مشكلة في كاسبر سكاي (تلف اللسنس)

ante · 25 يونيو 2009

السلام عليكم ,
مشكلتي مع الكاسبر صعبه , لاكن ان شاء الله اجد لها حل هنا عند الخبراء .
كنت منصب كاسبر سكاي 2009 وشغال تمام مع مفاتيح من هنا وهناك . الى ان جاء يوم وقال ان الكي غير صالح ... قلنا وضع طبيعي نجيب غيرو ... جبت غيرو وركبتو ما زبط ابدا ...
وبعد محاولات وتجريب مفاتيح اكثر من 70 مفتاح واجزم ان 90% منها شغال . اطررت التوجه الى الرجستري regedit.exe وحذفت كل ملفات الكاسبر من (سوفتوي)
مع العلم انني كنت اعمل على كراك يعمل حذف الرجستري كل نهاية شهر فتاتيني رساله ان اركب كي تجريبي 30 يوم مره اخرى وهكذى ,
بعد حذف الرجستري طالبني ان انشط المنتج فخترت 30 يوم تريل ..نزل المفتاح واشتغل الكاسبر 20 دقيقة ...
وخرجت رساله تقول ان المفتاح تالف ... وطالت المشكله بالرغم من كل المفاتيح وتنويعاتها ... وحتى مع مفتاح تريال الاتي من الشركة يقول تالف !!!
حذفت الكاسبر كاملا ..و ركبت eset وبعد 3 اشهر حذفته لانه لم يرضيني ... ابدا ... والان ركبت الكاسبر 2010 ونفس القصة لا يعمل بعد تركيب الكي تريال ... خرجت رساله تقول انه تالف !!! مع انه ايضا من الشركة ...!
ما هي الحلول ؟

AbOdy · 25 يونيو 2009

المعذرة بنقله الى الركن المناسب

DCJ_99 · 25 يونيو 2009

اخي تابع هذه المشاركه وان شاء الله تفيدك وتابع وقول ايش صار وياك كي نحل المشكله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ante · 26 يونيو 2009

اخي ما زبط.,
مع انو المفتاح تريال , الا انو يقول (المفتاح تالف )

ante · 26 يونيو 2009

هل هنالك حلول ؟
فكرت اشتري كاسبر رسمي , لاكن متردد لان الكي التريال لا يعمل ..!

samirzehani · 26 يونيو 2009

طيب عطنا تقرير هايجاك ممكن يفيد

ante · 26 يونيو 2009

هاي التقرير اخوي :

PHP:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:16 م, on 26/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FlashGet\flashget.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SeekappSrch\seekapp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: تنزيل الارتباط باستخدام مدير ميغا... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Arab Bank Online Banking Service - https://www.arabi-online.com/abr/english/actual/mainpages/ibs.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFE1128A-1C2D-49DD-A931-24754BC6BC6B}: NameServer = 212.14.234.36 195.68.208.230
O20 - AppInit_DLLs: ice_time.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp139.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 1: (no name) - http://www.urstorm.com/vb/

--
End of file - 10676 bytes

samirzehani · 26 يونيو 2009

أحذف
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C

rogram FilesTGTSoftStyleXPStyleXPService.exe
C

rogram FilesJavajre6binjqs.exe
C:WINDOWSsystem32PnkBstrA.exe
C

ocuments and SettingsAll UsersApplication DataSeekappSrchseekapp139.exe
C:WINDOWSSystem32TUProgSt.exe
C

ROGRA~1FlashGetflashget.exe
C:WINDOWSsystem32rundll32.exe
C

rogram FilesSeekappSrchseekapp.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSsystem32ctfmon.exe
C

rogram FilesTGTSoftStyleXPStyleXP.exe
C

rogram FilesNokiaNokia PC Suite 7PCSuite.exe
C

rogram FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C

rogram FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C

rogram FilesPC Connectivity SolutionTransportsNclMSBTSrv.exe
C

rogram FilesWindows LiveContactswlcomm.exe
C:WINDOWSsystem32igfxsrvc.exe
C

rogram FilesTrend MicroHijackThisHijackThis.exe
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C

rogram FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [Flashget] C

ROGRA~1FlashGetflashget.exe /min
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [STYLEXP] C

rogram FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Startup: Kremlin Sentry.lnk = C

