​

 

[Asheeq]

:d:​

Up​

لم تظهر خاصية المجلد الجديد ..!!​

 

[Corporation]

حمل الملف التالي شغل وشوف ..

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا ما ظبط معنـآها فيروسات ..​

 

[GranDMasteR]

السلام عليكم
اخي Asheeq ما قصدك جاري تحميلها ووضعها في الاحتياط ..
هل قمت بتشغيل ملف الريجستري ام لا؟

بالتوفيق ان شاء الله

 

[Asheeq]

حمل الملف التالي شغل وشوف ..​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

اذا ما ظبط معنـآها فيروسات ..​

الحمد لله لايوجد فيروساااااات .. :no:​

للتو خرجت من حرب ضروس معهم .. :q:​

حملت الملف وعند تشيغله​

أشكر مساعدتك ..​

.
.

 

[Asheeq]

السلام عليكم
اخي Asheeq ما قصدك جاري تحميلها ووضعها في الاحتياط ..
هل قمت بتشغيل ملف الريجستري ام لا؟

بالتوفيق ان شاء الله

:b:

وعليكم السلام ورحمة الله ..

لا داعي ان أشرح .. فـ قد ربحت ..

أشكرك جززززززيل الشكر ..

بلغتُ مرادي بـ مجرّد تشغيل ملفك ..

k:



.​

 

[Asheeq]

سـ أعود لـ الموضوع بعد التأكيد ..

خوفي تختفي بعد إعادة التشغيل .. واعطيكم آخر النتائج ..

سـ أعود لا تقفلوه :d:


.

.​

 

[GranDMasteR]

الشكر لله

بأنتظار تأكيد النتيجه k:

بالتوفيق ان شاء الله

 

[Asheeq]

الحمد لله ..

تم التأكيد .. وكل الأمور تماااااااااامز ..

والشكر موصول لـ كل شخصٍ ساعدني ..

ألف شكر لكم جميعاً ..!



يُغلق ^_^



.​