[ تم حل المشكلة ]مشكله في الـSafemode!

[Ali-911]

سلام عليكم

ما ادري وش المشكله وهل هي قديمه ولا توى جتني من فلاش شبكته لأني ما دخلت للسيفمود من فتره.

لكن شكبت فلاش طلع فيه فايروس مع انه ما اتوقع فيه شئ كان فيه اداه زيزوميه خاصه والكاسبر مدري وش اكتشف ومسح كم برنامج من الجهاز مالها دخل بالفايروس وقال انها مصابه وهي شغاله معي بدون مشاكل من زمـــان .. السيف مود حاولت ادخله علشان امسح المشاكل بواسطه الـSafemode لكن رفض كل ما جيت بدخل يسوي ريستارت من حاله ويعيد من البدايه ..!

المهم ان Task Manager تعطل:

تعديل الريجستري Registry Editing تعطل:

Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:37, on 12/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache2.2\bin\httpd.exe
D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
C:\AppServ\Apache2.2\bin\httpd.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jucheck.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yads.zedo.com/ads2/c?a=655555;g=0;c=929000054;p=6;f=811824;h=574042;i=0;x=3840;n=929;s=7;k=http://www.skill2thrill.com/pages/Default.aspx?lan=sa&tid=38&affiliateid=afunz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - D:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avp] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [4shared Update] "D:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: TVR Scheduler.lnk = D:\Program Files\honestech\honestech TVR 2.5\scheduleTV.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download all 4shared files - D:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - D:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WTService - Unknown owner - D:\WINDOWS\system32\atwtusb.exe

--
End of file - 7489 bytes

Combofix :

