مشكلة في تنصيب الكاسبر انتي فايروس 2009+تسجيل دخول الماسنجر 2009 !

كلو ميه ميه · 30 أكتوبر 2009

السلام عليكم ورحمة الله وبركاته

نظام التشغيل عندي XP SP2

1- لدي مشكلة في تنصيب الكاسبر انتي فايروس

كان عندي برنامج مكافي وحذفته عن طريق برنامج Your Uninstaller 2009

وتأكدت انه غير موجود ثم نصبت الكاسبر انتي فايروس 2009 (المفتاح خاص لمدة سنتين) وخلال اخر لحظات التنصيب (أو بعد ماكتمل التنصيب) طلعت لي شاشة زرقاء (كأنه خطأ في الجهاز) وطفى الجهاز ثم اشتغل مره ثانيه والكاسبر موجود على الجهاز في ال C درايف .. ولكن عند بحثي عنه عن طريق برنامج Your Uninstaller أو عن طريق ازالة البرامج .. أو حتى في حالة اريد اسوي سكان على ملف معين .. البرنامج غير موجود بتاتاً على الجهاز ! حاولت حذف البرنامج ولكن يقول لي قيد الاستخدام !!

2- المشكلة الثانية هي

عند تسجيل الدخول الى الماسنجر يفشل ويقول لايمكنك تسجيل الدخول الى Windows Live Messenger

رمز الخطأ: 8100030d

بحثت عن حل لها ووجدت أنه يتم ايقاف الماسنجر وحذف مجلد اسمه Windows Live Contacts من هذا الملف لمستخدمي وندوز اكس بي:

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft

وعند الحذف وتشغيل الماسنجر مره ثانيه يرجع الملف مرة اخرى!

ملاحظة: ألاحظ أيضاً عند تسجيل دخولي للمنتديات وحفظ معلومات الدخول وكذلك في الايميل ، يتم طلب المعلومات عند دخولي مرة أخرى مع العلم أن المعلومات محفوظة!

وهذا تقرير الهايجاك

===================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:07:05 ص, on 30/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\user\kyurog.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msb.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\stsystra.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui .exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\user\LOCALS~1\Temp\b .exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\WLTRAY .exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCD .exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\user\kyurog.exe \s
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [txrn] C:\WINDOWS\system32\txrn.exe \u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\user\LOCALS~1\Temp\b .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ajdmr3uqefbm.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ajdmr3uqefbm.dll
O21 - SSODL: IfoYJ - {3C988573-9632-2FD9-E28A-5E5667E2458B} - C:\WINDOWS\system32\pu.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7764 bytes

===================================

وهذا من ال ComboFix

ComboFix 09-10-28.08 - user 10/30/2009 6:29.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2046.1563 [GMT 3:00]
Running from: c:\documents and settings\user\My Documents\Downloads\Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\rundll32.exe nvhotkey .exe
c:\documents and settings\user\stsystra .exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\system32\323555.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\kr_done1
c:\windows\system32\msxml71.dll
c:\windows\system32\rundll32.exe nvhotkey .exe
c:\windows\system32\stsystra .exe
c:\windows\system32\wltray .exe

