مركز تحميل الخليج

  1. إستبعاد الملاحظة

أداة SmitfraudFix _ لفحص وتنظيف الجهاز من الدعايات المزعجه ( شرح بالصور )

الموضوع في 'منتدى [ حلول مشاكل الحاسوب الشائعة ]' بواسطة زيزوووم, بتاريخ ‏ديسمبر 4, 2007.

حالة الموضوع:
مغلق
  1. مهاوي وبس

    مهاوي وبس زيزوومي محترف

    إنضم إلينا في:
    ‏نوفمبر 8, 2007
    المشاركات:
    2,976
    الإعجابات المتلقاة:
    3
    نقاط الجائزة:
    770
    الإقامة:
    في عيون أمى
    برامج الحماية:
    Microsoft Security Essentials
    نظام التشغيل:
    أخرى
    بارك الله فيكم

    هذا التقرير

    SmitFraudFix v2.289
    Scan done at 18:45:28.21, Tue 04/01/2008
    Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 www.winantivirus.com
    127.0.0.1 winantivirus.com

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD
    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
    C:\WINDOWS\Tasks\At?.job Deleted
    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    Description: Intel(R) PRO/Wireless 3945BG Network Connection - منفذ مصغر لجدولة الحزم
    DNS Server Search Order: 192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  2. مهاوي وبس

    مهاوي وبس زيزوومي محترف

    إنضم إلينا في:
    ‏نوفمبر 8, 2007
    المشاركات:
    2,976
    الإعجابات المتلقاة:
    3
    نقاط الجائزة:
    770
    الإقامة:
    في عيون أمى
    برامج الحماية:
    Microsoft Security Essentials
    نظام التشغيل:
    أخرى
    بارك الله فيك

    وهذا التقرير

    SmitFraudFix v2.289
    Scan done at 18:45:28.21, Tue 04/01/2008
    Run from C:\Documents and Settings\Administrator\Application Data\IDM\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 www.winantivirus.com
    127.0.0.1 winantivirus.com

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD
    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
    C:\WINDOWS\Tasks\At?.job Deleted
    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    Description: Intel(R) PRO/Wireless 3945BG Network Connection - منفذ مصغر لجدولة الحزم
    DNS Server Search Order: 192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E2D25313-43BA-4252-8D6F-9558AD9B39B5}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  3. ابومشاري22

    ابومشاري22 زيزوومي جديد

    إنضم إلينا في:
    ‏ابريل 1, 2008
    المشاركات:
    22
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    20
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows 7
    لفحص وتنظيف الجهاز من الدعايات المزعجه مشكور وماقصرت
     
  4. الوليد المنصوري

    الوليد المنصوري زيزوومي فعال

    إنضم إلينا في:
    ‏ابريل 3, 2008
    المشاركات:
    211
    الإعجابات المتلقاة:
    2
    نقاط الجائزة:
    280
    الإقامة:
    السعودية
    برامج الحماية:
    Avira
    نظام التشغيل:
    Windows XP
    [​IMG]

    الله عليك يا زيزوم

    مشكور لولا الله ثم الاداة هذي لما تمكنت من حل مشكلتي

    وشرح وافي وكافي

    جزاك الله خير

    تحياتي لك​
     
  5. الشهاب المضيء

    الشهاب المضيء زيزوومي فعال

    إنضم إلينا في:
    ‏ابريل 6, 2008
    المشاركات:
    260
    الإعجابات المتلقاة:
    1
    نقاط الجائزة:
    330
    برامج الحماية:
    اخرى
    نظام التشغيل:
    أخرى
    جزاك الله خيرا أخي الحبيب وهذا تقريري
    SmitFraudFix v2.314

    Scan done at 15:32:01.45, Thu 04/17/2008
    Run from C:\Users\alshehab\Documents\Downloads\Programs\SmitfraudFix
    OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost
    127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B3003088-8454-45E4-9B9D-63C5F48EFC63}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B3003088-8454-45E4-9B9D-63C5F48EFC63}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B3003088-8454-45E4-9B9D-63C5F48EFC63}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll



    »»»»»»»»»»»»»»»»»»»»»»»» End



    أسأل الله الكريم رب العرش العظيم أن يرحم والديك
     
  6. غروري ضروري

    غروري ضروري زيزوومي فعال

    إنضم إلينا في:
    ‏يناير 13, 2008
    المشاركات:
    247
    الإعجابات المتلقاة:
    1
    نقاط الجائزة:
    330
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    SmitFraudFix v2.320
    Scan done at 23:42:35.01, Thu 05/15/2008
    Run from C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is FAT32
    Fix run in normal mode
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    Description: Intel(R) PRO/Wireless 2200BG Network Connection - Kaspersky Anti-Virus NDIS Miniport
    DNS Server Search Order: 192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{1ED7AF87-E0AF-4530-84FB-697B188F99DF}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1ED7AF87-E0AF-4530-84FB-697B188F99DF}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{1ED7AF87-E0AF-4530-84FB-697B188F99DF}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End




    شوف لي حل يا زيزووووم وربي جننتني الاعلانات أذا جاتني اليوووم برفق لك صوره من الاعلان
    وهذي الصوره يا اخوان ساعدووووني
    [​IMG]
     
  7. عصام ابوهيبه

    عصام ابوهيبه زيزوومي محترف

    إنضم إلينا في:
    ‏يوليو 28, 2007
    المشاركات:
    3,706
    الإعجابات المتلقاة:
    30
    نقاط الجائزة:
    830
    الإقامة:
    123
    برامج الحماية:
    Avira
    نظام التشغيل:
    Windows XP
    جزاك الله خيرا
     
  8. مؤمن من

    مؤمن من زيزوومي جديد

    إنضم إلينا في:
    ‏ديسمبر 14, 2007
    المشاركات:
    1
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    0
    الإقامة:
    Palestine , West Pank
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    مشكووووور كتيييير يا معلم
    اداه روعة
     
  9. هاوي النت

    هاوي النت زيزوومي فضي

    إنضم إلينا في:
    ‏ديسمبر 8, 2007
    المشاركات:
    8,298
    الإعجابات المتلقاة:
    214
    نقاط الجائزة:
    870
    الجنس:
    ذكر
    الإقامة:
    مـوزنـبـيـق
    برامج الحماية:
    Avira
    نظام التشغيل:
    Windows XP
    الله يجزاك خير اخوي تركي الله يوفقك ويرحم والديك ​
     
  10. حطمتني

    حطمتني زيزوومي جديد

    إنضم إلينا في:
    ‏مارس 18, 2008
    المشاركات:
    68
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    80
    الإقامة:
    السعوديه
    الله يعـطيك العــآفيه

    زيزوم والله يرحم والديك

    على مجهودكـ الرـآئع :openmouth:k:

    والله لا يحرمك الأجر امين

    =========

    هذآ التقـرير بعد إذنك


    SmitFraudFix v2.320
    Scan done at 14:50:32.20, Fri 05/16/2008
    Run from C:\Program Files\ê¤é§ ¤§ï§\Avant Browser\Skins\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    Description: WAN (PPP/SLIP) Interface
    DNS Server Search Order: 195.226.228.72
    DNS Server Search Order: 195.226.228.74
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3773ED7B-687C-44A9-8B35-102D9A92E776}: NameServer=195.226.228.72 195.226.228.74
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3773ED7B-687C-44A9-8B35-102D9A92E776}: NameServer=195.226.228.72 195.226.228.74