ComboFix 09-12-10.01 - Administrator 12/11/2009  20:38:56.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1256.966.1033.18.2046.1568 [GMT 3:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
 (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 d:\documents and settings\Administrator\My Documents\cc_20091211_202357.reg
 .
(((((((((((((((((((((((((   Files Created from 2009-11-11 to 2009-12-11  )))))))))))))))))))))))))))))))
.
 2009-12-11 01:09 . 2009-12-11 01:09 -------- d-----w- d:\program files\CCleaner
2009-12-10 21:20 . 2009-12-10 21:20 -------- d-----w- d:\program files\Common Files\eSellerate
2009-12-09 17:15 . 2009-12-11 16:18 -------- d-----w- d:\documents and settings\Administrator\Application Data\4shared Desktop
2009-12-09 17:15 . 2009-12-09 17:15 -------- d-----w- d:\program files\4shared Desktop
2009-12-09 15:48 . 2009-12-09 15:48 -------- d-----w- d:\documents and settings\Administrator\Application Data\Thinstall
2009-12-09 11:42 . 2009-08-24 22:30 13312 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x02y25ch.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
2009-11-29 13:56 . 2009-11-29 13:56 198064 ----a-w- d:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-11-29 13:55 . 2009-12-09 20:38 -------- d-----w- d:\documents and settings\Administrator\Application Data\IDM
2009-11-29 13:55 . 2009-11-29 13:56 -------- d-----w- d:\program files\Internet Download Manager
2009-11-27 11:18 . 2009-11-27 11:18 -------- d-----w- d:\program files\WinWatermark 2.2
2009-11-27 11:12 . 2004-08-03 20:08 31616 -c--a-w- d:\windows\system32\dllcache\usbccgp.sys
2009-11-27 11:12 . 2004-08-03 20:08 31616 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2009-11-26 20:28 . 2009-11-26 20:28 -------- d-----w- d:\program files\honestech
2009-11-26 20:27 . 2009-11-26 20:27 -------- d-----w- d:\documents and settings\Administrator\Application Data\InstallShield
2009-11-25 12:29 . 2009-12-11 17:23 79488 ----a-w- d:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-18 15:17 . 2009-11-18 15:17 -------- d-----w- d:\program files\Common Files\Adobe AIR
2009-11-15 06:19 . 2009-11-15 06:20 -------- d-----w- d:\program files\AutoIt3
 .
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 17:17 . 2009-10-17 01:56 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-11 17:17 . 2009-10-15 20:30 -------- d-----w- d:\documents and settings\Administrator\Application Data\DMCache
2009-12-11 16:58 . 2009-10-15 20:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\uTorrent
2009-12-11 16:46 . 2009-10-16 02:28 -------- d-----w- d:\program files\Golden Al-Wafi Translator
2009-12-11 16:39 . 2009-10-15 21:21 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-12-11 16:38 . 2009-10-15 21:06 152576 ----a-w- d:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-12-11 16:25 . 2009-10-16 01:58 -------- d-----w- d:\documents and settings\All Users\Application Data\Babylon
2009-12-11 16:15 . 2009-11-09 11:40 350408 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-11 16:05 . 2009-10-15 17:27 89400 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-10 21:18 . 2009-10-17 12:53 -------- d-----w- d:\program files\Sony
2009-12-10 00:25 . 2009-10-16 01:58 -------- d-----w- d:\documents and settings\Administrator\Application Data\Babylon
2009-11-26 20:28 . 2009-10-15 19:56 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-11-22 04:48 . 2009-11-01 12:38 -------- d-----w- d:\program files\Steam
2009-11-18 15:17 . 2009-10-15 20:33 -------- d-----w- d:\program files\Common Files\Adobe
2009-11-10 04:19 . 2009-11-10 04:18 -------- d-----w- d:\program files\Acoustica MP3 Audio Mixer
2009-11-09 11:54 . 2009-10-17 13:19 -------- d-----w- d:\documents and settings\Administrator\Application Data\Sony
2009-11-09 11:46 . 2009-11-09 11:46 -------- d-----w- d:\documents and settings\All Users\Application Data\Sony
2009-11-09 11:40 . 2009-11-09 11:40 -------- d-----w- d:\program files\MSBuild
2009-11-09 11:36 . 2009-11-09 11:36 -------- d-----w- d:\program files\Reference Assemblies
2009-11-09 11:32 . 2009-11-09 10:39 52770576 ----a-w- d:\documents and settings\Administrator\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-11-09 10:39 . 2009-10-17 12:47 -------- d-----w- d:\documents and settings\Administrator\Application Data\Sony Setup
2009-11-09 04:43 . 2009-11-09 04:43 -------- d-----w- d:\program files\FormatFactory
2009-11-08 03:43 . 2009-11-01 01:53 214504 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-11-07 04:36 . 2009-10-27 19:12 331776 ----a-w- d:\documents and settings\Administrator\Application Data\TrustIntra\Test deaf drv.exe
2009-11-07 04:36 . 2009-10-15 20:29 -------- d-----w- d:\documents and settings\Administrator\Application Data\TrustIntra