rogram FilesMach5 SoftwareKremlinKremlin Sentry.exe
O8 - Extra context menu item: تنزيل الارتباط باستخدام مدير ميغا... - C

rogram FilesMegauploadMega Managermm_file.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C

rogram FilesKaspersky LabKaspersky Internet Security 2010klwtbbho.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C

rogram FilesEltima SoftwareFlash Decompiler Trillixsaveflashiebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C

rogram FilesEltima SoftwareFlash Decompiler Trillixsaveflashiebt.dll
O17 - HKLMSystemCCSServicesTcpip..{EFE1128A-1C2D-49DD-A931-24754BC6BC6B}: NameServer =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C

rogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C

rogram FilesCommon FilesNeroLibNMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: SeekappSrch Service - Unknown owner - C

ocuments and SettingsAll UsersApplication DataSeekappSrchseekapp139.exe
O23 - Service: StyleXPService - Unknown owner - C

rogram FilesTGTSoftStyleXPStyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:WINDOWSSystem32TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:WINDOWSSystem32TUProgSt.exe
O24 - Desktop Component 1: (no name) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ante · 26 يونيو 2009

تم حذف اغلب السطور .
وهذى التقرير بعد الحذف :

PHP:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:46:41 م, on 26/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FlashGet\flashget.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Flashget] C:\PROGRA~1\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: تنزيل الارتباط باستخدام مدير ميغا... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Arab Bank Online Banking Service - https://www.arabi-online.com/abr/english/actual/mainpages/ibs.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFE1128A-1C2D-49DD-A931-24754BC6BC6B}: NameServer = 212.14.234.36 195.68.208.230
O20 - AppInit_DLLs: ice_time.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9266 bytes

وهذه غير موجوده اصلا في اللسته ! أو من اين تحذف

أحذف

PHP:

C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Documents and SettingsAll UsersApplication DataSeekappSrchseekapp139.exe
C:WINDOWSSystem32TUProgSt.exe
C:PROGRA~1FlashGetflashget.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesSeekappSrchseekapp.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTGTSoftStyleXPStyleXP.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclMSBTSrv.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:WINDOWSsystem32igfxsrvc.exe

البارون · 26 يونيو 2009

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

ante · 26 يونيو 2009

نفس المشكله بعد التعديل , تخرج رسالة تقول ان الكاسبر سغلق , وانع سيغلق الانرنت معه . لاكني امنع اغلاق الانرنت ويغلق لوحده .

البارون · 26 يونيو 2009

الجهاز فيه اصابات

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

ante · 26 يونيو 2009

ها هو التقرير :