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 02:40 . 2009-10-30 02:40 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-30 02:40 . 2009-10-30 02:40 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-30 02:40 . 2009-10-30 02:40 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-30 02:40 . 2009-10-30 02:40 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 02:40 . 2009-10-30 02:40 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-30 02:40 . 2009-10-30 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-30 02:38 . 2009-10-30 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-29 20:46 . 2009-10-30 02:44 -------- d-----w- c:\program files\Windows Live
2009-10-27 20:22 . 2009-10-30 02:42 30208 ----a-w- c:\documents and settings\user\stsystra.exe
2009-10-27 19:57 . 2009-10-27 19:57 -------- d-----w- c:\documents and settings\user\Application Data\URSoft
2009-10-27 19:57 . 2009-10-30 02:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-27 19:57 . 2009-10-27 20:20 -------- d-----w- c:\program files\Your Uninstaller
2009-10-27 13:02 . 2009-10-30 02:38 30208 ----a-w- c:\windows\system32\stsystra.exe
2009-10-27 12:52 . 2009-10-27 12:52 21504 ----a-w- c:\windows\system32\tdidis32.sys
2009-10-27 12:52 . 2009-10-27 12:52 307200 --sha-r- c:\windows\system32\ajdmr3uqefbm.dll
2009-10-27 12:50 . 2009-10-27 12:50 -------- d-----w- c:\program files\Real Alternative
2009-10-27 12:41 . 2009-10-27 12:41 366080 --sh--r- c:\windows\system32\ajdmr3tqefsm.exe
2009-10-27 12:41 . 2009-10-27 12:41 28160 ---h--w- c:\documents and settings\user\kyurog.exe
2009-10-27 12:41 . 2009-10-27 12:41 28160 ----a-w- c:\windows\system32\txrn.exe
2009-10-27 12:35 . 2009-10-27 12:35 -------- d-----w- c:\documents and settings\user\Application Data\DivX
2009-10-27 12:32 . 2009-09-25 16:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-10-27 12:32 . 2009-09-25 16:42 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-27 12:32 . 2009-09-25 16:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-10-27 12:31 . 2009-10-27 12:32 -------- d-----w- c:\program files\DivX
2009-10-27 12:31 . 2009-10-27 12:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-27 11:56 . 2009-10-29 20:50 -------- d-----w- c:\program files\Total Video Converter
2009-10-26 20:18 . 2001-08-17 10:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-10-26 20:18 . 2001-08-17 10:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-10-24 08:13 . 2009-10-24 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-10-24 08:13 . 2009-10-24 08:13 127 ----a-w- c:\documents and settings\user\Local Settings\Application Data\fusioncache.dat
2009-10-24 08:13 . 2009-10-24 08:13 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ApplicationHistory
2009-10-24 03:03 . 2009-10-24 03:03 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-10-24 03:03 . 2009-10-24 03:03 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-10-24 03:03 . 2009-10-24 03:03 158456 ------w- c:\windows\system32\pxwma.dll
2009-10-24 03:03 . 2009-09-25 16:42 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-10-23 09:12 . 2009-10-23 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-10-23 08:03 . 2009-10-23 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-10-23 08:03 . 2009-10-23 08:04 -------- d-----w- c:\program files\HP
2009-10-23 08:03 . 2008-02-20 20:44 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2009-10-23 08:03 . 2008-04-28 03:14 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2009-10-23 08:00 . 2009-10-23 08:01 -------- d-----w- c:\windows\system32\URTTemp
2009-10-23 08:00 . 2009-10-23 08:03 -------- d--h--w- c:\program files\Avago-HP
2009-10-23 07:59 . 2009-10-23 07:59 -------- d-sh--w- c:\windows\ftpcache
2009-10-23 07:58 . 2004-08-03 20:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-23 07:58 . 2004-08-03 20:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-23 03:47 . 2009-10-23 03:47 -------- d-----w- c:\program files\iVocalize Web Conference 4
2009-10-23 03:40 . 2009-10-23 03:40 -------- d-----w- c:\documents and settings\user\.webrenderer
2009-10-22 19:52 . 2009-10-22 19:52 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
2009-10-22 19:52 . 2009-10-22 19:52 -------- d-----w- c:\program files\Google
2009-10-20 13:02 . 2009-10-20 13:02 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
2009-10-20 13:01 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-20 13:01 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-20 13:01 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-20 13:01 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-20 13:01 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-20 13:01 . 2009-10-20 13:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-19 21:39 . 2009-10-19 21:39 -------- d-----w- c:\windows\Sun
2009-10-19 03:29 . 2009-10-19 03:29 0 ----a-w- c:\windows\system32\cd.dat
2009-10-19 03:28 . 2009-10-29 20:54 -------- d-----w- c:\program files\Hotspot Shield
2009-10-19 03:20 . 2009-10-19 03:20 -------- d-----w- c:\program files\Paltalk Messenger
2009-10-18 22:26 . 2009-10-30 02:42 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-10-18 22:26 . 2009-10-27 20:23 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-10-18 22:26 . 2009-10-29 20:50 -------- d-----w- c:\program files\Internet Download Manager
2009-10-18 22:20 . 2009-10-30 02:44 -------- d-----w- c:\documents and settings\user\Tracing
2009-10-18 22:19 . 2009-10-18 22:19 -------- d-----w- c:\program files\Microsoft
2009-10-18 22:18 . 2009-10-18 22:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-18 21:25 . 2009-10-18 21:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-18 21:08 . 2009-10-18 21:08 -------- d-s---w- c:\documents and settings\user\UserData
2009-10-17 07:17 . 2009-10-17 07:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-10-17 07:16 . 2009-10-17 07:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-10-15 06:09 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 02:42 . 2008-04-14 12:16 30208 ----a-w- c:\windows\system32\wltray.exe
2009-10-30 02:42 . 2009-04-21 20:18 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-30 02:40 . 2009-10-30 02:40 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-30 02:40 . 2009-10-30 02:40 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-27 19:17 . 2004-08-03 22:56 1034240 ----a-w- c:\windows\explorer.exe
2009-10-27 19:14 . 2008-04-14 12:13 80008 ----a-w- c:\windows\system32\nvModes.dat
2009-10-27 13:02 . 2008-04-14 10:05 95608 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 12:52 . 2009-10-27 12:52 57344 --sha-r- c:\documents and settings\user\Application Data\{B4036723-C7F2-4955-A4BB-1A67FA57F5DB}.exe
2009-10-27 12:49 . 2008-04-14 12:30 -------- d-----w- c:\program files\Common Files\Real
2009-10-23 07:51 . 2008-04-14 13:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 21:53 . 2008-04-14 12:43 -------- d-----w- c:\documents and settings\user\Application Data\Paltalk
2009-10-17 07:15 . 2009-10-17 07:15 94632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-08-27 08:12 . 2009-08-27 08:12 219664 ----a-w- c:\windows\system32\klogon.dll
2009-08-27 08:08 . 2009-08-27 08:08 27099 ----a-w- c:\windows\system32\drivers\klopp.dat
.