2009-11-07 04:35 . 2009-10-15 20:29 357888 ----a-w- d:\documents and settings\Administrator\Application Data\TrustIntra\Browse Sixth Save 2.exe
2009-11-07 04:35 . 2009-11-07 04:35 765952 ----a-w- d:\documents and settings\Administrator\Application Data\TrustIntra\mbwsmydb.exe
2009-11-07 04:35 . 2009-10-15 20:29 -------- d-----w- d:\documents and settings\All Users\Application Data\Long slow road itch
2009-11-07 04:32 . 2009-10-15 20:28 -------- d-----w- d:\program files\Messenger Plus! Live
2009-11-07 03:44 . 2009-10-15 20:28 -------- d-----w- d:\program files\Windows Live
2009-11-07 03:43 . 2009-11-07 03:43 -------- d-----w- d:\program files\Microsoft
2009-11-07 03:43 . 2009-11-07 03:43 -------- d-----w- d:\program files\Windows Live SkyDrive
2009-11-07 03:26 . 2009-11-07 03:26 -------- d-----w- d:\program files\Common Files\Windows Live
2009-11-07 02:13 . 2009-11-02 23:01 -------- d-----w- d:\documents and settings\Administrator\Application Data\Xfire
2009-11-07 01:16 . 2009-11-01 01:54 138936 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2009-11-04 15:54 . 2009-11-04 15:54 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-11-03 23:23 . 2009-11-03 23:23 -------- d-----w- d:\documents and settings\LocalService\Application Data\Xfire
2009-11-03 15:29 . 2009-11-03 15:29 79488 ----a-w- d:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\gtapi.dll
2009-11-02 23:17 . 2009-11-02 23:01 -------- d-----w- d:\program files\Xfire
2009-11-02 23:01 . 2009-11-02 23:01 -------- d-----w- d:\documents and settings\NetworkService\Application Data\Xfire
2009-11-02 00:21 . 2009-10-16 14:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Tablet
2009-11-01 01:40 . 2009-11-01 01:40 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2009-11-01 00:49 . 2009-11-01 00:49 -------- d-----w- d:\program files\EA GAMES
2009-10-31 00:54 . 2009-10-31 00:43 -------- d-----w- d:\program files\Flash-SWF to AVI-GIF
2009-10-31 00:41 . 2009-10-17 13:31 -------- d-----w- d:\program files\CamStudio
2009-10-30 17:10 . 2009-10-30 16:52 -------- d-----w- d:\program files\ATITool
2009-10-29 19:41 . 2009-10-29 19:41 -------- d-----w- d:\program files\Sun
2009-10-29 12:06 . 2009-10-29 12:06 -------- d-----w- d:\program files\FastStone Capture
2009-10-29 01:44 . 2009-10-29 01:43 -------- d-----w- d:\program files\UltraVPN
2009-10-28 00:15 . 2009-10-28 00:15 -------- d-----w- d:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-28 00:15 . 2009-10-28 00:15 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-10-28 00:15 . 2009-10-28 00:15 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-27 22:13 . 2009-10-27 22:13 -------- d-----w- d:\program files\Trend Micro
2009-10-27 22:04 . 2009-10-27 11:47 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-10-27 19:10 . 2009-10-27 19:10 761856 ----a-w- d:\documents and settings\Administrator\Application Data\TrustIntra\xuecajwm.exe
2009-10-27 11:47 . 2009-10-27 11:47 -------- d-----w- d:\documents and settings\All Users\Application Data\TechSmith
2009-10-27 11:47 . 2009-10-27 11:47 -------- d-----w- d:\program files\TechSmith
2009-10-25 13:23 . 2009-10-25 13:23 -------- d-----w- d:\program files\Snarfware
2009-10-24 16:47 . 2009-10-24 16:47 -------- d-----w- d:\documents and settings\All Users\Application Data\GeoVid
2009-10-24 16:47 . 2009-10-24 16:47 -------- d-----w- d:\program files\GeoVid
2009-10-22 10:24 . 2009-10-22 10:24 -------- d-----w- d:\program files\URUSoft
2009-10-21 13:41 . 2009-10-20 00:05 -------- d-----w- d:\program files\QuickTime
2009-10-21 13:41 . 2009-10-21 13:41 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2009-10-21 12:31 . 2009-10-21 12:11 -------- d-----w- d:\program files\The KMPlayer
2009-10-21 12:12 . 2009-10-21 12:12 -------- d-----w- d:\program files\Common Files\Apple
2009-10-21 12:12 . 2009-10-21 12:12 -------- d-----w- d:\program files\Apple Software Update
2009-10-21 12:12 . 2009-10-21 12:12 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2009-10-21 12:11 . 2009-10-21 12:11 -------- d-----w- d:\documents and settings\Administrator\Application Data\Apple Computer
2009-10-21 08:55 . 2009-10-21 08:55 -------- d-----w- d:\documents and settings\Administrator\Application Data\Corel
2009-10-21 08:52 . 2009-10-21 08:52 -------- d-----w- d:\program files\Common Files\Corel
2009-10-21 08:51 . 2009-10-21 08:51 -------- d-----w- d:\program files\Corel
2009-10-21 03:54 . 2009-10-17 02:08 -------- d-----w- d:\program files\WebShot
2009-10-20 14:26 . 2009-10-20 14:26 -------- d-----w- d:\program files\Common Files\Macromedia Shared
2009-10-20 14:25 . 2009-10-20 14:25 -------- d-----w- d:\program files\Macromedia
2009-10-20 12:06 . 2009-10-20 12:06 -------- d-----w- d:\documents and settings\Administrator\Application Data\Toon Boom Animation