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End



    ======


    والله لا يهـينك يآ زيزوم بـرفق تقريري الهـآيجآك والله احس انى جهازي مـدووج

    =========


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:57:19 م, on 16/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\PROGRA~1\AVANTB~1\avant.exe
    C:\PROGRA~1\AVANTB~1\avant.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    C:\Program Files\AirLive\Bluetooth Softw\bin\btwdins.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Norman\Bin\Zanda.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
    C:\Program Files\داونلود\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Program Files\مجلد جديد\Avant Browser\avant.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MRT.exe
    D:\برامج\تعريب البرامج\برنامج ResHacker\أنقليزي\ResHacker.exe
    D:\برامج\تعريب البرامج\برنامج ResHacker\ResHacker.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\explorer.exe
    D:\برامج\برامج منوعه\الهايجاك\Zyzoom_HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\داونلود\Internet Download Manager\IDMIECC.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\gram beep.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [save amen] C:\DOCUME~1\Winxp\APPLIC~1\DRAWSU~1\One blah.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\داونلود\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\AirLive\Bluetooth Softw\btsendto_ie_ctx.htm
    O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\داونلود\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\داونلود\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\داونلود\Internet Download Manager\IEGetVL.htm
    O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Softw\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Softw\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3773ED7B-687C-44A9-8B35-102D9A92E776}: NameServer = 195.226.228.72 195.226.228.74
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
    O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
    O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\AirLive\Bluetooth Softw\bin\btwdins.exe
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
    --
    End of file - 6952 bytes

    =========

    والله عطيك العافيه وصـحه

    نـآطرك :)
     
  11. alaswedy

    alaswedy زيزوومي مميز

    إنضم إلينا في:
    ‏مارس 31, 2008
    المشاركات:
    972
    الإعجابات المتلقاة:
    58
    نقاط الجائزة:
    540
    الجنس:
    ذكر
    الإقامة:
    بلاد الله الواسعة
    برامج الحماية:
    Avira
    نظام التشغيل:
    Windows 7
    مشكور اخي علي الشرح
     
  12. زيزوووم

    زيزوووم عضو شرف

    إنضم إلينا في:
    ‏يوليو 15, 2007
    المشاركات:
    7,862
    الإعجابات المتلقاة:
    1,254
    نقاط الجائزة:
    1,020
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Windows XP
    هلا والله وغلا فيكم ... وتسلمووون ياغالين

    أحبائي أسعدني وشرفني حضوركم العطر

    شــاكر لطف ردودكم ... وربي يعطيكم العافية
     
  13. زيزوووم

    زيزوووم عضو شرف

    إنضم إلينا في:
    ‏يوليو 15, 2007
    المشاركات:
    7,862
    الإعجابات المتلقاة:
    1,254
    نقاط الجائزة:
    1,020
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Windows XP
    عذرا حبايبي على التأخير ...

    وجميع التقارير سليمة
     
  14. زيزوووم

    زيزوووم عضو شرف

    إنضم إلينا في:
    ‏يوليو 15, 2007
    المشاركات:
    7,862
    الإعجابات المتلقاة:
    1,254
    نقاط الجائزة:
    1,020
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Windows XP

    ( 1 )

    عطل جميع برامج الحماية ,,
    وحمل هذه الاداة واحفظها على سطح المكتب
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
    بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes​

    انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
    وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
    انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

    --------------------------------------------


    ( 2 )


    واعمل تقرير للهايجاك​




    اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
    لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
     
  15. زيزوووم

    زيزوووم عضو شرف

    إنضم إلينا في:
    ‏يوليو 15, 2007
    المشاركات:
    7,862
    الإعجابات المتلقاة:
    1,254
    نقاط الجائزة:
    1,020
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Windows XP
    ويرحم والديك ويبارك فيك

    قفل متصفح الانترنت
    وباستخدام البرنامج Hijack This اللي عملت فيه التقرير
    اعمل فحص جديد واشر على هذه القيم >>> واضغط على Fix Checked

    O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\gram beep.exe


    O4 - HKCU\..\Run: [save amen] C:\DOCUME~1\Winxp\APPLIC~1\DRAWSU~1\One blah.exe

    وهذا شرح للعمليه (( القيم غير حقيقيه اللهم للشرح ))
    [​IMG]
     