------- Sigcheck -------

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 110592 . . [5.1.2600.2180] . . c:\windows\system32\services.exe

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 58880 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2009-10-27 . 18AEFF898BB0E2E64FB3017F226C028C . 1034240 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 20:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 20:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-18 3134896]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-30 30208]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-10-30 30208]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2009-10-30 30208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2009-10-30 30208]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"txrn"="c:\windows\system32\txrn.exe" [2009-10-27 28160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-06-06 67584]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\system32\stsystra.exe [2009-10-30 30208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"IfoYJ"= {3C988573-9632-2FD9-E28A-5E5667E2458B} - c:\windows\system32\pu.dll [2004-08-03 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 20:04 86528 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\txrn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\user\\kyurog.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R1 tdidis32.sys;tdidis32.sys;c:\windows\system32\tdidis32.sys [27/10/2009 03:52 م 21504]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVP
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - KLBG
*NewlyCreated* - MBR
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\ajdmr3uqefbm.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\user\My Documents\Downloads\Programs\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-10-30 06:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1280)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Fingerprint Reader Suite\homepass.dll
c:\program files\Fingerprint Reader Suite\bio.dll
c:\program files\Fingerprint Reader Suite\remote.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Fingerprint Reader Suite\crypto.dll

- - - - - - - > 'lsass.exe'(1368)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-10-30 6:44
ComboFix-quarantined-files.txt 2009-10-30 03:44

Pre-Run: 40,244,015,104 bytes free
Post-Run: 40,385,273,856 bytes free

- - End Of File - - AE06B40C80B452DF9326FC58B0738279

ارجو ايجاد حل سريع لأن جهازي معفوس جدا

الله يعطيكم العافية

ashooush · 30 أكتوبر 2009

وعليكم السلام ورحمة الله وبركاته

1- حل مشكلة الشاشه الزرقاء

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

مشكلة الماسنجر
اعملل اصلاح
او اعطيني صوره للمشكله

التقرير حاري التحليل

ashooush · 30 أكتوبر 2009

احذف القيم التاليه
C:\WINDOWS\msb.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\user\LOCALS~1\Temp\b .exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ajdmr3uqefbm.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ajdmr3uqefbm.dll
O21 - SSODL: IfoYJ - {3C988573-9632-2FD9-E28A-5E5667E2458B} - C:\WINDOWS\system32\pu.dll