2009-10-20 11:58 . 2009-10-20 11:58 -------- d-----w- d:\program files\Toon Boom Animation
2009-10-20 00:23 . 2009-10-20 00:23 -------- d-----w- d:\documents and settings\All Users\Application Data\FLEXnet
2009-10-20 00:03 . 2009-10-20 00:03 -------- d-----w- d:\program files\Bonjour
2009-10-19 23:51 . 2009-10-19 23:51 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-10-19 23:51 . 2009-10-19 23:51 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-10-19 23:37 . 2009-10-19 23:36 -------- d-----w- d:\program files\MagicISO
2009-10-19 11:18 . 2009-10-15 20:32 -------- d-----w- d:\program files\Common Files\Real
2009-10-19 11:18 . 2009-10-19 11:18 -------- d-----w- d:\program files\Common Files\xing shared
2009-10-19 11:18 . 2009-10-15 20:32 -------- d-----w- d:\program files\Real
2009-10-19 11:13 . 2009-10-16 09:44 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-10-17 13:19 . 2009-10-17 13:19 -------- d-----w- d:\documents and settings\Administrator\Application Data\Publish Providers
2009-10-17 12:47 . 2009-10-17 12:47 2667792 ----a-w- d:\documents and settings\Administrator\Application Data\Sony Setup\CF356349-4782-4F9D-AE42-7E3C6AD74B9C\WindowsInstaller-KB893803-v2-x86.exe
2009-10-17 12:46 . 2009-10-17 12:46 -------- d-----w- d:\program files\Sony Setup
2009-10-17 02:23 . 2009-10-17 01:57 95259 ----a-w- d:\windows\system32\drivers\klick.dat
2009-10-17 02:23 . 2009-10-17 01:57 108059 ----a-w- d:\windows\system32\drivers\klin.dat
2009-10-17 02:22 . 2009-10-17 02:22 59920 ----a-w- d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-10-17 02:22 . 2009-10-17 02:22 109072 ----a-w- d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-10-17 02:22 . 2009-10-17 02:22 264720 ----a-w- d:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-10-17 02:02 . 2009-10-17 02:02 604140 --sha-w- d:\windows\system32\drivers\ISwift3.dat
2009-10-17 01:56 . 2009-10-17 01:56 -------- d-----w- d:\program files\Kaspersky Lab
2009-10-17 01:55 . 2009-10-17 01:55 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-16 17:31 . 2009-10-15 17:22 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-16 14:56 . 2009-10-16 14:56 -------- d-----w- d:\program files\Free Notes & Office Ink
2009-10-16 14:54 . 2009-10-16 14:54 -------- d-----w- d:\program files\Power Presenter RE
2009-10-16 11:45 . 2009-10-16 11:45 -------- d-----w- d:\documents and settings\Administrator\Application Data\FastStone
.
 ------- Sigcheck -------
 [-] 2004-09-01 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . d:\windows\system32\drivers\tcpip.sys
 [-] 2004-09-01 . A77219A971029DC2FB683E8513713803 . 215552 . . [5.1.2600.2055] . . d:\windows\system32\termsrv.dll
.
(((((((((((((((((((((((((((((   SnapShot_2009-11-28_10.17.41   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-11 17:17 . 2009-12-11 17:17 16384              d:\windows\temp\Perflib_Perfdata_318.dat
+ 2009-10-15 17:35 . 2001-07-09 07:50 225280              d:\windows\system32\NeroCheck.exe
- 2009-10-15 21:21 . 2009-10-15 21:21 148888              d:\windows\system32\javaws.exe
+ 2009-12-11 16:39 . 2009-12-11 16:39 148888              d:\windows\system32\javaws.exe
+ 2009-12-11 16:39 . 2009-12-11 16:39 144792              d:\windows\system32\javaw.exe
- 2009-10-15 21:21 . 2009-10-15 21:21 144792              d:\windows\system32\javaw.exe
- 2009-10-15 21:21 . 2009-10-15 21:21 144792              d:\windows\system32\java.exe
+ 2009-12-11 16:39 . 2009-12-11 16:39 144792              d:\windows\system32\java.exe
+ 2009-11-11 14:10 . 2009-09-09 10:43 210352              d:\windows\system32\idmmbc.dll
+ 2009-10-16 02:06 . 2009-10-16 02:28 151040              d:\windows\ST6UNST.EXE
+ 2009-10-16 14:52 . 2007-11-13 10:23 2039456              d:\windows\system32\WTMKM.exe
+ 2006-06-01 09:22 . 2006-06-01 09:22 1593344              d:\windows\system32\nwiz.exe
+ 2009-10-15 20:09 . 2009-12-11 16:18 1579992              d:\windows\system32\FNTCACHE.DAT
+ 2009-12-11 16:39 . 2009-12-11 16:39 1633792              d:\windows\Installer\346ff.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-11-29 3171760]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 225280]
"IntelAudioStudio"="d:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-08-09 8597586]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1593344]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"MacrokeyManager"="WTMKM.exe" [2007-11-13 2039456]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-19 198160]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-11 1394000]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-11 112496]