ComboFix 09-06-25.05 - Administrator 06/26/2009 15:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.3326.2714 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SeekappSrch
c:\documents and settings\All Users\Application Data\SeekappSrch\seekapp139.exe
c:\program files\SeekappSrch
c:\program files\SeekappSrch\readme.html
c:\program files\SeekappSrch\seekapp.dll
c:\program files\SeekappSrch\seekapp.exe
c:\program files\SeekappSrch\uninstall.exe
c:\windows\system32\Ultra.dll
D:\resycled
E:\resycled
F:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-25 20:35 . 2009-06-25 20:37 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-25 20:30 . 2009-06-25 20:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-25 20:30 . 2009-06-17 08:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 20:30 . 2009-06-17 08:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 20:30 . 2009-06-25 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 20:30 . 2009-06-25 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 20:26 . 2009-06-25 20:26 -------- d-----w- c:\program files\Trend Micro
2009-06-25 15:00 . 2009-06-25 15:00 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-06-25 15:00 . 2009-06-25 15:00 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-06-25 15:00 . 2009-06-25 15:00 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-06-25 15:00 . 2009-06-25 15:00 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-06-25 15:00 . 2009-06-25 15:00 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-06-25 14:50 . 2009-06-25 14:50 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-06-25 14:47 . 2009-06-25 14:47 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-25 14:47 . 2009-06-25 14:47 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-20 15:12 . 2009-06-20 15:12 -------- d-----w- c:\program files\honestech Video Editor 7.0
2009-06-12 17:47 . 2009-05-26 16:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-06-11 23:10 . 2009-06-11 23:10 -------- d-----w- c:\program files\uTorrent
2009-06-11 23:09 . 2009-06-14 19:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-06-10 12:51 . 2009-06-10 12:51 -------- d-----w- c:\windows\SSMaui Wowee
2009-06-10 12:51 . 1999-02-16 05:02 49664 ----a-w- c:\windows\SSMaui Wowee.scr
2009-06-10 12:49 . 2004-09-20 13:00 802816 ----a-w- c:\windows\FeedingFrenzy.scr
2009-06-10 12:49 . 2005-01-07 08:39 57344 ----a-w- c:\windows\system32\Big Kahuna Reef.scr
2009-06-10 12:48 . 2005-08-03 10:48 389120 ----a-w- c:\windows\Adventure Inlay.scr
2009-06-10 12:48 . 2009-06-10 12:56 -------- d-----w- c:\program files\GameHouse Games Collection
2009-06-10 10:02 . 2009-04-30 19:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 10:01 . 2009-04-26 21:42 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-10 10:01 . 2009-06-10 10:01 -------- d-----w- C:\NVIDIA
2009-06-10 08:03 . 2009-06-10 08:03 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-10 08:03 . 2009-06-10 08:03 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-10 08:03 . 2009-06-10 08:03 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-10 08:03 . 2009-06-10 08:03 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-10 07:49 . 2009-06-10 07:49 -------- d-----w- c:\windows\system32\AGEIA
2009-06-10 07:48 . 2009-06-10 10:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-10 07:14 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 07:14 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 12:13 . 2009-06-09 12:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian
2009-06-09 12:12 . 2009-06-12 07:31 -------- d-----w- c:\program files\Trillian
2009-06-06 09:35 . 2009-06-06 09:35 -------- d-----w- C:\مجلد جديد
2009-06-05 20:41 . 2009-06-05 20:41 -------- d-----w- c:\program files\SSH Communications Security
2009-06-04 19:36 . 2009-06-19 19:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\CoreFTP
2009-06-04 19:36 . 2009-06-04 19:36 -------- d-----w- c:\program files\CoreFTP
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-06-01 16:47 . 2009-06-01 16:55 -------- d-----w- c:\documents and settings\Administrator\sah
2009-05-30 18:59 . 2009-05-31 11:32 -------- d-----w- c:\program files\edBlockDetector 2.0
2009-05-28 11:09 . 2009-05-28 11:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WinZip
2009-05-28 11:08 . 2009-05-28 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 12:21 . 2008-09-15 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-26 12:19 . 2008-10-28 14:14 -------- d-----w- c:\program files\FlashGet4
2009-06-25 14:47 . 2008-09-15 12:44 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-25 14:41 . 2008-09-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-20 15:12 . 2008-09-14 20:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 17:47 . 2008-09-14 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-11 23:09 . 2008-12-05 13:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2009-06-10 10:06 . 2008-09-15 18:05 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 10:02 . 2008-09-15 11:31 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-10 08:05 . 2008-09-15 15:05 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-10 08:03 . 2008-09-28 16:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2009-06-09 15:37 . 2008-10-14 14:36 -------- d-----w- c:\program files\HyCam2
2009-06-09 07:40 . 2008-09-14 20:07 -------- d-----w- c:\program files\Yahoo!
2009-06-05 20:45 . 2009-02-15 12:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\SSH
2009-05-27 12:22 . 2008-11-10 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-05-25 02:21 . 2009-05-25 02:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 02:18 . 2009-05-25 02:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-24 21:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-24 17:03 . 2009-05-24 16:52 -------- d-----w- c:\program files\32BITEMB
2009-05-24 16:26 . 2009-05-24 15:33 -------- d-----w- c:\program files\SendBlaster
2009-05-24 13:42 . 2009-05-24 13:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer
2009-05-24 12:30 . 2009-05-24 12:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-05-23 12:24 . 2008-09-14 18:20 111992 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 11:07 . 2009-05-22 10:53 -------- d-----w- c:\program files\Email Sender Deluxe
2009-05-22 10:53 . 2009-05-22 10:53 3 ----a-w- c:\windows\system32\krx280.dat
2009-05-22 09:17 . 2009-05-22 09:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-22 09:14 . 2009-05-22 09:14 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-22 09:14 . 2009-05-22 09:14 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-22 09:14 . 2009-05-22 09:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-05-22 09:14 . 2009-05-22 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-22 09:14 . 2009-05-22 09:14 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-20 17:30 . 2009-05-10 11:51 -------- d-----w- c:\program files\CoffeeCup Software
