فايروس غريب يصيب جهازي

Zaboor · 31 مايو 2008

السلام عليكم ورحمة الله وبركاته

أصاب جهازي منذ أسبوع فايروس غريب حتى الكاسبر لم يكتشفه !!!

بحيث يظل الكاسبر في بدء تشغيل الكومبيوتر قرابة الساعتين ليعمل سكان إلى Startup s فقط !!

ويفشل في فحص هذه الملفات :

كود:

31/05/2008 08:16:24 ?    File: c:\progra~1\damnnf~1\damnnf~1.exe    packed file ASPack    
31/05/2008 07:15:28 ?    File: C:\WINDOWS\system32\WININET.dll    packed file PE_Patch    
31/05/2008 07:17:04 ?    File: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe    packed file PE_Patch    
31/05/2008 07:17:08 ?    File: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe    packed file PE_Patch    
31/05/2008 07:53:13 ?    File: C:\Program Files\Windows Defender\MSASCui.exe    packed file PE_Patch    
31/05/2008 08:16:56 ?    File: c:\progra~1\common~1\micros~1\dw\dwtrig20.exe    packed file PE_Patch    
31/05/2008 08:16:58 ?    File: C:\WINDOWS\microsoft.net\framework\v2.0.50727\aspnet_state.exe    packed file PE_Patch    
31/05/2008 08:17:01 ?    File: c:\windows\system32\drivers\dmboot.sys    packed file PE_Patch    
31/05/2008 08:17:01 ?    File: c:\windows\system32\drivers\fltmgr.sys    packed file PE_Patch    
31/05/2008 08:17:02 ?    File: c:\windows\system32\drivers\hdaudbus.sys    packed file PE_Patch    
31/05/2008 08:17:05 ?    File: c:\windows\system32\drivers\mrxdav.sys    packed file PE_Patch    
31/05/2008 08:17:05 ?    File: c:\windows\system32\drivers\mrxsmb.sys    packed file PE_Patch    
31/05/2008 08:17:06 ?    File: c:\program files\microsoft sql server\90\shared\sqladhlp90.exe    packed file PE_Patch    
31/05/2008 08:17:08 ?    File: c:\program files\common files\microsoft shared\office12\odserv.exe    packed file PE_Patch    
31/05/2008 08:17:11 ?    File: c:\program files\microsoft sql server\90\shared\sqlbrowser.exe    packed file PE_Patch    
31/05/2008 08:17:11 ?    File: c:\windows\system32\drivers\sr.sys    packed file PE_Patch    
31/05/2008 08:17:33 ?    File: c:\progra~1\mic273~1\webdes~1\exprwd.exe    packed file PE_Patch    
31/05/2008 08:18:03 ?    File: c:\program files\windows defender\mpcmdrun.exe    packed file PE_Patch    
31/05/2008 08:16:25 ?    File: c:\program files\divx\divx player\divx player.exe    packed file PE_Patch.PECompact    
31/05/2008 08:17:20 ?    File: c:\windows\system32\divx.dll    packed file PE_Patch.PECompact    
31/05/2008 08:17:38 ?    File: d:\downloads\hijackthis.exe    packed file PE_Patch.UPX    
31/05/2008 08:16:25 ?    File: c:\program files\divx\divx player\divx player.exe//PE_Patch.PECompact    packed file PecBundle    
31/05/2008 08:17:20 ?    File: c:\windows\system32\divx.dll//PE_Patch.PECompact    packed file PecBundle    
31/05/2008 08:16:25 ?    File: c:\program files\divx\divx player\divx player.exe//PE_Patch.PECompact//PecBundle    packed file PECompact    
31/05/2008 08:17:20 ?    File: c:\windows\system32\divx.dll//PE_Patch.PECompact//PecBundle    packed file PECompact    
31/05/2008 08:16:33 ?    File: c:\progra~1\magiciso\magiciso.exe    packed file UPX    
31/05/2008 08:17:39 ?    File: d:\downloads\hijackthis.exe//PE_Patch.UPX    packed file UPX    
31/05/2008 07:14:57 ?    Running module: winlogon.exe\rqRHwULe.dll    processing error    
31/05/2008 07:15:27 ?    Running module: winlogon.exe\WININET.dll    processing error    
31/05/2008 07:16:28 ?    Running module: lsass.exe\mlJBTNDV.dll    processing error    
31/05/2008 07:17:58 ?    Running module: wscntfy.exe\pqaveqmb.dll    processing error    
31/05/2008 07:18:58 ?    Running module: wscntfy.exe\bhltodqm.dll    processing error    
31/05/2008 07:19:59 ?    Running module: explorer.exe\mlJBTNDV.dll    processing error    
31/05/2008 07:20:29 ?    Running module: explorer.exe\urlmon.dll    processing error    
31/05/2008 07:21:29 ?    Running module: explorer.exe\themeui.dll    processing error    
31/05/2008 07:22:29 ?    Running module: explorer.exe\rqRHwULe.dll    processing error    
31/05/2008 07:23:29 ?    Running module: explorer.exe\bhltodqm.dll    processing error    
31/05/2008 07:24:30 ?    Running module: explorer.exe\pqaveqmb.dll    processing error    
31/05/2008 07:25:30 ?    Running module: igfxtray.exe\pqaveqmb.dll    processing error    
31/05/2008 07:26:00 ?    Running module: igfxtray.exe\WININET.dll    processing error    
31/05/2008 07:26:31 ?    Running module: igfxtray.exe\Normaliz.dll    processing error    
31/05/2008 07:27:01 ?    Running module: igfxtray.exe\iertutil.dll    processing error    
31/05/2008 07:28:01 ?    Running module: igfxtray.exe\MSVCR80.dll    processing error    