"avp"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"4shared Update"="d:\program files\4shared Desktop\checkUpdate.exe" [2009-09-29 1337344]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 222616]
 d:\documents and settings\All Users\Start Menu\Programs\Startup\
TVR Scheduler.lnk - d:\program files\honestech\honestech TVR 2.5\scheduleTV.exe [2009-11-26 389120]
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
 [COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [/COLOR]
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
 [HKLM\~\startupfolder\D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=d:\documents and settings\Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=d:\windows\pss\Xfire.lnkStartup
 [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
 [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snagit 9.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk
backup=d:\windows\pss\Snagit 9.lnkCommon Startup
 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Desktop]
2009-12-07 10:44 3632640 ----a-w- d:\program files\4shared Desktop\desktop.exe
 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2008-02-14 17:02 3235552 ----a-w- d:\program files\Babylon\Babylon-Pro\Babylon.exe
 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-11-29 13:56 3171760 ----a-w- d:\program files\Internet Download Manager\IDMan.exe
 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 22:06 1667584 ------w- d:\program files\Messenger\msmsgs.exe
 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2009-11-15 11:20 331365 ----a-w- d:\program files\UltraVPN\bin\openvpn-gui.exe
 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-03 15:23 1217808 ----a-w- d:\program files\Steam\Steam.exe
 [HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\AppServ\\Apache2.2\\bin\\httpd.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\wldabumt3b\\day of defeat source\\hl2.exe"=
"d:\\Program Files\\Steam\\steamapps\\wldabumt3b\\counter-strike source\\hl2.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\WINDOWS\\system32\\nwiz.exe"=
"d:\\Program Files\\Intel Audio Studio\\IntelAudioStudio.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
 R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [10/29/2009 10:41 PM 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [10/29/2009 10:41 PM 41424]
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [1/9/2007 7:17 PM 20539]
R3 abp470n5;abp470n5;\??\d:\windows\system32\drivers\jdinml.sys --> d:\windows\system32\drivers\jdinml.sys [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [10/29/2009 10:41 PM 91856]
R3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\VBoxNetFlt.sys [9/9/2009 8:15 PM 100368]
S2 WTService;WTService;d:\windows\system32\atwtusb.exe -s --> d:\windows\system32\atwtusb.exe -s [?]
S3 TridVid;Trident Analog Video;d:\windows\system32\drivers\TridVid.sys [11/26/2009 11:40 PM 201216]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://yads.zedo.com/ads2/c?a=655555;g=0;c=929000054;p=6;f=811824;h=574042;i=0;x=3840;n=929;s=7;k=http://www.skill2thrill.com/pages/Default.aspx?lan=sa&tid=38&affiliateid=afunz
uInternet Settings,ProxyOverride = *.local
IE: &Download all 4shared files - d:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - d:\program files\4shared Desktop\down_link.htm
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - d:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
DPF: Microsoft XML Parser for Java - [URL="file:///"]file://d:\windows\Java\classes\xmldso.cab[/URL]
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x02y25ch.default\
FF - component: d:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\x02y25ch.default\extensions\firedownload@mozilla.org\components\firedownload.dll
FF - component: d:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
 ---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- File Associations -------
.
txtfile=NOTEPAD %1
.
 **************************************************************************
 catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL="http://www.gmer.net/"]http://www.gmer.net[/URL]
Rootkit scan 2009-12-11 20:43
Windows 5.1.2600 Service Pack 2 NTFS
 scanning hidden processes ...  
 scanning hidden autostart entries ... 
 scanning hidden files ...  
 scan completed successfully
hidden files: 0
 **************************************************************************
 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
Completion time: 2009-12-11  20:46:10
ComboFix-quarantined-files.txt  2009-12-11 17:46
ComboFix2.txt  2009-12-07 20:38
ComboFix3.txt  2009-11-28 12:04
ComboFix4.txt  2009-11-28 11:48
ComboFix5.txt  2009-12-11 17:33
 Pre-Run: 5,228,908,544 bytes free
Post-Run: 5,180,297,216 bytes free
 - - End Of File - - 4C3114544A8167B442568F4EAC0D81AF