C:\DOCUME~1\user\LOCALS~1\Temp\b .exe

ashooush · 30 أكتوبر 2009

أرجو الرد في اسرع وقت ممكن

super1 · 30 أكتوبر 2009

و أحذف هذا أيضا :

C:\WINDOWS\msb.exe

كلو ميه ميه · 30 أكتوبر 2009

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

اختي الكريم - اشوش

الله يعطيك العافية على الرد السريع

والمعذرة لم استطع اضافة صورة لمشكلة الماسنجر لأن الابلود لم يعمل عندي اليوم ويظهر لي الآن ان المشكلة من الاكسبلورر نفسه لأني الآن حملت الفايرفوكس وشغال تمام.

هذه صورة لمشكلة الماسنجر

وقد تم حذف القيم إلا:

O10 - Unknown file in Winsock LSP: c:\windows\system32\ajdmr3uqefbm.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ajdmr3uqefbm.dll

وهذه الصورة تبين المشكلة

وكذلك ههذه القيم لم أجدهما !

O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\user\LOCALS~1\Temp\b .exe

C:\DOCUME~1\user\LOCALS~1\Temp\b .exe

C:\WINDOWS\msb.exe

وهذا تقرير جديد من الهايجاك

============================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:07:09 م, on 30/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\txrn.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui .exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Nero\Nero 7\InCD\InCD .exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\DOCUME~1\user\LOCALS~1\Temp\ctv14643.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [txrn] C:\WINDOWS\system32\txrn.exe \u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\ajdmr3uqefbm.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ajdmr3uqefbm.dll
O21 - SSODL: IfoYJ - {3C988573-9632-2FD9-E28A-5E5667E2458B} - C:\WINDOWS\system32\pu.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8122 bytes

=========================================

علماً بأن طريقة الحذف هي بالتأشير على اسم الملف في برنامج الهايجاك والضغط على Fix checked.

أعتذر عن التأخر في الرد وكذلك عدم الرد في الخاص لأن مشاركاتي أقل من 200 !

ولكِ كل الود والاحترام

MAAX · 30 أكتوبر 2009

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

بعض القيم تحليلها خاطىء
ارجو عدم التحليل حتى يتم التأكد بشكل صحيح
بارك الله فيكم

MAAX · 30 أكتوبر 2009

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيل الاداة نضغط كما محدد بالصورة التالية

ونوافق على الرسائل التي تخرج وفي حال خروج تحذير من برنامج الحماية نعمل له سماح
ثم يعاد تشغيل الجهاز
وارفع تقرير هايجاك جديد للمتابعة

super1 · 30 أكتوبر 2009

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

ولكن ملف msb.exe هو Trojan

+

صاحب الموضوع أستخدم برنامج Malwarebytes' Anti-Malware حتي يزيلها ثم أعطيني تقرير من البرنامج

كلو ميه ميه · 30 أكتوبر 2009

الاخ الكريم MAAX

تمت العملية وهذا تقرير هايجاك جديد

===================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:30:45 م, on 30/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\stsystra.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\txrn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD .exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [txrn] C:\WINDOWS\system32\txrn.exe \u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O21 - SSODL: IfoYJ - {3C988573-9632-2FD9-E28A-5E5667E2458B} - C:\WINDOWS\system32\pu.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7619 bytes

الماسنجر يعمل معي الآن ميه ميه الله يجزاكم خير ..

لكن مازلت لاأستطيع حذف برنامج الكاسبر! هو موجود ولكن غير موجود! لايعمل بجانب الساعه ، ولاأستطيع فحص اي ملف عن طريق الرايت كلك .. كأنه غير موجود كما أنه يظهر لي تنبيه الوندوز بأن الجهاز قد يكون في خطر ‘ مما يعني أنه لايعمل فعلاً وبنفس الوقت لاأستطيع حذفه وذلك لوجود بعض الملفات فيه تعمل! ماهو الحل!؟

الأخ supr1

لاأستطيع تحميل برامج الفحص التي ذكرت والسبب وجود كاسبر سكي على الجهاز وعدم قدرتي على حذفه !