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-16 11:39 . 2008-09-20 09:26 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-15 17:54 . 2009-05-15 17:54 -------- d-----w- c:\program files\Thomson
2009-05-15 16:02 . 2009-05-15 08:37 -------- d-----w- c:\program files\Scriptocean
2009-05-15 08:37 . 2009-05-15 08:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\scriptocean
2009-05-15 08:37 . 2009-05-15 08:35 -------- d-----w- c:\program files\ScriptForest Popup Menu
2009-05-15 08:35 . 2009-05-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\scriptforest
2009-05-13 14:46 . 2009-05-13 14:46 31760 ----a-w- c:\windows\system32\drivers\klim5.sys
2009-05-13 05:15 . 2004-08-03 22:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 12:12 . 2008-09-14 20:28 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-10 18:29 . 2009-05-10 18:29 -------- d-----w- c:\program files\Mach5 Software
2009-05-10 18:02 . 2009-05-10 17:48 -------- d-----w- c:\program files\KGB Archiver 2
2009-05-10 11:51 . 2009-05-10 11:51 13 ---h--w- c:\documents and settings\All Users\Application Data\1جط13.sys
2009-05-10 11:51 . 2009-05-10 11:51 13 ---h--w- c:\documents and settings\All Users\Application Data\1جط13.sys
2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 15:06 . 2008-12-25 14:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-05-04 15:05 . 2009-02-08 13:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2009-05-04 11:42 . 2009-01-28 09:47 -------- d-----w- c:\program files\Total Video Converter
2009-04-30 21:31 . 2009-04-30 21:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-04-30 21:31 . 2009-04-30 21:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-04-30 21:31 . 2009-04-30 21:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-04-30 21:31 . 2009-04-30 21:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-04-30 21:31 . 2009-04-30 21:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-04-30 21:31 . 2009-04-30 21:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-04-30 21:31 . 2009-04-30 21:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-04-30 19:02 . 2009-04-30 19:02 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-30 19:02 . 2009-04-30 19:02 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 19:02 . 2009-04-30 19:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 19:02 . 2009-04-30 19:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 19:02 . 2009-04-30 19:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-04-30 19:02 . 2009-04-30 19:02 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-04-30 19:02 . 2009-04-30 19:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-30 19:02 . 2009-04-30 19:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 19:02 . 2008-05-16 18:31 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 19:02 . 2008-05-16 18:31 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-29 11:38 . 2009-04-29 11:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-04-29 11:33 . 2008-12-25 09:44 -------- d-----w- c:\program files\VideoLAN
2009-04-27 11:21 . 2009-05-22 09:14 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-04-17 13:58 . 2009-04-21 10:55 954368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 13:58 . 2009-04-21 10:55 103424 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 13:58 . 2009-04-21 10:55 344064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 13:58 . 2009-04-21 10:55 1161626 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 13:58 . 2009-04-21 10:55 65536 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 13:58 . 2009-04-21 10:55 71652 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 13:58 . 2009-04-21 10:55 4579328 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 13:58 . 2009-04-21 10:55 4534272 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 13:58 . 2009-04-21 10:55 131868 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-17 12:26 . 2004-08-03 21:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 22:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 14:09 . 2009-04-14 13:38 16546800 ----a-w- c:\documents and settings\Administrator\Application Data\Uniblue\DriverScanner\LatestUpdate.exe
2009-04-03 09:39 . 2009-04-03 09:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-03-31 15:51 . 2009-03-31 15:51 207872 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-03-31 15:51 . 2009-03-31 15:51 207872 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-03-31 15:51 . 2009-03-31 15:51 207872 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-03-31 15:51 . 2009-03-31 15:51 207872 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll
2002-07-31 16:55 . 2009-05-20 17:31 104 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Flashget"="c:\progra~1\FlashGet\flashget.exe" [2007-09-25 2007088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-30 185896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-05-25 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ProgDVB\\ProgDvbNet.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\halo\\haloce.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kayako\\LiveResponse\\LiveResponse.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [22/05/2009 12:14 م 604416]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 08:59 م 19472]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [17/01/2009 12:08 ص 1000064]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 01:00 م 277504]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [19/03/2007 09:58 م 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [19/03/2007 09:58 م 12672]
S4 SeekappSrch Service;SeekappSrch Service;"c:\documents and settings\All Users\Application Data\SeekappSrch\seekapp139.exe" "c:\program files\SeekappSrch\seekapp.dll" Service --> c:\documents and settings\All Users\Application Data\SeekappSrch\seekapp139.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 12:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: تنزيل الارتباط باستخدام مدير ميغا... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: {{4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {{CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
TCP: {EFE1128A-1C2D-49DD-A931-24754BC6BC6B} = 212.14.234.36 195.68.208.230
DPF: Arab Bank Online Banking Service - hxxps://www.arabi-online.com/abr/english/actual/mainpages/ibs.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m66o7q20.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-26 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1677128483-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,20,b3,f8,97,f5,e6,4f,81,f2,b5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,20,b3,f8,97,f5,e6,4f,81,f2,b5,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,20,b3,f8,97,f5,e6,4f,81,f2,b5,\