 

[KoNaMi]

الله يعطيك العافية
:king:

يعافيك ويسلمك ربي
​

 

[Ali-911]

طيب يالغلااا بالنسبه لهذا المجلد

H:\زيزوووم- برامج حذف الفيروسات وادوات الصيانة والخدمات

تفضل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وشغلها بدبل كليك

اما بالنسبه لـــ Sality

لاهنت اخوي هات المسار كامل مثل

C:\Documents and Settings\zyzoom.org\Desktop

يعني لازم اعرف ايش اسم المستخدم حقك
​

D:\Documents and Settings\Administrator\Desktop

وش تنصح برنامج حمايه لأني الحين عايش بدون برنامج :/

 

[Ali-911]

ماكس ، البرنامج unlocker جربته مو راضي يحمل..

 

[Ali-911]

KoNaMi
بغيت تمسح كل تعبي


المهم مجلد الـSality الي بسطح المكتب مسحته

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Folder "D:\Documents and Settings\Administrator\Desktop\Sality" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

لا تنسى اني كنت معاكم بالدكه وما جا في بالي الـavanger
بس KoNaMi شكلك فهمت غلط المشكله بمجلد اسمه:

حل مشكلة ( تم تعطيل ادارة المهام من قبل المسؤول ) الشرح بالصور - +=[منتديات كواسر نت]=+_files

موجود في المسار:

H:\زيزوووم- برامج حذف الفيروسات وادوات الصيانة والخدمات

بحاول امسحه الآن..

 

[Ali-911]

رافض ينمسح يقولي Error!

 

[Ali-911]

فيه مشكله ثانيه !!

الحين استخدم الفايرفوكس وادخل زيزوم من بروكسي! حاولت شتى الطرق ما ضبطت الحلول!

 

[KoNaMi]

konami
بغيت تمسح كل تعبي


المهم مجلد الـsality الي بسطح المكتب مسحته

logfile of the avenger version 2.0, (c) by swandog46
http://swandog46.geekstogo.com

platform:  Windows xp

*******************

script file opened successfully.
Script file read successfully.

Backups directory opened successfully at d:\avenger

*******************

beginning to process script file:

Folder "d:\documents and settings\administrator\desktop\sality" deleted successfully.

Completed script processing.

*******************

finished!  Terminate.

لا تنسى اني كنت معاكم بالدكه وما جا في بالي الـavanger
بس konami شكلك فهمت غلط المشكله بمجلد اسمه:

حل مشكلة ( تم تعطيل ادارة المهام من قبل المسؤول ) الشرح بالصور - +=[منتديات كواسر نت]=+_files

موجود في المسار:

h:\زيزوووم- برامج حذف الفيروسات وادوات الصيانة والخدمات

بحاول امسحه الآن..

ياغالي انت ماوضحت لي في البدايه ايش المسار بالضبط

لاهنت هات المسار بالضبط ياغالي وحدد عليه باللون الاحمر وان شاء الله خير

 

[Ali-911]

ياغالي انت ماوضحت لي في البدايه ايش المسار بالضبط

لاهنت هات المسار بالضبط ياغالي وحدد عليه باللون الاحمر وان شاء الله خير

قلت لك عزيزي ، اول شئ المجلد داخل هاردسك H والهاردسك فيه مجلد داخله اسمه ( زيزوووم- برامج حذف الفيروسات وادوات الصيانة والخدمات ) وداخل هالمجلد فيه المجلد الي عيا ينمسح والي اسمه ( حل مشكلة ( تم تعطيل ادارة المهام من قبل المسؤول ) الشرح بالصور - +=[منتديات كواسر نت]=+_files )

هذا المسار :

H:\زيزوووم- برامج حذف الفيروسات وادوات الصيانة والخدمات\حل مشكلة ( تم تعطيل ادارة المهام من قبل المسؤول ) الشرح بالصور - +=[منتديات كواسر نت]=+_files

 

[KoNaMi]

طيب ثواني يالغلاا اسوي سكربت للحذف ...