هل من حل؟

كل الود ،،

MAAX · 30 أكتوبر 2009

حمل الاداة هذه الان
لا تستخدم اللي عندك

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

كلو ميه ميه · 30 أكتوبر 2009

استاذي العزيز MAAX

حملت الأداة من جديد وسويت اللي قلت لي عليه وهذا التقرير ..

===========================================

ComboFix 09-10-28.08 - user 10/30/2009 21:13.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2046.1448 [GMT 3:00]
Running from: c:\documents and settings\user\My Documents\Downloads\Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\rundll32.exe nvhotkey .exe
c:\documents and settings\user\stsystra .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\wltray .exe

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 16:51 . 2009-10-30 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-10-30 16:46 . 2009-10-30 16:46 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Identities
2009-10-30 04:57 . 2009-10-30 04:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-30 04:11 . 2009-10-30 05:55 -------- d--h--w- c:\windows\$hf_mig$
2009-10-30 03:56 . 2009-10-30 03:56 0 ----a-w- c:\windows\nsreg.dat
2009-10-30 03:56 . 2009-10-30 03:56 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-10-30 02:40 . 2009-10-30 02:40 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-30 02:40 . 2009-10-30 02:40 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-30 02:40 . 2009-10-30 16:27 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-30 02:40 . 2009-10-30 16:27 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 02:40 . 2009-10-30 02:40 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-30 02:40 . 2009-10-30 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-30 02:38 . 2009-10-30 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-29 20:46 . 2009-10-30 02:44 -------- d-----w- c:\program files\Windows Live
2009-10-27 20:22 . 2009-10-30 16:47 30208 ----a-w- c:\documents and settings\user\stsystra.exe
2009-10-27 19:57 . 2009-10-27 19:57 -------- d-----w- c:\documents and settings\user\Application Data\URSoft
2009-10-27 19:57 . 2009-10-30 11:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-27 19:57 . 2009-10-27 20:20 -------- d-----w- c:\program files\Your Uninstaller
2009-10-27 13:02 . 2009-10-30 02:38 30208 ----a-w- c:\windows\system32\stsystra.exe
2009-10-27 12:52 . 2009-10-27 12:52 21504 ----a-w- c:\windows\system32\tdidis32.sys
2009-10-27 12:52 . 2009-10-27 12:52 307200 --sha-r- c:\windows\system32\ajdmr3uqefbm.dll
2009-10-27 12:50 . 2009-10-27 12:50 -------- d-----w- c:\program files\Real Alternative
2009-10-27 12:41 . 2009-10-27 12:41 366080 --sh--r- c:\windows\system32\ajdmr3tqefsm.exe
2009-10-27 12:41 . 2009-10-27 12:41 28160 ---h--w- c:\documents and settings\user\kyurog.exe
2009-10-27 12:41 . 2009-10-27 12:41 28160 ----a-w- c:\windows\system32\txrn.exe
2009-10-27 12:35 . 2009-10-27 12:35 -------- d-----w- c:\documents and settings\user\Application Data\DivX
2009-10-27 12:32 . 2009-09-25 16:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-10-27 12:32 . 2009-09-25 16:42 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-27 12:32 . 2009-09-25 16:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-10-27 12:31 . 2009-10-27 12:32 -------- d-----w- c:\program files\DivX
2009-10-27 12:31 . 2009-10-27 12:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-27 11:56 . 2009-10-29 20:50 -------- d-----w- c:\program files\Total Video Converter
2009-10-26 20:18 . 2001-08-17 10:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-10-26 20:18 . 2001-08-17 10:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-10-24 08:13 . 2009-10-24 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-10-24 08:13 . 2009-10-24 08:13 127 ----a-w- c:\documents and settings\user\Local Settings\Application Data\fusioncache.dat
2009-10-24 08:13 . 2009-10-24 08:13 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ApplicationHistory
2009-10-24 03:03 . 2009-10-24 03:03 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-10-24 03:03 . 2009-10-24 03:03 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-10-24 03:03 . 2009-10-24 03:03 158456 ------w- c:\windows\system32\pxwma.dll
2009-10-24 03:03 . 2009-09-25 16:42 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-10-23 09:12 . 2009-10-23 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-10-23 08:03 . 2009-10-23 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-10-23 08:03 . 2009-10-23 08:04 -------- d-----w- c:\program files\HP