  16. غروري ضروري

    غروري ضروري زيزوومي فعال

    إنضم إلينا في:
    ‏يناير 13, 2008
    المشاركات:
    247
    الإعجابات المتلقاة:
    1
    نقاط الجائزة:
    330
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    مشكوووووووووور على رحابة صدرك ومساعدتك لي ولكل الاعضاء
    هذا تقرير الهيجك
    Logfile of HijackThis v1.99.1
    Scan saved at 01:29:13 ص, on 17/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\ClocX\ClocX.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ClocX\ClocX.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\documents and settings\microsoft\local settings\application data\xtbvqc.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\Documents and Settings\Microsoft\My Documents\Downloads\Compressed\لتحويل شكل الدرايفرات\vsdrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [xtbvqc] c:\documents and settings\microsoft\local settings\application data\xtbvqc.exe xtbvqc
    O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Microsoft\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Microsoft\Application Data\CyberScrub\Privacy Suite"
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    وهذا تقرير الاداه
    ومشكوووووور مره اخرى
    ورحم الله والديك ووالدي جميع المسلمين
    ComboFix 08-05-15.3 - Microsoft 05/17/2008 1:32:27.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.166 [GMT 3:00]
    Running from: C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\ComboFix.exe
    * Created a new restore point
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc.dat
    C:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc.exe
    c:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc_nav.dat
    c:\Documents and Settings\Microsoft\Local Settings\Application Data\xtbvqc_navps.dat
    C:\WINDOWS\system32\kakle.dll
    C:\WINDOWS\system32\nvs2.inf
    .
    ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
    .
    No new files created in this timespan
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-16 22:35 3,276 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-05-16 22:35 16,416 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-05-16 22:35 146,976 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-05-16 22:35 1,136 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-05-16 20:50 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\CyberScrub
    2008-05-16 20:50 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\cleaner
    2008-05-15 20:42 2,396 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-05-11 01:26 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Nokia Multimedia Player
    2008-05-09 19:02 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\PC Suite
    2008-05-09 19:02 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Nokia
    2008-05-09 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
    2008-05-09 19:01 --------- d-----w C:\Program Files\PC Connectivity Solution
    2008-05-09 19:01 --------- d-----w C:\Program Files\DIFX
    2008-05-09 19:01 --------- d-----w C:\Program Files\Common Files\PCSuite
    2008-05-09 19:01 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-05-09 19:00 --------- d-----w C:\Program Files\Nokia
    2008-05-09 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-05-09 17:42 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2008-05-09 17:42 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2008-05-09 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-05-08 20:29 --------- d-----w C:\Program Files\Java
    2008-05-08 20:29 --------- d-----w C:\Program Files\Common Files\Java
    2008-05-08 02:23 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-05-08 01:51 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-05-08 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-07 11:38 --------- d-----w C:\Program Files\iVocalize Web Conference 4
    2008-05-05 23:46 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2008-05-05 23:46 --------- d-----w C:\Program Files\Real
    2008-05-05 23:46 --------- d-----w C:\Program Files\Common Files\Real
    2008-05-05 19:16 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\CyberLink
    2008-05-05 18:14 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\ACD Systems
    2008-05-05 18:06 64,801 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-05-05 18:06 6,118 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-05-05 18:06 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-05-05 18:06 218,624 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
    2008-05-05 17:41 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\IDM
    2008-05-05 17:41 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\DMCache
    2008-05-05 17:15 --------- d-----w C:\Program Files\ClocX
    2008-05-05 17:14 --------- d-----w C:\Program Files\KMPlayer
    2008-05-05 17:13 --------- d-----w C:\Program Files\SiteAdvisor
    2008-05-05 17:13 --------- d-----w C:\Program Files\Internet Download Manager
    2008-05-05 17:13 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\SiteAdvisor
    2008-05-05 17:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    2008-05-05 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-05-05 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-05-05 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-05-05 16:19 --------- d-----w C:\Program Files\Kaspersky Lab
    2008-05-05 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-05-05 16:16 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-05-05 16:16 --------- d-----w C:\Program Files\CyberLink
    2008-05-05 16:14 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
    2008-05-05 16:14 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
    2008-05-05 16:14 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
    2008-05-05 16:14 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
    2008-05-05 16:14 196,608 ----a-w C:\WINDOWS\system32\maag.dll
    2008-05-05 16:14 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll
    2008-05-05 16:14 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
    2008-05-05 16:14 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
    2008-05-05 16:14 --------- d-----w C:\Program Files\Real_SC
    2008-05-05 16:05 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-05-05 15:45 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\BSplayer Pro
    2008-05-05 15:44 --------- d-----w C:\Program Files\Webteh
    2008-05-05 15:44 --------- d-----w C:\Program Files\Paltalk Messenger
    2008-05-05 15:44 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-05-05 15:44 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Paltalk
    2008-05-05 15:43 --------- d-----w C:\Program Files\Windows Live
    2008-05-05 15:42 --------- d-----w C:\Program Files\Yahoo!
    2008-05-05 15:42 --------- d-----w C:\Program Files\Common Files\ACD Systems
    2008-05-05 15:42 --------- d-----w C:\Program Files\ACD Systems
    2008-05-05 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
    2008-05-05 15:34 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-05 15:33 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-05-05 15:33 --------- d-----w C:\Program Files\Ahead
    2008-05-05 15:32 155,995 ----a-w C:\WINDOWS\java\Packages\2B57R9Z7.ZIP
    2008-05-05 15:28 --------- d-----w C:\Program Files\Microsoft Works
    2008-05-05 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-05 15:16 --------- d-----w C:\Program Files\Apoint
    2008-05-05 15:03 --------- d-----w C:\Program Files\Dell
    2008-05-05 14:51 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Toshiba
    2008-05-05 14:49 --------- d-----w C:\Program Files\Toshiba
    2008-05-05 14:48 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Intel
    2008-05-05 14:47 17,056 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-05-05 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
    2008-05-05 14:44 --------- d-----w C:\Program Files\Broadcom
    2008-05-05 14:42 --------- d-----w C:\Program Files\CONEXANT
    2008-05-05 14:31 --------- d-----w C:\Program Files\SigmaTel
    2008-05-05 14:29 --------- d-----w C:\Program Files\Intel
    2008-05-05 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-05 14:27 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-05-05 14:20 --------- d-----w C:\Program Files\microsoft frontpage
    2008-04-25 15:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
    2008-04-25 15:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
    2008-04-16 11:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
    2008-03-25 17:07 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
    2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    2008-03-25 04:49 158,496 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-25 04:49 158,496 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    2008-03-20 08:04 1,845,120 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:04 1,845,120 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2006-06-27 02:40 571,184 --sha-r C:\WINDOWS\system32\legitcheckcontrol.dll
    2004-08-03 21:56 59,904 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper s\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM 15360]
    "ClocX"="C:\Program Files\ClocX\ClocX.exe" [04/13/2004 05:12 PM 103936]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [05/05/2008 08:13 PM 932864]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM 5724184]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [03/26/2008 06:41 PM 1232896]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [04/16/2008 12:53 PM 1079808]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Privacy Suite"="C:\Documents and Settings\Microsoft\Application Data\cleaner\CSPSeraser.exe" [11/20/2007 02:19 PM 872080]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 09:56 PM 110592 C:\WINDOWS\system32\bthprops.cpl]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM 385024]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/04/2005 11:26 AM 606208]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 11:33 AM 155648]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/15/2005 09:02 AM 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/15/2005 09:02 AM 126976]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM 155648]
    "Device Detector"="DevDetect.exe" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM 32768]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [12/05/2007 12:03 AM 36640]
    "ClocX"="C:\Program Files\ClocX\ClocX.exe" [04/13/2004 05:12 PM 103936]
    "Vistadrv"="C:\Documents and Settings\Microsoft\My Documents\Downloads\Compressed\لتحويل شكل الدرايفرات\vsdrv.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM 83608]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/15/2008 12:21 AM 185896]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM 201992]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 09:56 PM 15360]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
    antiwpa.dll 07/22/2006 11:49 PM 5376 C:\WINDOWS\system32\antiwpa.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Paltalk Messenger\\PALTALK.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3130:UDP"= 3130:UDP:Windows Media Format SDK (IEXPLORE.EXE)
    "3131:UDP"= 3131:UDP:Windows Media Format SDK (IEXPLORE.EXE)
    R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [03/13/2008 07:02 PM]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [03/25/2008 08:07 PM]
    S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [09/17/2007 03:53 PM]
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 01:36:54
    Windows 5.1.2600 Service Pack 2 FAT NTAPI
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\Program Files\SiteAdvisor\6253\saHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\WLKEEPER.EXE
    C:\PROGRAM FILES\DELL\NICCONFIGSVC\NICCONFIGSVC.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
    C:\PROGRAM FILES\SITEADVISOR\6253\SASERVICE.EXE
    C:\PROGRAM FILES\INTEL\WIRELESS\BIN\ZCFGSVC.EXE
    C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
    C:\PROGRAM FILES\COMMON FILES\ACD SYSTEMS\EN\DEVDETECT.EXE
    C:\PROGRAM FILES\APOINT\APNTEX.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\WINDOWS\BRICOPACKS\VISTA INSPIRAT 2\ROCKETDOCK\ROCKETDOCK.EXE
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Completion time: 05/17/2008 1:38:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-16 22:38:42
    Pre-Run: 21,152,989,184 bytes free
    Post-Run: 21,101,543,424 bytes free
    236 --- E O F --- 2008-05-16 03:33:42​
     
  17. زيزوووم

    زيزوووم عضو شرف

    إنضم إلينا في:
    ‏يوليو 15, 2007
    المشاركات:
    7,862
    الإعجابات المتلقاة:
    1,254
    نقاط الجائزة:
    1,020
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Windows XP
    الله يبارك فيك ويسلمك
    وجد عندك ملفات خبيثه :hh: وتم حذفها

    هل اختف الرسائل ؟؟

    لاهنت اعمل تقرير هايجاك جديد
     
  18. غروري ضروري

    غروري ضروري زيزوومي فعال

    إنضم إلينا في:
    ‏يناير 13, 2008
    المشاركات:
    247
    الإعجابات المتلقاة:
    1
    نقاط الجائزة:
    330
    برامج الحماية:
    Kaspersky
    نظام التشغيل:
    Windows XP
    الله يجزك خير يا الغالي
    وما ادري لانه ما تظهر بستمرار ولاكن من بعد التحليل الي برد السابق ما جات
    ان شاء الله انها انحذفة لأنها قلق بصراحه
    وهذا التحليل الجديد
    ومشكوووووووووووور على رحابة صدرك يا الغالي
    Logfile of HijackThis v1.99.1
    Scan saved at 09:48:22 ص, on 17/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\ClocX\ClocX.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\ClocX\ClocX.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Microsoft\My Documents\Downloads\Programs\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\Documents and Settings\Microsoft\My Documents\Downloads\Compressed\لتحويل شكل الدرايفرات\vsdrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\Microsoft\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\Microsoft\Application Data\CyberScrub\Privacy Suite"
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe​
     
  19. زيزوووم

    زيزوووم عضو شرف

    إنضم إلينا في:
    ‏يوليو 15, 2007
    المشاركات:
    7,862
    الإعجابات المتلقاة:
    1,254
    نقاط الجائزة:
    1,020
    برامج الحماية:
    اخرى
    نظام التشغيل:
    Windows XP
    ويجزاك خير ويبارك فيك

    الان التقرير تمام

    بالتوفيق
     
حالة الموضوع:
مغلق

مشاركة هذه الصفحة

جاري تحميل الصفحة...