 

[KoNaMi]

حمل الملف التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دبل كليك وبلغنا بالنتائج

وهل جربت اداة الـــ avanger لحذف المجلد ؟؟؟
​

 

[Ali-911]

حمل الملف التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

دبل كليك وبلغنا بالنتائج

وهل جربت اداة الـــ avanger لحذف المجلد ؟؟؟
​

الآفانجر مدري ليش ما مسحه

 

[Ali-911]

حتى البرنامج الي عطيتني اخ كونامي ما مسحه !

 

[Ali-911]

انتظرك عزيزي كونامي...

 

[MAAX]

اخي ادخل للوضع الامن واحذفه

 

[Ali-911]

اخي ادخل للوضع الامن واحذفه

سلام عليكم

اخ ماكس للأسف الsafemode ما يفتح معي وهي المشكله الأساسيه كل ما جيت بفتحه يسوي ريستارت من حاله !

جت مشكله ثانيه

نزلت الكاسبر من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ومعاه الMalwarebytes' Anti-Malware
بس انواع التعليق صار اضطريت اوقف البرامج من الهايجاك علشان اقدر اتحكم ومسحت الكاسبر

الحين ماني عارف وش اول شئ انزل برنامج حمايه وانتظر رأيك بهالشئ اخ ماكس

وما ادري مشكله السييف مود وش اسوي فيها !

 

[MAAX]

لا امر عليك اعد هذا الفحص

ادخل هذه الصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التقرير noor_mcafee
وارفعه على هذا الموقع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفق رابط التحميل بمشاركتك القادمة

 

[Ali-911]

ابشر ان شاء الله اول ما يخلص..

 

[Ali-911]

لا امر عليك اعد هذا الفحص

ادخل هذه الصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وحمل اداة المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التقرير noor_mcafee
وارفعه على هذا الموقع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفق رابط التحميل بمشاركتك القادمة

تفضل :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

 

[MAAX]

حمل الملف التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغله بدبل كلك ثم اضغط start
وانتظر حتى ينتهي ويعاد تشغيل الجهاز
ثم
حمل هذا الملف وقوم بتشغيله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واتبع التالي كما موجود بالصور

ثم

حمل هذه الاداة وشغلها

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واضغط على علاامة الصح بعدها اضغط GO

وبعد الانتهاء اعد تشغيل جهازك

وارفع تقرير هايجاك بعد عمل ما سبق​

 

[Ali-911]

حمل الملف التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغله بدبل كلك ثم اضغط start
وانتظر حتى ينتهي ويعاد تشغيل الجهاز
ثم
حمل هذا الملف وقوم بتشغيله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واتبع التالي كما موجود بالصور

ثم

حمل هذه الاداة وشغلها

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واضغط على علاامة الصح بعدها اضغط GO

وبعد الانتهاء اعد تشغيل جهازك

وارفع تقرير هايجاك بعد عمل ما سبق​

اثناء عمل البرنامج Dial a fix تظهر الرساله التاليه:

ثم

تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:15, on 12/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\AppServ\Apache2.2\bin\httpd.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\AppServ\Apache2.2\bin\httpd.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\atwtusb.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\WINDOWS\system32\atwtusb.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yads.zedo.com/ads2/c?a=655555;g=0;c=929000054;p=6;f=811824;h=574042;i=0;x=3840;n=929;s=7;k=http://www.skill2thrill.com/pages/Default.aspx?lan=sa&tid=38&affiliateid=afunz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - D:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [4shared Update] "D:\Program Files\4shared Desktop\checkUpdate.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download all 4shared files - D:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - D:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WTService - Unknown owner - D:\WINDOWS\system32\atwtusb.exe

--
End of file - 6087 bytes

مشكلة الـSafemode لا تزال موجوده.