2009-10-23 08:03 . 2008-02-20 20:44 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2009-10-23 08:03 . 2008-04-28 03:14 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2009-10-23 08:00 . 2009-10-23 08:01 -------- d-----w- c:\windows\system32\URTTemp
2009-10-23 08:00 . 2009-10-23 08:03 -------- d--h--w- c:\program files\Avago-HP
2009-10-23 07:59 . 2009-10-23 07:59 -------- d-sh--w- c:\windows\ftpcache
2009-10-23 07:58 . 2004-08-03 20:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-23 07:58 . 2004-08-03 20:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-23 03:47 . 2009-10-23 03:47 -------- d-----w- c:\program files\iVocalize Web Conference 4
2009-10-23 03:40 . 2009-10-23 03:40 -------- d-----w- c:\documents and settings\user\.webrenderer
2009-10-22 19:52 . 2009-10-22 19:52 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
2009-10-22 19:52 . 2009-10-22 19:52 -------- d-----w- c:\program files\Google
2009-10-20 13:02 . 2009-10-20 13:02 -------- d-----w- c:\documents and settings\user\Application Data\Media Player Classic
2009-10-20 13:01 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-20 13:01 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-20 13:01 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-20 13:01 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-20 13:01 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-20 13:01 . 2009-10-20 13:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-19 21:39 . 2009-10-19 21:39 -------- d-----w- c:\windows\Sun
2009-10-19 03:29 . 2009-10-19 03:29 0 ----a-w- c:\windows\system32\cd.dat
2009-10-19 03:28 . 2009-10-29 20:54 -------- d-----w- c:\program files\Hotspot Shield
2009-10-19 03:20 . 2009-10-19 03:20 -------- d-----w- c:\program files\Paltalk Messenger
2009-10-18 22:26 . 2009-10-30 18:09 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2009-10-18 22:26 . 2009-10-30 16:47 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2009-10-18 22:26 . 2009-10-29 20:50 -------- d-----w- c:\program files\Internet Download Manager
2009-10-18 22:20 . 2009-10-30 16:49 -------- d-----w- c:\documents and settings\user\Tracing
2009-10-18 22:19 . 2009-10-18 22:19 -------- d-----w- c:\program files\Microsoft
2009-10-18 22:18 . 2009-10-18 22:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-18 21:25 . 2009-10-18 21:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-18 21:08 . 2009-10-18 21:08 -------- d-s---w- c:\documents and settings\user\UserData
2009-10-17 07:17 . 2009-10-17 07:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-10-17 07:16 . 2009-10-17 07:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-10-15 06:09 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 16:47 . 2008-04-14 12:16 30208 ----a-w- c:\windows\system32\wltray.exe
2009-10-30 16:47 . 2009-04-21 20:18 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-30 16:27 . 2009-10-30 02:40 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-30 16:27 . 2009-10-30 02:40 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-30 04:57 . 2008-04-14 12:30 -------- d-----w- c:\program files\Common Files\Real
2009-10-27 19:17 . 2004-08-03 22:56 1034240 ----a-w- c:\windows\explorer.exe
2009-10-27 19:14 . 2008-04-14 12:13 80008 ----a-w- c:\windows\system32\nvModes.dat
2009-10-27 13:02 . 2008-04-14 10:05 95608 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 12:52 . 2009-10-27 12:52 57344 --sha-r- c:\documents and settings\user\Application Data\{B4036723-C7F2-4955-A4BB-1A67FA57F5DB}.exe
2009-10-23 07:51 . 2008-04-14 13:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 21:53 . 2008-04-14 12:43 -------- d-----w- c:\documents and settings\user\Application Data\Paltalk
2009-10-17 07:15 . 2009-10-17 07:15 94632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-08-27 08:12 . 2009-08-27 08:12 219664 ----a-w- c:\windows\system32\klogon.dll
2009-08-27 08:08 . 2009-08-27 08:08 27099 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-08-06 16:24 . 2008-04-14 09:27 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 16:24 . 2008-04-14 09:27 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 16:24 . 2009-08-06 16:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 16:24 . 2008-04-14 09:27 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 16:24 . 2008-04-14 09:27 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 16:24 . 2004-08-03 22:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 16:23 . 2008-04-14 09:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 16:23 . 2008-04-14 09:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
.