31/05/2008 07:28:31 ?    Running module: igfxtray.exe\bhltodqm.dll    processing error    
31/05/2008 07:29:32 ?    Running module: hkcmd.exe\pqaveqmb.dll    processing error    
31/05/2008 07:30:02 ?    Running module: hkcmd.exe\WININET.dll    processing error    
31/05/2008 07:31:02 ?    Running module: hkcmd.exe\bhltodqm.dll    processing error    
31/05/2008 07:32:02 ?    Running module: igfxpers.exe\pqaveqmb.dll    processing error    
31/05/2008 07:32:32 ?    Running module: igfxpers.exe\WININET.dll    processing error    
31/05/2008 07:33:02 ?    Running module: igfxpers.exe\Normaliz.dll    processing error    
31/05/2008 07:33:33 ?    Running module: igfxpers.exe\iertutil.dll    processing error    
31/05/2008 07:34:34 ?    Running module: igfxpers.exe\DNSAPI.dll    processing error    
31/05/2008 07:35:35 ?    Running module: igfxpers.exe\bhltodqm.dll    processing error    
31/05/2008 07:36:35 ?    Running module: RTHDCPL.exe\bhltodqm.dll    processing error    
31/05/2008 07:37:05 ?    Running module: RTHDCPL.exe\WININET.dll    processing error    
31/05/2008 07:38:06 ?    Running module: RTHDCPL.exe\iertutil.dll    processing error    
31/05/2008 07:38:36 ?    Running module: RTHDCPL.exe\pqaveqmb.dll    processing error    
31/05/2008 07:39:06 ?    Running module: RTHDCPL.exe\MSVCR80.dll    processing error    
31/05/2008 07:41:07 ?    Running module: rundll32.exe\pqaveqmb.dll    processing error    
31/05/2008 07:42:07 ?    Running module: rundll32.exe\bhltodqm.dll    processing error    
31/05/2008 07:43:07 ?    Running module: fppdis3a.exe\fppdis3a.exe    processing error    
31/05/2008 07:44:37 ?    Running module: fppdis3a.exe\bhltodqm.dll    processing error    
31/05/2008 07:45:08 ?    Running module: fppdis3a.exe\WININET.dll    processing error    
31/05/2008 07:46:08 ?    Running module: fppdis3a.exe\pqaveqmb.dll    processing error    
31/05/2008 07:47:09 ?    Running module: realsched.exe\pqaveqmb.dll    processing error    
31/05/2008 07:48:09 ?    Running module: realsched.exe\bhltodqm.dll    processing error    
31/05/2008 07:49:10 ?    Running module: LaunchApplication.exe\pqaveqmb.dll    processing error    
31/05/2008 07:50:10 ?    Running module: LaunchApplication.exe\bhltodqm.dll    processing error    
31/05/2008 07:51:10 ?    Running module: LaunchApplication.exe\MSOXMLMF.DLL    processing error    
31/05/2008 07:52:11 ?    Running module: Babylon.exe\bhltodqm.dll    processing error    
31/05/2008 07:53:11 ?    Running module: Babylon.exe\pqaveqmb.dll    processing error    
31/05/2008 07:54:11 ?    Running module: MSASCui.exe\bhltodqm.dll    processing error    
31/05/2008 07:55:12 ?    Running module: MSASCui.exe\pqaveqmb.dll    processing error    
31/05/2008 07:56:12 ?    Running module: avp.exe\bhltodqm.dll    processing error    
31/05/2008 07:58:12 ?    Running module: avp.exe\pqaveqmb.dll    processing error    
31/05/2008 07:59:13 ?    Running module: rundll32.exe\bhltodqm.dll    processing error    
31/05/2008 07:59:43 ?    Running module: rundll32.exe\WININET.dll    processing error    
31/05/2008 08:00:43 ?    Running module: rundll32.exe\pqaveqmb.dll    processing error    
31/05/2008 08:01:44 ?    Running module: rundll32.exe\pqaveqmb.dll    processing error    
31/05/2008 08:02:44 ?    Running module: rundll32.exe\bhltodqm.dll    processing error    
31/05/2008 08:04:45 ?    Running module: ctfmon.exe\bhltodqm.dll    processing error    
31/05/2008 08:05:45 ?    Running module: ctfmon.exe\pqaveqmb.dll    processing error    
31/05/2008 08:07:15 ?    Running module: wcescomm.exe\pqaveqmb.dll    processing error    
31/05/2008 08:07:45 ?    Running module: wcescomm.exe\WININET.dll    processing error    
31/05/2008 08:08:15 ?    Running module: wcescomm.exe\iertutil.dll    processing error    
31/05/2008 08:08:46 ?    Running module: wcescomm.exe\bhltodqm.dll    processing error    
31/05/2008 08:09:16 ?    Running module: wcescomm.exe\Wtsapi32.dll    processing error    
31/05/2008 08:09:46 ?    Running module: wcescomm.exe\WINSTA.dll    processing error    
31/05/2008 08:11:16 ?    Running module: cinetray.exe\pqaveqmb.dll    processing error    
31/05/2008 08:12:17 ?    Running module: cinetray.exe\DNSAPI.dll    processing error    
31/05/2008 08:13:17 ?    Running module: cinetray.exe\bhltodqm.dll    processing error    
31/05/2008 08:14:17 ?    Running module: rapimgr.exe\pqaveqmb.dll    processing error    
31/05/2008 08:14:47 ?    Running module: rapimgr.exe\WININET.dll    processing error    
31/05/2008 08:15:47 ?    Running module: rapimgr.exe\bhltodqm.dll    processing error

أسماء الملفات عشوائية !

حاولت مراراً وتكرارً فحص جهازي بالكاسبر بعد التحديث ولكن لم يكتشف شيء !

بل على ما يبدو لي أن الفايروس تمكن حتى من الكاسبر فقد أضاف ملف إلى avp.exe كما في التقرير السابق

وقد قام بتعطل Windows Update

أرفق لكم تقرير HijackThis

كود:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:39 م, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
D:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;speedtouch.lan;192.168.1.254;127.0.0.1
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [cc2d7980] rundll32.exe "C:\WINDOWS\system32\pqaveqmb.dll",b
O4 - HKLM\..\Run: [BMcf1e4a1c] Rundll32.exe "C:\WINDOWS\system32\bhltodqm.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R270 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S48E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8256 bytes

آمل المساعدة على حل المشكلة فقد أصبح الجهاز لا يطاق وتعطل الإنترنت فيه وصار يفتح مواقع ما أنزل الله بها من سلطان

KinXG BlacK · 31 مايو 2008

احذف التالي
O4 - HKLM\..\Run: [cc2d7980] rundll32.exe "C:\WINDOWS\system32
\pqaveqmb.dll",b

O4 - HKLM\..\Run: [BMcf1e4a1c] Rundll32.exe "C:\WINDOWS\system32\bhltodqm.dll",s

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

طريقة الحذف

نزل هالاداة لتنظيف الجهاز

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أعد التشغيل
التقرير الثاني

Zaboor · 1 يونيو 2008

في البدء أخي الكريم .. أتقدم لك بالشكر الجزيل على مساعدتك لي ودعواتي لك ولمن تحب بالتوفيق والسداد

هذه هي التقارير

كود:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:50:26 م, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;speedtouch.lan;192.168.1.254;127.0.0.1
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BMcf1e4a1c] Rundll32.exe "C:\WINDOWS\system32\bhltodqm.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R270 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S48E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 7855 bytes

وهذه الملفات التي يفشل الكاسبر في فحصها :

كود:

01/06/2008 07:53:46 ?    File: c:\progra~1\common~1\micros~1\dw\dwtrig20.exe    packed file PE_Patch    
01/06/2008 07:53:46 ?    File: C:\WINDOWS\microsoft.net\framework\v2.0.50727\aspnet_state.exe    packed file PE_Patch    
01/06/2008 07:53:48 ?    File: c:\program files\microsoft sql server\90\shared\sqladhlp90.exe    packed file PE_Patch    
01/06/2008 07:53:49 ?    File: c:\program files\common files\microsoft shared\office12\odserv.exe    packed file PE_Patch    
01/06/2008 07:53:50 ?    File: c:\program files\microsoft sql server\90\shared\sqlbrowser.exe    packed file PE_Patch    
01/06/2008 07:53:58 ?    File: c:\progra~1\mic273~1\webdes~1\exprwd.exe    packed file PE_Patch    
01/06/2008 07:53:52 ?    File: c:\windows\system32\divx.dll    packed file PE_Patch.PECompact    
01/06/2008 07:53:59 ?    File: c:\hijackthis\hijackthis.exe    packed file PE_Patch.UPX    
01/06/2008 07:53:52 ?    File: c:\windows\system32\divx.dll//PE_Patch.PECompact    packed file PecBundle    
01/06/2008 07:53:52 ?    File: c:\windows\system32\divx.dll//PE_Patch.PECompact//PecBundle    packed file PECompact    
01/06/2008 07:53:14 ?    File: c:\progra~1\magiciso\magiciso.exe    packed file UPX    
01/06/2008 07:53:59 ?    File: c:\hijackthis\hijackthis.exe//PE_Patch.UPX    packed file UPX    
01/06/2008 07:44:06 ?    Running module: winlogon.exe\rqRHwULe.dll    processing error    
01/06/2008 07:44:36 ?    Running module: winlogon.exe\WININET.dll    processing error    
01/06/2008 07:45:36 ?    Running module: lsass.exe\mlJBTNDV.dll    processing error    
01/06/2008 07:46:36 ?    Running module: wscntfy.exe\bhltodqm.dll    processing error    
01/06/2008 07:47:07 ?    Running module: wscntfy.exe\WININET.dll    processing error    
01/06/2008 07:48:07 ?    Running module: explorer.exe\mlJBTNDV.dll    processing error    
01/06/2008 07:49:07 ?    Running module: explorer.exe\rqRHwULe.dll    processing error    
01/06/2008 07:50:07 ?    Running module: explorer.exe\bhltodqm.dll    processing error    
01/06/2008 07:51:07 ?    Running module: igfxtray.exe\bhltodqm.dll    processing error    
01/06/2008 07:52:08 ?    Running module: hkcmd.exe\bhltodqm.dll    processing error    
01/06/2008 07:53:08 ?    Running module: rundll32.exe\bhltodqm.dll    processing error

the fantasy · 1 يونيو 2008

اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود

ثم نزل هذه الاداة واتبع الشرح التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

التوافق : ويندوز اكسبي فقط

شرح الاستخدام ,,,,,,
عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثم ارفع تقرير ثاني

Zaboor · 3 يونيو 2008

شكراً أخي الكريم ..

إليك التقرير

ولكن أخي لماذا ملفات النظام تحتوي على ملفات بأسماء وهمية :

bhltodqm.dll
mlJBTNDV.dll
rqRHwULe.dll

لاحظ أحد تقارير الأنتي فايروس التي وضعتها .. حتى أن الكاسبر يفشل في فحصها ولا يقوم بالتعرف عليها !!

كود:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:55:16 م, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;speedtouch.lan;192.168.1.254;127.0.0.1
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BMcf1e4a1c] Rundll32.exe "C:\WINDOWS\system32\bhltodqm.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R270 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S48E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Administrator\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Administrator\Application Data\CyberScrub\Privacy Suite" 
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8437 bytes

dollar989 · 3 يونيو 2008

حمل الاداة التالية واعمل ستارت لها

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Zaboor · 4 يونيو 2008

حملتها وعملت سكان ولم يكتشف شيء للأسف !

عاشق ومالي حبيب · 4 يونيو 2008

طيب يا غالي إذا تقدر تنسخلي كل الملفات المشبوهه ممكن راح أقدر أساعدك

راح أرسل كل الملفات لمختبرات الكاسبر

Juve Guard · 4 يونيو 2008

طيب يا غالي
جرب الأداة هذي تشغلها بالوضع الآمن افضل لك

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد ما تنتهي
عطني تقرير وعطني تقرير هايجاك جديد

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

فايروس غريب يصيب جهازي

Zaboor

زيزوومي جديد

KinXG BlacK

زيزوومى متألق

توقيع : KinXG BlacK

Zaboor

زيزوومي جديد

the fantasy

زيزوومى متألق

Zaboor

زيزوومي جديد

dollar989

زيزوومى متألق

توقيع : dollar989

Zaboor

زيزوومي جديد

عاشق ومالي حبيب

زيزوومى مميز

توقيع : عاشق ومالي حبيب

Juve Guard

خبراء زيزووم

توقيع : Juve Guard

زيزوومي جديد

زيزوومى متألق

توقيع : KinXG BlacK

زيزوومي جديد

زيزوومى متألق

زيزوومي جديد

زيزوومى متألق

توقيع : dollar989

زيزوومي جديد

زيزوومى مميز

توقيع : عاشق ومالي حبيب

خبراء زيزووم

توقيع : Juve GuardJuve Guard is verified member.

توقيع : Juve Guard