[HKEY_USERS\S-1-5-21-839522115-1677128483-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"
"a"="msnmsgr.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-839522115-1677128483-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:75,87,e6,e2,46,1d,6d,a6,11,a9,8a,15,da,3b,b2,19,56,1d,a6,f7,04,
5c,19,8f,fe,b6,d0,88,b8,ea,54,7c,ee,2b,c0,fb,8d,a3,a4,e0,8b,f9,3f,31,21,d5,\
"rkeysecu"=hex:80,a9,d2,9b,e8,b6,1b,ae,27,d2,7a,b9,c5,f8,4a,c1

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2392)
c:\windows\system32\WININET.dll
c:\progra~1\FlashGet\fgmgr.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-06-26 15:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-26 12:26

Pre-Run: 1,742,311,424 bytes free
Post-Run: 5,693,005,824 bytes free

337 --- E O F --- 2009-06-10 10:06

-------------------------

الرجاء لصق التقرير مباشره

زيزوم

البارون · 26 يونيو 2009

طيب تقرير هايجاك جديد (( تم حذف الاصابت ))

زيزوووم · 26 يونيو 2009

samirzehani قال:
أحذف
c:windowssystem32services.exe
c:windowssystem32lsass.exe
c:windowssystem32nvsvc32.exe
crogram filestgtsoftstylexpstylexpservice.exe
crogram filesjavajre6binjqs.exe
c:windowssystem32pnkbstra.exe
c:documents and settingsall usersapplication dataseekappsrchseekapp139.exe
c:windowssystem32tuprogst.exe
crogra~1flashgetflashget.exe
c:windowssystem32rundll32.exe
crogram filesseekappsrchseekapp.exe
c:windowssystem32rundll32.exe
c:windowssystem32ctfmon.exe
crogram filestgtsoftstylexpstylexp.exe
crogram filesnokianokia pc suite 7pcsuite.exe
crogram filespc connectivity solutiontransportsnclusbsrv.exe
crogram filespc connectivity solutiontransportsnclrssrv.exe
crogram filespc connectivity solutiontransportsnclmsbtsrv.exe
crogram fileswindows livecontactswlcomm.exe
c:windowssystem32igfxsrvc.exe
crogram filestrend microhijackthishijackthis.exe
o2 - bho: Link filter bho - {e33cf602-d945-461a-83f0-819f76a199f8} - crogram fileskaspersky labkaspersky internet security 2010klwtbbho.dll
o4 - hklm..run: [mspy2002] c:windowssystem32imepintlgntimscinst.exe /sync
o4 - hklm..run: [phime2002async] c:windowssystem32imetintlgnttintsetp.exe /sync
o4 - hklm..run: [phime2002a] c:windowssystem32imetintlgnttintsetp.exe /imename
o4 - hklm..run: [flashget] crogra~1flashgetflashget.exe /min
o4 - hklm..run: [igfxtray] c:windowssystem32igfxtray.exe
o4 - hklm..run: [hotkeyscmds] c:windowssystem32hkcmd.exe
o4 - hklm..run: [persistence] c:windowssystem32igfxpers.exe
o4 - hkcu..run: [ctfmon.exe] c:windowssystem32ctfmon.exe
o4 - hkcu..run: [stylexp] crogram filestgtsoftstylexpstylexp.exe -hide
o4 - hkuss-1-5-18..run: [ctfmon.exe] c:windowssystem32ctfmon.exe (user 'system')
o4 - hkus.default..run: [ctfmon.exe] c:windowssystem32ctfmon.exe (user 'default user')
o4 - startup: Kremlin sentry.lnk = crogram filesmach5 softwarekremlinkremlin sentry.exe
o8 - extra context menu item: تنزيل الارتباط باستخدام مدير ميغا... - crogram filesmegauploadmega managermm_file.htm
o9 - extra button: &virtual keyboard - {4248fe82-7fcb-46ac-b270-339f08212110} - crogram fileskaspersky labkaspersky internet security 2010klwtbbho.dll
o9 - extra button: Flash decompiler swf capture tool - {86b4fc19-8fa4-4fd3-b243-9aedb42fa2d5} - crogram fileseltima softwareflash decompiler trillixsaveflashiebt.dll
o9 - extra 'tools' menuitem: Flash decompiler swf capture tool menu - {86b4fc19-8fa4-4fd3-b243-9aedb42fa2d5} - crogram fileseltima softwareflash decompiler trillixsaveflashiebt.dll
o17 - hklmsystemccsservicestcpip..{efe1128a-1c2d-49dd-a931-24754bc6bc6b}: Nameserver =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

o23 - service: Installdriver table manager (idrivert) - macrovision corporation - crogram filescommon filesinstallshielddriver11intel 32idrivert.exe
o23 - service: Nmindexingservice - unknown owner - crogram filescommon filesnerolibnmindexingservice.exe (file missing)
o23 - service: Nvidia display driver service (nvsvc) - nvidia corporation - c:windowssystem32nvsvc32.exe
o23 - service: Pnkbstra - unknown owner - c:windowssystem32pnkbstra.exe
o23 - service: Seekappsrch service - unknown owner - c:documents and settingsall usersapplication dataseekappsrchseekapp139.exe
o23 - service: Stylexpservice - unknown owner - crogram filestgtsoftstylexpstylexpservice.exe
o23 - service: Tuneup drive defrag service (tuneup.defrag) - tuneup software - c:windowssystem32tuneupdefragservice.exe
o23 - service: Tuneup program statistics service (tuneup.programstatisticssvc) - tuneup software - c:windowssystem32tuprogst.exe
o24 - desktop component 1: (no name) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

جزاك الله خير على ما تقوم به من مساعدة لأخوانك واخواتك

لكن اخي العزيز ... تحليلك خاطئ وتسبب مشاكل لأجهزة الاعضاء

رجاءً لا تقم بتحليل تقارير مره أخرى

زيزوووم · 26 يونيو 2009

البارون قال:
طيب تقرير هايجاك جديد (( تم حذف الاصابت ))

لاهنت وانا اخوك

خله يعمل استعادة لآخر عملية للهايجاك

ante · 26 يونيو 2009

تحليل جديد :

هل هنالك حلول ام احذف الكاسبر وادور على اي انتي فايروس وخلاص ؟

Logfile of Trend Micro HijackThis v2.0.2

ante · 26 يونيو 2009

ما العمل الان ؟

ante · 27 يونيو 2009

طب يا اخوان ..ما تعرفون المشكله ليش الغلبه وتقولون هات اختبار البرنامج الفلاني والبرنامج الفلاني ؟!
لو ما حد رد من الاول كان احسن لي ... واريح لراسي . ومنلا يعلم فليسكت احسن له ... ولايتفلسف ويقول هات ناتج البرنامج الفلاني والبرنامج الفلاني
ويجي بالاخر واحد يقول لثاني رجاء لا تحلل للناس لانك تخرب عليهم ..ولا تعمر

DCJ_99 · 27 يونيو 2009

اتبع اخي نصائخ الاخ زيزوووم وان شاء الله توصل لحل

زيزوومي جديد

عضو شرف

توقيع : AbOdy

زيزوومى مبدع

توقيع : DCJ_99

زيزوومي جديد

زيزوومي جديد

زيزوومى محترف

توقيع : samirzehani

زيزوومي جديد

زيزوومى محترف

توقيع : samirzehani

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

زيزوومي جديد

زيزوومى فضى

توقيع : البارون

عضو شرف

عضو شرف

زيزوومي جديد

زيزوومي جديد

زيزوومي جديد

زيزوومى مبدع

توقيع : DCJ_99