------- Sigcheck -------

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 110592 . . [5.1.2600.2180] . . c:\windows\system32\services.exe

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 58880 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-03 . D41D8CD98F00B204E9800998ECF8427E . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2009-10-27 . 18AEFF898BB0E2E64FB3017F226C028C . 1034240 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-30_03.42.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 06:41 . 2005-02-25 03:35 14048 c:\windows\system32\spmsg.dll
+ 2009-10-30 03:57 . 2009-08-06 16:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2001-08-23 12:00 . 2009-10-30 16:51 53098 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-10-30 02:46 53098 c:\windows\system32\perfc009.dat
+ 2008-04-14 09:27 . 2009-08-06 16:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-04-14 09:27 . 2009-08-06 16:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 22:56 . 2009-08-06 16:24 96480 c:\windows\system32\dllcache\cdm.dll
- 2009-10-27 12:50 . 2009-10-09 18:00 5632 c:\windows\system32\pndx5032.dll
+ 2009-10-27 12:50 . 2009-10-30 04:57 5632 c:\windows\system32\pndx5032.dll
- 2009-10-27 12:50 . 2009-10-09 18:00 6656 c:\windows\system32\pndx5016.dll
+ 2009-10-27 12:50 . 2009-10-30 04:57 6656 c:\windows\system32\pndx5016.dll
+ 2009-10-27 12:50 . 2009-10-30 04:57 185920 c:\windows\system32\rmoc3260.dll
- 2009-10-27 12:50 . 2009-10-09 18:00 185920 c:\windows\system32\rmoc3260.dll
- 2009-10-27 12:50 . 2009-10-09 18:00 278528 c:\windows\system32\pncrt.dll
+ 2009-10-27 12:50 . 2009-10-30 04:57 278528 c:\windows\system32\pncrt.dll
+ 2001-08-23 12:00 . 2009-10-30 16:51 380684 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-10-30 02:46 380684 c:\windows\system32\perfh009.dat
+ 2008-04-14 09:27 . 2009-08-06 16:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-04-14 09:27 . 2009-08-06 16:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-04-14 09:27 . 2009-08-06 16:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2008-04-14 09:27 . 2009-08-06 16:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 20:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 20:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-18 3134896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-30 30208]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-10-30 30208]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2009-10-30 30208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2009-10-30 30208]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"txrn"="c:\windows\system32\txrn.exe" [2009-10-27 28160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-30 198160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-06-06 67584]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\system32\stsystra.exe [2009-10-30 30208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"IfoYJ"= {3C988573-9632-2FD9-E28A-5E5667E2458B} - c:\windows\system32\pu.dll [2004-08-03 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 20:04 86528 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\user\\kyurog.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\txrn.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 08:41 م 33808]
R1 tdidis32.sys;tdidis32.sys;c:\windows\system32\tdidis32.sys [27/10/2009 03:52 م 21504]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 05:46 م 31760]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\fo2giu4z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: c:\documents and settings\user\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Fingerprint Reader Suite\homepass.dll
c:\program files\Fingerprint Reader Suite\bio.dll
c:\program files\Fingerprint Reader Suite\remote.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Fingerprint Reader Suite\crypto.dll

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-10-30 21:30
ComboFix-quarantined-files.txt 2009-10-30 18:29
ComboFix2.txt 2009-10-30 03:44

Pre-Run: 40,961,769,472 bytes free
Post-Run: 40,983,158,784 bytes free

- - End Of File - - 61BE0D6AF4741303BF5FE29E7A6AE208

===================================

أرجو أن لاتنسى ارشادي لطريقة حذف الكاسبر..

شكري وتقديري لك ..

MAAX · 30 أكتوبر 2009

تماام
اعمل تقرير هايجاك جديد الان

كلو ميه ميه · 31 أكتوبر 2009

تفضل هذا تقرير هايجاك جديد

=====================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:43:12 ص, on 31/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\stsystra.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\txrn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui .exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nero\Nero 7\InCD\InCD .exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\user\LOCALS~1\Temp\ctv1031.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [txrn] C:\WINDOWS\system32\txrn.exe \u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O21 - SSODL: IfoYJ - {3C988573-9632-2FD9-E28A-5E5667E2458B} - C:\WINDOWS\system32\pu.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7813 bytes

=====================================

ماهي الخطوة التالية الله يبارك فيك؟

MAAX · 31 أكتوبر 2009

باقي عندك اصابات

ادخل هذه الصفحة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

التقرير noor_mcafee
وارفعه على موقع رفع
وارفق رابط التحميل بمشاركتك القادمة

كلو ميه ميه · 31 أكتوبر 2009

ياغالي الكاسبر موجود على الجهاز اخاف ينعطب النظام !

ماهو الحل في هذه الحالة؟ أبي احذف الكاسبر أولاً

وهل حجم المكافي في الرابط اللي عطيتني اياه .. 59 ميقا ؟

بانتظارك

كلو ميه ميه · 31 أكتوبر 2009

تم الدخول عن طريق ال safe mode وحذف الكاسبر يدوياً ..

ونزلت اداة المكافي وسويت سكان وهذا تقرير المكافي مثل ماطلبت ..

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

===============================================

وهذا تقرير من الهايجاك أيضاً

=================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:46:18 ص, on 31/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\stsystra.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\WINDOWS\system32\txrn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui .exe
C:\Program Files\Nero\Nero 7\InCD\InCD .exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\user\LOCALS~1\Temp\ctv1017.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\My Documents\Downloads\Programs\Zyzoom_HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [txrn] C:\WINDOWS\system32\txrn.exe \u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O21 - SSODL: IfoYJ - {3C988573-9632-2FD9-E28A-5E5667E2458B} - C:\WINDOWS\system32\pu.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8534 bytes

============================================

ان شاء الله كل شي تمام الآن؟

ماذا بعد هذه العملية ؟

احذف المكافي واسوي تنصيب للكاسبر من جديد؟

بانتظارك ياغالي..

super1 · 31 أكتوبر 2009

هناك أصابة , نزل Malwarebytes Anti-Malware

الرابط :

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

ثم أعمل Full Scan و أعطني تقرير من البرنامج

كلو ميه ميه · 31 أكتوبر 2009

اخي سوبر1

وحذفت الملفات اللي حصلها لي وطلعت النتائج:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

31/10/2009 12:43:03 م
mbam-log-2009-10-31 (12-43-03).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 141789
Time elapsed: 16 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3c988573-9632-2fd9-e28a-5e5667e2458b} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ifoyj (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\pu.dll (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\user\Local Settings\temp\ctv1017.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\ctv1031.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\ctv1938.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\ctv1972.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\ctv2893.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\ctv3814.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\ctv4744.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\ctv5665.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\temp\ctv8619.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

تمام الآن؟

وماذا بعد؟ احمل الكاسبر من جديد؟ وهل اخلي البرنامج هذا (malware او احذفه؟ لأنه قد يتعارض مع الكاسبر!

super1 · 31 أكتوبر 2009

تمام و لكن عليك بعمل ريستاريت للجهاز ثم ضع تقرير جديد من الهايجاك

و بخصوص Malwarebytes Anti-Malware أجعلها فحص عند الطلب , لن يتعارض مع كاسبر

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم​

زيزوومي جديد

زيزوومى متألق

توقيع : ashooush

زيزوومى متألق

توقيع : ashooush

زيزوومى متألق

توقيع : ashooush

زيزوومى متألق

زيزوومي جديد

عضوشرف

عضوشرف

زيزوومى متألق

زيزوومي جديد

عضوشرف

زيزوومي جديد

عضوشرف

زيزوومي جديد

عضوشرف

زيزوومي جديد

زيزوومي جديد

زيزوومى متألق

زيزوومي جديد

زيزوومى متألق

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم